File Store 72 info (Virus?)

ottoeli · 01.06.2014, 10:59

Hallo,
seit einigen Tagen werde ich beim Surfen im Internet auf die o.g. Seite umgeleitet. Googelt man im Internet gibt es nur spärliche Hinweise, dass es sich um einen Virus handelt, der nicht ungefährlich ist.
Hat jemand davon gehört oder weiß wie man es los wird?
Danke
ottoeli

M-K-D-B · 01.06.2014, 11:18

Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.

Bitte beachte folgende Hinweise:

Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support unterbrechen bis jegliche Art von illegaler Software vom Rechner entfernt wurde.
Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo.
Solltest du einmal länger abwesend sein, so gib mir bitte Bescheid!
Während der Bereinigung bitte nichts installieren oder deinstallieren, außer ich bitte dich darum!
Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort zu starten!

Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Danke für deine Mitarbeit!

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

ottoeli · 02.06.2014, 11:33

Hallo Matthias, zuerst danke für deine Hilfe.
Ich werde in den nächsten Tagen nicht antworten oder reagieren können, da ich einige Tage außer haus bin. Hier nun die beiden gewünschten Texte.

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:01-06-2014 01
Ran by Otto (administrator) on OTTO-PC on 02-06-2014 12:12:53
Running from C:\Users\Otto\Downloads
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(mst software GmbH, Germany) C:\Program Files\Ashampoo\Ashampoo WinOptimizer 10\DfSdkS.exe
(Foxit Corporation) C:\Program Files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareService.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Sony Corporation) C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Secunia) C:\Program Files\Secunia\PSI\sua.exe
(Star Finanz-Software Entwicklung und Vertriebs GmbH) C:\Program Files\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(CyberGhost S.R.L) C:\Program Files\CyberGhost 5\Service.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
(Acronis) C:\Program Files\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe
(Acronis) C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Logitech Inc.) C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.24.7\GoogleCrashHandler.exe
(Sony Corporation) C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Lavasoft) C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareTray.exe
(Geek Software GmbH) C:\Program Files\PDF24\pdf24.exe
(Logitech Inc.) C:\Program Files\Logitech\Vid HD\Vid.exe
(Microsoft Corporation) C:\Users\Otto\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(MAGIX AG) C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
(Farbar) C:\Users\Otto\Downloads\FRST(1).exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SAOB Monitor] => C:\Program Files\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe [2571032 2011-09-22] (Acronis)
HKLM\...\Run: [TrueImageMonitor.exe] => C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [5587832 2011-09-22] (Acronis)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [395344 2011-09-22] (Acronis)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [LWS] => C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe [190808 2011-03-02] (Logitech Inc.)
HKLM\...\Run: [PMBVolumeWatcher] => C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe [651832 2011-08-24] (Sony Corporation)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2011-03-24] (Hewlett-Packard)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM\...\Run: [Ad-Aware Browsing Protection] => C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [559696 2013-09-27] (Lavasoft)
HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareTray.exe [3643224 2014-01-23] ()
HKLM\...\Run: [PDFPrint] => C:\Program Files\PDF24\pdf24.exe [189480 2014-02-06] (Geek Software GmbH)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\.DEFAULT\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-3143349830-2153452287-2984029701-1000\...\Run: [Logitech Vid] => C:\Program Files\Logitech\Vid HD\Vid.exe [6129496 2011-01-13] (Logitech Inc.)
HKU\S-1-5-21-3143349830-2153452287-2984029701-1000\...\Run: [SkyDrive] => C:\Users\Otto\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [257224 2014-05-15] (Microsoft Corporation)
HKU\S-1-5-21-3143349830-2153452287-2984029701-1000\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [1804648 2011-09-09] (Hewlett-Packard Co.)
HKU\S-1-5-21-3143349830-2153452287-2984029701-1000\...\Run: [GoogleDriveSync] => "C:\Program Files\Google\Drive\googledrivesync.exe" /autostart

==================== Internet (Whitelisted) ====================

ProxyServer: 54.199.202.228:3128
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ntv.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xDC71B38F30F3CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Otto\AppData\Roaming\Mozilla\Firefox\Profiles\28129ckv.default
FF DefaultSearchEngine: Yahoo
FF SelectedSearchEngine: Yahoo
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Ad-Aware Security Add-on - C:\Users\Otto\AppData\Roaming\Mozilla\Firefox\Profiles\28129ckv.default\Extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c} [2014-02-28]
FF Extension: Bitdefender QuickScan - C:\Users\Otto\AppData\Roaming\Mozilla\Firefox\Profiles\28129ckv.default\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2014-06-01]
FF Extension: Adblock Plus Pop-up Addon - C:\Users\Otto\AppData\Roaming\Mozilla\Firefox\Profiles\28129ckv.default\Extensions\adblockpopups@jessehakanen.net.xpi [2014-02-03]
FF Extension: Adblock Plus - C:\Users\Otto\AppData\Roaming\Mozilla\Firefox\Profiles\28129ckv.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-01-15]
FF Extension: ProfileSwitcher - C:\Users\Otto\AppData\Roaming\Mozilla\Firefox\Profiles\28129ckv.default\Extensions\{fa8476cf-a98c-4e08-99b4-65a69cb4b7d4}.xpi [2013-01-15]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-05-18]

Chrome: 
=======
CHR HomePage: 
CHR StartupUrls: "hxxp://www.google.com"
CHR Extension: (Google Docs) - C:\Users\Otto\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-30]
CHR Extension: (Google Drive) - C:\Users\Otto\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-30]
CHR Extension: (YouTube) - C:\Users\Otto\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-30]
CHR Extension: (Adblock Plus) - C:\Users\Otto\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-03-31]
CHR Extension: (Google-Suche) - C:\Users\Otto\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-30]
CHR Extension: (Modul zur Link-Untersuchung) - C:\Users\Otto\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2014-03-30]
CHR Extension: (Sicherer Zahlungsverkehr) - C:\Users\Otto\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh [2014-03-30]
CHR Extension: (Modul zum Sperren von gefährlichen Webseiten) - C:\Users\Otto\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail [2014-03-30]
CHR Extension: (Virtual Keyboard) - C:\Users\Otto\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh [2014-03-30]
CHR Extension: (Skype Click to Call) - C:\Users\Otto\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-03-30]
CHR Extension: (Google Wallet) - C:\Users\Otto\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-30]
CHR Extension: (Click&Clean App) - C:\Users\Otto\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp [2014-03-31]
CHR Extension: (Google Mail) - C:\Users\Otto\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-30]
CHR Extension: (Anti-Banner) - C:\Users\Otto\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2014-03-30]
CHR HKLM\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx [2013-10-17]
CHR HKLM\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\online_banking_chrome.crx [2013-10-17]
CHR HKLM\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\content_blocker_chrome.crx [2013-10-17]
CHR HKLM\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\virtkbd.crx [2013-10-17]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-04-11]
CHR HKLM\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx [2013-10-17]

========================== Services (Whitelisted) =================

R2 AAV UpdateService; C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
R2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [805032 2011-09-22] (Acronis)
R2 afcdpsrv; C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe [3246040 2011-10-25] (Acronis)
R2 avp; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-17] (Kaspersky Lab ZAO)
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)
R2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [64112 2014-01-16] (CyberGhost S.R.L)
R2 DfSdkS; C:\Program Files\Ashampoo\Ashampoo WinOptimizer 10\DfsdkS.exe [406016 2009-08-24] (mst software GmbH, Germany)
R2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG)
S3 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®)
R2 FoxitCloudUpdateService; C:\Program Files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [239680 2014-02-19] (Foxit Corporation)
R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareService.exe [651232 2014-01-23] ()
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
S3 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)
R2 StarMoney 9.0 OnlineUpdate; C:\Program Files\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe [663184 2014-01-27] (Star Finanz-Software Entwicklung und Vertriebs GmbH)
R2 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [428640 2011-03-04] (Logitech Inc.)

==================== Drivers (Whitelisted) ====================

R1 BdfNdisf; c:\program files\lavasoft\ad-aware antivirus\firewall engine\1.6.0.0\drivers\bdfndisf6.sys [77192 2013-07-17] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdfwfpf.sys [90704 2013-07-17] (BitDefender LLC)
R3 CompFilter; C:\Windows\System32\DRIVERS\lvbusflt.sys [20448 2011-03-04] (Logitech Inc.)
R3 e1express; C:\Windows\System32\DRIVERS\e1e6232.sys [219352 2009-06-05] (Intel Corporation)
R3 gzflt; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\2.6.0.0\gzflt.sys [154464 2013-07-17] (BitDefender LLC)
R0 hotcore3; C:\Windows\System32\DRIVERS\hotcore3.sys [40560 2009-09-25] (Paragon Software Group)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [135776 2014-02-03] (Kaspersky Lab ZAO)
S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [94304 2014-03-22] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [576608 2014-03-22] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [25696 2013-10-17] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [25184 2014-02-17] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [25696 2013-10-17] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [14432 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [45024 2013-05-14] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [144992 2014-02-03] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_x86.sys [16024 2013-12-06] (Secunia)
R1 RrNetCapFilterDriver; C:\Windows\System32\DRIVERS\RrNetCapFilterDriver.sys [22184 2014-01-29] (Audials AG)
R3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [35288 2013-08-22] (The OpenVPN Project)
R3 tbhsd; C:\Windows\System32\drivers\tbhsd.sys [39048 2014-01-29] (RapidSolution Software AG)
R3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [340624 2013-07-17] (BitDefender S.R.L.)
R1 UimBus; C:\Windows\System32\DRIVERS\UimBus.sys [81232 2013-03-15] (Windows (R) 2000 DDK provider)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-02 12:01 - 2014-06-02 12:01 - 01058304 _____ (Farbar) C:\Users\Otto\Downloads\FRST(1).exe
2014-06-01 20:04 - 2014-06-02 12:14 - 00021013 _____ () C:\Users\Otto\Downloads\FRST.txt
2014-06-01 20:04 - 2014-06-02 12:13 - 00000000 ____D () C:\FRST
2014-06-01 20:03 - 2014-06-01 20:03 - 01058304 _____ (Farbar) C:\Users\Otto\Downloads\FRST.exe
2014-06-01 19:53 - 2014-06-01 19:59 - 00000620 _____ () C:\Windows\PFRO.log
2014-06-01 19:48 - 2014-06-01 19:49 - 01327971 _____ () C:\Users\Otto\Downloads\adwcleaner_3.211.exe
2014-06-01 11:45 - 2014-06-01 11:45 - 00000000 ____D () C:\Users\Otto\AppData\Roaming\QuickScan
2014-06-01 11:43 - 2014-06-01 11:43 - 00416576 _____ (Kaspersky Lab) C:\Users\Otto\Downloads\de-de.setup.exe
2014-05-29 20:04 - 2014-05-29 20:04 - 00000000 ____D () C:\Users\Otto\AppData\Local\MFAData
2014-05-29 20:04 - 2014-05-29 20:04 - 00000000 ____D () C:\Users\Otto\AppData\Local\Avg2014
2014-05-29 20:04 - 2014-05-29 20:04 - 00000000 ____D () C:\ProgramData\MFAData
2014-05-29 20:03 - 2014-05-29 20:04 - 04424240 _____ (AVG Technologies) C:\Users\Otto\Downloads\avg_avct_stb_all_2014_4116_cm10.exe
2014-05-29 19:45 - 2014-05-29 19:45 - 01727624 _____ () C:\Users\Otto\Downloads\Adaware_Installer_11.1.5354.exe
2014-05-29 11:10 - 2014-06-02 12:05 - 00000448 _____ () C:\Windows\setupact.log
2014-05-29 11:10 - 2014-05-29 11:10 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-28 15:41 - 2014-05-28 15:41 - 00000000 __SHD () C:\Users\Otto\AppData\Local\EmieUserList
2014-05-28 15:41 - 2014-05-28 15:41 - 00000000 __SHD () C:\Users\Otto\AppData\Local\EmieSiteList
2014-05-26 15:28 - 2014-05-26 15:28 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-05-18 15:29 - 2014-05-18 15:29 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-05-16 10:35 - 2014-05-16 10:35 - 00002187 _____ () C:\Users\Public\Desktop\Steuer-Spar- Erklärung 2013.lnk
2014-05-15 22:11 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-05-14 10:21 - 2014-05-14 10:21 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-05-14 10:18 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-14 10:18 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-14 10:18 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-14 10:16 - 2014-05-09 09:06 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-14 10:16 - 2014-05-09 09:04 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-14 10:16 - 2014-04-12 04:15 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-14 10:16 - 2014-04-12 04:15 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-14 10:16 - 2014-04-12 04:12 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-14 10:16 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-14 10:16 - 2014-04-12 04:12 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-14 10:16 - 2014-04-12 04:11 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-14 10:16 - 2014-04-12 04:11 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-14 10:16 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2014-05-14 10:16 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-14 10:16 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-14 10:16 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-14 10:16 - 2014-03-04 11:17 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-14 10:16 - 2014-03-04 11:17 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-14 10:16 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-14 10:16 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-14 10:16 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-14 10:16 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-14 10:16 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-14 10:16 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-14 10:16 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-14 10:16 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-14 10:16 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-14 10:16 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-14 10:16 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-14 10:15 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll

==================== One Month Modified Files and Folders =======

2014-06-02 12:14 - 2014-06-01 20:04 - 00021013 _____ () C:\Users\Otto\Downloads\FRST.txt
2014-06-02 12:14 - 2013-01-16 10:43 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-02 12:14 - 2011-10-25 10:10 - 00000000 ____D () C:\Users\Otto\AppData\Local\Temp
2014-06-02 12:13 - 2014-06-01 20:04 - 00000000 ____D () C:\FRST
2014-06-02 12:12 - 2009-07-14 06:34 - 00014928 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-02 12:12 - 2009-07-14 06:34 - 00014928 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-02 12:09 - 2011-10-25 10:00 - 01684697 _____ () C:\Windows\WindowsUpdate.log
2014-06-02 12:07 - 2013-01-17 00:25 - 00000000 ___RD () C:\Users\Otto\SkyDrive
2014-06-02 12:06 - 2014-02-28 16:06 - 00000000 ____D () C:\ProgramData\Ad-Aware Browsing Protection
2014-06-02 12:06 - 2013-01-16 10:43 - 00001090 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-02 12:05 - 2014-05-29 11:10 - 00000448 _____ () C:\Windows\setupact.log
2014-06-02 12:05 - 2011-10-25 12:27 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-06-02 12:05 - 2011-10-25 11:58 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-06-02 12:05 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-02 12:01 - 2014-06-02 12:01 - 01058304 _____ (Farbar) C:\Users\Otto\Downloads\FRST(1).exe
2014-06-01 20:03 - 2014-06-01 20:03 - 01058304 _____ (Farbar) C:\Users\Otto\Downloads\FRST.exe
2014-06-01 19:59 - 2014-06-01 19:53 - 00000620 _____ () C:\Windows\PFRO.log
2014-06-01 19:58 - 2014-02-15 14:29 - 00000000 ____D () C:\AdwCleaner
2014-06-01 19:56 - 2011-10-25 10:10 - 00000000 ____D () C:\Users\Otto
2014-06-01 19:49 - 2014-06-01 19:48 - 01327971 _____ () C:\Users\Otto\Downloads\adwcleaner_3.211.exe
2014-06-01 19:36 - 2014-02-03 15:29 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-01 11:45 - 2014-06-01 11:45 - 00000000 ____D () C:\Users\Otto\AppData\Roaming\QuickScan
2014-06-01 11:43 - 2014-06-01 11:43 - 00416576 _____ (Kaspersky Lab) C:\Users\Otto\Downloads\de-de.setup.exe
2014-06-01 11:20 - 2011-10-25 10:11 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-29 20:04 - 2014-05-29 20:04 - 00000000 ____D () C:\Users\Otto\AppData\Local\MFAData
2014-05-29 20:04 - 2014-05-29 20:04 - 00000000 ____D () C:\Users\Otto\AppData\Local\Avg2014
2014-05-29 20:04 - 2014-05-29 20:04 - 00000000 ____D () C:\ProgramData\MFAData
2014-05-29 20:04 - 2014-05-29 20:03 - 04424240 _____ (AVG Technologies) C:\Users\Otto\Downloads\avg_avct_stb_all_2014_4116_cm10.exe
2014-05-29 19:45 - 2014-05-29 19:45 - 01727624 _____ () C:\Users\Otto\Downloads\Adaware_Installer_11.1.5354.exe
2014-05-29 19:01 - 2014-02-28 15:57 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-05-29 15:01 - 2014-04-04 15:03 - 00000308 _____ () C:\Windows\Tasks\SuperEasy Registry Cleaner_DEFAULT.job
2014-05-29 11:10 - 2014-05-29 11:10 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-28 19:27 - 2013-01-17 17:45 - 00000000 ____D () C:\Users\Otto\AppData\Roaming\Skype
2014-05-28 18:50 - 2014-02-03 19:13 - 00000000 ____D () C:\Program Files\StarMoney 9.0
2014-05-28 15:41 - 2014-05-28 15:41 - 00000000 __SHD () C:\Users\Otto\AppData\Local\EmieUserList
2014-05-28 15:41 - 2014-05-28 15:41 - 00000000 __SHD () C:\Users\Otto\AppData\Local\EmieSiteList
2014-05-28 15:03 - 2014-04-04 15:03 - 00000316 _____ () C:\Windows\Tasks\SuperEasy Registry Cleaner_UPDATES.job
2014-05-28 11:13 - 2011-10-25 12:14 - 00000000 ____D () C:\Users\Otto\Documents\Steuerfälle
2014-05-26 15:28 - 2014-05-26 15:28 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-05-26 15:28 - 2014-02-03 15:32 - 00000000 ___RD () C:\Program Files\Skype
2014-05-26 15:28 - 2013-01-17 17:44 - 00000000 ____D () C:\ProgramData\Skype
2014-05-23 14:54 - 2014-03-30 21:34 - 00002121 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-05-20 16:45 - 2013-01-16 14:39 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-05-18 15:29 - 2014-05-18 15:29 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-05-16 11:45 - 2014-02-13 12:42 - 00002175 _____ () C:\Users\Public\Desktop\SteuerSparErklärung 2014.lnk
2014-05-16 10:35 - 2014-05-16 10:35 - 00002187 _____ () C:\Users\Public\Desktop\Steuer-Spar- Erklärung 2013.lnk
2014-05-15 12:15 - 2014-02-20 12:33 - 00002194 _____ () C:\Users\Otto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2014-05-14 20:03 - 2011-10-25 12:15 - 00000000 ____D () C:\Users\Otto\Downloads\Desktop hintergrund
2014-05-14 15:56 - 2013-01-15 23:44 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-05-14 14:04 - 2013-01-16 10:38 - 00000000 ____D () C:\Users\Otto\.gimp-2.8
2014-05-14 11:36 - 2014-02-03 15:29 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-05-14 11:36 - 2014-02-03 15:29 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-05-14 11:21 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-05-14 10:43 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-05-14 10:26 - 2014-04-26 16:32 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-14 10:26 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-05-14 10:24 - 2014-02-03 12:14 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-14 10:22 - 2011-10-25 10:34 - 90547776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-14 10:21 - 2014-05-14 10:21 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-05-14 10:21 - 2011-10-25 17:21 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-09 09:06 - 2014-05-14 10:16 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-09 09:04 - 2014-05-14 10:16 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-06 05:25 - 2014-05-14 10:18 - 17382912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 05:07 - 2014-05-14 10:18 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-06 04:10 - 2014-05-14 10:18 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

Some content of TEMP:
====================
C:\Users\Otto\AppData\Local\Temp\ose00000.exe
C:\Users\Otto\AppData\Local\Temp\ose00001.exe
C:\Users\Otto\AppData\Local\Temp\Quarantine.exe
C:\Users\Otto\AppData\Local\Temp\_isD338.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-23 13:06

==================== End Of Log ============================

--- --- ---

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x86) Version:01-06-2014 01
Ran by Otto at 2014-06-02 12:25:26
Running from C:\Users\Otto\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Ad-Aware Antivirus (Enabled - Out of date) {D87B6541-12A1-DAEA-0033-9B8057AAB996}
AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Ad-Aware Antivirus (Enabled - Out of date) {631A84A5-349B-D564-3A83-A0F22C2DF32B}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
FW: Ad-Aware Firewall (Disabled) {E040E464-58CE-DBB2-2B6C-32B5A979FEED}

==================== Installed Programs ======================

 Update for Microsoft Office 2007 (KB2508958) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )
AAVUpdateManager (HKLM\...\{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}) (Version: 18.00.0000 - Wolters Kluwer Deutschland GmbH)
Acronis*True*Image*Home 2011 (HKLM\...\{04A3A6B0-8E19-49BB-82FF-65C5A55F917D}) (Version: 14.0.6942 - Acronis)
Ad-Aware Antivirus (HKLM\...\{17E73768-9F21-4334-ABE6-CD131031564C}_AdAwareUpdater) (Version: 11.1.5354.0 - Lavasoft)
AdAwareInstaller (Version: 11.1.5354.0 - Lavasoft) Hidden
AdAwareUpdater (Version: 11.1.5354.0 - Lavasoft) Hidden
Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Amazon MP3-Downloader 1.0.9 (HKLM\...\Amazon MP3-Downloader) (Version:  - )
AntimalwareEngine (Version: 2.6.0.0 - Lavasoft) Hidden
AntispamEngine (Version: 2.3.29.0 - Lavasoft) Hidden
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ashampoo Burning Studio 2013 v.11.0.6 (HKLM\...\{91B33C97-0FBA-74AE-E802-D782F5C8AA89}_is1) (Version: 11.0.6 - Ashampoo GmbH & Co. KG)
Ashampoo WinOptimizer 10 v.10.2.0 (HKLM\...\{4209F371-88D4-AB00-ED2B-D6520C84D9D5}_is1) (Version: 10.02.00 - Ashampoo GmbH & Co. KG)
Ashampoo WinOptimizer 9 v.9.04.31 (HKLM\...\Ashampoo WinOptimizer 9_is1) (Version: 9.04.31 - Ashampoo GmbH & Co. KG)
Audials (HKLM\...\{3C07AF26-8705-4DF5-96C7-51432E0C9F03}) (Version: 11.0.51201.100 - Audials AG)
Audials TV (HKLM\...\{24EE4523-711A-4BD1-95EA-F73A8A6950D3}) (Version: 1.3.10803.300 - RapidSolution Software AG)
AVM FRITZ!Box Dokumentation (HKLM\...\AVMFBox) (Version:  - AVM Berlin)
AVM FRITZ!Box Druckeranschluss (HKLM\...\AVMFBoxPrinter) (Version:  - AVM Berlin)
bpd_scan (Version: 3.00.0000 - Hewlett-Packard) Hidden
CameraHelperMsi (Version: 13.20.1182.0 - Logitech) Hidden
CyberGhost 5 (HKLM\...\CyberGhost 5_is1) (Version:  - CyberGhost S.R.L.)
erLT (Version: 1.20.138.34 - Logitech, Inc.) Hidden
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
Finanzen.net Börsenticker 1.4 (HKLM\...\Finanzen.net Börsenticker 1.4) (Version:  - )
Firebird SQL Server - MAGIX Edition (HKLM\...\{39AB2E37-1A55-4292-A5D3-971E9F70D0F8}) (Version: 2.1.32.0 - MAGIX AG)
FirewallEngine (Version: 1.6.0.0 - Lavasoft) Hidden
Fotos auf DVD 2013 Deluxe Update (Version: 12.0.3.80 - MAGIX AG) Hidden
Foxit Cloud (HKLM\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 1.2.75.126 - Foxit Corporation)
Foxit Reader (HKLM\...\Foxit Reader_is1) (Version: 6.1.4.217 - Foxit Corporation)
GIMP 2.8.2 (HKLM\...\GIMP-2_is1) (Version: 2.8.2 - The GIMP Team)
Google Chrome (HKLM\...\Google Chrome) (Version: 35.0.1916.114 - Google Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.24.7 - Google Inc.) Hidden
HP FWUpdateEDO2 (HKLM\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Officejet Pro 8600 - Grundlegende Software für das Gerät (HKLM\...\{98D64F70-1BE2-4E06-A58E-50FF642B3F24}) (Version: 25.0.619.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Hilfe (HKLM\...\{B6F5C6D8-C443-4B55-932F-AE11B5743FC4}) (Version: 140.0.2.2 - Hewlett Packard)
HP Update (HKLM\...\{85DF2EED-08BC-46FB-90DA-28B0D0A8E8A8}) (Version: 5.003.000.004 - Hewlett-Packard)
I.R.I.S. OCR (HKLM\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
iClone v4.12 SE (HKLM\...\{7430B12A-3B67-4191-B0C5-59E57344CB1F}) (Version: 4.12.1313.1 - Reallusion Inc.)
InfoBibliothek 2 (HKLM\...\{78D7D7CD-A06B-4514-ACBD-8055BF945A8E}) (Version: 1.08.03.00 - Akademische Arbeitsgemeinschaft Verlag Wolters Kluwer GmbH)
Java 7 Update 55 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Kaspersky Internet Security (HKLM\...\InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}) (Version: 14.0.0.4651 - Kaspersky Lab)
Kaspersky Internet Security (Version: 14.0.0.4651 - Kaspersky Lab) Hidden
Logitech Vid HD (HKLM\...\Logitech Vid) (Version: 7.2 (7248) - Logitech Inc..)
Logitech Webcam Software (HKLM\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.0 - Logitech Inc.)
LWS Facebook (Version: 13.20.1166.0 - Logitech) Hidden
LWS Gallery (Version: 13.20.1166.0 - Logitech) Hidden
LWS Help_main (Version: 13.20.1182.0 - Logitech) Hidden
LWS Launcher (Version: 13.20.1166.0 - Logitech) Hidden
LWS Motion Detection (Version: 13.20.1176.0 - Logitech) Hidden
LWS Pictures And Video (Version: 13.20.1182.0 - Logitech) Hidden
LWS Twitter (Version: 13.20.1166.0 - Logitech) Hidden
LWS Video Mask Maker (Version: 13.10.1216.0 - Logitech) Hidden
LWS VideoEffects (Version: 13.20.1182.0 - Logitech) Hidden
LWS Webcam Software (Version: 13.20.1168.0 - Logitech) Hidden
LWS WLM Plugin (Version: 1.20.1166.0 - Logitech) Hidden
LWS YouTube Plugin (Version: 13.20.1166.0 - Logitech) Hidden
MAGIX 3D Maker (embeded) (HKLM\...\MAGIX 3D Maker D) (Version: 6.0.0.8 - MAGIX AG)
MAGIX Content und Soundpools (HKLM\...\MAGIX_GlobalContent) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Foto Manager 10 (HKLM\...\MAGIX_MSI_Foto_Manager_10) (Version: 8.0.2.184 - MAGIX AG)
MAGIX Foto Manager 10 (Version: 8.0.2.184 - MAGIX AG) Hidden
MAGIX Foto Manager MX Deluxe (HKLM\...\MAGIX_{4CAD11B3-9066-4106-B7A0-CCFB466DED13}) (Version: 9.0.0.223 - MAGIX AG)
MAGIX Foto Manager MX Deluxe (Version: 9.0.0.223 - MAGIX AG) Hidden
MAGIX Foto Manager MX Deluxe Update (Version: 9.0.2.256 - MAGIX AG) Hidden
MAGIX Fotos auf DVD 2013 Deluxe (Bild-in-Bild Demo-Projekt) (HKLM\...\MAGIX_{1442E56B-CCAD-4F3E-86A5-748CCAAAB143}) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Fotos auf DVD 2013 Deluxe (Bild-in-Bild Demo-Projekt) (Version: 1.0.0.0 - MAGIX AG) Hidden
MAGIX Fotos auf DVD 2013 Deluxe (Designelemente 1) (HKLM\...\MAGIX_{C989667E-9CB4-49EA-BCA8-FECB9B25C8C5}) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Fotos auf DVD 2013 Deluxe (Designelemente 1) (Version: 1.0.0.0 - MAGIX AG) Hidden
MAGIX Fotos auf DVD 2013 Deluxe (Designelemente 2) (HKLM\...\MAGIX_{24109D13-A0E6-460C-99E2-12CA7C09EAA7}) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Fotos auf DVD 2013 Deluxe (Designelemente 2) (Version: 1.0.0.0 - MAGIX AG) Hidden
MAGIX Fotos auf DVD 2013 Deluxe (Einführungsvideo) (HKLM\...\MAGIX_{36E1BC4D-3596-4989-95AB-176A0389B1A3}) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Fotos auf DVD 2013 Deluxe (Einführungsvideo) (Version: 1.0.0.0 - MAGIX AG) Hidden
MAGIX Fotos auf DVD 2013 Deluxe (Filmtrailer) (HKLM\...\MAGIX_{09431E25-F7CE-488F-9910-9279F00A742A}) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Fotos auf DVD 2013 Deluxe (Filmtrailer) (Version: 1.0.0.0 - MAGIX AG) Hidden
MAGIX Fotos auf DVD 2013 Deluxe (Fotoshow Maker-Stile 1) (HKLM\...\MAGIX_{35F6D705-750C-4635-AF60-035FAEDA2FC0}) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Fotos auf DVD 2013 Deluxe (Fotoshow Maker-Stile 1) (Version: 1.0.0.0 - MAGIX AG) Hidden
MAGIX Fotos auf DVD 2013 Deluxe (Fotoshow Maker-Stile 2) (HKLM\...\MAGIX_{3DC4C012-CC0A-4663-9F64-1D956F97ADE2}) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Fotos auf DVD 2013 Deluxe (Fotoshow Maker-Stile 2) (Version: 1.0.0.0 - MAGIX AG) Hidden
MAGIX Fotos auf DVD 2013 Deluxe (HKLM\...\MAGIX_{57F4B170-E76D-47F9-B6BA-F3D4FB7445B6}) (Version: 12.0.2.78 - MAGIX AG)
MAGIX Fotos auf DVD 2013 Deluxe (Individuelle Menüvorlagen) (HKLM\...\MAGIX_{EB13DF91-4D92-43A7-93BC-4D080D2E8227}) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Fotos auf DVD 2013 Deluxe (Individuelle Menüvorlagen) (Version: 1.0.0.0 - MAGIX AG) Hidden
MAGIX Fotos auf DVD 2013 Deluxe (Menüvorlagen 1) (HKLM\...\MAGIX_{3D8C348D-FE2E-46FA-8899-23B043D673D2}) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Fotos auf DVD 2013 Deluxe (Menüvorlagen 1) (Version: 1.0.0.0 - MAGIX AG) Hidden
MAGIX Fotos auf DVD 2013 Deluxe (Menüvorlagen 2) (HKLM\...\MAGIX_{56EC4F76-BF2D-476E-947F-DF627EA71630}) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Fotos auf DVD 2013 Deluxe (Menüvorlagen 2) (Version: 1.0.0.0 - MAGIX AG) Hidden
MAGIX Fotos auf DVD 2013 Deluxe (Nachvertonungsarchiv) (HKLM\...\MAGIX_{AEF35DCE-5F53-43CF-AA71-6BE270C3AF10}) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Fotos auf DVD 2013 Deluxe (Nachvertonungsarchiv) (Version: 1.0.0.0 - MAGIX AG) Hidden
MAGIX Fotos auf DVD 2013 Deluxe (Soundtrack Maker-Stile) (HKLM\...\MAGIX_{897E988E-A520-412B-99B9-3D04904FA6D3}) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Fotos auf DVD 2013 Deluxe (Soundtrack Maker-Stile) (Version: 1.0.0.0 - MAGIX AG) Hidden
MAGIX Fotos auf DVD 2013 Deluxe (Titeleffekte) (HKLM\...\MAGIX_{FBA359C1-5530-45AB-ACA3-56C7693612DA}) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Fotos auf DVD 2013 Deluxe (Titeleffekte) (Version: 1.0.0.0 - MAGIX AG) Hidden
MAGIX Fotos auf DVD 2013 Deluxe (Überblendeffekte) (HKLM\...\MAGIX_{953D4F60-9038-44EB-A867-6DFCDFFB6AA8}) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Fotos auf DVD 2013 Deluxe (Überblendeffekte) (Version: 1.0.0.0 - MAGIX AG) Hidden
MAGIX Fotos auf DVD 2013 Deluxe (Version: 12.0.2.78 - MAGIX AG) Hidden
MAGIX Goya burnR (MSI) (HKLM\...\MAGIX_{455E207E-5625-4D07-A420-CAF153BEC7E9}) (Version: 4.3.2.0 - MAGIX AG)
MAGIX Goya burnR (MSI) (Version: 4.3.2.0 - MAGIX AG) Hidden
MAGIX Music Maker Soundtrack Edition (HKLM\...\MAGIX_{13608872-D05A-43C8-A9A3-F565B504DD61}) (Version: 19.0.3.46 - MAGIX AG)
MAGIX Music Maker Soundtrack Edition (Version: 19.0.3.46 - MAGIX AG) Hidden
MAGIX Music Maker Soundtrack Edition Trial Soundpools (Version: 1.0.0.0 - MAGIX AG) Hidden
MAGIX Screenshare (HKLM\...\MAGIX_{AA5D931C-C171-4D07-82B6-C052105F74DC}) (Version: 4.3.6.1987 - MAGIX AG)
MAGIX Screenshare (Version: 4.3.6.1987 - MAGIX AG) Hidden
MAGIX Slideshow Maker 2 (HKLM\...\MAGIX_{48897B17-3DD2-4BAA-A81D-4E4EA8E9FD51}) (Version: 2.0.1.9 - MAGIX AG)
MAGIX Slideshow Maker 2 (Version: 2.0.1.9 - MAGIX AG) Hidden
MAGIX Speed burnR (HKLM\...\MAGIX Speed burnR D) (Version: 6.0.1.4 - MAGIX AG)
MAGIX Speed burnR (MSI) (HKLM\...\MAGIX_{AAE67184-CE3D-4B92-BD5D-1B448301BCCE}) (Version: 7.0.2.6 - MAGIX AG)
MAGIX Speed burnR (MSI) (Version: 7.0.2.6 - MAGIX AG) Hidden
MAGIX Video deluxe 2013 Plus (Demo) (HKLM\...\MAGIX_{2F2D3D5D-AEBC-4FDA-8348-089A3465B323}) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Video deluxe 2013 Plus (Demo) (Version: 1.0.0.0 - MAGIX AG) Hidden
MAGIX Video deluxe 2013 Plus (Designelemente) (HKLM\...\MAGIX_{432C4A13-0414-4B0C-AB3F-F89B99F453AB}) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Video deluxe 2013 Plus (Designelemente) (Version: 1.0.0.0 - MAGIX AG) Hidden
MAGIX Video deluxe 2013 Plus (Filmvorlagen) (HKLM\...\MAGIX_{E586CDBD-B2F6-4AF9-89EA-C206F3A4BD91}) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Video deluxe 2013 Plus (Filmvorlagen) (Version: 1.0.0.0 - MAGIX AG) Hidden
MAGIX Video deluxe 2013 Plus (Fotoshow Maker-Stile 1) (HKLM\...\MAGIX_{A2CC226F-19E6-4ECB-B089-5E944E044AF1}) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Video deluxe 2013 Plus (Fotoshow Maker-Stile 1) (Version: 1.0.0.0 - MAGIX AG) Hidden
MAGIX Video deluxe 2013 Plus (Fotoshow Maker-Stile 2) (HKLM\...\MAGIX_{645130F2-E3A2-4426-9BFD-D5E1691D8FA3}) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Video deluxe 2013 Plus (Fotoshow Maker-Stile 2) (Version: 1.0.0.0 - MAGIX AG) Hidden
MAGIX Video deluxe 2013 Plus (HKLM\...\MAGIX_{258D56DE-24F2-479E-BED2-8103CB0B9D58}) (Version: 12.0.0.32 - MAGIX AG)
MAGIX Video deluxe 2013 Plus (Individuelle Menüvorlagen) (HKLM\...\MAGIX_{A497603A-4E61-4174-A010-727C479745B3}) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Video deluxe 2013 Plus (Individuelle Menüvorlagen) (Version: 1.0.0.0 - MAGIX AG) Hidden
MAGIX Video deluxe 2013 Plus (Menüvorlagen 1) (HKLM\...\MAGIX_{B402AD7F-4F13-432E-B42C-39FA8B2EA215}) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Video deluxe 2013 Plus (Menüvorlagen 1) (Version: 1.0.0.0 - MAGIX AG) Hidden
MAGIX Video deluxe 2013 Plus (Menüvorlagen 2) (HKLM\...\MAGIX_{E6B6A382-204E-4115-B276-B866939D1591}) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Video deluxe 2013 Plus (Menüvorlagen 2) (Version: 1.0.0.0 - MAGIX AG) Hidden
MAGIX Video deluxe 2013 Plus (Soundtrack Maker-Stile) (HKLM\...\MAGIX_{A92969A9-5595-4919-9D7B-34CE35C7E8EF}) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Video deluxe 2013 Plus (Soundtrack Maker-Stile) (Version: 1.0.0.0 - MAGIX AG) Hidden
MAGIX Video deluxe 2013 Plus (Titeleffekte) (HKLM\...\MAGIX_{539C8989-6AED-480F-AAFF-F66BC420E723}) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Video deluxe 2013 Plus (Titeleffekte) (Version: 1.0.0.0 - MAGIX AG) Hidden
MAGIX Video deluxe 2013 Plus (Tutorials) (HKLM\...\MAGIX_{64E838E5-2817-40B1-852F-E4730EDB039A}) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Video deluxe 2013 Plus (Tutorials) (Version: 1.0.0.0 - MAGIX AG) Hidden
MAGIX Video deluxe 2013 Plus (Überblendeffekte) (HKLM\...\MAGIX_{2EFD2A73-A219-44AF-8017-BFBCA4DB455C}) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Video deluxe 2013 Plus (Überblendeffekte) (Version: 1.0.0.0 - MAGIX AG) Hidden
MAGIX Video deluxe 2013 Plus (Version: 12.0.0.32 - MAGIX AG) Hidden
MAGIX Video deluxe MX Plus (HKLM\...\MAGIX_MSI_Videodeluxe18_plus) (Version: 11.0.0.38 - MAGIX AG)
MAGIX Video deluxe MX Plus (Version: 11.0.0.38 - MAGIX AG) Hidden
MAGIX Video deluxe Plus 2013 Update (Version: 12.0.2.2 - MAGIX AG) Hidden
MAGIX Xtreme Foto Designer 6 (HKLM\...\MAGIX Xtreme Foto Designer 6 D) (Version: 6.0.29.0 - MAGIX AG)
Malwarebytes Anti-Malware Version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Flight Simulator X (Version: 10.0.61355.0 - Microsoft Game Studios) Hidden
Microsoft Flight Simulator X Service Pack 1 (Version: 10.0.61355.0 - Microsoft Game Studios) Hidden
Microsoft Flight Simulator X Service Pack 2 (HKLM\...\{E7CC4B85-DC2F-463F-8FEB-E7398E25C19A}) (Version: 10.0.61472.0 - Microsoft Game Studios)
Microsoft Flight Simulator X SP2 SDK (HKLM\...\{22183FFB-C8A7-4740-847A-DD2FAE27B4F3}) (Version: 10.0.61472.0 - Microsoft Game Studios)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.0.4041.0512 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft_VC100_CRT_SP1_x86 (Version: 10.0.40219.1 - Nokia) Hidden
MozBackup 1.4.10 (HKLM\...\MozBackup) (Version:  - Pavel Cvrcek)
Mozilla Firefox 29.0.1 (x86 de) (HKLM\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 24.5.0 (x86 de) (HKLM\...\Mozilla Thunderbird 24.5.0 (x86 de)) (Version: 24.5.0 - Mozilla)
MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 Parser und SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
MyPhoneExplorer (HKLM\...\MPE) (Version: 1.8.5 - F.J. Wechselberger)
NAVIGON Fresh 3.5.1 (HKLM\...\NAVIGON Fresh) (Version: 3.5.1 - NAVIGON)
NebenkostenAbrechnung (HKLM\...\{90CEF09F-CAB1-4D1C-B3A1-A698C152824E}) (Version: 2.03 - Wolters Kluwer Deutschland GmbH)
NVIDIA 3D Vision Treiber 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 311.06 - NVIDIA Corporation)
NVIDIA Grafiktreiber 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.06 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.108.688 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.1106 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 311.06 (Version: 311.06 - NVIDIA Corporation) Hidden
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.11.3 - NVIDIA Corporation) Hidden
ODF Add-In für Microsoft Office (HKLM\...\{2BC21CD2-8053-406A-80F6-9AB61717B49D}) (Version: 4.0.5309.0 - OpenXML/ODF Translator Team)
OnlineThreatsEngine (Version: 2.2.2.0 - Lavasoft) Hidden
OpenOffice 4.0.1 (HKLM\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
Paragon Backup & Recovery™ 2013 Free (HKLM\...\{C268B5E1-A5DA-11DF-A289-005056C00008}) (Version: 90.00.0003 - Paragon Software)
Paragon Partition Manager™ 2014 Free (HKLM\...\{47E5588F-C3A0-11DE-9857-005056C00008}) (Version: 90.00.0003 - Paragon Software)
Paragon System Upgrade Utilities™ 2010 (HKLM\...\{E47E6040-9649-11DE-8BF6-005056C00008}) (Version: 90.00.0003 - Paragon Software)
Password Depot 7 (HKLM\...\{500F4898-C705-4B91-9C98-3D125330A022}_is1) (Version: 7.5.5 - AceBIT GmbH)
PC Connectivity Solution (HKLM\...\{6B722793-E77B-41F5-BAB3-6C9832274E75}) (Version: 12.0.76.0 - Nokia)
PDF24 Creator 6.3.2 (HKLM\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
PixiePack Codec Pack (HKLM\...\{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}) (Version: 1.1.1200.0 - None)
PlayReady PC Runtime x86 (HKLM\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
PMB (HKLM\...\{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}) (Version: 5.8.02.10270 - Sony Corporation)
proDAD Adorage 3.0 (HKLM\...\proDAD-Adorage-3.0) (Version: 3.0.92 - proDAD GmbH)
proDAD Heroglyph 2.5 (HKLM\...\proDAD-Heroglyph-2.5) (Version: 2.6.32 - proDAD GmbH)
QuickConvert Media deLuxe (HKLM\...\{5B5A4F65-E053-4F25-0001-2DAEF860F2F8}) (Version: 1.09.0520 - Franzis)
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5910 - Realtek Semiconductor Corp.)
Samsung Kies3 (HKLM\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.14034.17 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (Version: 3.2.14034.17 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.29.0 - SAMSUNG Electronics Co., Ltd.)
Secunia PSI (3.0.0.9016) (HKLM\...\Secunia PSI) (Version: 3.0.0.9016 - Secunia)
Skype Click to Call (HKLM\...\{BB285C9F-C821-4770-8970-56C4AB52C87E}) (Version: 7.2.15747.10003 - Microsoft Corporation)
Skype™ 6.16 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
SmartSound Quicktracks Plugin (HKLM\...\InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}) (Version: 3.0.8.0 - SmartSound Software Inc)
SmartSound Quicktracks Plugin (Version: 3.0.8.0 - SmartSound Software Inc) Hidden
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.2.25 - Safer-Networking Ltd.)
StarMoney (Version: 2.0 - StarFinanz) Hidden
StarMoney (Version: 3.0.5.8 - StarFinanz) Hidden
StarMoney (Version: 4.0.3.24 - StarFinanz) Hidden
StarMoney 9.0  (HKLM\...\{6BD66B03-04BE-493A-BE37-E70D9F406F18}) (Version: 9.0 - Star Finanz GmbH)
Steuer-Spar-Erklärung 2012 (HKLM\...\{CCD2BAD2-0919-40CB-80CC-E9538B0E4C2E}) (Version: 17.02 - Wolters Kluwer Deutschland GmbH)
Steuer-Spar-Erklärung 2013 (HKLM\...\{AEB61F7A-4BBA-4292-A096-7893E09034A4}) (Version: 18.10 - Wolters Kluwer Deutschland GmbH)
SteuerSparErklärung 2014 (HKLM\...\{A463EB06-22A6-47F5-9593-E52B291EF13E}) (Version: 19.09.86 - Akademische Arbeitsgemeinschaft)
Steuer-Spar-Erklärung Vermieter 2011 (HKLM\...\{94E0FA7F-B3CD-4B61-B311-B067C610C10F}) (Version: 16.14 - Akademische Arbeitsgemeinschaft Verlag)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
Text-To-Speech-Runtime (HKLM\...\{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}) (Version: 1.0.0.0 - Magix Development GmbH)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
Vasco da Gama 5 HDPro (HKLM\...\{067D2172-F8F3-477D-B4EE-0B0AA967D544}) (Version: 5.20.0000 - MotionStudios)
WebFilteringEngine (Version: 2.2.1.0 - Lavasoft) Hidden
Windows Live ID Sign-in Assistant (HKLM\...\{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows-Treiberpaket - Nokia pccsmcfd “LegacyDriver”  (05/31/2012 7.1.2.0) (HKLM\...\17D063A0A9F5D5A225B76B1D9BCB5ADBE85C8382) (Version: 05/31/2012 7.1.2.0 - Nokia)

==================== Restore Points  =========================

31-05-2014 16:08:42 Windows Update

==================== Hosts content: ==========================

2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0C2E4AC1-4D6D-47EB-A4B2-083A0217B3BD} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {224372D6-2290-47B9-8E20-99E98650B35E} - System32\Tasks\{24C717FB-7A4D-49B4-86F0-A35A0E81D23A} => Chrome.exe hxxp://ui.skype.com/ui/0/6.14.0.104/de/abandoninstall?page=tsProgressBar
Task: {233E0642-0498-4411-9B82-3825ECB481F1} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {24685A8F-8768-41A3-88E7-E78F8FE7ECEE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-01-16] (Google Inc.)
Task: {24F3F880-D860-4866-91A6-3C2F2169754C} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {43564366-9E12-4761-B678-88B938D91BC6} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {60392038-CBBD-4C84-8351-528166C5086B} - System32\Tasks\SuperEasy Registry Cleaner_DEFAULT => C:\Program Files\SuperEasy Software\Registry Cleaner\SuperEasyRC.exe
Task: {74A85FFF-8E95-492D-AF58-56DC04341E33} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-14] (Adobe Systems Incorporated)
Task: {8116361E-B919-40AB-BC04-115790FBE9C6} - System32\Tasks\{AD880A1A-C370-4138-84AB-F09E13D1580A} => Chrome.exe hxxp://ui.skype.com/ui/0/6.14.0.104/de/abandoninstall?page=tsProgressBar
Task: {B8C2C8FB-EC4C-4C49-8B58-C8866BB9A217} - System32\Tasks\SuperEasy Registry Cleaner_UPDATES => C:\Program Files\SuperEasy Software\Registry Cleaner\SuperEasyRC.exe
Task: {C5E27009-9918-4782-BB3B-A5E3F28C6F28} - System32\Tasks\SuperEasy Registry Cleaner => C:\Program Files\SuperEasy Software\Registry Cleaner\SuperEasyRC.exe
Task: {E929D231-524C-4B4B-8A10-506D87B21572} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-01-16] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\SidebarExecute.job => C:\Program Files\Windows Sidebar\sidebar.exe
Task: C:\Windows\Tasks\SuperEasy Registry Cleaner_DEFAULT.job => C:\Program Files\SuperEasy Software\Registry Cleaner\SuperEasyRC.exe
Task: C:\Windows\Tasks\SuperEasy Registry Cleaner_UPDATES.job => C:\Program Files\SuperEasy Software\Registry Cleaner\SuperEasyRC.exe

==================== Loaded Modules (whitelisted) =============

2013-01-15 15:58 - 2013-01-18 16:20 - 00079648 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2008-10-24 17:35 - 2008-10-24 17:35 - 00128296 _____ () C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
2013-06-17 13:35 - 2013-06-17 13:35 - 00478400 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\dblite.dll
2013-05-08 15:52 - 2013-05-08 15:52 - 01270464 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\kpcengine.2.3.dll
2014-01-23 17:26 - 2014-01-23 17:26 - 00651232 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareService.exe
2014-01-23 17:33 - 2014-01-23 17:33 - 00087928 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\boost_thread-vc100-mt-1_55.dll
2014-01-23 17:33 - 2014-01-23 17:33 - 00022392 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\boost_system-vc100-mt-1_55.dll
2014-01-23 17:32 - 2014-01-23 17:32 - 00030072 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\boost_chrono-vc100-mt-1_55.dll
2014-01-23 17:32 - 2014-01-23 17:32 - 00048512 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\boost_date_time-vc100-mt-1_55.dll
2014-01-23 17:32 - 2014-01-23 17:32 - 00107904 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\boost_filesystem-vc100-mt-1_55.dll
2014-01-23 17:32 - 2014-01-23 17:32 - 03053416 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareServiceKernel.dll
2014-01-23 17:32 - 2014-01-23 17:32 - 00541008 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\SQLite.dll
2014-01-23 17:33 - 2014-01-23 17:33 - 00131920 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\pugixml.dll
2014-01-23 17:32 - 2014-01-23 17:32 - 01928008 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\RCF.dll
2014-01-23 17:33 - 2014-01-23 17:33 - 00638328 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\boost_regex-vc100-mt-1_55.dll
2014-01-23 17:32 - 2014-01-23 17:32 - 00477544 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareActivation.dll
2014-01-23 17:32 - 2014-01-23 17:32 - 00244088 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareApplicationUpdater.dll
2014-01-23 17:32 - 2014-01-23 17:32 - 00119656 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareGamingMode.dll
2014-01-23 17:32 - 2014-01-23 17:32 - 00087384 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareReset.dll
2014-01-23 17:32 - 2014-01-23 17:32 - 00105304 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareTime.dll
2014-01-23 17:32 - 2014-01-23 17:32 - 00228728 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareDefinitionsUpdater.dll
2014-01-23 17:32 - 2014-01-23 17:32 - 00170376 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareDefinitionsUpdaterScheduler.dll
2014-01-23 17:32 - 2014-01-23 17:32 - 00342376 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareIgnoreList.dll
2014-01-23 17:32 - 2014-01-23 17:32 - 00210280 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareQuarantine.dll
2014-01-23 17:32 - 2014-01-23 17:32 - 00244592 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareAntiMalwareEngine.dll
2014-01-23 17:32 - 2014-01-23 17:32 - 00174960 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareAntiRootkitEngine.dll
2014-01-23 17:32 - 2014-01-23 17:32 - 00367472 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareScannerHistory.dll
2014-01-23 17:32 - 2014-01-23 17:32 - 00502112 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareScanner.dll
2014-01-23 17:33 - 2014-01-23 17:33 - 00030584 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\boost_timer-vc100-mt-1_55.dll
2014-01-23 17:32 - 2014-01-23 17:32 - 00268656 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareScannerScheduler.dll
2014-01-23 17:32 - 2014-01-23 17:32 - 00274808 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareRealTimeProtection.dll
2014-01-23 17:32 - 2014-01-23 17:32 - 00190824 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareIncompatibles.dll
2014-01-23 17:32 - 2014-01-23 17:32 - 00181600 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareAntiSpam.dll
2014-01-23 17:32 - 2014-01-23 17:32 - 00105320 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareAntiPhishing.dll
2014-01-23 17:32 - 2014-01-23 17:32 - 00472944 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareParentalControl.dll
2014-01-23 17:32 - 2014-01-23 17:32 - 01858408 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareWebProtection.dll
2014-01-23 17:32 - 2014-01-23 17:32 - 00223088 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareEmailProtection.dll
2014-01-23 17:32 - 2014-01-23 17:32 - 00513392 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareNetworkProtection.dll
2014-01-23 17:32 - 2014-01-23 17:32 - 00422752 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareInstaller.dll
2014-01-23 17:33 - 2014-01-23 17:33 - 00148808 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\zlib.dll
2014-01-23 17:33 - 2014-01-23 17:33 - 00122704 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\libssh2.dll
2014-01-23 17:32 - 2014-01-23 17:32 - 00298840 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwarePromo.dll
2014-01-23 17:32 - 2014-01-23 17:32 - 00241504 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareFeedback.dll
2014-01-23 17:32 - 2014-01-23 17:32 - 00123744 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\SecurityCenter.dll
2014-02-28 16:11 - 2013-07-17 18:09 - 00135288 _____ () C:\Windows\system32\bdfwcore.dll
2013-07-17 18:10 - 2013-07-17 18:10 - 00565640 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\2.6.0.0\BDSmartDB.dll
2013-08-21 15:32 - 2013-08-21 15:32 - 00641000 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\2.2.2.0\ashttpbr.mdl
2013-08-21 15:32 - 2013-08-21 15:32 - 00451480 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\2.2.2.0\ashttpdsp.mdl
2013-08-21 15:32 - 2013-08-21 15:32 - 01950672 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\2.2.2.0\ashttpph.mdl
2013-08-21 15:32 - 2013-08-21 15:32 - 00974744 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\2.2.2.0\ashttprbl.mdl
2013-08-21 15:32 - 2013-08-21 15:32 - 00641000 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\WebFiltering Engine\2.2.1.0\ashttpbr.mdl
2013-08-21 15:32 - 2013-08-21 15:32 - 00451480 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\WebFiltering Engine\2.2.1.0\ashttpdsp.mdl
2013-08-21 15:32 - 2013-08-21 15:32 - 02281296 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\WebFiltering Engine\2.2.1.0\ashttpf.mdl
2013-08-21 15:32 - 2013-08-21 15:32 - 00974744 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\WebFiltering Engine\2.2.1.0\ashttprbl.mdl
2014-02-28 15:57 - 2012-08-23 11:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
2014-02-28 15:57 - 2013-05-16 11:55 - 00113496 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-02-28 15:57 - 2013-05-16 11:55 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2014-02-28 15:57 - 2013-05-16 11:55 - 00161112 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-02-28 15:57 - 2012-04-03 18:06 - 00565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2014-02-03 19:15 - 2011-01-13 11:44 - 00232800 _____ () C:\Program Files\StarMoney 9.0\ouservice\PATCHW32.dll
2011-09-22 22:20 - 2011-09-22 22:20 - 11233136 _____ () C:\Program Files\Acronis\TrueImageHome\Common\ti_managers.dll
2011-03-02 00:14 - 2011-03-02 00:14 - 02143576 _____ () C:\Program Files\Logitech\LWS\Webcam Software\QtCore4.dll
2011-03-02 00:14 - 2011-03-02 00:14 - 07954776 _____ () C:\Program Files\Logitech\LWS\Webcam Software\QtGui4.dll
2011-03-02 00:15 - 2011-03-02 00:15 - 00340824 _____ () C:\Program Files\Logitech\LWS\Webcam Software\QtXml4.dll
2011-03-02 00:15 - 2011-03-02 00:15 - 00027480 _____ () C:\Program Files\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2011-03-02 00:15 - 2011-03-02 00:15 - 00126808 _____ () C:\Program Files\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2014-01-23 17:32 - 2014-01-23 17:32 - 03643224 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareTray.exe
2014-01-23 17:33 - 2014-01-23 17:33 - 00405880 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\boost_locale-vc100-mt-1_55.dll
2014-01-23 17:32 - 2014-01-23 17:32 - 00308064 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\HtmlFramework.dll
2014-01-23 17:32 - 2014-01-23 17:32 - 00056664 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\DllStorage.dll
2014-01-23 17:32 - 2014-01-23 17:32 - 00789360 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareTrayDefaultSkin.dll
2014-01-23 17:32 - 2014-01-23 17:32 - 00118104 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\Localization.dll
2009-04-10 01:04 - 2009-04-10 01:04 - 02141008 _____ () C:\Program Files\Logitech\Vid HD\QtCore4.dll
2009-03-04 00:17 - 2009-03-04 00:17 - 07704400 _____ () C:\Program Files\Logitech\Vid HD\QtGui4.dll
2009-04-22 23:53 - 2009-04-22 23:53 - 00969040 _____ () C:\Program Files\Logitech\Vid HD\QtNetwork4.dll
2009-03-04 00:17 - 2009-03-04 00:17 - 00475472 _____ () C:\Program Files\Logitech\Vid HD\QtOpenGL4.dll
2009-03-04 00:17 - 2009-03-04 00:17 - 00363856 _____ () C:\Program Files\Logitech\Vid HD\QtXml4.dll
2009-03-04 00:17 - 2009-03-04 00:17 - 00200016 _____ () C:\Program Files\Logitech\Vid HD\QtSql4.dll
2011-01-13 03:55 - 2011-01-13 03:55 - 00027472 _____ () C:\Program Files\Logitech\Vid HD\SDL.dll
2009-03-04 00:17 - 2009-03-04 00:17 - 11311952 _____ () C:\Program Files\Logitech\Vid HD\QtWebKit4.dll
2009-03-04 00:17 - 2009-03-04 00:17 - 00291664 _____ () C:\Program Files\Logitech\Vid HD\phonon4.dll
2011-01-13 03:57 - 2011-01-13 03:57 - 00751616 _____ () C:\Program Files\Logitech\Vid HD\vpxmd.dll
2009-03-04 00:18 - 2009-03-04 00:18 - 00029008 _____ () C:\Program Files\Logitech\Vid HD\plugins\imageformats\qgif4.dll
2009-03-04 00:18 - 2009-03-04 00:18 - 00035152 _____ () C:\Program Files\Logitech\Vid HD\plugins\imageformats\qico4.dll
2009-03-04 00:18 - 2009-03-04 00:18 - 00138064 _____ () C:\Program Files\Logitech\Vid HD\plugins\imageformats\qjpeg4.dll
2011-03-04 03:26 - 2011-03-04 03:26 - 00181592 _____ () C:\Program Files\Common Files\logishrd\SharedBin\LVAPI11.dll
2014-05-18 15:29 - 2014-05-18 15:29 - 03839088 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Users\Otto\Desktop\i.s. Beihilfe.eml:OECustomProperty

==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/02/2014 00:03:35 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm chrome.exe, Version 35.0.1916.114 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1a50

Startzeit: 01cf7e49bf0fd80b

Endzeit: 5

Anwendungspfad: C:\Program Files\Google\Chrome\Application\chrome.exe

Berichts-ID: 16c40968-ea3d-11e3-8960-001d609236a3

Error: (05/29/2014 07:01:11 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: NT-AUTORITÄT)
Description: Die Anwendung oder der Dienst "Spybot-S&D 2 Scanner Service" konnte nicht heruntergefahren werden.

Error: (05/29/2014 00:49:11 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm firefox.exe, Version 29.0.1.5239 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1d34

Startzeit: 01cf7b2b8124a44f

Endzeit: 51

Anwendungspfad: C:\Program Files\Mozilla Firefox\firefox.exe

Berichts-ID: d4296cdc-e71e-11e3-a435-001d609236a3

Error: (05/29/2014 11:11:56 AM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: Der Index kann nicht initialisiert werden.


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (05/29/2014 11:11:56 AM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Die Anwendung kann nicht initialisiert werden.

Kontext: Windows Anwendung


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (05/29/2014 11:11:56 AM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Das Gatherer-Objekt kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (05/29/2014 11:11:56 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Plug-In in <Search.TripoliIndexer> kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Element nicht gefunden.  (HRESULT : 0x80070490) (0x80070490)

Error: (05/29/2014 11:11:53 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Plug-In in <Search.JetPropStore> kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (05/29/2014 11:11:53 AM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: Die Eigenschaftenspeicherdaten können von Windows Search nicht geladen werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Die Inhaltsindexdatenbank ist fehlerhaft.  (HRESULT : 0xc0041800) (0xc0041800)

Error: (05/29/2014 11:11:53 AM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: Windows Search wird aufgrund eines Problems bei der Indizierung The catalog is corrupt beendet.


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)


System errors:
=============
Error: (06/02/2014 00:07:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (06/02/2014 00:07:51 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (06/02/2014 00:05:06 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎02.‎06.‎2014 um 12:03:09 unerwartet heruntergefahren.

Error: (06/02/2014 11:58:14 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (06/02/2014 11:58:14 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (06/02/2014 11:55:18 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎01.‎06.‎2014 um 20:05:45 unerwartet heruntergefahren.

Error: (06/01/2014 08:02:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (06/01/2014 08:02:16 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (06/01/2014 07:55:54 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (06/01/2014 07:55:54 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).


Microsoft Office Sessions:
=========================
Error: (03/01/2014 10:55:59 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6690.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 15 seconds with 0 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2014-05-23 13:13:27.495
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-05-23 13:13:27.493
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-05-23 13:13:27.491
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-05-23 13:13:27.483
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-05-23 13:13:27.480
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-05-23 13:13:27.478
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-05-23 13:13:27.431
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX86\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-05-23 13:13:27.429
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX86\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-05-23 13:13:27.427
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX86\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-05-23 13:13:27.418
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX86\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 46%
Total physical RAM: 3071.3 MB
Available physical RAM: 1658.36 MB
Total Pagefile: 6140.9 MB
Available Pagefile: 3475.8 MB
Total Virtual: 2047.88 MB
Available Virtual: 1921.42 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:298.09 GB) (Free:196.14 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Daten) (Fixed) (Total:104.34 GB) (Free:44.51 GB) NTFS
Drive e: (Filme) (Fixed) (Total:251.31 GB) (Free:152.13 GB) NTFS
Drive f: (Musik) (Fixed) (Total:110.1 GB) (Free:73.59 GB) NTFS
Drive g: (Sicherungen) (Fixed) (Total:298.08 GB) (Free:153.72 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 09DF4E94)
Partition 1: (Active) - (Size=298 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 9032FA66)
Partition 1: (Active) - (Size=251 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=104 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=110 GB) - (Type=OF Extended)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 298 GB) (Disk ID: D0FA3D53)
Partition 1: (Not Active) - (Size=298 GB) - (Type=OF Extended)

==================== End Of Log ============================

M-K-D-B · 02.06.2014, 14:44

Zitat:

Running from C:\Users\Otto\Downloads

Alle Tools auf den Desktop downloaden bzw. dorthin verschieben und vom Desktop starten, da unsere Anleitungen daraufhin ausgelegt sind.
Zudem lassen sich dann am Ende der Bereinigung alle verwendeten Tools sehr einfach entfernen.

Mehrere Anti-Virus-Programme

Code:

ATTFilter

Kaspersky
Ad-Aware

Mir ist aufgefallen, dass Du mehr als ein Anti-Virus-Programm mit Hintergrundwächter laufen hast. Das ist gefährlich, da sich die Programme in die Quere kommen können und dadurch Viren erst recht auf dem Rechner landen können. Ausserdem bremst es auch das System aus. Entscheide Dich für eine Variante und deinstalliere die andere über Systemsteuerung => Software.
Berichte, für welches Anti-Virus-Programm Du Dich entschieden hast.

Zitat:

Speedy hat letztens eine einleuchtende Erklärung dazu geliefert: "Man stelle sich einen Torwart vor, der das Tor hüten soll (Anti-Virus-Programm), der Ball kommt angeflogen (Virus), der Torhüter konzentriert sich auf den Ball und fängt ihn. Jetzt stelle Dir zwei Torhüter im Tor vor ...., die knallen aneinander und der Ball kann ungehindert ins Tor wandern."

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

M-K-D-B · 05.06.2014, 15:55

Ich übe mich in Geduld.

ottoeli · 06.06.2014, 10:47

Hallo,
zuerst danke für eure Mühe.
Wie schon gesagt, ich war einige Tage weg, deshalb habe ich nicht reagiert.
1. Kaspersky,die anderen antivirustools waren, wenn ich mich recht erinnere, nicht aktiv, nur nach Bedarf.
Aber macht nichts, ist jetzt gelöscht.
Gruß ottoeli
Anbei Combofix
Combofix Logfile:

Code:

ATTFilter

ComboFix 14-06-04.01 - Otto 06.06.2014   9:35.1.4 - x86
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3071.1848 [GMT 2:00]
ausgeführt von:: c:\users\Otto\Downloads\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {179979E8-273D-D14E-0543-2861940E4886}
FW: Kaspersky Internet Security *Disabled* {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
SP: Kaspersky Internet Security *Disabled/Updated* {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\security\Database\tmp.edb
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-05-06 bis 2014-06-06  ))))))))))))))))))))))))))))))
.
.
2014-06-06 07:46 . 2014-06-06 07:46	--------	d-----w-	c:\users\Otto\AppData\Local\temp
2014-06-06 07:46 . 2014-06-06 07:46	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2014-06-06 07:46 . 2014-06-06 07:46	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-06-06 07:31 . 2014-06-06 07:31	62576	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{400FCB6B-F527-4F2E-B52C-6ED5B19CE858}\offreg.dll
2014-06-06 06:51 . 2014-04-30 23:37	8073384	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{400FCB6B-F527-4F2E-B52C-6ED5B19CE858}\mpengine.dll
2014-06-01 18:04 . 2014-06-02 10:26	--------	d-----w-	C:\FRST
2014-06-01 09:45 . 2014-06-01 09:45	--------	d-----w-	c:\users\Otto\AppData\Roaming\QuickScan
2014-05-29 18:04 . 2014-05-29 18:04	--------	d-----w-	c:\programdata\MFAData
2014-05-29 18:04 . 2014-05-29 18:04	--------	d-----w-	c:\users\Otto\AppData\Local\MFAData
2014-05-29 18:04 . 2014-05-29 18:04	--------	d-----w-	c:\users\Otto\AppData\Local\Avg2014
2014-05-28 13:41 . 2014-05-28 13:41	--------	d-sh--w-	c:\users\Otto\AppData\Local\EmieUserList
2014-05-28 13:41 . 2014-05-28 13:41	--------	d-sh--w-	c:\users\Otto\AppData\Local\EmieSiteList
2014-05-26 13:28 . 2014-05-26 13:28	--------	d-----w-	c:\program files\Common Files\Skype
2014-05-15 20:11 . 2010-08-30 06:34	536576	----a-w-	c:\windows\system32\sqlite3.dll
2014-05-14 08:18 . 2014-05-06 03:07	2724864	----a-w-	c:\windows\system32\mshtml.tlb
2014-05-08 13:48 . 2014-05-08 13:48	227704	----a-w-	c:\program files\Internet Explorer\Plugins\nppdf32.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-14 09:36 . 2014-02-03 13:29	70832	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2014-05-14 09:36 . 2014-02-03 13:29	692400	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2014-03-31 20:46 . 2014-03-31 20:46	130712	----a-w-	c:\windows\system32\MSSTDFMT.DLL
2014-03-31 20:46 . 2014-03-31 20:46	1070232	----a-w-	c:\windows\system32\MSCOMCTL.OCX
2014-03-31 07:35 . 2013-01-15 12:21	231584	------w-	c:\windows\system32\MpSigStub.exe
2014-03-22 15:23 . 2013-06-08 19:18	94304	----a-w-	c:\windows\system32\drivers\klflt.sys
2014-03-17 20:11 . 2014-04-16 15:44	94632	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-05-15 10:15	223432	----a-w-	c:\users\Otto\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-05-15 10:15	223432	----a-w-	c:\users\Otto\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-05-15 10:15	223432	----a-w-	c:\users\Otto\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech Vid"="c:\program files\Logitech\Vid HD\Vid.exe" [2011-01-13 6129496]
"SkyDrive"="c:\users\Otto\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" [2014-05-15 257224]
"HP Officejet Pro 8600 (NET)"="c:\program files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe" [2011-09-09 1804648]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SAOB Monitor"="c:\program files\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe" [2011-09-22 2571032]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2011-09-22 5587832]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2011-09-22 395344]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2011-03-01 190808]
"PMBVolumeWatcher"="c:\program files\Sony\PMB\PMBVolumeWatcher.exe" [2011-08-24 651832]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-03-24 49208]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2014-01-17 421888]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2013-09-27 559696]
"PDFPrint"="c:\program files\PDF24\pdf24.exe" [2014-02-06 189480]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2014-05-08 21444224]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0\0sdnclean.exe
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-10-23 172192]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2014-01-22 88576]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2011-04-26 2702848]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-03-06 108032]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf_x86.sys [2013-12-06 16024]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\PSIA.exe [2013-12-06 1229528]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2014-01-22 184192]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 49664]
R4 klflt;klflt;c:\windows\system32\DRIVERS\klflt.sys [2014-03-22 94304]
S0 hotcore3;hc3ServiceName;c:\windows\system32\DRIVERS\hotcore3.sys [2009-09-25 40560]
S0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\DRIVERS\tdrpm273.sys [2011-10-25 752128]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2013-10-17 25696]
S1 klpd;klpd;c:\windows\system32\DRIVERS\klpd.sys [2013-04-12 14432]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys [2013-05-14 45024]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys [2014-02-03 144992]
S1 RrNetCapFilterDriver;RadioRip Filter Driver;c:\windows\system32\DRIVERS\RrNetCapFilterDriver.sys [2014-01-29 22184]
S2 AAV UpdateService;AAV UpdateService;c:\program files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [2008-10-24 128296]
S2 afcdpsrv;Acronis Nonstop Backup-Dienst;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [2011-10-25 3246040]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-04-11 1390720]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-04-11 1764992]
S2 DfSdkS;Defragmentation-Service;c:\program files\Ashampoo\Ashampoo WinOptimizer 10\DfsdkS.exe [2009-08-24 406016]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [2012-01-23 1858048]
S2 FoxitCloudUpdateService;Foxit Cloud Safe Update Service;c:\program files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [2014-02-19 239680]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\Sony\PMB\PMBDeviceInfoProvider.exe [2011-08-24 430136]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [2013-12-06 662232]
S2 StarMoney 9.0 OnlineUpdate;StarMoney 9.0 OnlineUpdate;c:\program files\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe [2014-01-27 663184]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-01-18 383264]
S2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-03-04 428640]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2011-10-25 167968]
S3 CompFilter;UVCCompositeFilter;c:\windows\system32\DRIVERS\lvbusflt.sys [2011-03-04 20448]
S3 HCW85BDA;Hauppauge WinTV 885 Video Capture;c:\windows\system32\drivers\HCW85BDA.sys [2009-07-13 1394688]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys [2014-02-17 25184]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2013-10-17 25696]
S3 netr73;RT73 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr73.sys [2011-10-05 564800]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-05-23 11:16	1091912	----a-w-	c:\program files\Google\Chrome\Application\35.0.1916.114\Installer\chrmstp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}]
2010-02-16 17:02	114688	----a-w-	c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-06-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-03 09:36]
.
2014-06-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-01-16 08:43]
.
2014-06-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-01-16 08:43]
.
2013-01-15 c:\windows\Tasks\SidebarExecute.job
- c:\program files\Windows Sidebar\sidebar.exe [2011-10-25 12:17]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.ntv.de/
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Zu Anti-Banner hinzufügen - c:\program files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ie_banner_deny.htm
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Otto\AppData\Roaming\Mozilla\Firefox\Profiles\28129ckv.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - about:home
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-GoogleDriveSync - c:\program files\Google\Drive\googledrivesync.exe
AddRemove-25_escape - c:\program files\SAMSUNG\USB Drivers\25_escape\Uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.alb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FotoManager.9.alb"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="MAGIXviewer.eps"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="MAGIXviewer.gif"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="MAGIXviewer.iff"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="MAGIXviewer.pcd"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="MAGIXviewer.png"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="MAGIXviewer.tga"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="MAGIXviewer.tif"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="MAGIXviewer.tiff"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-06-06  09:49:03
ComboFix-quarantined-files.txt  2014-06-06 07:49
.
Vor Suchlauf: 10 Verzeichnis(se), 211.120.381.952 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 210.997.006.336 Bytes frei
.
- - End Of File - - 176A2B2674ACE900E04C5D76BA6A237E

--- --- ---
A36C5E4F47E84449FF07ED3517B43A31

[/CODE]

M-K-D-B · 06.06.2014, 11:37

Schritt 1
Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Schritt 2

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

Schritt 3
Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Schritt 4
Bitte deaktiviere dein Anti-Viren-Programm, da es das Ergebnis beeinflussen oder ggf. die Bereinigung stören kann.
Bitte lade dir zoek.exe von hier: http://hijackthis.nl/smeenk/ und speichere die Datei auf deinem Desktop.

Starte Zoek.exe mit einem Doppelklick.
Achtung: Das folgende Skript wurde nur für diesen speziellen Fall geschrieben und könnte andere Computer beschädigen.
Kopiere den Text der folgenden Box in das Skriptfenster von zoek:
Code:
ATTFilter
```
iedefaults;
resetIEproxy;
FFdefaults;
CHRdefaults;
emptyclsid;
autoclean;
         
```
Nun klicke auf "Run script" und sei geduldig bis das Skript durchgelaufen ist.
Wenn das Tool fertig ist, wird sich Notepad mit der Logdatei öffnen (ggf. erst nach einem Neustart). Das Log befindet sich aber auch noch unter c:\ .
Bitte poste mir das ZOEK-Log (möglichst in CODE-Tags - #-Symbol im Antwortfenster klicken).

Schritt 5

Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Scan.
FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
Poste mir beide Logdateien mit deiner nächsten Antwort.

Bitte poste mit deiner nächsten Antwort

die Logdatei von AdwCleaner,
die Logdatei von JRT,
die Logdatei von MBAM,
die Logdatei von Zoek,
die beiden neuen Logdateien von FRST.

ottoeli · 06.06.2014, 14:56

Hallo,
habe einiges schon gemacht. Anbei die logfiles und texte.
hijackthis habe ich noch nicht gemacht. kommt später
danke
ottoeli
Combofix Logfile:

Code:

ATTFilter

ComboFix 14-06-04.01 - Otto 06.06.2014   9:35.1.4 - x86
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3071.1848 [GMT 2:00]
ausgeführt von:: c:\users\Otto\Downloads\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {179979E8-273D-D14E-0543-2861940E4886}
FW: Kaspersky Internet Security *Disabled* {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
SP: Kaspersky Internet Security *Disabled/Updated* {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\security\Database\tmp.edb
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-05-06 bis 2014-06-06  ))))))))))))))))))))))))))))))
.
.
2014-06-06 07:46 . 2014-06-06 07:46	--------	d-----w-	c:\users\Otto\AppData\Local\temp
2014-06-06 07:46 . 2014-06-06 07:46	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2014-06-06 07:46 . 2014-06-06 07:46	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-06-06 07:31 . 2014-06-06 07:31	62576	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{400FCB6B-F527-4F2E-B52C-6ED5B19CE858}\offreg.dll
2014-06-06 06:51 . 2014-04-30 23:37	8073384	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{400FCB6B-F527-4F2E-B52C-6ED5B19CE858}\mpengine.dll
2014-06-01 18:04 . 2014-06-02 10:26	--------	d-----w-	C:\FRST
2014-06-01 09:45 . 2014-06-01 09:45	--------	d-----w-	c:\users\Otto\AppData\Roaming\QuickScan
2014-05-29 18:04 . 2014-05-29 18:04	--------	d-----w-	c:\programdata\MFAData
2014-05-29 18:04 . 2014-05-29 18:04	--------	d-----w-	c:\users\Otto\AppData\Local\MFAData
2014-05-29 18:04 . 2014-05-29 18:04	--------	d-----w-	c:\users\Otto\AppData\Local\Avg2014
2014-05-28 13:41 . 2014-05-28 13:41	--------	d-sh--w-	c:\users\Otto\AppData\Local\EmieUserList
2014-05-28 13:41 . 2014-05-28 13:41	--------	d-sh--w-	c:\users\Otto\AppData\Local\EmieSiteList
2014-05-26 13:28 . 2014-05-26 13:28	--------	d-----w-	c:\program files\Common Files\Skype
2014-05-15 20:11 . 2010-08-30 06:34	536576	----a-w-	c:\windows\system32\sqlite3.dll
2014-05-14 08:18 . 2014-05-06 03:07	2724864	----a-w-	c:\windows\system32\mshtml.tlb
2014-05-08 13:48 . 2014-05-08 13:48	227704	----a-w-	c:\program files\Internet Explorer\Plugins\nppdf32.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-14 09:36 . 2014-02-03 13:29	70832	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2014-05-14 09:36 . 2014-02-03 13:29	692400	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2014-03-31 20:46 . 2014-03-31 20:46	130712	----a-w-	c:\windows\system32\MSSTDFMT.DLL
2014-03-31 20:46 . 2014-03-31 20:46	1070232	----a-w-	c:\windows\system32\MSCOMCTL.OCX
2014-03-31 07:35 . 2013-01-15 12:21	231584	------w-	c:\windows\system32\MpSigStub.exe
2014-03-22 15:23 . 2013-06-08 19:18	94304	----a-w-	c:\windows\system32\drivers\klflt.sys
2014-03-17 20:11 . 2014-04-16 15:44	94632	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-05-15 10:15	223432	----a-w-	c:\users\Otto\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-05-15 10:15	223432	----a-w-	c:\users\Otto\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-05-15 10:15	223432	----a-w-	c:\users\Otto\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech Vid"="c:\program files\Logitech\Vid HD\Vid.exe" [2011-01-13 6129496]
"SkyDrive"="c:\users\Otto\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" [2014-05-15 257224]
"HP Officejet Pro 8600 (NET)"="c:\program files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe" [2011-09-09 1804648]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SAOB Monitor"="c:\program files\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe" [2011-09-22 2571032]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2011-09-22 5587832]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2011-09-22 395344]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2011-03-01 190808]
"PMBVolumeWatcher"="c:\program files\Sony\PMB\PMBVolumeWatcher.exe" [2011-08-24 651832]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-03-24 49208]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2014-01-17 421888]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2013-09-27 559696]
"PDFPrint"="c:\program files\PDF24\pdf24.exe" [2014-02-06 189480]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2014-05-08 21444224]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0\0sdnclean.exe
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-10-23 172192]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2014-01-22 88576]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2011-04-26 2702848]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-03-06 108032]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf_x86.sys [2013-12-06 16024]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\PSIA.exe [2013-12-06 1229528]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2014-01-22 184192]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 49664]
R4 klflt;klflt;c:\windows\system32\DRIVERS\klflt.sys [2014-03-22 94304]
S0 hotcore3;hc3ServiceName;c:\windows\system32\DRIVERS\hotcore3.sys [2009-09-25 40560]
S0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\DRIVERS\tdrpm273.sys [2011-10-25 752128]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2013-10-17 25696]
S1 klpd;klpd;c:\windows\system32\DRIVERS\klpd.sys [2013-04-12 14432]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys [2013-05-14 45024]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys [2014-02-03 144992]
S1 RrNetCapFilterDriver;RadioRip Filter Driver;c:\windows\system32\DRIVERS\RrNetCapFilterDriver.sys [2014-01-29 22184]
S2 AAV UpdateService;AAV UpdateService;c:\program files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [2008-10-24 128296]
S2 afcdpsrv;Acronis Nonstop Backup-Dienst;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [2011-10-25 3246040]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-04-11 1390720]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-04-11 1764992]
S2 DfSdkS;Defragmentation-Service;c:\program files\Ashampoo\Ashampoo WinOptimizer 10\DfsdkS.exe [2009-08-24 406016]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [2012-01-23 1858048]
S2 FoxitCloudUpdateService;Foxit Cloud Safe Update Service;c:\program files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [2014-02-19 239680]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\Sony\PMB\PMBDeviceInfoProvider.exe [2011-08-24 430136]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [2013-12-06 662232]
S2 StarMoney 9.0 OnlineUpdate;StarMoney 9.0 OnlineUpdate;c:\program files\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe [2014-01-27 663184]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-01-18 383264]
S2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-03-04 428640]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2011-10-25 167968]
S3 CompFilter;UVCCompositeFilter;c:\windows\system32\DRIVERS\lvbusflt.sys [2011-03-04 20448]
S3 HCW85BDA;Hauppauge WinTV 885 Video Capture;c:\windows\system32\drivers\HCW85BDA.sys [2009-07-13 1394688]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys [2014-02-17 25184]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2013-10-17 25696]
S3 netr73;RT73 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr73.sys [2011-10-05 564800]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-05-23 11:16	1091912	----a-w-	c:\program files\Google\Chrome\Application\35.0.1916.114\Installer\chrmstp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}]
2010-02-16 17:02	114688	----a-w-	c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-06-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-03 09:36]
.
2014-06-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-01-16 08:43]
.
2014-06-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-01-16 08:43]
.
2013-01-15 c:\windows\Tasks\SidebarExecute.job
- c:\program files\Windows Sidebar\sidebar.exe [2011-10-25 12:17]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.ntv.de/
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Zu Anti-Banner hinzufügen - c:\program files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ie_banner_deny.htm
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Otto\AppData\Roaming\Mozilla\Firefox\Profiles\28129ckv.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - about:home
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-GoogleDriveSync - c:\program files\Google\Drive\googledrivesync.exe
AddRemove-25_escape - c:\program files\SAMSUNG\USB Drivers\25_escape\Uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.alb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FotoManager.9.alb"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="MAGIXviewer.eps"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="MAGIXviewer.gif"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="MAGIXviewer.iff"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="MAGIXviewer.pcd"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="MAGIXviewer.png"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="MAGIXviewer.tga"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="MAGIXviewer.tif"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="MAGIXviewer.tiff"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-06-06  09:49:03
ComboFix-quarantined-files.txt  2014-06-06 07:49
.
Vor Suchlauf: 10 Verzeichnis(se), 211.120.381.952 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 210.997.006.336 Bytes frei
.
- - End Of File - - 176A2B2674ACE900E04C5D76BA6A237E

--- --- ---
A36C5E4F47E84449FF07ED3517B43A31
2. adwcleaner
AdwCleaner Logfile:

Code:

ATTFilter

# AdwCleaner v3.212 - Bericht erstellt am 06/06/2014 um 15:10:25
# Aktualisiert 05/06/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzername : Otto - OTTO-PC
# Gestartet von : C:\Users\Otto\Downloads\adwcleaner_3.212.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1EC9510D-A439-4950-9399-B6399EDF9EA7}
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\adawarebp

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17041


-\\ Mozilla Firefox v29.0.1 (de)

[ Datei : C:\Users\Otto\AppData\Roaming\Mozilla\Firefox\Profiles\28129ckv.default\prefs.js ]


-\\ Google Chrome v35.0.1916.114

[ Datei : C:\Users\Otto\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gelöscht [Startup_urls] : hxxp://search.conduit.com/?ctid=CT3314958&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP64264525-58B0-438C-BEFA-3382A474E02A&SSPV=

*************************

AdwCleaner[R10].txt - [1183 octets] - [01/06/2014 19:57:21]
AdwCleaner[R11].txt - [1427 octets] - [06/06/2014 15:09:36]
AdwCleaner[S8].txt - [1177 octets] - [01/06/2014 19:58:24]
AdwCleaner[S9].txt - [1351 octets] - [06/06/2014 15:10:25]

########## EOF - C:\AdwCleaner\AdwCleaner[S9].txt - [1411 octets] ##########

--- --- ---
3.JRT
JRT Logfile:

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Windows 7 Home Premium x86
Ran by Otto on 06.06.2014 at 15:21:51,09
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\adawarebp



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"



~~~ FireFox

Successfully deleted: [Folder] C:\Users\Otto\AppData\Roaming\mozilla\firefox\profiles\28129ckv.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
Emptied folder: C:\Users\Otto\AppData\Roaming\mozilla\firefox\profiles\28129ckv.default\minidumps [72 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 06.06.2014 at 15:25:24,22
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

--- --- ---
4. malwarebytes
[/CODE]
Malwarebytes Anti-Malware
Malwarebytes | Free Anti-Malware & Internet Security Software

Scan Date: 06.06.2014
Scan Time: 15:46:32
Logfile: malwarebytes.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.06.06.04
Rootkit Database: v2014.06.02.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Otto

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 316216
Time Elapsed: 7 min, 16 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)
[/CODE]

M-K-D-B · 06.06.2014, 16:44

Fehlt nur noch Zoek und FRST.

ottoeli · 06.06.2014, 19:16

Hallo,
hier die letzten 2 Berichte.
Mich würde auch interessieren, was hier los ist. Die einzelnen programme etc. sind alle auf dem letzten Stand. Softwaremässig ist alles "geupdatet".
Gruß
ottoeli
1. zoek

Code:

ATTFilter

Zoek.exe v5.0.0.0 Updated 02-June-2014
Tool run by Otto on 06.06.2014 at 19:05:08,94.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Otto\Downloads\zoek(1).exe [Scan all users] [Script inserted] 

==== System Restore Info ======================

06.06.2014 19:06:23 Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\Otto\AppData\Roaming\Mozilla\Firefox\Profiles\28129ckv.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.search.defaultenginename", "Yahoo");
user_pref("browser.search.selectedEngine", "Yahoo");
user_pref("browser.search.suggest.enabled", false);
user_pref("browser.search.useDBForOrder", true);

Added to C:\Users\Otto\AppData\Roaming\Mozilla\Firefox\Profiles\28129ckv.default\prefs.js:
user_pref("browser.startup.homepage", "hxxp://www.google.com");
user_pref("browser.search.defaulturl", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "hxxp://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

Deleted from C:\Users\Otto\AppData\Roaming\Thunderbird\Profiles\js17ulof.default\prefs.js:

Added to C:\Users\Otto\AppData\Roaming\Thunderbird\Profiles\js17ulof.default\prefs.js:
user_pref("browser.startup.homepage", "hxxp://www.google.com");
user_pref("browser.search.defaulturl", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "hxxp://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

Deleted from C:\Users\Otto\AppData\Roaming\Thunderbird\Profiles\tqsk4k8t.Andere\prefs.js:

Added to C:\Users\Otto\AppData\Roaming\Thunderbird\Profiles\tqsk4k8t.Andere\prefs.js:
user_pref("browser.startup.homepage", "hxxp://www.google.com");
user_pref("browser.search.defaulturl", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "hxxp://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

ProfilePath: C:\Users\Otto\AppData\Roaming\Mozilla\Firefox\Profiles\28129ckv.default

user.js not found
---- Lines browser.startup.page removed from prefs.js ----
user_pref("browser.startup.page", 0);
---- FireFox user.js and prefs.js backups ---- 

prefs__1919_.backup

ProfilePath: C:\Users\Otto\AppData\Roaming\Thunderbird\Profiles\js17ulof.default

user.js not found
---- FireFox user.js and prefs.js backups ---- 

prefs__1919_.backup

ProfilePath: C:\Users\Otto\AppData\Roaming\Thunderbird\Profiles\tqsk4k8t.Andere

user.js not found
---- FireFox user.js and prefs.js backups ---- 

prefs__1919_.backup

==== Deleting Files \ Folders ======================

C:\PROGRA~2\eSellerate deleted
C:\Users\Otto\.android deleted
C:\Program Files\Lavasoft\AdAware SecureSearch Toolbar deleted
C:\Users\Otto\AppData\Local\adawarebp deleted
C:\Users\Otto\Downloads\DownloadManager_1101a (sony pmb).exe deleted

==== Firefox Extensions ======================

ProfilePath: C:\Users\Otto\AppData\Roaming\Mozilla\Firefox\Profiles\28129ckv.default
- Adblock Plus Pop-up Addon - %ProfilePath%\extensions\adblockpopups@jessehakanen.net.xpi
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
- ProfileSwitcher - %ProfilePath%\extensions\{fa8476cf-a98c-4e08-99b4-65a69cb4b7d4}.xpi

ProfilePath: C:\Users\Otto\AppData\Roaming\Thunderbird\Profiles\js17ulof.default
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
- ProfileSwitcher - %ProfilePath%\extensions\{fa8476cf-a98c-4e08-99b4-65a69cb4b7d4}.xpi

ProfilePath: C:\Users\Otto\AppData\Roaming\Thunderbird\Profiles\tqsk4k8t.Andere
- Instrument Test - %ProfilePath%\extensions\tbtestpilot@labs.mozilla.com.xpi

AppDir: C:\Program Files\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
- Skype Click to Call - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi

==== Firefox Plugins ======================

Profilepath: C:\Users\Otto\AppData\Roaming\Mozilla\Firefox\Profiles\28129ckv.default
A58DE0A570148AF5FF3512B2A340D09F	- C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll -	Shockwave Flash
785105A23650755A8F7A72405EB0D923	- C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll -	Google Update
14365399E83D7BC15760E8676E890C87	- C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll -	Adobe Acrobat
14365399E83D7BC15760E8676E890C87	- C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll -	Adobe Acrobat
2855AB5CC40D03B1F708C088123D2776	- C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll -	Java(TM) Platform SE 7 U55
8AD9933DE84627B4BF9CCD1191121240	- C:\Program Files\Java\jre7\bin\dtplugin\npdeployJava1.dll -	Java Deployment Toolkit 7.0.550.13
E30C13DE5E2B96341BD1B0691A9AFB32	- C:\Program Files\QuickTime\Plugins\npqtplugin5.dll -	QuickTime Plug-in 7.7.5
4310CAACD0FF0506C55389F04ED6049F	- C:\Program Files\QuickTime\Plugins\npqtplugin4.dll -	QuickTime Plug-in 7.7.5
08EF980C9444262DB84C5106BCCA990C	- C:\Program Files\QuickTime\Plugins\npqtplugin3.dll -	QuickTime Plug-in 7.7.5
0E56A9CBF2B73E1C3186094C108690CA	- C:\Program Files\QuickTime\Plugins\npqtplugin2.dll -	QuickTime Plug-in 7.7.5
E972DDCDBEFDED34BCB7B2D1035883E5	- C:\Program Files\QuickTime\Plugins\npqtplugin.dll -	QuickTime Plug-in 7.7.5
01D93217A9EE48DD37072B671378CC9C	- c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll -	Silverlight Plug-In
5B92CB0A3EEE50F6B9AE036B4F9B0F0C	- C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll -	Google Earth Plugin
209F58DECE7A511BB81A7A172F4346E8	- C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll -	Foxit Reader Plugin for Mozilla
D7EFF0B98C370E03D7E2593399D9B669	- C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll -	NVIDIA 3D Vision
75A1232EAC640B782CDD2132B5271AA8	- C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll -	NVIDIA 3D VISION
24E990B1E6D55428001843CF7217DD81	- C:\Program Files\Microsoft\Office Live\npOLW.dll -	Microsoft Office Live Plug-in for Firefox / Microsoft Office Live Plug-in for Firefox
28986F0A2342A033345EF9E70D395E4F	- c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrlui.dll -	Microsoft® Silverlight


==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
dchlnpcodkpfdpacogkljefecpegganj - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx[17.10.2013 16:49]
hakdifolhalapjijoafobooafbilfakh - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\online_banking_chrome.crx[17.10.2013 16:50]
hghkgaeecgjhjkannahfamoehjmkjail - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\content_blocker_chrome.crx[17.10.2013 16:50]
jagncdcchgajhfhijbbhecadmaiegcmh - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\virtkbd.crx[22.03.2014 17:22]
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx[11.04.2014 19:46]
pjldcfjmnllhmgjclecdnfampinooman - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx[17.10.2013 16:49]

Skype Click to Call - Otto\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://www.ntv.de/"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://www.ntv.de/"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google  Url="hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Reset Google Chrome ======================

C:\Users\Otto\AppData\Local\Google\Chrome\User Data\Default\preferences was reset successfully
C:\Users\Otto\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== Reset IE Proxy ======================

Value(s) before fix:
"ProxyEnable"=dword:00000000

Value(s) after fix:
"ProxyEnable"=dword:00000000

==== Empty IE Cache ======================

C:\Users\Otto\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Otto\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\Otto\AppData\Local\Mozilla\Firefox\Profiles\28129ckv.default\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Otto\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=457 folders=41 91436660 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\temp emptied successfully
C:\Users\Default User\AppData\Local\temp emptied successfully
C:\Users\Otto\AppData\Local\temp will be emptied at reboot
C:\Users\Public\AppData\Local\temp emptied successfully
C:\Users\UpdatusUser\AppData\Local\temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Otto\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted

==== EOF on 06.06.2014 at 19:29:23,08 ======================

2. FRST

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:06-06-2014
Ran by Otto (administrator) on OTTO-PC on 06-06-2014 19:40:02
Running from C:\Users\Otto\Downloads
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(mst software GmbH, Germany) C:\Program Files\Ashampoo\Ashampoo WinOptimizer 10\DfSdkS.exe
(Foxit Corporation) C:\Program Files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe
(Sony Corporation) C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
(Secunia) C:\Program Files\Secunia\PSI\sua.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(MAGIX AG) C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.24.7\GoogleCrashHandler.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe
(Acronis) C:\Program Files\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe
(Acronis) C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
(Logitech Inc.) C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
(Sony Corporation) C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Lavasoft) C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Geek Software GmbH) C:\Program Files\PDF24\pdf24.exe
(Logitech Inc.) C:\Program Files\Logitech\Vid HD\Vid.exe
(Microsoft Corporation) C:\Users\Otto\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
(Farbar) C:\Users\Otto\Downloads\FRST(2).exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SAOB Monitor] => C:\Program Files\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe [2571032 2011-09-22] (Acronis)
HKLM\...\Run: [TrueImageMonitor.exe] => C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [5587832 2011-09-22] (Acronis)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [395344 2011-09-22] (Acronis)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [LWS] => C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe [190808 2011-03-02] (Logitech Inc.)
HKLM\...\Run: [PMBVolumeWatcher] => C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe [651832 2011-08-24] (Sony Corporation)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2011-03-24] (Hewlett-Packard)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [Ad-Aware Browsing Protection] => C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [559696 2013-09-27] (Lavasoft)
HKLM\...\Run: [PDFPrint] => C:\Program Files\PDF24\pdf24.exe [189480 2014-02-06] (Geek Software GmbH)
HKU\.DEFAULT\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-3143349830-2153452287-2984029701-1000\...\Run: [Logitech Vid] => C:\Program Files\Logitech\Vid HD\Vid.exe [6129496 2011-01-13] (Logitech Inc.)
HKU\S-1-5-21-3143349830-2153452287-2984029701-1000\...\Run: [SkyDrive] => C:\Users\Otto\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [257224 2014-05-15] (Microsoft Corporation)
HKU\S-1-5-21-3143349830-2153452287-2984029701-1000\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [1804648 2011-09-09] (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ntv.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xDC71B38F30F3CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Otto\AppData\Roaming\Mozilla\Firefox\Profiles\28129ckv.default
FF NewTab: hxxp://www.google.com/
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.com
FF Keyword.URL: hxxp://www.google.com/search?btnG=Google+Search&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Adblock Plus Pop-up Addon - C:\Users\Otto\AppData\Roaming\Mozilla\Firefox\Profiles\28129ckv.default\Extensions\adblockpopups@jessehakanen.net.xpi [2014-02-03]
FF Extension: Adblock Plus - C:\Users\Otto\AppData\Roaming\Mozilla\Firefox\Profiles\28129ckv.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-01-15]
FF Extension: ProfileSwitcher - C:\Users\Otto\AppData\Roaming\Mozilla\Firefox\Profiles\28129ckv.default\Extensions\{fa8476cf-a98c-4e08-99b4-65a69cb4b7d4}.xpi [2013-01-15]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-05-18]

Chrome: 
=======
CHR Extension: (Google Docs) - C:\Users\Otto\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-30]
CHR Extension: (Google Drive) - C:\Users\Otto\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-30]
CHR Extension: (YouTube) - C:\Users\Otto\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-30]
CHR Extension: (Last updated at $time$ on $date$) - C:\Users\Otto\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-03-31]
CHR Extension: (Google Search) - C:\Users\Otto\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-30]
CHR Extension: (Kaspersky URL Advisor) - C:\Users\Otto\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2014-03-30]
CHR Extension: (Safe Money) - C:\Users\Otto\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh [2014-03-30]
CHR Extension: (Dangerous Websites Blocker) - C:\Users\Otto\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail [2014-03-30]
CHR Extension: (Virtual Keyboard) - C:\Users\Otto\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh [2014-03-30]
CHR Extension: (Skype Click to Call) - C:\Users\Otto\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-03-30]
CHR Extension: (Google Wallet) - C:\Users\Otto\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-30]
CHR Extension: (Click&Clean App) - C:\Users\Otto\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp [2014-03-31]
CHR Extension: (Gmail) - C:\Users\Otto\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-30]
CHR Extension: (Anti-Banner) - C:\Users\Otto\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2014-03-30]
CHR HKLM\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx [2013-10-17]
CHR HKLM\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\online_banking_chrome.crx [2013-10-17]
CHR HKLM\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\content_blocker_chrome.crx [2013-10-17]
CHR HKLM\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\virtkbd.crx [2013-10-17]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-04-11]
CHR HKLM\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx [2013-10-17]

========================== Services (Whitelisted) =================

R2 AAV UpdateService; C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
R2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [805032 2011-09-22] (Acronis)
R2 afcdpsrv; C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe [3246040 2011-10-25] (Acronis)
R2 avp; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-17] (Kaspersky Lab ZAO)
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)
R2 DfSdkS; C:\Program Files\Ashampoo\Ashampoo WinOptimizer 10\DfsdkS.exe [406016 2009-08-24] (mst software GmbH, Germany)
R2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG)
S3 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®)
R2 FoxitCloudUpdateService; C:\Program Files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [239680 2014-02-19] (Foxit Corporation)
R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S3 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)
S2 StarMoney 9.0 OnlineUpdate; C:\Program Files\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe [663184 2014-01-27] (Star Finanz-Software Entwicklung und Vertriebs GmbH)
R2 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [428640 2011-03-04] (Logitech Inc.)

==================== Drivers (Whitelisted) ====================

R3 CompFilter; C:\Windows\System32\DRIVERS\lvbusflt.sys [20448 2011-03-04] (Logitech Inc.)
R3 e1express; C:\Windows\System32\DRIVERS\e1e6232.sys [219352 2009-06-05] (Intel Corporation)
R0 hotcore3; C:\Windows\System32\DRIVERS\hotcore3.sys [40560 2009-09-25] (Paragon Software Group)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [135776 2014-02-03] (Kaspersky Lab ZAO)
S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [94304 2014-03-22] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [576608 2014-03-22] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [25696 2013-10-17] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [25184 2014-02-17] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [25696 2013-10-17] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [14432 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [45024 2013-05-14] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [144992 2014-02-03] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-06-06] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation)
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_x86.sys [16024 2013-12-06] (Secunia)
R1 RrNetCapFilterDriver; C:\Windows\System32\DRIVERS\RrNetCapFilterDriver.sys [22184 2014-01-29] (Audials AG)
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [35288 2013-08-22] (The OpenVPN Project)
R3 tbhsd; C:\Windows\System32\drivers\tbhsd.sys [39048 2014-01-29] (RapidSolution Software AG)
R1 UimBus; C:\Windows\System32\DRIVERS\UimBus.sys [81232 2013-03-15] (Windows (R) 2000 DDK provider)
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Otto\AppData\Local\Temp\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-06 19:38 - 2014-06-06 19:38 - 01063424 _____ (Farbar) C:\Users\Otto\Downloads\FRST(2).exe
2014-06-06 19:33 - 2014-06-06 19:33 - 00012460 _____ () C:\Users\Otto\Desktop\zoek-results.txt
2014-06-06 19:29 - 2014-06-06 19:29 - 00000000 ____D () C:\Users\Otto\AppData\Local\adawarebp
2014-06-06 19:22 - 2014-06-06 19:40 - 00000000 ____D () C:\Users\Otto\AppData\Local\Temp
2014-06-06 19:22 - 2014-06-06 19:22 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\temp
2014-06-06 19:22 - 2014-06-06 19:22 - 00000000 ____D () C:\Users\Public\AppData\Local\temp
2014-06-06 19:22 - 2014-06-06 19:22 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-06-06 19:22 - 2014-06-06 19:22 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-06-06 19:22 - 2014-06-06 19:05 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-06-06 19:06 - 2014-06-06 19:29 - 00012460 _____ () C:\zoek-results.log
2014-06-06 19:02 - 2014-06-06 19:02 - 01285120 _____ () C:\Users\Otto\Downloads\zoek(1).exe
2014-06-06 19:01 - 2014-06-06 19:25 - 00000000 ____D () C:\zoek_backup
2014-06-06 19:01 - 2014-06-06 19:01 - 01285120 _____ () C:\Users\Otto\Downloads\zoek.exe
2014-06-06 15:55 - 2014-06-06 15:55 - 00001061 _____ () C:\Users\Otto\Desktop\malwarebytes.txt
2014-06-06 15:45 - 2014-06-06 19:29 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-06 15:44 - 2014-06-06 15:44 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Otto\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-06 15:44 - 2014-06-06 15:44 - 00001064 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-06 15:44 - 2014-06-06 15:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-06-06 15:44 - 2014-06-06 15:44 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-06-06 15:44 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-06 15:44 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-06 15:44 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-06-06 15:25 - 2014-06-06 15:42 - 00001099 _____ () C:\Users\Otto\Desktop\JRT.txt
2014-06-06 15:19 - 2014-06-06 15:19 - 00000000 ____D () C:\Windows\ERUNT
2014-06-06 15:18 - 2014-06-06 15:18 - 01016261 _____ (Thisisu) C:\Users\Otto\Downloads\JRT.exe
2014-06-06 15:12 - 2014-06-06 15:12 - 00001491 _____ () C:\Users\Otto\Desktop\AdwCleaner[S9].txt
2014-06-06 15:09 - 2014-06-06 15:09 - 01333465 _____ () C:\Users\Otto\Downloads\adwcleaner_3.212.exe
2014-06-06 11:49 - 2014-06-06 11:49 - 00015752 _____ () C:\Users\Otto\Desktop\combofix.txt
2014-06-06 09:49 - 2014-06-06 09:49 - 00015752 _____ () C:\ComboFix.txt
2014-06-06 09:32 - 2014-06-06 09:49 - 00000000 ____D () C:\Qoobox
2014-06-06 09:32 - 2014-06-06 09:47 - 00000000 ____D () C:\Windows\erdnt
2014-06-06 09:32 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-06-06 09:32 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-06-06 09:32 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-06-06 09:32 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-06-06 09:32 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-06-06 09:32 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-06-06 09:32 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-06-06 09:32 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-06-06 09:28 - 2014-06-06 09:28 - 05205146 ____R (Swearware) C:\Users\Otto\Downloads\ComboFix.exe
2014-06-02 12:25 - 2014-06-02 12:27 - 00053365 _____ () C:\Users\Otto\Downloads\Addition.txt
2014-06-02 12:01 - 2014-06-02 12:01 - 01058304 _____ (Farbar) C:\Users\Otto\Downloads\FRST(1).exe
2014-06-01 20:04 - 2014-06-06 19:40 - 00018880 _____ () C:\Users\Otto\Downloads\FRST.txt
2014-06-01 20:04 - 2014-06-06 19:40 - 00000000 ____D () C:\FRST
2014-06-01 20:03 - 2014-06-01 20:03 - 01058304 _____ (Farbar) C:\Users\Otto\Downloads\FRST.exe
2014-06-01 19:53 - 2014-06-06 19:25 - 00005416 _____ () C:\Windows\PFRO.log
2014-06-01 11:45 - 2014-06-01 11:45 - 00000000 ____D () C:\Users\Otto\AppData\Roaming\QuickScan
2014-06-01 11:43 - 2014-06-01 11:43 - 00416576 _____ (Kaspersky Lab) C:\Users\Otto\Downloads\de-de.setup.exe
2014-05-29 20:04 - 2014-05-29 20:04 - 00000000 ____D () C:\Users\Otto\AppData\Local\MFAData
2014-05-29 20:04 - 2014-05-29 20:04 - 00000000 ____D () C:\Users\Otto\AppData\Local\Avg2014
2014-05-29 20:04 - 2014-05-29 20:04 - 00000000 ____D () C:\ProgramData\MFAData
2014-05-29 20:03 - 2014-05-29 20:04 - 04424240 _____ (AVG Technologies) C:\Users\Otto\Downloads\avg_avct_stb_all_2014_4116_cm10.exe
2014-05-29 11:10 - 2014-06-06 19:26 - 00000952 _____ () C:\Windows\setupact.log
2014-05-29 11:10 - 2014-05-29 11:10 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-28 15:41 - 2014-05-28 15:41 - 00000000 __SHD () C:\Users\Otto\AppData\Local\EmieUserList
2014-05-28 15:41 - 2014-05-28 15:41 - 00000000 __SHD () C:\Users\Otto\AppData\Local\EmieSiteList
2014-05-26 15:28 - 2014-05-26 15:28 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-05-18 15:29 - 2014-05-18 15:29 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-05-16 10:35 - 2014-05-16 10:35 - 00002187 _____ () C:\Users\Public\Desktop\Steuer-Spar- Erklärung 2013.lnk
2014-05-15 22:11 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-05-14 10:21 - 2014-05-14 10:21 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-05-14 10:18 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-14 10:18 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-14 10:18 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-14 10:16 - 2014-05-09 09:06 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-14 10:16 - 2014-05-09 09:04 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-14 10:16 - 2014-04-12 04:15 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-14 10:16 - 2014-04-12 04:15 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-14 10:16 - 2014-04-12 04:12 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-14 10:16 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-14 10:16 - 2014-04-12 04:12 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-14 10:16 - 2014-04-12 04:11 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-14 10:16 - 2014-04-12 04:11 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-14 10:16 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2014-05-14 10:16 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-14 10:16 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-14 10:16 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-14 10:16 - 2014-03-04 11:17 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-14 10:16 - 2014-03-04 11:17 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-14 10:16 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-14 10:16 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-14 10:16 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-14 10:16 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-14 10:16 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-14 10:16 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-14 10:16 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-14 10:16 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-14 10:16 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-14 10:16 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-14 10:16 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-14 10:15 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll

==================== One Month Modified Files and Folders =======

2014-06-06 19:40 - 2014-06-06 19:22 - 00000000 ____D () C:\Users\Otto\AppData\Local\Temp
2014-06-06 19:40 - 2014-06-01 20:04 - 00018880 _____ () C:\Users\Otto\Downloads\FRST.txt
2014-06-06 19:40 - 2014-06-01 20:04 - 00000000 ____D () C:\FRST
2014-06-06 19:38 - 2014-06-06 19:38 - 01063424 _____ (Farbar) C:\Users\Otto\Downloads\FRST(2).exe
2014-06-06 19:36 - 2014-02-03 15:29 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-06 19:33 - 2014-06-06 19:33 - 00012460 _____ () C:\Users\Otto\Desktop\zoek-results.txt
2014-06-06 19:33 - 2011-10-25 12:27 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-06-06 19:33 - 2009-07-14 06:34 - 00014928 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-06 19:33 - 2009-07-14 06:34 - 00014928 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-06 19:30 - 2011-10-25 10:00 - 01783975 _____ () C:\Windows\WindowsUpdate.log
2014-06-06 19:29 - 2014-06-06 19:29 - 00000000 ____D () C:\Users\Otto\AppData\Local\adawarebp
2014-06-06 19:29 - 2014-06-06 19:06 - 00012460 _____ () C:\zoek-results.log
2014-06-06 19:29 - 2014-06-06 15:45 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-06 19:29 - 2014-02-28 16:06 - 00000000 ____D () C:\ProgramData\Ad-Aware Browsing Protection
2014-06-06 19:29 - 2013-01-17 00:25 - 00000000 ___RD () C:\Users\Otto\SkyDrive
2014-06-06 19:29 - 2013-01-16 10:43 - 00001090 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-06 19:26 - 2014-05-29 11:10 - 00000952 _____ () C:\Windows\setupact.log
2014-06-06 19:26 - 2011-10-25 11:58 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-06-06 19:26 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-06 19:25 - 2014-06-06 19:01 - 00000000 ____D () C:\zoek_backup
2014-06-06 19:25 - 2014-06-01 19:53 - 00005416 _____ () C:\Windows\PFRO.log
2014-06-06 19:22 - 2014-06-06 19:22 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\temp
2014-06-06 19:22 - 2014-06-06 19:22 - 00000000 ____D () C:\Users\Public\AppData\Local\temp
2014-06-06 19:22 - 2014-06-06 19:22 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-06-06 19:22 - 2014-06-06 19:22 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-06-06 19:19 - 2014-02-28 16:06 - 00000000 ____D () C:\Program Files\Lavasoft
2014-06-06 19:19 - 2011-10-25 10:10 - 00000000 ____D () C:\Users\Otto
2014-06-06 19:15 - 2013-01-16 10:43 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-06 19:05 - 2014-06-06 19:22 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-06-06 19:02 - 2014-06-06 19:02 - 01285120 _____ () C:\Users\Otto\Downloads\zoek(1).exe
2014-06-06 19:01 - 2014-06-06 19:01 - 01285120 _____ () C:\Users\Otto\Downloads\zoek.exe
2014-06-06 15:55 - 2014-06-06 15:55 - 00001061 _____ () C:\Users\Otto\Desktop\malwarebytes.txt
2014-06-06 15:44 - 2014-06-06 15:44 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Otto\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-06 15:44 - 2014-06-06 15:44 - 00001064 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-06 15:44 - 2014-06-06 15:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-06-06 15:44 - 2014-06-06 15:44 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-06-06 15:44 - 2013-01-17 17:32 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-06 15:42 - 2014-06-06 15:25 - 00001099 _____ () C:\Users\Otto\Desktop\JRT.txt
2014-06-06 15:19 - 2014-06-06 15:19 - 00000000 ____D () C:\Windows\ERUNT
2014-06-06 15:18 - 2014-06-06 15:18 - 01016261 _____ (Thisisu) C:\Users\Otto\Downloads\JRT.exe
2014-06-06 15:12 - 2014-06-06 15:12 - 00001491 _____ () C:\Users\Otto\Desktop\AdwCleaner[S9].txt
2014-06-06 15:10 - 2014-02-15 14:29 - 00000000 ____D () C:\AdwCleaner
2014-06-06 15:09 - 2014-06-06 15:09 - 01333465 _____ () C:\Users\Otto\Downloads\adwcleaner_3.212.exe
2014-06-06 11:49 - 2014-06-06 11:49 - 00015752 _____ () C:\Users\Otto\Desktop\combofix.txt
2014-06-06 09:49 - 2014-06-06 09:49 - 00015752 _____ () C:\ComboFix.txt
2014-06-06 09:49 - 2014-06-06 09:32 - 00000000 ____D () C:\Qoobox
2014-06-06 09:49 - 2009-07-14 04:37 - 00000000 __RHD () C:\Users\Default
2014-06-06 09:49 - 2009-07-14 04:37 - 00000000 ___RD () C:\Users\Public
2014-06-06 09:47 - 2014-06-06 09:32 - 00000000 ____D () C:\Windows\erdnt
2014-06-06 09:46 - 2009-07-14 04:04 - 00000215 _____ () C:\Windows\system.ini
2014-06-06 09:28 - 2014-06-06 09:28 - 05205146 ____R (Swearware) C:\Users\Otto\Downloads\ComboFix.exe
2014-06-06 09:18 - 2014-02-28 15:57 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-06-06 09:11 - 2014-02-28 15:57 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-06-06 08:50 - 2014-02-03 19:13 - 00000000 ____D () C:\Program Files\StarMoney 9.0
2014-06-02 12:27 - 2014-06-02 12:25 - 00053365 _____ () C:\Users\Otto\Downloads\Addition.txt
2014-06-02 12:01 - 2014-06-02 12:01 - 01058304 _____ (Farbar) C:\Users\Otto\Downloads\FRST(1).exe
2014-06-01 20:03 - 2014-06-01 20:03 - 01058304 _____ (Farbar) C:\Users\Otto\Downloads\FRST.exe
2014-06-01 11:45 - 2014-06-01 11:45 - 00000000 ____D () C:\Users\Otto\AppData\Roaming\QuickScan
2014-06-01 11:43 - 2014-06-01 11:43 - 00416576 _____ (Kaspersky Lab) C:\Users\Otto\Downloads\de-de.setup.exe
2014-06-01 11:20 - 2011-10-25 10:11 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-29 20:04 - 2014-05-29 20:04 - 00000000 ____D () C:\Users\Otto\AppData\Local\MFAData
2014-05-29 20:04 - 2014-05-29 20:04 - 00000000 ____D () C:\Users\Otto\AppData\Local\Avg2014
2014-05-29 20:04 - 2014-05-29 20:04 - 00000000 ____D () C:\ProgramData\MFAData
2014-05-29 20:04 - 2014-05-29 20:03 - 04424240 _____ (AVG Technologies) C:\Users\Otto\Downloads\avg_avct_stb_all_2014_4116_cm10.exe
2014-05-29 11:10 - 2014-05-29 11:10 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-28 19:27 - 2013-01-17 17:45 - 00000000 ____D () C:\Users\Otto\AppData\Roaming\Skype
2014-05-28 15:41 - 2014-05-28 15:41 - 00000000 __SHD () C:\Users\Otto\AppData\Local\EmieUserList
2014-05-28 15:41 - 2014-05-28 15:41 - 00000000 __SHD () C:\Users\Otto\AppData\Local\EmieSiteList
2014-05-28 11:13 - 2011-10-25 12:14 - 00000000 ____D () C:\Users\Otto\Documents\Steuerfälle
2014-05-26 15:28 - 2014-05-26 15:28 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-05-26 15:28 - 2014-02-03 15:32 - 00000000 ___RD () C:\Program Files\Skype
2014-05-26 15:28 - 2013-01-17 17:44 - 00000000 ____D () C:\ProgramData\Skype
2014-05-23 14:54 - 2014-03-30 21:34 - 00002121 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-05-20 16:45 - 2013-01-16 14:39 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-05-18 15:29 - 2014-05-18 15:29 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-05-16 11:45 - 2014-02-13 12:42 - 00002175 _____ () C:\Users\Public\Desktop\SteuerSparErklärung 2014.lnk
2014-05-16 10:35 - 2014-05-16 10:35 - 00002187 _____ () C:\Users\Public\Desktop\Steuer-Spar- Erklärung 2013.lnk
2014-05-15 12:15 - 2014-02-20 12:33 - 00002194 _____ () C:\Users\Otto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2014-05-14 20:03 - 2011-10-25 12:15 - 00000000 ____D () C:\Users\Otto\Downloads\Desktop hintergrund
2014-05-14 15:56 - 2013-01-15 23:44 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-05-14 14:04 - 2013-01-16 10:38 - 00000000 ____D () C:\Users\Otto\.gimp-2.8
2014-05-14 11:36 - 2014-02-03 15:29 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-05-14 11:36 - 2014-02-03 15:29 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-05-14 11:21 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-05-14 10:43 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-05-14 10:26 - 2014-04-26 16:32 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-14 10:26 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-05-14 10:24 - 2014-02-03 12:14 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-14 10:22 - 2011-10-25 10:34 - 90547776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-14 10:21 - 2014-05-14 10:21 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-05-14 10:21 - 2011-10-25 17:21 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-12 07:26 - 2014-06-06 15:44 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-06-06 15:44 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:25 - 2014-06-06 15:44 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-09 09:06 - 2014-05-14 10:16 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-09 09:04 - 2014-05-14 10:16 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-06-06 10:06

==================== End Of Log ============================

--- --- ---

3. FRST addition
FRST Additions Logfile:

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x86) Version:06-06-2014
Ran by Otto at 2014-06-06 19:40:34
Running from C:\Users\Otto\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Kaspersky Internet Security (Disabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Internet Security (Disabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Disabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}

==================== Installed Programs ======================

 Update for Microsoft Office 2007 (KB2508958) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )
AAVUpdateManager (HKLM\...\{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}) (Version: 18.00.0000 - Wolters Kluwer Deutschland GmbH)
Acronis*True*Image*Home 2011 (HKLM\...\{04A3A6B0-8E19-49BB-82FF-65C5A55F917D}) (Version: 14.0.6942 - Acronis)
Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Amazon MP3-Downloader 1.0.9 (HKLM\...\Amazon MP3-Downloader) (Version:  - )
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ashampoo Burning Studio 2013 v.11.0.6 (HKLM\...\{91B33C97-0FBA-74AE-E802-D782F5C8AA89}_is1) (Version: 11.0.6 - Ashampoo GmbH & Co. KG)
Ashampoo WinOptimizer 10 v.10.2.0 (HKLM\...\{4209F371-88D4-AB00-ED2B-D6520C84D9D5}_is1) (Version: 10.02.00 - Ashampoo GmbH & Co. KG)
Ashampoo WinOptimizer 9 v.9.04.31 (HKLM\...\Ashampoo WinOptimizer 9_is1) (Version: 9.04.31 - Ashampoo GmbH & Co. KG)
Audials (HKLM\...\{3C07AF26-8705-4DF5-96C7-51432E0C9F03}) (Version: 11.0.51201.100 - Audials AG)
Audials TV (HKLM\...\{24EE4523-711A-4BD1-95EA-F73A8A6950D3}) (Version: 1.3.10803.300 - RapidSolution Software AG)
AVM FRITZ!Box Dokumentation (HKLM\...\AVMFBox) (Version:  - AVM Berlin)
AVM FRITZ!Box Druckeranschluss (HKLM\...\AVMFBoxPrinter) (Version:  - AVM Berlin)
bpd_scan (Version: 3.00.0000 - Hewlett-Packard) Hidden
CameraHelperMsi (Version: 13.20.1182.0 - Logitech) Hidden
erLT (Version: 1.20.138.34 - Logitech, Inc.) Hidden
Finanzen.net Börsenticker 1.4 (HKLM\...\Finanzen.net Börsenticker 1.4) (Version:  - )
Firebird SQL Server - MAGIX Edition (HKLM\...\{39AB2E37-1A55-4292-A5D3-971E9F70D0F8}) (Version: 2.1.32.0 - MAGIX AG)
Fotos auf DVD 2013 Deluxe Update (Version: 12.0.3.80 - MAGIX AG) Hidden
Foxit Cloud (HKLM\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 1.2.75.126 - Foxit Corporation)
Foxit Reader (HKLM\...\Foxit Reader_is1) (Version: 6.1.4.217 - Foxit Corporation)
GIMP 2.8.2 (HKLM\...\GIMP-2_is1) (Version: 2.8.2 - The GIMP Team)
Google Chrome (HKLM\...\Google Chrome) (Version: 35.0.1916.114 - Google Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.24.7 - Google Inc.) Hidden
HP FWUpdateEDO2 (HKLM\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Officejet Pro 8600 - Grundlegende Software für das Gerät (HKLM\...\{98D64F70-1BE2-4E06-A58E-50FF642B3F24}) (Version: 25.0.619.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Hilfe (HKLM\...\{B6F5C6D8-C443-4B55-932F-AE11B5743FC4}) (Version: 140.0.2.2 - Hewlett Packard)
HP Update (HKLM\...\{85DF2EED-08BC-46FB-90DA-28B0D0A8E8A8}) (Version: 5.003.000.004 - Hewlett-Packard)
I.R.I.S. OCR (HKLM\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
iClone v4.12 SE (HKLM\...\{7430B12A-3B67-4191-B0C5-59E57344CB1F}) (Version: 4.12.1313.1 - Reallusion Inc.)
InfoBibliothek 2 (HKLM\...\{78D7D7CD-A06B-4514-ACBD-8055BF945A8E}) (Version: 1.08.03.00 - Akademische Arbeitsgemeinschaft Verlag Wolters Kluwer GmbH)
Java 7 Update 55 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Kaspersky Internet Security (HKLM\...\InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}) (Version: 14.0.0.4651 - Kaspersky Lab)
Kaspersky Internet Security (Version: 14.0.0.4651 - Kaspersky Lab) Hidden
Logitech Vid HD (HKLM\...\Logitech Vid) (Version: 7.2 (7248) - Logitech Inc..)
Logitech Webcam Software (HKLM\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.0 - Logitech Inc.)
LWS Facebook (Version: 13.20.1166.0 - Logitech) Hidden
LWS Gallery (Version: 13.20.1166.0 - Logitech) Hidden
LWS Help_main (Version: 13.20.1182.0 - Logitech) Hidden
LWS Launcher (Version: 13.20.1166.0 - Logitech) Hidden
LWS Motion Detection (Version: 13.20.1176.0 - Logitech) Hidden
LWS Pictures And Video (Version: 13.20.1182.0 - Logitech) Hidden
LWS Twitter (Version: 13.20.1166.0 - Logitech) Hidden
LWS Video Mask Maker (Version: 13.10.1216.0 - Logitech) Hidden
LWS VideoEffects (Version: 13.20.1182.0 - Logitech) Hidden
LWS Webcam Software (Version: 13.20.1168.0 - Logitech) Hidden
LWS WLM Plugin (Version: 1.20.1166.0 - Logitech) Hidden
LWS YouTube Plugin (Version: 13.20.1166.0 - Logitech) Hidden
MAGIX 3D Maker (embeded) (HKLM\...\MAGIX 3D Maker D) (Version: 6.0.0.8 - MAGIX AG)
MAGIX Content und Soundpools (HKLM\...\MAGIX_GlobalContent) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Foto Manager 10 (HKLM\...\MAGIX_MSI_Foto_Manager_10) (Version: 8.0.2.184 - MAGIX AG)
MAGIX Foto Manager 10 (Version: 8.0.2.184 - MAGIX AG) Hidden
MAGIX Foto Manager MX Deluxe (HKLM\...\MAGIX_{4CAD11B3-9066-4106-B7A0-CCFB466DED13}) (Version: 9.0.0.223 - MAGIX AG)
MAGIX Foto Manager MX Deluxe (Version: 9.0.0.223 - MAGIX AG) Hidden
MAGIX Foto Manager MX Deluxe Update (Version: 9.0.2.256 - MAGIX AG) Hidden
MAGIX Fotos auf DVD 2013 Deluxe (Bild-in-Bild Demo-Projekt) (HKLM\...\MAGIX_{1442E56B-CCAD-4F3E-86A5-748CCAAAB143}) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Fotos auf DVD 2013 Deluxe (Bild-in-Bild Demo-Projekt) (Version: 1.0.0.0 - MAGIX AG) Hidden
MAGIX Fotos auf DVD 2013 Deluxe (Designelemente 1) (HKLM\...\MAGIX_{C989667E-9CB4-49EA-BCA8-FECB9B25C8C5}) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Fotos auf DVD 2013 Deluxe (Designelemente 1) (Version: 1.0.0.0 - MAGIX AG) Hidden
MAGIX Fotos auf DVD 2013 Deluxe (Designelemente 2) (HKLM\...\MAGIX_{24109D13-A0E6-460C-99E2-12CA7C09EAA7}) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Fotos auf DVD 2013 Deluxe (Designelemente 2) (Version: 1.0.0.0 - MAGIX AG) Hidden
MAGIX Fotos auf DVD 2013 Deluxe (Einführungsvideo) (HKLM\...\MAGIX_{36E1BC4D-3596-4989-95AB-176A0389B1A3}) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Fotos auf DVD 2013 Deluxe (Einführungsvideo) (Version: 1.0.0.0 - MAGIX AG) Hidden
MAGIX Fotos auf DVD 2013 Deluxe (Filmtrailer) (HKLM\...\MAGIX_{09431E25-F7CE-488F-9910-9279F00A742A}) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Fotos auf DVD 2013 Deluxe (Filmtrailer) (Version: 1.0.0.0 - MAGIX AG) Hidden
MAGIX Fotos auf DVD 2013 Deluxe (Fotoshow Maker-Stile 1) (HKLM\...\MAGIX_{35F6D705-750C-4635-AF60-035FAEDA2FC0}) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Fotos auf DVD 2013 Deluxe (Fotoshow Maker-Stile 1) (Version: 1.0.0.0 - MAGIX AG) Hidden
MAGIX Fotos auf DVD 2013 Deluxe (Fotoshow Maker-Stile 2) (HKLM\...\MAGIX_{3DC4C012-CC0A-4663-9F64-1D956F97ADE2}) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Fotos auf DVD 2013 Deluxe (Fotoshow Maker-Stile 2) (Version: 1.0.0.0 - MAGIX AG) Hidden
MAGIX Fotos auf DVD 2013 Deluxe (HKLM\...\MAGIX_{57F4B170-E76D-47F9-B6BA-F3D4FB7445B6}) (Version: 12.0.2.78 - MAGIX AG)
MAGIX Fotos auf DVD 2013 Deluxe (Individuelle Menüvorlagen) (HKLM\...\MAGIX_{EB13DF91-4D92-43A7-93BC-4D080D2E8227}) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Fotos auf DVD 2013 Deluxe (Individuelle Menüvorlagen) (Version: 1.0.0.0 - MAGIX AG) Hidden
MAGIX Fotos auf DVD 2013 Deluxe (Menüvorlagen 1) (HKLM\...\MAGIX_{3D8C348D-FE2E-46FA-8899-23B043D673D2}) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Fotos auf DVD 2013 Deluxe (Menüvorlagen 1) (Version: 1.0.0.0 - MAGIX AG) Hidden
MAGIX Fotos auf DVD 2013 Deluxe (Menüvorlagen 2) (HKLM\...\MAGIX_{56EC4F76-BF2D-476E-947F-DF627EA71630}) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Fotos auf DVD 2013 Deluxe (Menüvorlagen 2) (Version: 1.0.0.0 - MAGIX AG) Hidden
MAGIX Fotos auf DVD 2013 Deluxe (Nachvertonungsarchiv) (HKLM\...\MAGIX_{AEF35DCE-5F53-43CF-AA71-6BE270C3AF10}) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Fotos auf DVD 2013 Deluxe (Nachvertonungsarchiv) (Version: 1.0.0.0 - MAGIX AG) Hidden
MAGIX Fotos auf DVD 2013 Deluxe (Soundtrack Maker-Stile) (HKLM\...\MAGIX_{897E988E-A520-412B-99B9-3D04904FA6D3}) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Fotos auf DVD 2013 Deluxe (Soundtrack Maker-Stile) (Version: 1.0.0.0 - MAGIX AG) Hidden
MAGIX Fotos auf DVD 2013 Deluxe (Titeleffekte) (HKLM\...\MAGIX_{FBA359C1-5530-45AB-ACA3-56C7693612DA}) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Fotos auf DVD 2013 Deluxe (Titeleffekte) (Version: 1.0.0.0 - MAGIX AG) Hidden
MAGIX Fotos auf DVD 2013 Deluxe (Überblendeffekte) (HKLM\...\MAGIX_{953D4F60-9038-44EB-A867-6DFCDFFB6AA8}) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Fotos auf DVD 2013 Deluxe (Überblendeffekte) (Version: 1.0.0.0 - MAGIX AG) Hidden
MAGIX Fotos auf DVD 2013 Deluxe (Version: 12.0.2.78 - MAGIX AG) Hidden
MAGIX Goya burnR (MSI) (HKLM\...\MAGIX_{455E207E-5625-4D07-A420-CAF153BEC7E9}) (Version: 4.3.2.0 - MAGIX AG)
MAGIX Goya burnR (MSI) (Version: 4.3.2.0 - MAGIX AG) Hidden
MAGIX Music Maker Soundtrack Edition (HKLM\...\MAGIX_{13608872-D05A-43C8-A9A3-F565B504DD61}) (Version: 19.0.3.46 - MAGIX AG)
MAGIX Music Maker Soundtrack Edition (Version: 19.0.3.46 - MAGIX AG) Hidden
MAGIX Music Maker Soundtrack Edition Trial Soundpools (Version: 1.0.0.0 - MAGIX AG) Hidden
MAGIX Screenshare (HKLM\...\MAGIX_{AA5D931C-C171-4D07-82B6-C052105F74DC}) (Version: 4.3.6.1987 - MAGIX AG)
MAGIX Screenshare (Version: 4.3.6.1987 - MAGIX AG) Hidden
MAGIX Slideshow Maker 2 (HKLM\...\MAGIX_{48897B17-3DD2-4BAA-A81D-4E4EA8E9FD51}) (Version: 2.0.1.9 - MAGIX AG)
MAGIX Slideshow Maker 2 (Version: 2.0.1.9 - MAGIX AG) Hidden
MAGIX Speed burnR (HKLM\...\MAGIX Speed burnR D) (Version: 6.0.1.4 - MAGIX AG)
MAGIX Speed burnR (MSI) (HKLM\...\MAGIX_{AAE67184-CE3D-4B92-BD5D-1B448301BCCE}) (Version: 7.0.2.6 - MAGIX AG)
MAGIX Speed burnR (MSI) (Version: 7.0.2.6 - MAGIX AG) Hidden
MAGIX Video deluxe 2013 Plus (Demo) (HKLM\...\MAGIX_{2F2D3D5D-AEBC-4FDA-8348-089A3465B323}) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Video deluxe 2013 Plus (Demo) (Version: 1.0.0.0 - MAGIX AG) Hidden
MAGIX Video deluxe 2013 Plus (Designelemente) (HKLM\...\MAGIX_{432C4A13-0414-4B0C-AB3F-F89B99F453AB}) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Video deluxe 2013 Plus (Designelemente) (Version: 1.0.0.0 - MAGIX AG) Hidden
MAGIX Video deluxe 2013 Plus (Filmvorlagen) (HKLM\...\MAGIX_{E586CDBD-B2F6-4AF9-89EA-C206F3A4BD91}) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Video deluxe 2013 Plus (Filmvorlagen) (Version: 1.0.0.0 - MAGIX AG) Hidden
MAGIX Video deluxe 2013 Plus (Fotoshow Maker-Stile 1) (HKLM\...\MAGIX_{A2CC226F-19E6-4ECB-B089-5E944E044AF1}) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Video deluxe 2013 Plus (Fotoshow Maker-Stile 1) (Version: 1.0.0.0 - MAGIX AG) Hidden
MAGIX Video deluxe 2013 Plus (Fotoshow Maker-Stile 2) (HKLM\...\MAGIX_{645130F2-E3A2-4426-9BFD-D5E1691D8FA3}) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Video deluxe 2013 Plus (Fotoshow Maker-Stile 2) (Version: 1.0.0.0 - MAGIX AG) Hidden
MAGIX Video deluxe 2013 Plus (HKLM\...\MAGIX_{258D56DE-24F2-479E-BED2-8103CB0B9D58}) (Version: 12.0.0.32 - MAGIX AG)
MAGIX Video deluxe 2013 Plus (Individuelle Menüvorlagen) (HKLM\...\MAGIX_{A497603A-4E61-4174-A010-727C479745B3}) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Video deluxe 2013 Plus (Individuelle Menüvorlagen) (Version: 1.0.0.0 - MAGIX AG) Hidden
MAGIX Video deluxe 2013 Plus (Menüvorlagen 1) (HKLM\...\MAGIX_{B402AD7F-4F13-432E-B42C-39FA8B2EA215}) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Video deluxe 2013 Plus (Menüvorlagen 1) (Version: 1.0.0.0 - MAGIX AG) Hidden
MAGIX Video deluxe 2013 Plus (Menüvorlagen 2) (HKLM\...\MAGIX_{E6B6A382-204E-4115-B276-B866939D1591}) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Video deluxe 2013 Plus (Menüvorlagen 2) (Version: 1.0.0.0 - MAGIX AG) Hidden
MAGIX Video deluxe 2013 Plus (Soundtrack Maker-Stile) (HKLM\...\MAGIX_{A92969A9-5595-4919-9D7B-34CE35C7E8EF}) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Video deluxe 2013 Plus (Soundtrack Maker-Stile) (Version: 1.0.0.0 - MAGIX AG) Hidden
MAGIX Video deluxe 2013 Plus (Titeleffekte) (HKLM\...\MAGIX_{539C8989-6AED-480F-AAFF-F66BC420E723}) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Video deluxe 2013 Plus (Titeleffekte) (Version: 1.0.0.0 - MAGIX AG) Hidden
MAGIX Video deluxe 2013 Plus (Tutorials) (HKLM\...\MAGIX_{64E838E5-2817-40B1-852F-E4730EDB039A}) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Video deluxe 2013 Plus (Tutorials) (Version: 1.0.0.0 - MAGIX AG) Hidden
MAGIX Video deluxe 2013 Plus (Überblendeffekte) (HKLM\...\MAGIX_{2EFD2A73-A219-44AF-8017-BFBCA4DB455C}) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Video deluxe 2013 Plus (Überblendeffekte) (Version: 1.0.0.0 - MAGIX AG) Hidden
MAGIX Video deluxe 2013 Plus (Version: 12.0.0.32 - MAGIX AG) Hidden
MAGIX Video deluxe MX Plus (HKLM\...\MAGIX_MSI_Videodeluxe18_plus) (Version: 11.0.0.38 - MAGIX AG)
MAGIX Video deluxe MX Plus (Version: 11.0.0.38 - MAGIX AG) Hidden
MAGIX Video deluxe Plus 2013 Update (Version: 12.0.2.2 - MAGIX AG) Hidden
MAGIX Xtreme Foto Designer 6 (HKLM\...\MAGIX Xtreme Foto Designer 6 D) (Version: 6.0.29.0 - MAGIX AG)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Flight Simulator X (Version: 10.0.61355.0 - Microsoft Game Studios) Hidden
Microsoft Flight Simulator X Service Pack 1 (Version: 10.0.61355.0 - Microsoft Game Studios) Hidden
Microsoft Flight Simulator X Service Pack 2 (HKLM\...\{E7CC4B85-DC2F-463F-8FEB-E7398E25C19A}) (Version: 10.0.61472.0 - Microsoft Game Studios)
Microsoft Flight Simulator X SP2 SDK (HKLM\...\{22183FFB-C8A7-4740-847A-DD2FAE27B4F3}) (Version: 10.0.61472.0 - Microsoft Game Studios)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.0.4041.0512 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft_VC100_CRT_SP1_x86 (Version: 10.0.40219.1 - Nokia) Hidden
MozBackup 1.4.10 (HKLM\...\MozBackup) (Version:  - Pavel Cvrcek)
Mozilla Firefox 29.0.1 (x86 de) (HKLM\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 24.5.0 (x86 de) (HKLM\...\Mozilla Thunderbird 24.5.0 (x86 de)) (Version: 24.5.0 - Mozilla)
MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 Parser und SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
MyPhoneExplorer (HKLM\...\MPE) (Version: 1.8.5 - F.J. Wechselberger)
NAVIGON Fresh 3.5.1 (HKLM\...\NAVIGON Fresh) (Version: 3.5.1 - NAVIGON)
NebenkostenAbrechnung (HKLM\...\{90CEF09F-CAB1-4D1C-B3A1-A698C152824E}) (Version: 2.03 - Wolters Kluwer Deutschland GmbH)
NVIDIA 3D Vision Treiber 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 311.06 - NVIDIA Corporation)
NVIDIA Grafiktreiber 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.06 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.108.688 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.1106 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 311.06 (Version: 311.06 - NVIDIA Corporation) Hidden
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.11.3 - NVIDIA Corporation) Hidden
ODF Add-In für Microsoft Office (HKLM\...\{2BC21CD2-8053-406A-80F6-9AB61717B49D}) (Version: 4.0.5309.0 - OpenXML/ODF Translator Team)
OpenOffice 4.0.1 (HKLM\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
Paragon Backup & Recovery™ 2013 Free (HKLM\...\{C268B5E1-A5DA-11DF-A289-005056C00008}) (Version: 90.00.0003 - Paragon Software)
Paragon Partition Manager™ 2014 Free (HKLM\...\{47E5588F-C3A0-11DE-9857-005056C00008}) (Version: 90.00.0003 - Paragon Software)
Paragon System Upgrade Utilities™ 2010 (HKLM\...\{E47E6040-9649-11DE-8BF6-005056C00008}) (Version: 90.00.0003 - Paragon Software)
Password Depot 7 (HKLM\...\{500F4898-C705-4B91-9C98-3D125330A022}_is1) (Version: 7.5.5 - AceBIT GmbH)
PC Connectivity Solution (HKLM\...\{6B722793-E77B-41F5-BAB3-6C9832274E75}) (Version: 12.0.76.0 - Nokia)
PDF24 Creator 6.3.2 (HKLM\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
PixiePack Codec Pack (HKLM\...\{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}) (Version: 1.1.1200.0 - None)
PlayReady PC Runtime x86 (HKLM\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
PMB (HKLM\...\{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}) (Version: 5.8.02.10270 - Sony Corporation)
proDAD Adorage 3.0 (HKLM\...\proDAD-Adorage-3.0) (Version: 3.0.92 - proDAD GmbH)
proDAD Heroglyph 2.5 (HKLM\...\proDAD-Heroglyph-2.5) (Version: 2.6.32 - proDAD GmbH)
QuickConvert Media deLuxe (HKLM\...\{5B5A4F65-E053-4F25-0001-2DAEF860F2F8}) (Version: 1.09.0520 - Franzis)
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5910 - Realtek Semiconductor Corp.)
Samsung Kies3 (HKLM\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.14034.17 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (Version: 3.2.14034.17 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.29.0 - SAMSUNG Electronics Co., Ltd.)
Secunia PSI (3.0.0.9016) (HKLM\...\Secunia PSI) (Version: 3.0.0.9016 - Secunia)
Skype Click to Call (HKLM\...\{BB285C9F-C821-4770-8970-56C4AB52C87E}) (Version: 7.2.15747.10003 - Microsoft Corporation)
Skype™ 6.16 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
SmartSound Quicktracks Plugin (HKLM\...\InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}) (Version: 3.0.8.0 - SmartSound Software Inc)
SmartSound Quicktracks Plugin (Version: 3.0.8.0 - SmartSound Software Inc) Hidden
StarMoney (Version: 2.0 - StarFinanz) Hidden
StarMoney (Version: 3.0.5.8 - StarFinanz) Hidden
StarMoney (Version: 4.0.3.24 - StarFinanz) Hidden
StarMoney 9.0  (HKLM\...\{6BD66B03-04BE-493A-BE37-E70D9F406F18}) (Version: 9.0 - Star Finanz GmbH)
Steuer-Spar-Erklärung 2012 (HKLM\...\{CCD2BAD2-0919-40CB-80CC-E9538B0E4C2E}) (Version: 17.02 - Wolters Kluwer Deutschland GmbH)
Steuer-Spar-Erklärung 2013 (HKLM\...\{AEB61F7A-4BBA-4292-A096-7893E09034A4}) (Version: 18.10 - Wolters Kluwer Deutschland GmbH)
SteuerSparErklärung 2014 (HKLM\...\{A463EB06-22A6-47F5-9593-E52B291EF13E}) (Version: 19.09.86 - Akademische Arbeitsgemeinschaft)
Steuer-Spar-Erklärung Vermieter 2011 (HKLM\...\{94E0FA7F-B3CD-4B61-B311-B067C610C10F}) (Version: 16.14 - Akademische Arbeitsgemeinschaft Verlag)
Text-To-Speech-Runtime (HKLM\...\{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}) (Version: 1.0.0.0 - Magix Development GmbH)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
Vasco da Gama 5 HDPro (HKLM\...\{067D2172-F8F3-477D-B4EE-0B0AA967D544}) (Version: 5.20.0000 - MotionStudios)
Windows Live ID Sign-in Assistant (HKLM\...\{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows-Treiberpaket - Nokia pccsmcfd “LegacyDriver”  (05/31/2012 7.1.2.0) (HKLM\...\17D063A0A9F5D5A225B76B1D9BCB5ADBE85C8382) (Version: 05/31/2012 7.1.2.0 - Nokia)

==================== Restore Points  =========================

31-05-2014 16:08:42 Windows Update
06-06-2014 06:50:30 Windows Update
06-06-2014 07:13:50 AA11
06-06-2014 17:06:08 zoek.exe restore point

==================== Hosts content: ==========================

2009-07-14 04:04 - 2014-06-06 09:46 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {0C2E4AC1-4D6D-47EB-A4B2-083A0217B3BD} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {224372D6-2290-47B9-8E20-99E98650B35E} - System32\Tasks\{24C717FB-7A4D-49B4-86F0-A35A0E81D23A} => Chrome.exe hxxp://ui.skype.com/ui/0/6.14.0.104/de/abandoninstall?page=tsProgressBar
Task: {24685A8F-8768-41A3-88E7-E78F8FE7ECEE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-01-16] (Google Inc.)
Task: {74A85FFF-8E95-492D-AF58-56DC04341E33} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-14] (Adobe Systems Incorporated)
Task: {8116361E-B919-40AB-BC04-115790FBE9C6} - System32\Tasks\{AD880A1A-C370-4138-84AB-F09E13D1580A} => Chrome.exe hxxp://ui.skype.com/ui/0/6.14.0.104/de/abandoninstall?page=tsProgressBar
Task: {C5E27009-9918-4782-BB3B-A5E3F28C6F28} - System32\Tasks\SuperEasy Registry Cleaner => C:\Program Files\SuperEasy Software\Registry Cleaner\SuperEasyRC.exe
Task: {E929D231-524C-4B4B-8A10-506D87B21572} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-01-16] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\SidebarExecute.job => C:\Program Files\Windows Sidebar\sidebar.exe

==================== Loaded Modules (whitelisted) =============

2013-01-15 15:58 - 2013-01-18 16:20 - 00079648 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2008-10-24 17:35 - 2008-10-24 17:35 - 00128296 _____ () C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
2013-05-08 15:52 - 2013-05-08 15:52 - 01270464 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\kpcengine.2.3.dll
2013-06-17 13:35 - 2013-06-17 13:35 - 00478400 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\dblite.dll
2011-09-22 22:20 - 2011-09-22 22:20 - 11233136 _____ () C:\Program Files\Acronis\TrueImageHome\Common\ti_managers.dll
2011-03-02 00:14 - 2011-03-02 00:14 - 02143576 _____ () C:\Program Files\Logitech\LWS\Webcam Software\QtCore4.dll
2011-03-02 00:14 - 2011-03-02 00:14 - 07954776 _____ () C:\Program Files\Logitech\LWS\Webcam Software\QtGui4.dll
2011-03-02 00:15 - 2011-03-02 00:15 - 00340824 _____ () C:\Program Files\Logitech\LWS\Webcam Software\QtXml4.dll
2011-03-02 00:15 - 2011-03-02 00:15 - 00027480 _____ () C:\Program Files\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2011-03-02 00:15 - 2011-03-02 00:15 - 00126808 _____ () C:\Program Files\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2009-04-10 01:04 - 2009-04-10 01:04 - 02141008 _____ () C:\Program Files\Logitech\Vid HD\QtCore4.dll
2009-03-04 00:17 - 2009-03-04 00:17 - 07704400 _____ () C:\Program Files\Logitech\Vid HD\QtGui4.dll
2009-04-22 23:53 - 2009-04-22 23:53 - 00969040 _____ () C:\Program Files\Logitech\Vid HD\QtNetwork4.dll
2009-03-04 00:17 - 2009-03-04 00:17 - 00475472 _____ () C:\Program Files\Logitech\Vid HD\QtOpenGL4.dll
2009-03-04 00:17 - 2009-03-04 00:17 - 00363856 _____ () C:\Program Files\Logitech\Vid HD\QtXml4.dll
2009-03-04 00:17 - 2009-03-04 00:17 - 00200016 _____ () C:\Program Files\Logitech\Vid HD\QtSql4.dll
2011-01-13 03:55 - 2011-01-13 03:55 - 00027472 _____ () C:\Program Files\Logitech\Vid HD\SDL.dll
2009-03-04 00:17 - 2009-03-04 00:17 - 11311952 _____ () C:\Program Files\Logitech\Vid HD\QtWebKit4.dll
2009-03-04 00:17 - 2009-03-04 00:17 - 00291664 _____ () C:\Program Files\Logitech\Vid HD\phonon4.dll
2011-01-13 03:57 - 2011-01-13 03:57 - 00751616 _____ () C:\Program Files\Logitech\Vid HD\vpxmd.dll
2009-03-04 00:18 - 2009-03-04 00:18 - 00029008 _____ () C:\Program Files\Logitech\Vid HD\plugins\imageformats\qgif4.dll
2009-03-04 00:18 - 2009-03-04 00:18 - 00035152 _____ () C:\Program Files\Logitech\Vid HD\plugins\imageformats\qico4.dll
2009-03-04 00:18 - 2009-03-04 00:18 - 00138064 _____ () C:\Program Files\Logitech\Vid HD\plugins\imageformats\qjpeg4.dll
2011-03-04 03:26 - 2011-03-04 03:26 - 00181592 _____ () C:\Program Files\Common Files\logishrd\SharedBin\LVAPI11.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Users\Otto\Desktop\i.s. Beihilfe.eml:OECustomProperty

==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============
Error: (06/06/2014 07:28:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (06/06/2014 07:28:22 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (06/06/2014 07:26:14 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst StarMoney 9.0 OnlineUpdate erreicht.

Error: (06/06/2014 07:19:28 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (06/06/2014 07:19:27 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (06/06/2014 07:19:27 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (06/06/2014 07:19:26 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (06/06/2014 07:19:25 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (06/06/2014 06:57:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (06/06/2014 06:57:33 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).


Microsoft Office Sessions:
=========================
Error: (03/01/2014 10:55:59 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6690.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 15 seconds with 0 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2014-06-06 10:08:51.744
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-06 10:08:51.742
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-06 10:08:51.740
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-06 10:08:51.732
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-06 10:08:51.729
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-06 10:08:51.727
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-06 10:08:51.716
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX86\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-06 10:08:51.714
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX86\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-06 10:08:51.712
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX86\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-06 10:08:51.704
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX86\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 35%
Total physical RAM: 3071.3 MB
Available physical RAM: 1991.91 MB
Total Pagefile: 6140.9 MB
Available Pagefile: 4150.55 MB
Total Virtual: 2047.88 MB
Available Virtual: 1908.49 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:298.09 GB) (Free:194.37 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Daten) (Fixed) (Total:104.34 GB) (Free:44.58 GB) NTFS
Drive e: (Filme) (Fixed) (Total:251.31 GB) (Free:152.14 GB) NTFS
Drive f: (Musik) (Fixed) (Total:110.1 GB) (Free:73.6 GB) NTFS
Drive g: (Sicherungen) (Fixed) (Total:298.08 GB) (Free:153.72 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 09DF4E94)
Partition 1: (Active) - (Size=298 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 9032FA66)
Partition 1: (Active) - (Size=251 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=104 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=110 GB) - (Type=OF Extended)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 298 GB) (Disk ID: D0FA3D53)
Partition 1: (Not Active) - (Size=298 GB) - (Type=OF Extended)

==================== End Of Log ============================

--- --- ---

M-K-D-B · 07.06.2014, 15:01

Servus,

noch Probleme mit "File Store 72 info" ? Wenn ja, in welchem Browser?

ottoeli · 11.06.2014, 08:22

hallo,
in den letzten Tagen bin ich nicht an den rechner gekommen. Mir scheint jedoch , das es keine probleme mehr gibt. Habe heute keine gehabt.
Dann noch vielen dank für die hilfe
gruß
ottoeli

M-K-D-B · 11.06.2014, 10:56

Wir entfernen die letzten Reste und kontrollieren nochmal alles. ESET kann länger (> 3 h) dauern.
Im Anschluss entfernen wir alle verwendeten Tools und ich gebe dir noch ein paar Tipps mit auf den Weg.

Schritt 1

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Schritt 2
Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

Bitte poste mit deiner nächsten Antwort

die Logdatei von ESET,
die Logdatei von SecurityCheck.

M-K-D-B · 15.06.2014, 08:57

Fehlende Rückmeldung
Dieses Thema wurde aus den Abos gelöscht. Somit bekomme ich keine Benachrichtigung über neue Antworten.
PM an mich falls Du denoch weiter machen willst.

Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen!

05.06.2014, 15:55	#5
M-K-D-B /// TB-Ausbilder	File Store 72 info (Virus?) Ich übe mich in Geduld. Geändert von M-K-D-B (05.06.2014 um 18:05 Uhr)

06.06.2014, 16:44	#9
M-K-D-B /// TB-Ausbilder	File Store 72 info (Virus?) Fehlt nur noch Zoek und FRST.

07.06.2014, 15:01	#11
M-K-D-B /// TB-Ausbilder	File Store 72 info (Virus?) Servus, noch Probleme mit "File Store 72 info" ? Wenn ja, in welchem Browser?

15.06.2014, 08:57	#14
M-K-D-B /// TB-Ausbilder	File Store 72 info (Virus?) Fehlende Rückmeldung Dieses Thema wurde aus den Abos gelöscht. Somit bekomme ich keine Benachrichtigung über neue Antworten. PM an mich falls Du denoch weiter machen willst. Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist. Jeder andere bitte hier klicken und einen eigenen Thread erstellen!

File Store 72 info (Virus?)

Plagegeister aller Art und deren Bekämpfung: File Store 72 info (Virus?)