Trojaner-Board - Suchmasachine Bing kommt seit gestern immer bei neuem Fenster...

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - Suchmasachine Bing kommt seit gestern immer bei neuem Fenster... (https://www.trojaner-board.de/148575-suchmasachine-bing-kommt-seit-gestern-immer-neuem-fenster.html)

Suchmasachine Bing kommt seit gestern immer bei neuem Fenster...

Moin Leute,
seit gestern kommt bei mir ständig ein Suchfenster von Bing, wenn ich einen neuen Task öffne.
Außerdem öffnen sich ungewollt Fenster.
Habe Windows 8 drauf + Gratis-Avira mit täglichem Update.
Ich arbeite mit Firefox.
Kann mir jemand bitte helfen?

hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Danke für die Hilfe, ich hoffe, dass ich es so richtig mache...

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2014

Ran by Eike Koopamann (administrator) on EIKE on 24-01-2014 20:45:39

Running from C:\Users\Eike Koopamann\Downloads

Windows 8 (X64) OS Language: German Standard

Internet Explorer Version 10

Boot Mode: Normal
 
 
 

==================== Processes (Whitelisted) =================
 

(IvoSoft) C:\Program Files\Classic Shell\ClassicShellService.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

() C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4396.1016_x64__8wekyb3d8bbwe\LiveComm.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

() C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe

(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe

(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe

(Microsoft Corporation) C:\Windows\System32\WWAHost.exe

(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe\LiveComm.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

(Updater) C:\ProgramData\Updater\updater.exe

(WatchDog) C:\ProgramData\RHelpers\ChromeHelper\ChromeHelper.exe

(WatchDog) C:\ProgramData\RHelpers\FirefoxHelper\FirefoxHelper.exe

(WatchDog) C:\ProgramData\RHelpers\IeHelper\IeHelper.exe

(Conduit) C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe

(Conduit) C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe

(Conduit) C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe

(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.2.9200.20523_x64__8wekyb3d8bbwe\glcnd.exe

(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe

(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\Receiver\Receiver.exe

(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe

(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe

(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\AuthManager\AuthManSvr.exe

(Parallel Lines Development, LLC) C:\ProgramData\InternetUpdater\InternetUpdaterService.exe

(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_62280e15510f8e79\TiWorker.exe

(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe

(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
 
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [] - [x]

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13261456 2012-11-29] (Realtek Semiconductor)

HKLM\...\Run: [TCrdMain] - C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2565544 2012-10-31] ()

HKLM\...\Run: [TODDMain] - C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-04] ()

HKLM\...\Run: [TecoResident] - C:\Program Files\TOSHIBA\Teco\TecoResident.exe [169896 2012-08-14] (TOSHIBA Corporation)

HKLM\...\Run: [TosWaitSrv] - C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [356776 2012-07-11] (TOSHIBA Corporation)

HKLM\...\Run: [SRS Premium Sound HD] - C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe [2172816 2012-10-22] (SRS Labs, Inc.)

HKLM-x32\...\Run: [Intel AppUp(R) center] - C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [156000 2012-12-18] (Intel Corporation)

HKLM-x32\...\Run: [TPUReg] - C:\Program Files (x86)\TOSHIBA\Password Utility\TosPU.exe [7152640 2012-12-05] (Pegatron Corporation)

HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-19] (Avira Operations GmbH & Co. KG)

HKLM-x32\...\Run: [PDFPrint] - C:\Program Files (x86)\PDF24\pdf24.exe [162856 2013-07-22] (Geek Software GmbH)

HKLM-x32\...\Run: [Updater] - C:\ProgramData\Updater\Updater.exe [486264 2013-12-18] (Updater)

HKLM-x32\...\Run: [CitrixReceiver] - "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"

HKLM-x32\...\Run: [ConnectionCenter] - C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [395656 2013-06-14] (Citrix Systems, Inc.)

HKLM-x32\...\Run: [Redirector] - C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [153992 2013-06-14] (Citrix Systems, Inc.)

Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)

HKCU\...\Run: [Updater] - C:\ProgramData\Updater\Updater.exe [486264 2013-12-18] (Updater)

HKCU\...\Run: [Optimizer Pro] - C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe [135160 2014-01-13] (PC Utilities Software Limited)

MountPoints2: {29bedb58-8051-11e3-be94-24fd5215b36f} - "E:\Startme.exe" 

AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll [1344800 2014-01-01] (Conduit)

AppInit_DLLs: C:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL => C:\Program Files (x86)\Optimizer Pro\OptProCrash_x64.dll [2681648 2014-01-23] ()

AppInit_DLLs-x32: c:\progra~2\searchprotect\searchprotect\bin\spvc32loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll [1037600 2014-01-01] (Conduit)

AppInit_DLLs-x32: c:\progra~2\optimi~1\optpro~1.dll => C:\Program Files (x86)\Optimizer Pro\OptProCrash.dll [2961368 2014-01-23] ()
 

==================== Internet (Whitelisted) ====================
 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com/?ctid=CT3323737&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SPAADC6004-D67A-4068-997F-B273C887E248&SSPV=

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 

SearchScopes: HKLM - {92DBA33B-89A9-4441-965D-BE7A8C1BC452} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATMJS

SearchScopes: HKLM-x32 - {92DBA33B-89A9-4441-965D-BE7A8C1BC452} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATMJS

SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3323737&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SPAADC6004-D67A-4068-997F-B273C887E248&q={searchTerms}&SSPV=

SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3323737&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SPAADC6004-D67A-4068-997F-B273C887E248&q={searchTerms}&SSPV=

SearchScopes: HKCU - {92DBA33B-89A9-4441-965D-BE7A8C1BC452} URL = 

BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)

BHO: ClassicIE9BHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_64.dll (IvoSoft)

BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)

BHO-x32: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)

BHO-x32: Websteroids - {44ed99e2-16a6-4b89-80d6-5b21cf42e78b} - C:\ProgramData\Websteroids\IE\common.dll (Creative Island Media, LLC)

BHO-x32: ClassicIE9BHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_32.dll (IvoSoft)

Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)

Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)

Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
 

FireFox:

========

FF ProfilePath: C:\Users\Eike Koopamann\AppData\Roaming\Mozilla\Firefox\Profiles\nvxyvzwz.default

FF NewTab: hxxp://search.conduit.com/?ctid=CT3323737&octid=EB_ORIGINAL_CTID&SearchSource=69&CUI=&SSPV=&Lay=1&UM=2&UP=SPAADC6004-D67A-4068-997F-B273C887E248

FF SearchEngineOrder.1: Google

FF SelectedSearchEngine: Bing

FF Homepage: https://www.google.de/

FF Keyword.URL: hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q=

FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()

FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()

FF Plugin-x32: @Citrix.com/npican - C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)

FF SearchPlugin: C:\Users\Eike Koopamann\AppData\Roaming\Mozilla\Firefox\Profiles\nvxyvzwz.default\searchplugins\conduit-search.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml

FF Extension: Websteroids - C:\Users\Eike Koopamann\AppData\Roaming\Mozilla\Firefox\Profiles\nvxyvzwz.default\Extensions\support@websteroidsapp.com [2014-01-23]

FF Extension: Adblock Plus - C:\Users\Eike Koopamann\AppData\Roaming\Mozilla\Firefox\Profiles\nvxyvzwz.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-08-11]

FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
 

==================== Services (Whitelisted) =================
 

U2 70e6ca8c; C:\Program Files (x86)\Optimizer Pro\OptProCrashSvc.dll [186496 2014-01-23] ()

U2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-19] (Avira Operations GmbH & Co. KG)

U2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-25] (Avira Operations GmbH & Co. KG)

U4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1011768 2013-12-19] (Avira Operations GmbH & Co. KG)

U2 ClassicShellService; C:\Program Files\Classic Shell\ClassicShellService.exe [68608 2013-06-29] (IvoSoft)

U2 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [2301216 2014-01-01] (Conduit)

U2 GFNEXSrv; C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe [156672 2011-10-13] ()

U2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)

U2 InternetUpdater; C:\ProgramData\InternetUpdater\InternetUpdaterService.exe [45568 2014-01-15] (Parallel Lines Development, LLC)

U2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)

U2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)

U2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

U3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)

U2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [201872 2012-12-05] (Realtek Semiconductor)

U3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [116240 2013-01-04] (Toshiba Europe GmbH)

U3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation)
 

==================== Drivers (Whitelisted) ====================
 

U2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-19] (Avira Operations GmbH & Co. KG)

U1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131576 2013-12-19] (Avira Operations GmbH & Co. KG)

U1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG)

U2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [84720 2013-12-19] (Avira Operations GmbH & Co. KG)

U3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)

U3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)

U2 PEGAGFN; C:\Program Files (x86)\TOSHIBA\Password Utility\PEGAGFN.sys [14344 2009-09-11] (PEGATRON)

U3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [24208 2012-07-11] (Realtek Microelectronics)

U3 RTL8192Ce; C:\Windows\system32\DRIVERS\rtwlane.sys [1498256 2012-08-29] (Realtek Semiconductor Corporation                           )

U3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1498256 2012-08-29] (Realtek Semiconductor Corporation                           )

U3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31032 2012-11-29] (Synaptics Incorporated)

U3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [28632 2012-07-31] (Windows (R) Win 7 DDK provider)

U3 WUDFWpdComp; C:\Windows\system32\DRIVERS\WUDFRd.sys [198656 2012-07-26] (Microsoft Corporation)

U4 esgiguard; 
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2014-01-24 20:45 - 2014-01-24 20:45 - 00020833 _____ C:\Users\Eike Koopamann\Downloads\FRST.txt

2014-01-24 20:44 - 2014-01-24 20:44 - 02077696 _____ (Farbar) C:\Users\Eike Koopamann\Downloads\FRST64.exe

2014-01-23 20:47 - 2014-01-23 20:47 - 00000000 ____D C:\ProgramData\InternetUpdater

2014-01-23 20:04 - 2014-01-23 20:04 - 00000000 ____D C:\Users\Eike Koopamann\AppData\Roaming\ICAClient

2014-01-23 20:03 - 2014-01-23 20:06 - 00000000 ____D C:\Users\Eike Koopamann\AppData\Local\Citrix

2014-01-23 20:03 - 2014-01-23 20:04 - 00000000 ____D C:\ProgramData\Citrix

2014-01-23 20:03 - 2014-01-23 20:04 - 00000000 ____D C:\Program Files (x86)\Citrix

2014-01-23 20:03 - 2014-01-23 20:03 - 00000000 ____D C:\Users\Eike Koopamann\Documents\Optimizer Pro

2014-01-23 20:03 - 2014-01-23 20:03 - 00000000 ____D C:\Users\Eike Koopamann\AppData\Roaming\Optimizer Pro

2014-01-23 20:03 - 2014-01-23 20:03 - 00000000 ____D C:\Program Files (x86)\Optimizer Pro

2014-01-23 20:02 - 2014-01-23 20:02 - 00000000 ____D C:\Users\Eike Koopamann\AppData\Local\SearchProtect

2014-01-23 20:02 - 2014-01-23 20:02 - 00000000 ____D C:\ProgramData\Updater

2014-01-23 20:02 - 2014-01-23 20:02 - 00000000 ____D C:\ProgramData\RHelpers

2014-01-23 20:02 - 2014-01-23 20:02 - 00000000 ____D C:\Program Files (x86)\SearchProtect

2014-01-23 20:01 - 2014-01-23 20:01 - 00657784 _____ (Conduit) C:\Users\Eike Koopamann\Downloads\Citrix_Receiver_TSV126G03.exe

2014-01-23 20:01 - 2014-01-23 20:01 - 00000000 ____D C:\Users\Eike Koopamann\Downloads\Citrix_Receiver_TSV126G03

2014-01-23 20:01 - 2014-01-23 20:01 - 00000000 ____D C:\ProgramData\Websteroids

2014-01-19 19:23 - 2014-01-19 19:23 - 00000000 ____D C:\Users\Eike Koopamann\AppData\Roaming\sMedio

2014-01-18 10:06 - 2013-12-07 07:37 - 00688640 _____ (Microsoft Corporation) C:\windows\system32\WSShared.dll

2014-01-18 10:06 - 2013-12-07 07:37 - 00163840 _____ (Microsoft Corporation) C:\windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll

2014-01-18 10:06 - 2013-12-07 06:15 - 00562688 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSShared.dll

2014-01-18 10:06 - 2013-12-07 06:15 - 00124928 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll

2014-01-15 18:29 - 2013-10-31 06:56 - 00915968 _____ (Microsoft Corporation) C:\windows\system32\MPSSVC.dll

2014-01-15 18:29 - 2013-10-31 06:56 - 00758784 _____ (Microsoft Corporation) C:\windows\system32\FirewallAPI.dll

2014-01-15 18:29 - 2013-10-31 05:01 - 00550400 _____ (Microsoft Corporation) C:\windows\SysWOW64\FirewallAPI.dll

2014-01-15 18:29 - 2013-10-31 04:42 - 00074752 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mpsdrv.sys

2014-01-15 18:29 - 2013-10-28 06:50 - 00588288 _____ (Microsoft Corporation) C:\windows\system32\SHCore.dll

2014-01-15 18:29 - 2013-10-28 05:05 - 00452608 _____ (Microsoft Corporation) C:\windows\SysWOW64\SHCore.dll

2014-01-15 18:29 - 2013-10-13 21:49 - 00100696 _____ (Microsoft Corporation) C:\windows\system32\Drivers\disk.sys

2014-01-15 18:29 - 2013-08-27 06:21 - 00227840 _____ (Microsoft Corporation) C:\windows\system32\WebClnt.dll

2014-01-15 18:29 - 2013-08-27 06:19 - 00104448 _____ (Microsoft Corporation) C:\windows\system32\davclnt.dll

2014-01-15 18:29 - 2013-08-26 23:29 - 00199168 _____ (Microsoft Corporation) C:\windows\SysWOW64\WebClnt.dll

2014-01-15 18:29 - 2013-08-26 23:28 - 00086016 _____ (Microsoft Corporation) C:\windows\SysWOW64\davclnt.dll

2013-12-29 23:06 - 2013-12-29 23:06 - 479824446 _____ C:\windows\MEMORY.DMP

2013-12-29 23:06 - 2013-12-29 23:06 - 00285920 _____ C:\windows\Minidump\122913-18671-01.dmp

2013-12-29 23:06 - 2013-12-29 23:06 - 00000000 ____D C:\windows\Minidump

2013-12-28 23:46 - 2013-12-28 23:46 - 00329024 _____ C:\windows\system32\FNTCACHE.DAT
 

==================== One Month Modified Files and Folders =======
 

2014-01-24 20:46 - 2014-01-24 20:45 - 00020833 _____ C:\Users\Eike Koopamann\Downloads\FRST.txt

2014-01-24 20:44 - 2014-01-24 20:44 - 02077696 _____ (Farbar) C:\Users\Eike Koopamann\Downloads\FRST64.exe

2014-01-24 20:43 - 2013-08-16 15:07 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job

2014-01-24 20:02 - 2012-07-26 09:12 - 00000000 ____D C:\windows\system32\sru

2014-01-24 19:23 - 2013-08-11 17:48 - 01904871 _____ C:\windows\WindowsUpdate.log

2014-01-23 20:47 - 2014-01-23 20:47 - 00000000 ____D C:\ProgramData\InternetUpdater

2014-01-23 20:06 - 2014-01-23 20:03 - 00000000 ____D C:\Users\Eike Koopamann\AppData\Local\Citrix

2014-01-23 20:04 - 2014-01-23 20:04 - 00000000 ____D C:\Users\Eike Koopamann\AppData\Roaming\ICAClient

2014-01-23 20:04 - 2014-01-23 20:03 - 00000000 ____D C:\ProgramData\Citrix

2014-01-23 20:04 - 2014-01-23 20:03 - 00000000 ____D C:\Program Files (x86)\Citrix

2014-01-23 20:03 - 2014-01-23 20:03 - 00000000 ____D C:\Users\Eike Koopamann\Documents\Optimizer Pro

2014-01-23 20:03 - 2014-01-23 20:03 - 00000000 ____D C:\Users\Eike Koopamann\AppData\Roaming\Optimizer Pro

2014-01-23 20:03 - 2014-01-23 20:03 - 00000000 ____D C:\Program Files (x86)\Optimizer Pro

2014-01-23 20:02 - 2014-01-23 20:02 - 00000000 ____D C:\Users\Eike Koopamann\AppData\Local\SearchProtect

2014-01-23 20:02 - 2014-01-23 20:02 - 00000000 ____D C:\ProgramData\Updater

2014-01-23 20:02 - 2014-01-23 20:02 - 00000000 ____D C:\ProgramData\RHelpers

2014-01-23 20:02 - 2014-01-23 20:02 - 00000000 ____D C:\Program Files (x86)\SearchProtect

2014-01-23 20:01 - 2014-01-23 20:01 - 00657784 _____ (Conduit) C:\Users\Eike Koopamann\Downloads\Citrix_Receiver_TSV126G03.exe

2014-01-23 20:01 - 2014-01-23 20:01 - 00000000 ____D C:\Users\Eike Koopamann\Downloads\Citrix_Receiver_TSV126G03

2014-01-23 20:01 - 2014-01-23 20:01 - 00000000 ____D C:\ProgramData\Websteroids

2014-01-19 19:23 - 2014-01-19 19:23 - 00000000 ____D C:\Users\Eike Koopamann\AppData\Roaming\sMedio

2014-01-19 19:21 - 2012-07-26 08:21 - 00029633 _____ C:\windows\setupact.log

2014-01-18 16:00 - 2012-07-26 08:22 - 00000006 ____H C:\windows\Tasks\SA.DAT

2014-01-18 15:59 - 2012-07-26 06:26 - 00262144 ___SH C:\windows\system32\config\BBI

2014-01-18 15:58 - 2013-08-18 20:50 - 00000000 ____D C:\windows\system32\MRT

2014-01-18 15:58 - 2012-07-26 09:12 - 00000000 ____D C:\windows\WinStore

2014-01-18 15:56 - 2013-08-18 20:50 - 86054176 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe

2014-01-13 21:03 - 2012-07-26 09:12 - 00000000 ____D C:\windows\AUInstallAgent

2014-01-10 20:43 - 2012-08-01 17:55 - 00780976 _____ C:\windows\system32\perfh010.dat

2014-01-10 20:43 - 2012-08-01 17:55 - 00152608 _____ C:\windows\system32\perfc010.dat

2014-01-10 20:43 - 2012-08-01 17:38 - 00753134 _____ C:\windows\system32\perfh007.dat

2014-01-10 20:43 - 2012-08-01 17:38 - 00155826 _____ C:\windows\system32\perfc007.dat

2014-01-10 20:43 - 2012-07-26 08:28 - 02679026 _____ C:\windows\system32\PerfStringBackup.INI

2014-01-09 09:02 - 2013-11-19 21:21 - 00694240 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe

2014-01-09 09:02 - 2013-11-19 21:21 - 00078296 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl

2013-12-29 23:06 - 2013-12-29 23:06 - 479824446 _____ C:\windows\MEMORY.DMP

2013-12-29 23:06 - 2013-12-29 23:06 - 00285920 _____ C:\windows\Minidump\122913-18671-01.dmp

2013-12-29 23:06 - 2013-12-29 23:06 - 00000000 ____D C:\windows\Minidump

2013-12-28 23:46 - 2013-12-28 23:46 - 00329024 _____ C:\windows\system32\FNTCACHE.DAT

2013-12-28 23:46 - 2013-08-11 18:03 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

2013-12-28 23:44 - 2012-07-26 06:38 - 00000000 ____D C:\windows\system32\oobe
 

Some content of TEMP:

====================

C:\Users\Eike Koopamann\AppData\Local\Temp\avgnt.exe

C:\Users\Eike Koopamann\AppData\Local\Temp\nsf703A.exe

C:\Users\Eike Koopamann\AppData\Local\Temp\nsh8C5F.exe

C:\Users\Eike Koopamann\AppData\Local\Temp\nsi8ED1.exe

C:\Users\Eike Koopamann\AppData\Local\Temp\nsk6D9A.exe
 
 

==================== Bamital & volsnap Check =================
 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 

LastRegBack: 2014-01-19 15:29
 

==================== End Of Log ============================

--- --- ---

Code:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-01-2014

Ran by Eike Koopamann at 2014-01-24 20:48:23

Running from C:\Users\Eike Koopamann\Downloads

Boot Mode: Normal

==========================================================
 
 

==================== Security Center ========================
 

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 

==================== Installed Programs ======================
 

Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)

Avira Free Antivirus (x32 Version: 14.0.2.286 - Avira)

Citrix Authentication Manager (x32 Version: 5.0.0.60597 - Citrix Systems, Inc.) Hidden

Citrix Receiver (DV) (x32 Version: 14.0.0.91 - Citrix Systems, Inc.) Hidden

Citrix Receiver (HDX Flash-Umleitung) (x32 Version: 14.0.0.91 - Citrix Systems, Inc.) Hidden

Citrix Receiver (USB) (x32 Version: 14.0.0.91 - Citrix Systems, Inc.) Hidden

Citrix Receiver (x32 Version: 14.0.0.91 - Citrix Systems, Inc.)

Citrix Receiver Inside (x32 Version: 3.4.0.45902 - Citrix Systems, Inc.) Hidden

Citrix Receiver Updater (x32 Version: 4.0.0.45893 - Citrix Systems, Inc.) Hidden

Citrix Receiver(Aero) (x32 Version: 14.0.0.91 - Citrix Systems, Inc.) Hidden

Classic Shell (Version: 3.6.8 - IvoSoft)

ElsterFormular (x32 Version: 14.4.12044 - Landesfinanzdirektion Thüringen)

FileParade bundle uninstaller (x32 Version: 1.0.0.0 - FileParade)

Intel AppUp(R) center (x32 Version: 3.8.0.41663.61 - Intel)

Intel(R) Management Engine Components (x32 Version: 8.1.0.1252 - Intel Corporation)

Intel(R) Processor Graphics (x32 Version: 9.17.10.2875 - Intel Corporation)

Intel(R) Rapid Storage Technology (x32 Version: 11.5.2.1001 - Intel Corporation)

Intel(R) SDK for OpenCL - CPU Only Runtime Package (x32 Version: 2.0.0.37149 - Intel Corporation)

Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden

Internet Updater (x32 Version: 2.6.57 - Parallel Lines Development, LLC) <==== ATTENTION

LibreOffice 4.1.0.4 (x32 Version: 4.1.0.4 - The Document Foundation)

Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)

McAfee Security Scan Plus (Version: 3.8.130.10 - McAfee, Inc.)

Microsoft Office (x32 Version: 15.0.4420.1017 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)

MozBackup 1.5.1 (x32 Version:  - Pavel Cvrcek)

Mozilla Firefox 26.0 (x86 de) (x32 Version: 26.0 - Mozilla)

Mozilla Maintenance Service (x32 Version: 26.0 - Mozilla)

Mozilla Thunderbird 17.0.8 (x86 de) (x32 Version: 17.0.8 - Mozilla)

Nokia Connectivity Cable Driver (Version: 7.1.32.69 - )

Online Plug-in (x32 Version: 14.0.0.91 - Citrix Systems, Inc.) Hidden

Optimizer Pro v3.2 (x32 Version:  - PC Utilities Software Limited) <==== ATTENTION

PDF24 Creator 5.7.0 (x32 Version:  - PDF24.org)

Premium Sound HD (Version: 1.12.6000 - DTS, Inc.)

Realtek Bluetooth Filter Driver Package (x32 Version: 12.24.2012.0802 - REALTEK Semiconductor Corp)

Realtek Bluetooth Filter Driver Package (x32 Version: 12.24.2012.0802 - REALTEK Semiconductor Corp) Hidden

Realtek Ethernet Controller Driver (x32 Version: 8.3.730.2012 - Realtek)

Realtek High Definition Audio Driver (x32 Version: 6.0.1.6794 - Realtek Semiconductor Corp.)

Realtek USB 2.0 Card Reader (x32 Version: 6.1.8400.30136 - Realtek Semiconductor Corp.)

Realtek WLAN Driver (x32 Version: 2.00.0020 - REALTEK Semiconductor Corp.)

Search Protect (x32 Version: 2.9.40.12 - Conduit) <==== ATTENTION

Self-Service Plug-in (x32 Version: 4.0.0.40674 - Citrix Systems, Inc.) Hidden

Shared C Run-time for x64 (Version: 10.0.0 - McAfee)

Synaptics Pointing Device Driver (Version: 16.3.4.0 - Synaptics Incorporated)

TOSHIBA Desktop Assist (Version: 1.00.08.6402 - Toshiba Corporation)

TOSHIBA eco Utility (Version: 2.0.0.6415 - Toshiba Corporation)

TOSHIBA Function Key (Version: 1.00.6626.6410 - Toshiba Corporation)

TOSHIBA Manuals (x32 Version: 10.10 - TOSHIBA)

TOSHIBA Password Utility (x32 Version: 2.00.973 - Toshiba Corporation)

TOSHIBA Password Utility (x32 Version: 2.00.973 - Toshiba Corporation) Hidden

TOSHIBA PC Health Monitor (Version: 1.8.17.640104 - Toshiba Corporation)

TOSHIBA Recovery Media Creator (x32 Version: 2.2.1.54043006 - Toshiba Corporation)

TOSHIBA Resolution+ Plug-in for Windows Media Player (x32 Version: 1.2.2.00 - TOSHIBA Corporation)

TOSHIBA Service Station (Version: 2.4.4 - TOSHIBA)

TOSHIBA System Driver (x32 Version: 1.00.0015 - Toshiba Corporation)

TOSHIBA System Settings (x32 Version: 1.00.0002.32002 - Toshiba Corporation)

Toshiba TEMPRO (x32 Version: 4.3.3 - Toshiba Europe GmbH)

TOSHIBA VIDEO PLAYER (Version: 5.1.0.21-A - Toshiba Corporation)

Updater (x32 Version: 2.6.53 - Creative Island Media, LLC)

Websteroids (x32 Version: 2.6.53 - Creative Island Media, LLC) <==== ATTENTION

Windows Driver Package - Realtek Semiconductor Corp. RtkBtFilter Bluetooth  (07/11/2012 2.3.13.3) (Version: 07/11/2012 2.3.13.3 - Realtek Semiconductor Corp.)
 

==================== Restore Points  =========================
 

17-01-2014 17:24:44 Windows Update
 

==================== Hosts content: ==========================
 

2012-07-26 06:26 - 2012-07-26 06:26 - 00000824 ____N C:\windows\system32\Drivers\etc\hosts
 

==================== Scheduled Tasks (whitelisted) =============
 

Task: {0A1CB763-BDC3-40BF-87B4-F1AE0CAA5020} - System32\Tasks\Toshiba\CommonNotifier => C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe [2013-01-04] (Toshiba Europe GmbH)

Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask

Task: {1CEDC5A2-E183-4BE9-BBCB-404EA7C62650} - System32\Tasks\Microsoft\Windows\Setup\Windows Upgrade Notification Task => C:\windows\system32\NotificationUI.exe [2013-08-16] (Microsoft Corporation)

Task: {1FCD2161-F8D6-4A23-A1DF-3742FE23B9BF} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-11-29] (Synaptics Incorporated)

Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList

Task: {8260E436-41C8-4649-9C17-44C4E45025A4} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2012-07-27] (TOSHIBA Corporation)

Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing

Task: {C15F0BA4-27D9-4E4F-8A09-8D5E3E97F1A7} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-10] (Adobe Systems Incorporated)

Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState

Task: {CEF8B262-C34A-4992-B98E-8B950462793E} - \Desk 365 RunAsStdUser No Task File

Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask

Task: {EE327E2B-FAFF-4880-B399-0CE2667FA2CC} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2013-08-16] (Microsoft Corporation)

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
 

==================== Loaded Modules (whitelisted) =============
 

2013-01-29 20:09 - 2012-11-01 14:43 - 00175008 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4396.1016_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll

2012-10-26 00:24 - 2012-10-24 06:44 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll

2012-07-19 02:38 - 2012-07-19 02:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll

2012-07-19 02:38 - 2012-07-19 02:38 - 00049064 _____ () C:\Program Files\TOSHIBA\Hotkey\Hotkey\FnZ.dll

2012-08-14 03:13 - 2012-08-14 03:13 - 00018344 _____ () C:\Program Files\TOSHIBA\Teco\TecoMUI.dll

2013-08-28 21:16 - 2013-08-28 21:16 - 01179136 _____ () C:\windows\assembly\NativeImages_v4.0.30319_64\Windows.UI\9fbc5975a21c5638ba05f81b9febfaee\Windows.UI.ni.dll

2013-11-09 17:30 - 2013-11-09 17:30 - 00351232 _____ () C:\windows\assembly\NativeImages_v4.0.30319_64\Windows.Data\967740f7ed74ebe361d82cba59a694b2\Windows.Data.ni.dll

2013-08-28 21:16 - 2013-08-28 21:16 - 00295936 _____ () C:\windows\assembly\NativeImages_v4.0.30319_64\Windows.Foundation\14050be959443e89237e6c9136ea8e5e\Windows.Foundation.ni.dll

2013-01-29 20:09 - 2012-11-01 14:43 - 00175008 _____ () C:\Program Files\WindowsApps\microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll

2013-08-11 10:19 - 2013-08-13 21:14 - 00394824 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll

2013-05-09 17:01 - 2012-06-25 18:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll

2014-01-23 20:03 - 2014-01-23 20:03 - 00186496 _____ () C:\Program Files (x86)\Optimizer Pro\OptProCrashSvc.dll

2014-01-23 20:03 - 2014-01-23 20:03 - 02961368 _____ () C:\Program Files (x86)\Optimizer Pro\OptProCrash.dll

2013-12-20 18:30 - 2013-12-20 18:30 - 03559024 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
 

==================== Alternate Data Streams (whitelisted) =========
 

AlternateDataStreams: C:\ProgramData\TEMP:373E1720
 

==================== Safe Mode (whitelisted) ===================
 
 

==================== Faulty Device Manager Devices =============
 
 

==================== Event log errors: =========================
 

Could not start eventlog service, could not read events.
 

Der angeforderte Dienst wurde bereits gestartet.
 

Sie erhalten weitere Hilfe, wenn Sie NET HELPMSG 2182 eingeben.
 
 

==================== Memory info =========================== 
 

Percentage of memory in use: 65%

Total physical RAM: 3979.21 MB

Available physical RAM: 1390 MB

Total Pagefile: 8075.21 MB

Available Pagefile: 4415.59 MB

Total Virtual: 8192 MB

Available Virtual: 8191.82 MB
 

==================== Drives ================================
 

Drive c: (TI31051200A) (Fixed) (Total:286.89 GB) (Free:243.74 GB) NTFS
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (Size: 298 GB) (Disk ID: 00000000)
 

Partition: GPT Partition Type

==================== End Of Log ============================

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

Code:

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org
 

Datenbank Version: v2014.01.25.08
 

Windows 8 x64 NTFS

Internet Explorer 10.0.9200.16750

Eike Koopamann :: EIKE [Administrator]
 

25.01.2014 15:42:43

mbam-log-2014-01-25 (15-42-43).txt
 

Art des Suchlaufs: Quick-Scan

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 205132

Laufzeit: 4 Minute(n), 3 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 0

(Keine bösartigen Objekte gefunden)
 

(Ende)

Code:

# AdwCleaner v3.017 - Bericht erstellt am 25/01/2014 um 15:33:27

# Aktualisiert 12/01/2014 von Xplode

# Betriebssystem : Windows 8  (64 bits)

# Benutzername : Eike Koopamann - EIKE

# Gestartet von : C:\Users\Eike Koopamann\Desktop\adwcleaner.exe

# Option : Löschen
 

***** [ Dienste ] *****
 

[#] Dienst Gelöscht : 70e6ca8c
 

***** [ Dateien / Ordner ] *****
 

Ordner Gelöscht : C:\ProgramData\RHelpers

Ordner Gelöscht : C:\Program Files (x86)\sweetpacks bundle uninstaller

Ordner Gelöscht : C:\Users\Eike Koopamann\AppData\Local\Searchprotect

Ordner Gelöscht : C:\Users\Eike Koopamann\AppData\Roaming\optimizer pro

Datei Gelöscht : C:\Users\Eike Koopamann\AppData\Roaming\Mozilla\Firefox\Profiles\nvxyvzwz.default\searchplugins\conduit-search.xml
 

***** [ Verknüpfungen ] *****
 
 

***** [ Registrierungsdatenbank ] *****
 

Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}

Schlüssel Gelöscht : HKCU\Software\Conduit

Schlüssel Gelöscht : HKCU\Software\IM

Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\DynConIE

Schlüssel Gelöscht : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}

Schlüssel Gelöscht : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}

Schlüssel Gelöscht : HKLM\Software\SearchProtect

Daten Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll

Daten Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL
 

***** [ Browser ] *****
 

-\\ Internet Explorer v10.0.9200.16537
 
 

-\\ Mozilla Firefox v26.0 (de)
 

[ Datei : C:\Users\Eike Koopamann\AppData\Roaming\Mozilla\Firefox\Profiles\nvxyvzwz.default\prefs.js ]
 

Zeile gelöscht : user_pref("browser.newtab.url", "hxxp://search.conduit.com/?ctid=CT3323737&octid=EB_ORIGINAL_CTID&SearchSource=69&CUI=&SSPV=&Lay=1&UM=2&UP=SPAADC6004-D67A-4068-997F-B273C887E248");

Zeile gelöscht : user_pref("browser.search.defaultenginename", "Conduit Search");

Zeile gelöscht : user_pref("browser.search.selectedEngine", "Conduit Search");

Zeile gelöscht : user_pref("extentions.webcake.installId", "51611ED4-A4D9-B305-7D4B-73E165587581");

Zeile gelöscht : user_pref("extentions.webcake.installId_backup", "51611ED4-A4D9-B305-7D4B-73E165587581");
 

*************************
 

AdwCleaner[R0].txt - [6068 octets] - [04/12/2013 17:46:29]

AdwCleaner[R1].txt - [2964 octets] - [25/01/2014 15:32:09]

AdwCleaner[R2].txt - [3024 octets] - [25/01/2014 15:32:57]

AdwCleaner[S0].txt - [5516 octets] - [04/12/2013 17:47:14]

AdwCleaner[S1].txt - [2732 octets] - [25/01/2014 15:33:27]
 

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [2792 octets] ##########

Code:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.1.0 (01.07.2014:1)

OS: Windows 8 x64

Ran by Eike Koopamann on 25.01.2014 at 15:38:52,10

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 

~~~ Services
 
 
 

~~~ Registry Values
 

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
 
 
 

~~~ Registry Keys
 
 
 

~~~ Files
 
 
 

~~~ Folders
 
 
 

~~~ FireFox
 

Emptied folder: C:\Users\Eike Koopamann\AppData\Roaming\mozilla\firefox\profiles\nvxyvzwz.default\minidumps [7 files]
 
 
 

~~~ Event Viewer Logs were cleared
 
 
 
 
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 25.01.2014 at 15:44:07,90

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2014

Ran by Eike Koopamann (administrator) on EIKE on 25-01-2014 15:48:35

Running from C:\Users\Eike Koopamann\Downloads

Windows 8 (X64) OS Language: German Standard

Internet Explorer Version 10

Boot Mode: Normal
 
 
 

==================== Processes (Whitelisted) =================
 

(IvoSoft) C:\Program Files\Classic Shell\ClassicShellService.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

() C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4396.1016_x64__8wekyb3d8bbwe\LiveComm.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

() C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe

(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe

(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe

(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe

(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe

(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\Receiver\Receiver.exe

(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe

(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe

(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe

(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe

(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
 
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [] - [x]

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13261456 2012-11-29] (Realtek Semiconductor)

HKLM\...\Run: [TCrdMain] - C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2565544 2012-10-31] ()

HKLM\...\Run: [TODDMain] - C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-04] ()

HKLM\...\Run: [TecoResident] - C:\Program Files\TOSHIBA\Teco\TecoResident.exe [169896 2012-08-14] (TOSHIBA Corporation)

HKLM\...\Run: [TosWaitSrv] - C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [356776 2012-07-11] (TOSHIBA Corporation)

HKLM\...\Run: [SRS Premium Sound HD] - C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe [2172816 2012-10-22] (SRS Labs, Inc.)

HKLM-x32\...\Run: [Intel AppUp(R) center] - C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [156000 2012-12-18] (Intel Corporation)

HKLM-x32\...\Run: [TPUReg] - C:\Program Files (x86)\TOSHIBA\Password Utility\TosPU.exe [7152640 2012-12-05] (Pegatron Corporation)

HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-19] (Avira Operations GmbH & Co. KG)

HKLM-x32\...\Run: [PDFPrint] - C:\Program Files (x86)\PDF24\pdf24.exe [162856 2013-07-22] (Geek Software GmbH)

HKLM-x32\...\Run: [CitrixReceiver] - "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"

HKLM-x32\...\Run: [ConnectionCenter] - C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [395656 2013-06-14] (Citrix Systems, Inc.)

HKLM-x32\...\Run: [Redirector] - C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [153992 2013-06-14] (Citrix Systems, Inc.)

Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)

MountPoints2: {29bedb58-8051-11e3-be94-24fd5215b36f} - "E:\Startme.exe" 
 

==================== Internet (Whitelisted) ====================
 

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 

SearchScopes: HKLM - {92DBA33B-89A9-4441-965D-BE7A8C1BC452} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATMJS

SearchScopes: HKLM-x32 - {92DBA33B-89A9-4441-965D-BE7A8C1BC452} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATMJS

SearchScopes: HKCU - {92DBA33B-89A9-4441-965D-BE7A8C1BC452} URL = 

BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)

BHO: ClassicIE9BHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_64.dll (IvoSoft)

BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)

BHO-x32: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)

BHO-x32: ClassicIE9BHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_32.dll (IvoSoft)

Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)

Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)

Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
 

FireFox:

========

FF ProfilePath: C:\Users\Eike Koopamann\AppData\Roaming\Mozilla\Firefox\Profiles\nvxyvzwz.default

FF SearchEngineOrder.1: Google

FF Homepage: www.google.de

FF Keyword.URL: hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q=

FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()

FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()

FF Plugin-x32: @Citrix.com/npican - C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml

FF Extension: Websteroids - C:\Users\Eike Koopamann\AppData\Roaming\Mozilla\Firefox\Profiles\nvxyvzwz.default\Extensions\support@websteroidsapp.com [2014-01-23]

FF Extension: Adblock Plus - C:\Users\Eike Koopamann\AppData\Roaming\Mozilla\Firefox\Profiles\nvxyvzwz.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-08-11]

FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
 

==================== Services (Whitelisted) =================
 

U2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-19] (Avira Operations GmbH & Co. KG)

U2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-25] (Avira Operations GmbH & Co. KG)

U4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1011768 2013-12-19] (Avira Operations GmbH & Co. KG)

U2 ClassicShellService; C:\Program Files\Classic Shell\ClassicShellService.exe [68608 2013-06-29] (IvoSoft)

U2 GFNEXSrv; C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe [156672 2011-10-13] ()

U2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)

U2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)

U2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)

U2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

U3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)

U2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [201872 2012-12-05] (Realtek Semiconductor)

U3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [116240 2013-01-04] (Toshiba Europe GmbH)

U3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation)
 

==================== Drivers (Whitelisted) ====================
 

U2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-19] (Avira Operations GmbH & Co. KG)

U1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131576 2013-12-19] (Avira Operations GmbH & Co. KG)

U1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG)

U2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [84720 2013-12-19] (Avira Operations GmbH & Co. KG)

U3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)

U3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)

U2 PEGAGFN; C:\Program Files (x86)\TOSHIBA\Password Utility\PEGAGFN.sys [14344 2009-09-11] (PEGATRON)

U3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [24208 2012-07-11] (Realtek Microelectronics)

U3 RTL8192Ce; C:\Windows\system32\DRIVERS\rtwlane.sys [1498256 2012-08-29] (Realtek Semiconductor Corporation                           )

U3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1498256 2012-08-29] (Realtek Semiconductor Corporation                           )

U3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31032 2012-11-29] (Synaptics Incorporated)

U3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [28632 2012-07-31] (Windows (R) Win 7 DDK provider)

U3 WUDFWpdComp; C:\Windows\system32\DRIVERS\WUDFRd.sys [198656 2012-07-26] (Microsoft Corporation)

U4 esgiguard; 
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2014-01-25 15:44 - 2014-01-25 15:44 - 00000890 _____ C:\Users\Eike Koopamann\Desktop\JRT.txt

2014-01-25 15:37 - 2014-01-25 15:37 - 01037068 _____ (Thisisu) C:\Users\Eike Koopamann\Desktop\JRT.exe

2014-01-25 15:30 - 2014-01-25 15:30 - 01236282 _____ C:\Users\Eike Koopamann\Desktop\adwcleaner.exe

2014-01-25 15:14 - 2014-01-25 15:14 - 00001084 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-01-25 15:12 - 2014-01-25 15:12 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Eike Koopamann\Downloads\mbam-setup-1.75.0.1300(1).exe

2014-01-24 20:48 - 2014-01-24 20:49 - 00011495 _____ C:\Users\Eike Koopamann\Downloads\Addition.txt

2014-01-24 20:45 - 2014-01-25 15:48 - 00017401 _____ C:\Users\Eike Koopamann\Downloads\FRST.txt

2014-01-24 20:44 - 2014-01-24 20:44 - 02077696 _____ (Farbar) C:\Users\Eike Koopamann\Downloads\FRST64.exe

2014-01-23 20:04 - 2014-01-23 20:04 - 00000000 ____D C:\Users\Eike Koopamann\AppData\Roaming\ICAClient

2014-01-23 20:03 - 2014-01-23 20:06 - 00000000 ____D C:\Users\Eike Koopamann\AppData\Local\Citrix

2014-01-23 20:03 - 2014-01-23 20:04 - 00000000 ____D C:\ProgramData\Citrix

2014-01-23 20:03 - 2014-01-23 20:04 - 00000000 ____D C:\Program Files (x86)\Citrix

2014-01-23 20:02 - 2014-01-25 15:26 - 00000000 ____D C:\ProgramData\Updater

2014-01-23 20:01 - 2014-01-23 20:01 - 00000000 ____D C:\Users\Eike Koopamann\Downloads\Citrix_Receiver_TSV126G03

2014-01-19 19:23 - 2014-01-19 19:23 - 00000000 ____D C:\Users\Eike Koopamann\AppData\Roaming\sMedio

2014-01-18 10:06 - 2013-12-07 07:37 - 00688640 _____ (Microsoft Corporation) C:\windows\system32\WSShared.dll

2014-01-18 10:06 - 2013-12-07 07:37 - 00163840 _____ (Microsoft Corporation) C:\windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll

2014-01-18 10:06 - 2013-12-07 06:15 - 00562688 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSShared.dll

2014-01-18 10:06 - 2013-12-07 06:15 - 00124928 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll

2014-01-15 18:29 - 2013-10-31 06:56 - 00915968 _____ (Microsoft Corporation) C:\windows\system32\MPSSVC.dll

2014-01-15 18:29 - 2013-10-31 06:56 - 00758784 _____ (Microsoft Corporation) C:\windows\system32\FirewallAPI.dll

2014-01-15 18:29 - 2013-10-31 05:01 - 00550400 _____ (Microsoft Corporation) C:\windows\SysWOW64\FirewallAPI.dll

2014-01-15 18:29 - 2013-10-31 04:42 - 00074752 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mpsdrv.sys

2014-01-15 18:29 - 2013-10-28 06:50 - 00588288 _____ (Microsoft Corporation) C:\windows\system32\SHCore.dll

2014-01-15 18:29 - 2013-10-28 05:05 - 00452608 _____ (Microsoft Corporation) C:\windows\SysWOW64\SHCore.dll

2014-01-15 18:29 - 2013-10-13 21:49 - 00100696 _____ (Microsoft Corporation) C:\windows\system32\Drivers\disk.sys

2014-01-15 18:29 - 2013-08-27 06:21 - 00227840 _____ (Microsoft Corporation) C:\windows\system32\WebClnt.dll

2014-01-15 18:29 - 2013-08-27 06:19 - 00104448 _____ (Microsoft Corporation) C:\windows\system32\davclnt.dll

2014-01-15 18:29 - 2013-08-26 23:29 - 00199168 _____ (Microsoft Corporation) C:\windows\SysWOW64\WebClnt.dll

2014-01-15 18:29 - 2013-08-26 23:28 - 00086016 _____ (Microsoft Corporation) C:\windows\SysWOW64\davclnt.dll

2013-12-29 23:06 - 2013-12-29 23:06 - 479824446 _____ C:\windows\MEMORY.DMP

2013-12-29 23:06 - 2013-12-29 23:06 - 00285920 _____ C:\windows\Minidump\122913-18671-01.dmp

2013-12-29 23:06 - 2013-12-29 23:06 - 00000000 ____D C:\windows\Minidump

2013-12-28 23:46 - 2013-12-28 23:46 - 00329024 _____ C:\windows\system32\FNTCACHE.DAT
 

==================== One Month Modified Files and Folders =======
 

2014-01-25 15:48 - 2014-01-24 20:45 - 00017401 _____ C:\Users\Eike Koopamann\Downloads\FRST.txt

2014-01-25 15:44 - 2014-01-25 15:44 - 00000890 _____ C:\Users\Eike Koopamann\Desktop\JRT.txt

2014-01-25 15:43 - 2013-08-16 15:07 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job

2014-01-25 15:37 - 2014-01-25 15:37 - 01037068 _____ (Thisisu) C:\Users\Eike Koopamann\Desktop\JRT.exe

2014-01-25 15:34 - 2012-07-26 08:22 - 00000006 ____H C:\windows\Tasks\SA.DAT

2014-01-25 15:33 - 2013-12-04 17:45 - 00000000 ____D C:\AdwCleaner

2014-01-25 15:30 - 2014-01-25 15:30 - 01236282 _____ C:\Users\Eike Koopamann\Desktop\adwcleaner.exe

2014-01-25 15:26 - 2014-01-23 20:02 - 00000000 ____D C:\ProgramData\Updater

2014-01-25 15:26 - 2013-08-11 17:48 - 02035537 _____ C:\windows\WindowsUpdate.log

2014-01-25 15:26 - 2013-01-30 03:47 - 00063406 _____ C:\windows\PFRO.log

2014-01-25 15:26 - 2012-07-26 06:26 - 00262144 ___SH C:\windows\system32\config\BBI

2014-01-25 15:14 - 2014-01-25 15:14 - 00001084 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-01-25 15:14 - 2013-11-08 17:56 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2014-01-25 15:12 - 2014-01-25 15:12 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Eike Koopamann\Downloads\mbam-setup-1.75.0.1300(1).exe

2014-01-25 15:12 - 2012-07-26 09:12 - 00000000 ____D C:\windows\system32\sru

2014-01-24 20:49 - 2014-01-24 20:48 - 00011495 _____ C:\Users\Eike Koopamann\Downloads\Addition.txt

2014-01-24 20:44 - 2014-01-24 20:44 - 02077696 _____ (Farbar) C:\Users\Eike Koopamann\Downloads\FRST64.exe

2014-01-23 20:06 - 2014-01-23 20:03 - 00000000 ____D C:\Users\Eike Koopamann\AppData\Local\Citrix

2014-01-23 20:04 - 2014-01-23 20:04 - 00000000 ____D C:\Users\Eike Koopamann\AppData\Roaming\ICAClient

2014-01-23 20:04 - 2014-01-23 20:03 - 00000000 ____D C:\ProgramData\Citrix

2014-01-23 20:04 - 2014-01-23 20:03 - 00000000 ____D C:\Program Files (x86)\Citrix

2014-01-23 20:01 - 2014-01-23 20:01 - 00000000 ____D C:\Users\Eike Koopamann\Downloads\Citrix_Receiver_TSV126G03

2014-01-19 19:23 - 2014-01-19 19:23 - 00000000 ____D C:\Users\Eike Koopamann\AppData\Roaming\sMedio

2014-01-19 19:21 - 2012-07-26 08:21 - 00029633 _____ C:\windows\setupact.log

2014-01-18 15:58 - 2013-08-18 20:50 - 00000000 ____D C:\windows\system32\MRT

2014-01-18 15:58 - 2012-07-26 09:12 - 00000000 ____D C:\windows\WinStore

2014-01-18 15:56 - 2013-08-18 20:50 - 86054176 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe

2014-01-13 21:03 - 2012-07-26 09:12 - 00000000 ____D C:\windows\AUInstallAgent

2014-01-10 20:43 - 2012-08-01 17:55 - 00780976 _____ C:\windows\system32\perfh010.dat

2014-01-10 20:43 - 2012-08-01 17:55 - 00152608 _____ C:\windows\system32\perfc010.dat

2014-01-10 20:43 - 2012-08-01 17:38 - 00753134 _____ C:\windows\system32\perfh007.dat

2014-01-10 20:43 - 2012-08-01 17:38 - 00155826 _____ C:\windows\system32\perfc007.dat

2014-01-10 20:43 - 2012-07-26 08:28 - 02679026 _____ C:\windows\system32\PerfStringBackup.INI

2014-01-09 09:02 - 2013-11-19 21:21 - 00694240 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe

2014-01-09 09:02 - 2013-11-19 21:21 - 00078296 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl

2013-12-29 23:06 - 2013-12-29 23:06 - 479824446 _____ C:\windows\MEMORY.DMP

2013-12-29 23:06 - 2013-12-29 23:06 - 00285920 _____ C:\windows\Minidump\122913-18671-01.dmp

2013-12-29 23:06 - 2013-12-29 23:06 - 00000000 ____D C:\windows\Minidump

2013-12-28 23:46 - 2013-12-28 23:46 - 00329024 _____ C:\windows\system32\FNTCACHE.DAT

2013-12-28 23:46 - 2013-08-11 18:03 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

2013-12-28 23:44 - 2012-07-26 06:38 - 00000000 ____D C:\windows\system32\oobe
 

Some content of TEMP:

====================

C:\Users\Eike Koopamann\AppData\Local\Temp\avgnt.exe

C:\Users\Eike Koopamann\AppData\Local\Temp\Quarantine.exe
 
 

==================== Bamital & volsnap Check =================
 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 

LastRegBack: 2014-01-19 15:29
 

==================== End Of Log ============================

--- --- ---

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

Code:

ESETSmartInstaller@High as downloader log:

all ok

# version=8

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6920

# api_version=3.0.2

# EOSSerial=cfd0e1f5f6c872488d66e365b74a5b96

# engine=16799

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=false

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2014-01-26 10:27:41

# local_time=2014-01-26 11:27:41 (+0100, Mitteleuropäische Zeit)

# country="Germany"

# lang=1033

# osver=6.2.9200 NT 

# compatibility_mode=1799 16775165 100 96 75303 161406966 68073 0

# compatibility_mode=5893 16776574 100 94 4558302 37628482 0 0

# scanned=181021

# found=3

# cleaned=0

# scan_time=3453

sh=42BE14A1364480B439C0FC2592A4BB86E04F4219 ft=1 fh=23eba6a0d8026998 vn="probably a variant of Win32/Adware.Yontoo.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Betcat\WebCakeIEClient.dll.vir"

sh=759D415B53185628CA25492523A5B2BC7E562D4A ft=1 fh=2db2a80633ac8466 vn="probably a variant of Win32/Adware.Yontoo.B application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\_Setupx.dll.vir"

sh=96C0D8FAE0FA351F8ED8FFAAE02A7D6EB4BAD4AD ft=0 fh=0000000000000000 vn="JS/Adware.Yontoo.C application" ac=I fn="C:\FRST\Quarantine\plugins@getwebcake.com.xpi"

Code:

 Results of screen317's Security Check version 0.99.79  

   x64 (UAC is enabled)  

 Internet Explorer 10 Out of date! 
 ``````````````Antivirus/Firewall Check:`````````````` 

Windows Defender   

Avira Desktop      

 Antivirus up to date!  (On Access scanning disabled!) 
 `````````Anti-malware/Other Utilities Check:````````` 

 Malwarebytes Anti-Malware Version 1.75.0.1300  

 Adobe Flash Player         11.9.900.170  

 Mozilla Firefox (26.0) 

 Mozilla Thunderbird (17.0.8) 
 ````````Process Check: objlist.exe by Laurent````````  

 Malwarebytes Anti-Malware mbamservice.exe  

 Malwarebytes Anti-Malware mbamgui.exe  

 Avira Antivir avgnt.exe 

 Avira Antivir avguard.exe 

 Malwarebytes' Anti-Malware mbamscheduler.exe   
 `````````````````System Health check````````````````` 

 Total Fragmentation on Drive C:  % 
 ````````````````````End of Log``````````````````````

FRST Logfile:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-01-2014 01

Ran by Eike Koopamann (administrator) on EIKE on 26-01-2014 11:36:31

Running from C:\Users\Eike Koopamann\Downloads

Windows 8 (X64) OS Language: German Standard

Internet Explorer Version 10

Boot Mode: Normal
 
 
 

==================== Processes (Whitelisted) =================
 

(IvoSoft) C:\Program Files\Classic Shell\ClassicShellService.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

() C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4396.1016_x64__8wekyb3d8bbwe\LiveComm.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

() C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe

(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe

(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe

(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe

(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe

(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\Receiver\Receiver.exe

(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe

(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe

(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe

(Microsoft Corporation) C:\Windows\System32\WWAHost.exe

(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe\LiveComm.exe

(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe

(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
 
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [] - [x]

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13261456 2012-11-29] (Realtek Semiconductor)

HKLM\...\Run: [TCrdMain] - C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2565544 2012-10-31] ()

HKLM\...\Run: [TODDMain] - C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-04] ()

HKLM\...\Run: [TecoResident] - C:\Program Files\TOSHIBA\Teco\TecoResident.exe [169896 2012-08-14] (TOSHIBA Corporation)

HKLM\...\Run: [TosWaitSrv] - C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [356776 2012-07-11] (TOSHIBA Corporation)

HKLM\...\Run: [SRS Premium Sound HD] - C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe [2172816 2012-10-22] (SRS Labs, Inc.)

HKLM-x32\...\Run: [Intel AppUp(R) center] - C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [156000 2012-12-18] (Intel Corporation)

HKLM-x32\...\Run: [TPUReg] - C:\Program Files (x86)\TOSHIBA\Password Utility\TosPU.exe [7152640 2012-12-05] (Pegatron Corporation)

HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-19] (Avira Operations GmbH & Co. KG)

HKLM-x32\...\Run: [PDFPrint] - C:\Program Files (x86)\PDF24\pdf24.exe [162856 2013-07-22] (Geek Software GmbH)

HKLM-x32\...\Run: [CitrixReceiver] - "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"

HKLM-x32\...\Run: [ConnectionCenter] - C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [395656 2013-06-14] (Citrix Systems, Inc.)

HKLM-x32\...\Run: [Redirector] - C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [153992 2013-06-14] (Citrix Systems, Inc.)

Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)

MountPoints2: {29bedb58-8051-11e3-be94-24fd5215b36f} - "E:\Startme.exe" 
 

==================== Internet (Whitelisted) ====================
 

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 

SearchScopes: HKLM - {92DBA33B-89A9-4441-965D-BE7A8C1BC452} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATMJS

SearchScopes: HKLM-x32 - {92DBA33B-89A9-4441-965D-BE7A8C1BC452} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATMJS

SearchScopes: HKCU - DefaultScope {92DBA33B-89A9-4441-965D-BE7A8C1BC452} URL = 

SearchScopes: HKCU - {92DBA33B-89A9-4441-965D-BE7A8C1BC452} URL = 

BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)

BHO: ClassicIE9BHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_64.dll (IvoSoft)

BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)

BHO-x32: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)

BHO-x32: ClassicIE9BHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_32.dll (IvoSoft)

Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)

Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)

Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
 

FireFox:

========

FF ProfilePath: C:\Users\Eike Koopamann\AppData\Roaming\Mozilla\Firefox\Profiles\nvxyvzwz.default

FF SearchEngineOrder.1: Google

FF Homepage: www.google.de

FF Keyword.URL: hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q=

FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()

FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()

FF Plugin-x32: @Citrix.com/npican - C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml

FF Extension: Websteroids - C:\Users\Eike Koopamann\AppData\Roaming\Mozilla\Firefox\Profiles\nvxyvzwz.default\Extensions\support@websteroidsapp.com [2014-01-23]

FF Extension: Adblock Plus - C:\Users\Eike Koopamann\AppData\Roaming\Mozilla\Firefox\Profiles\nvxyvzwz.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-08-11]

FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
 

==================== Services (Whitelisted) =================
 

U2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-19] (Avira Operations GmbH & Co. KG)

U2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-25] (Avira Operations GmbH & Co. KG)

U4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1011768 2013-12-19] (Avira Operations GmbH & Co. KG)

U2 ClassicShellService; C:\Program Files\Classic Shell\ClassicShellService.exe [68608 2013-06-29] (IvoSoft)

U2 GFNEXSrv; C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe [156672 2011-10-13] ()

U2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)

U2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)

U2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)

U2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

U3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)

U2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [201872 2012-12-05] (Realtek Semiconductor)

U3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [116240 2013-01-04] (Toshiba Europe GmbH)

U3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation)
 

==================== Drivers (Whitelisted) ====================
 

U2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-19] (Avira Operations GmbH & Co. KG)

U1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131576 2013-12-19] (Avira Operations GmbH & Co. KG)

U1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG)

U2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [84720 2013-12-19] (Avira Operations GmbH & Co. KG)

U3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)

U3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)

U2 PEGAGFN; C:\Program Files (x86)\TOSHIBA\Password Utility\PEGAGFN.sys [14344 2009-09-11] (PEGATRON)

U3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [24208 2012-07-11] (Realtek Microelectronics)

U3 RTL8192Ce; C:\Windows\system32\DRIVERS\rtwlane.sys [1498256 2012-08-29] (Realtek Semiconductor Corporation                           )

U3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1498256 2012-08-29] (Realtek Semiconductor Corporation                           )

U3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31032 2012-11-29] (Synaptics Incorporated)

U3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [28632 2012-07-31] (Windows (R) Win 7 DDK provider)

U3 WUDFWpdComp; C:\Windows\system32\DRIVERS\WUDFRd.sys [198656 2012-07-26] (Microsoft Corporation)

U4 esgiguard; 
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2014-01-26 11:36 - 2014-01-26 11:36 - 00000000 ____D C:\Users\Eike Koopamann\Downloads\FRST-OlderVersion

2014-01-26 11:33 - 2014-01-26 11:33 - 00987425 _____ C:\Users\Eike Koopamann\Desktop\SecurityCheck.exe

2014-01-26 10:25 - 2014-01-26 10:25 - 02347384 _____ (ESET) C:\Users\Eike Koopamann\Downloads\esetsmartinstaller_enu(1).exe

2014-01-26 10:24 - 2014-01-26 10:25 - 02347384 _____ (ESET) C:\Users\Eike Koopamann\Downloads\esetsmartinstaller_enu.exe

2014-01-25 15:44 - 2014-01-25 15:44 - 00000890 _____ C:\Users\Eike Koopamann\Desktop\JRT.txt

2014-01-25 15:37 - 2014-01-25 15:37 - 01037068 _____ (Thisisu) C:\Users\Eike Koopamann\Desktop\JRT.exe

2014-01-25 15:30 - 2014-01-25 15:30 - 01236282 _____ C:\Users\Eike Koopamann\Desktop\adwcleaner.exe

2014-01-25 15:14 - 2014-01-25 15:14 - 00001084 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-01-25 15:12 - 2014-01-25 15:12 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Eike Koopamann\Downloads\mbam-setup-1.75.0.1300(1).exe

2014-01-24 20:48 - 2014-01-24 20:49 - 00011495 _____ C:\Users\Eike Koopamann\Downloads\Addition.txt

2014-01-24 20:45 - 2014-01-26 11:36 - 00017666 _____ C:\Users\Eike Koopamann\Downloads\FRST.txt

2014-01-24 20:44 - 2014-01-26 11:36 - 02078208 _____ (Farbar) C:\Users\Eike Koopamann\Downloads\FRST64.exe

2014-01-23 20:04 - 2014-01-23 20:04 - 00000000 ____D C:\Users\Eike Koopamann\AppData\Roaming\ICAClient

2014-01-23 20:03 - 2014-01-23 20:06 - 00000000 ____D C:\Users\Eike Koopamann\AppData\Local\Citrix

2014-01-23 20:03 - 2014-01-23 20:04 - 00000000 ____D C:\ProgramData\Citrix

2014-01-23 20:03 - 2014-01-23 20:04 - 00000000 ____D C:\Program Files (x86)\Citrix

2014-01-23 20:02 - 2014-01-25 15:26 - 00000000 ____D C:\ProgramData\Updater

2014-01-19 19:23 - 2014-01-19 19:23 - 00000000 ____D C:\Users\Eike Koopamann\AppData\Roaming\sMedio

2014-01-18 10:06 - 2013-12-07 07:37 - 00688640 _____ (Microsoft Corporation) C:\windows\system32\WSShared.dll

2014-01-18 10:06 - 2013-12-07 07:37 - 00163840 _____ (Microsoft Corporation) C:\windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll

2014-01-18 10:06 - 2013-12-07 06:15 - 00562688 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSShared.dll

2014-01-18 10:06 - 2013-12-07 06:15 - 00124928 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll

2014-01-15 18:29 - 2013-10-31 06:56 - 00915968 _____ (Microsoft Corporation) C:\windows\system32\MPSSVC.dll

2014-01-15 18:29 - 2013-10-31 06:56 - 00758784 _____ (Microsoft Corporation) C:\windows\system32\FirewallAPI.dll

2014-01-15 18:29 - 2013-10-31 05:01 - 00550400 _____ (Microsoft Corporation) C:\windows\SysWOW64\FirewallAPI.dll

2014-01-15 18:29 - 2013-10-31 04:42 - 00074752 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mpsdrv.sys

2014-01-15 18:29 - 2013-10-28 06:50 - 00588288 _____ (Microsoft Corporation) C:\windows\system32\SHCore.dll

2014-01-15 18:29 - 2013-10-28 05:05 - 00452608 _____ (Microsoft Corporation) C:\windows\SysWOW64\SHCore.dll

2014-01-15 18:29 - 2013-10-13 21:49 - 00100696 _____ (Microsoft Corporation) C:\windows\system32\Drivers\disk.sys

2014-01-15 18:29 - 2013-08-27 06:21 - 00227840 _____ (Microsoft Corporation) C:\windows\system32\WebClnt.dll

2014-01-15 18:29 - 2013-08-27 06:19 - 00104448 _____ (Microsoft Corporation) C:\windows\system32\davclnt.dll

2014-01-15 18:29 - 2013-08-26 23:29 - 00199168 _____ (Microsoft Corporation) C:\windows\SysWOW64\WebClnt.dll

2014-01-15 18:29 - 2013-08-26 23:28 - 00086016 _____ (Microsoft Corporation) C:\windows\SysWOW64\davclnt.dll

2013-12-29 23:06 - 2013-12-29 23:06 - 479824446 _____ C:\windows\MEMORY.DMP

2013-12-29 23:06 - 2013-12-29 23:06 - 00285920 _____ C:\windows\Minidump\122913-18671-01.dmp

2013-12-29 23:06 - 2013-12-29 23:06 - 00000000 ____D C:\windows\Minidump

2013-12-28 23:46 - 2013-12-28 23:46 - 00329024 _____ C:\windows\system32\FNTCACHE.DAT
 

==================== One Month Modified Files and Folders =======
 

2014-01-26 11:36 - 2014-01-26 11:36 - 00000000 ____D C:\Users\Eike Koopamann\Downloads\FRST-OlderVersion

2014-01-26 11:36 - 2014-01-24 20:45 - 00017666 _____ C:\Users\Eike Koopamann\Downloads\FRST.txt

2014-01-26 11:36 - 2014-01-24 20:44 - 02078208 _____ (Farbar) C:\Users\Eike Koopamann\Downloads\FRST64.exe

2014-01-26 11:36 - 2013-12-03 23:28 - 00000000 ____D C:\FRST

2014-01-26 11:33 - 2014-01-26 11:33 - 00987425 _____ C:\Users\Eike Koopamann\Desktop\SecurityCheck.exe

2014-01-26 11:00 - 2012-07-26 09:12 - 00000000 ____D C:\windows\system32\sru

2014-01-26 10:43 - 2013-08-16 15:07 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job

2014-01-26 10:32 - 2013-08-11 17:48 - 02077813 _____ C:\windows\WindowsUpdate.log

2014-01-26 10:25 - 2014-01-26 10:25 - 02347384 _____ (ESET) C:\Users\Eike Koopamann\Downloads\esetsmartinstaller_enu(1).exe

2014-01-26 10:25 - 2014-01-26 10:24 - 02347384 _____ (ESET) C:\Users\Eike Koopamann\Downloads\esetsmartinstaller_enu.exe

2014-01-25 15:44 - 2014-01-25 15:44 - 00000890 _____ C:\Users\Eike Koopamann\Desktop\JRT.txt

2014-01-25 15:37 - 2014-01-25 15:37 - 01037068 _____ (Thisisu) C:\Users\Eike Koopamann\Desktop\JRT.exe

2014-01-25 15:34 - 2012-07-26 08:22 - 00000006 ____H C:\windows\Tasks\SA.DAT

2014-01-25 15:33 - 2013-12-04 17:45 - 00000000 ____D C:\AdwCleaner

2014-01-25 15:30 - 2014-01-25 15:30 - 01236282 _____ C:\Users\Eike Koopamann\Desktop\adwcleaner.exe

2014-01-25 15:26 - 2014-01-23 20:02 - 00000000 ____D C:\ProgramData\Updater

2014-01-25 15:26 - 2013-01-30 03:47 - 00063406 _____ C:\windows\PFRO.log

2014-01-25 15:26 - 2012-07-26 06:26 - 00262144 ___SH C:\windows\system32\config\BBI

2014-01-25 15:14 - 2014-01-25 15:14 - 00001084 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-01-25 15:14 - 2013-11-08 17:56 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2014-01-25 15:12 - 2014-01-25 15:12 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Eike Koopamann\Downloads\mbam-setup-1.75.0.1300(1).exe

2014-01-24 20:49 - 2014-01-24 20:48 - 00011495 _____ C:\Users\Eike Koopamann\Downloads\Addition.txt

2014-01-23 20:06 - 2014-01-23 20:03 - 00000000 ____D C:\Users\Eike Koopamann\AppData\Local\Citrix

2014-01-23 20:04 - 2014-01-23 20:04 - 00000000 ____D C:\Users\Eike Koopamann\AppData\Roaming\ICAClient

2014-01-23 20:04 - 2014-01-23 20:03 - 00000000 ____D C:\ProgramData\Citrix

2014-01-23 20:04 - 2014-01-23 20:03 - 00000000 ____D C:\Program Files (x86)\Citrix

2014-01-19 19:23 - 2014-01-19 19:23 - 00000000 ____D C:\Users\Eike Koopamann\AppData\Roaming\sMedio

2014-01-19 19:21 - 2012-07-26 08:21 - 00029633 _____ C:\windows\setupact.log

2014-01-18 15:58 - 2013-08-18 20:50 - 00000000 ____D C:\windows\system32\MRT

2014-01-18 15:58 - 2012-07-26 09:12 - 00000000 ____D C:\windows\WinStore

2014-01-18 15:56 - 2013-08-18 20:50 - 86054176 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe

2014-01-13 21:03 - 2012-07-26 09:12 - 00000000 ____D C:\windows\AUInstallAgent

2014-01-10 20:43 - 2012-08-01 17:55 - 00780976 _____ C:\windows\system32\perfh010.dat

2014-01-10 20:43 - 2012-08-01 17:55 - 00152608 _____ C:\windows\system32\perfc010.dat

2014-01-10 20:43 - 2012-08-01 17:38 - 00753134 _____ C:\windows\system32\perfh007.dat

2014-01-10 20:43 - 2012-08-01 17:38 - 00155826 _____ C:\windows\system32\perfc007.dat

2014-01-10 20:43 - 2012-07-26 08:28 - 02679026 _____ C:\windows\system32\PerfStringBackup.INI

2014-01-09 09:02 - 2013-11-19 21:21 - 00694240 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe

2014-01-09 09:02 - 2013-11-19 21:21 - 00078296 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl

2013-12-29 23:06 - 2013-12-29 23:06 - 479824446 _____ C:\windows\MEMORY.DMP

2013-12-29 23:06 - 2013-12-29 23:06 - 00285920 _____ C:\windows\Minidump\122913-18671-01.dmp

2013-12-29 23:06 - 2013-12-29 23:06 - 00000000 ____D C:\windows\Minidump

2013-12-28 23:46 - 2013-12-28 23:46 - 00329024 _____ C:\windows\system32\FNTCACHE.DAT

2013-12-28 23:46 - 2013-08-11 18:03 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

2013-12-28 23:44 - 2012-07-26 06:38 - 00000000 ____D C:\windows\system32\oobe
 

Some content of TEMP:

====================

C:\Users\Eike Koopamann\AppData\Local\Temp\avgnt.exe

C:\Users\Eike Koopamann\AppData\Local\Temp\Quarantine.exe
 
 

==================== Bamital & volsnap Check =================
 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 

LastRegBack: 2014-01-19 15:29
 

==================== End Of Log ============================

--- --- ---

--- --- ---

Ich habe jetzt noch das Problem, dass ich teilweise Wörter unterstrichen habe und sich ein Linkfesnster öffnen, wenn ich mit der Maus hingehe.

Das Bing-Fenster scheint weg zu sein.

Revo Uninstaller - Download - Filepony
damit Firefox deinstallieren, keine Daten behalten, Reste entfernen lassen, neu installieren. Dann:
https://support.mozilla.org/de/kb/fi...einfach-loesen

Hm, scheint alles sauber zu sein.
Danke!

Fertig :)

Die Reihenfolge ist hier entscheidend.

Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
- Windowstaste + R > Combofix /Uninstall (eingeben) > OK
- Alternative: Combofix.exe in uninstall.exe umbenennen und starten
- Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
Downloade Dir bitte auf jeden Fall DelFix auf deinen Desktop:
- Schließe alle offenen Programme.
- Starte die delfix.exe mit einem Doppelklick.
- Setze vor jede Funktion ein Häkchen.
- Klicke auf Start.
- Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
- Starte deinen Rechner abschließend neu.
Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun :)

Hier noch ein paar Tipps zur Absicherung deines Systems.

Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.

Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
Windows Updates
- Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
- Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
Gehe sicher das die automatischen Updates aktiviert sind.
Software Updates
Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Anti- Viren Software

Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.

Zusätzlicher Schutz

MalwareBytes Anti Malware
Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
Ein Tutorial zur Verwendung findest Du hier.
WinPatrol
Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.

Sicheres Browsen

SpywareBlaster
Eine kurze Einführung findest du Hier
MVPs hosts file
Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
WOT (Web of trust)
Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.

Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.

Opera
Mozilla Firefox.
- Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
- NoScript
  Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
- AdblockPlus
  Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
  Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )

Don'ts

Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

Danke, Schrauber. Thema kann von mir auis geschlossen werden!