Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Avira meldet tr/rogue 11125 gefunden (https://www.trojaner-board.de/144490-avira-meldet-tr-rogue-11125-gefunden.html)

Heinzi1969 13.11.2013 10:31
Avira meldet tr/rogue 11125 gefunden
 
Nachdem der Anhang folgender Mail geöffnet wurde "Fax von 04589016238" gibt Avira folgende Meldung aus:
C:\Users\Henrik\dxdlmemea.exe
[FUND] Ist das Trojanische Pferd TR/Rogue.AI.11125
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '55028e14.qua' verschoben!

Nach der Löschung von dxdlmemea.exe taucht diese sofort wieder auf und wird erneut von Avira als fund angezeigt

Hier die Logfiles Defogger Disable
Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 09:34 on 13/11/2013 (Henrik)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...
SPTD -> Disabled (Service running -> reboot required)


-=E.O.F=-
Hier Lofile FRST

Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-11-2013
Ran by Henrik (administrator) on MED7 on 13-11-2013 09:58:28
Running from C:\Users\Henrik\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVM Berlin) C:\Program Files\FRITZ!Fernzugang\avmike.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BBSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(AVM Berlin) C:\Program Files\FRITZ!Fernzugang\certsrv.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\lexware\installer service\LxInstallerService.exe
(iAnywhere Solutions, Inc.) C:\Program Files (x86)\SQL Anywhere 12\Bin32\dbsrv12.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jusched.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(T-Com) C:\Program Files (x86)\T-Home\Eumex 800 V1.30\ControlCenter.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(LenovoEMC) C:\Program Files (x86)\LenovoEMC Storage Manager\LenovoEMCStorageManager.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Apple Inc.) C:\Program Files (x86)\AirPort\APAgent.exe
(Ask) C:\Program Files (x86)\Ask.com\Updater\Updater.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(LenovoEMC Ltd.) C:\Program Files (x86)\LenovoEMC Storage Manager\pCloudd.exe
(Protexis Inc.) c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Star Finanz - Software Entwicklung und Vertriebs GmbH) C:\Program Files (x86)\StarMoney Business 4.0 Deutsche Bank Edition\ouservice\StarMoneyOnlineUpdate.exe
(Star Finanz - Software Entwicklung und Vertriebs GmbH) C:\Program Files (x86)\StarMoney Business 5.0 Deutsche Bank Edition\ouservice\StarMoneyOnlineUpdate.exe
(Star Finanz-Software Entwicklung und Vertriebs GmbH) C:\Program Files (x86)\StarMoney Business 6.0 Deutsche Bank Edition\ouservice\StarMoneyOnlineUpdate.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Microsoft Corporation) \\?\C:\Windows\system32\wbem\WMIADAP.EXE
(Microsoft Corporation) C:\Windows\sysWow64\SearchProtocolHost.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IAAnotif] - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7981088 2009-07-20] (Realtek Semiconductor)
HKLM\...\Run: [Windows Mobile Device Center] - C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Java\jre6\bin\jusched.exe [170496 2010-07-02] (Sun Microsystems, Inc.)
HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [1744152 2011-10-07] (Logitech, Inc.)
Winlogon\Notify\LBTWlgn: C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
HKCU\...\Run: [KiesPDLR] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [1106288 2013-05-23] (Samsung)
HKCU\...\Run: [KiesPreload] - C:\Program Files (x86)\Samsung\Kies\Kies.exe [1561968 2013-05-23] (Samsung)
HKCU\...\Run: [] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [1106288 2013-05-23] (Samsung)
HKLM-x32\...\Run: [StarMoneyRunEntry] - C:\Program Files (x86)\StarMoney Business 4.0 Deutsche Bank Edition\app\OflAgent.exe [57864 2011-09-22] (Star Finanz - Software Entwicklung und Vertriebs GmbH)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-01-26] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SMB50StarMoneyRunEntry] - C:\Program Files (x86)\StarMoney Business 5.0 Deutsche Bank Edition\app\OflAgent.exe [56976 2013-11-06] (Star Finanz - Software Entwicklung und Vertriebs GmbH)
HKLM-x32\...\Run: [NBAgent] - C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe [1406248 2011-04-08] (Nero AG)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-05-23] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [AirPort Base Station Agent] - C:\Program Files (x86)\AirPort\APAgent.exe [771360 2009-11-11] (Apple Inc.)
HKLM-x32\...\Run: [ApnUpdater] - C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1391272 2012-01-03] (Ask)
HKLM-x32\...\Run: [LexwareInfoService] - C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe [189808 2011-07-31] (Haufe-Lexware GmbH & Co. KG)
HKLM-x32\...\Run: [SMB60StarMoneyRunEntry] - C:\Program Files (x86)\StarMoney Business 6.0 Deutsche Bank Edition\app\OflAgent.exe [48272 2013-10-18] (Star Finanz-Software Entwicklung und Vertriebs GmbH)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-10-23] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [681032 2013-10-10] (Avira Operations GmbH & Co. KG)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.medion.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com
URLSearchHook: HKCU - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
SearchScopes: HKCU - {870B18EA-E9E9-42F8-8408-43A3F18C24F4} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=06364482-EEB3-4FFE-AE9F-C82853A453F1&apn_sauid=2B533A9E-D1F5-4465-9CEA-D4EC24350DD5
BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: DVDVideoSoft IE Extension - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
BHO-x32: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} -  No File
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Giant Savings - {11111111-1111-1111-1111-110011441179} - C:\Program Files (x86)\Giant Savings\Giant Savings.dll (215 Apps)
BHO-x32: Bing Bar Helper - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: DVDVideoSoft IE Extension - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM-x32 - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKLM-x32 - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
DPF: HKLM-x32 {B1953AD6-C50E-11D3-B020-00A0C9251384} hxxp://www.o2c.de/download/O2CPlayer.CAB
DPF: HKLM-x32 {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-29-0.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Henrik\AppData\Roaming\Mozilla\Firefox\Profiles\r56kwft5.default
FF SearchEngineOrder.1: Ask.com
FF Homepage: https://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @innoplus.de/ino3DViewer - C:\Program Files (x86)\INNOVA-engineering GmbH\3D-Viewer-innoPlus\npIno3DViewer.dll (INNOVA-engineering GmbH Dresden)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.3 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM - C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF Plugin-x32: @SonyCreativeSoftware.com/Media Go,version=1.0 - C:\Program Files (x86)\Sony\Media Go\npmediago.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: sony.com/MediaGoDetector - C:\Program Files (x86)\Sony\Media Go\npMediaGoDetector.dll (Sony Network Entertainment International LLC)
FF SearchPlugin: C:\Users\Henrik\AppData\Roaming\Mozilla\Firefox\Profiles\r56kwft5.default\searchplugins\11-suche.xml
FF SearchPlugin: C:\Users\Henrik\AppData\Roaming\Mozilla\Firefox\Profiles\r56kwft5.default\searchplugins\askcom.xml
FF SearchPlugin: C:\Users\Henrik\AppData\Roaming\Mozilla\Firefox\Profiles\r56kwft5.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Henrik\AppData\Roaming\Mozilla\Firefox\Profiles\r56kwft5.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\Henrik\AppData\Roaming\Mozilla\Firefox\Profiles\r56kwft5.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\Henrik\AppData\Roaming\Mozilla\Firefox\Profiles\r56kwft5.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: toolbar - C:\Users\Henrik\AppData\Roaming\Mozilla\Firefox\Profiles\r56kwft5.default\Extensions\toolbar@web.de.xpi
FF Extension: No Name - C:\Users\Henrik\AppData\Roaming\Mozilla\Firefox\Profiles\r56kwft5.default\Extensions\{146f1820-2b0d-49ef-acbf-d85a6986e10c}.xpi
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA}
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKLM-x32\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKCU\...\Thunderbird\Extensions: [{380AE6CB-09B9-4373-B360-D01C2462A6E7}] - C:\Program Files\BullGuard Ltd\BullGuard\files32\backup\thunderbirdbkplugin
FF HKCU\...\Thunderbird\Extensions: [{0E810812-F4BB-4309-942A-755587587A5E}] - C:\Program Files\BullGuard Ltd\BullGuard\files32\antispam\tbspamfilter

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.152\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.152\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.152\pdf.dll No File
CHR Plugin: (Free Studio) - C:\Users\Henrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\np_dvs_plugin.dll (DVDVideoSoft Ltd.)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft\u00AE Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (2007 Microsoft Office system) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Nero Kwik Media Helper) - C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (InoViewer Plugin) - C:\Program Files (x86)\INNOVA-engineering GmbH\3D-Viewer-innoPlus\npIno3DViewer.dll (INNOVA-engineering GmbH Dresden)
CHR Plugin: (Java(TM) Platform SE 6 U38) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Live\u00AE Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.380.5) - C:\Windows\SysWOW64\npdeployJava1.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Extension: (YouTube) - C:\Users\Henrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1
CHR Extension: (Google Search) - C:\Users\Henrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1
CHR Extension: (Giant Savings) - C:\Users\Henrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.20.44_4
CHR Extension: (DVDVideoSoft Browser Extension) - C:\Users\Henrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0
CHR Extension: (Gmail) - C:\Users\Henrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKLM-x32\...\Chrome\Extension: [ndkhncnongaclekkbelchmeafffimifj] - C:\Users\Henrik\AppData\Local\Giant Savings\Chrome\Giant Savings.crx

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440392 2013-10-10] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440392 2013-10-10] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1164360 2013-10-10] (Avira Operations GmbH & Co. KG)
R2 avmike; C:\Program Files\FRITZ!Fernzugang\avmike.exe [335224 2010-03-30] (AVM Berlin)
R2 certsrv; C:\Program Files\FRITZ!Fernzugang\certsrv.exe [143224 2010-03-30] (AVM Berlin)
R2 Lexware Installations Dienst; C:\Program Files (x86)\lexware\installer service\LxInstallerService.exe [24064 2012-10-07] (Haufe-Lexware GmbH & Co. KG)
R2 Lexware_Premium_Datenbank; C:\Program Files (x86)\SQL Anywhere 12\Bin32\dbsrv12.exe [141176 2012-06-01] (iAnywhere Solutions, Inc.)
S2 nwtsrv; C:\Program Files\FRITZ!Fernzugang\nwtsrv.exe [189304 2010-03-30] (AVM Berlin)
R2 PCloudd; C:\Program Files (x86)\LenovoEMC Storage Manager\pCloudd.exe [215040 2013-07-07] (LenovoEMC Ltd.)
R2 StarMoney Business 4.0 OnlineUpdate; C:\Program Files (x86)\StarMoney Business 4.0 Deutsche Bank Edition\ouservice\StarMoneyOnlineUpdate.exe [554160 2011-11-08] (Star Finanz - Software Entwicklung und Vertriebs GmbH)
R2 StarMoney Business 5.0 OnlineUpdate; C:\Program Files (x86)\StarMoney Business 5.0 Deutsche Bank Edition\ouservice\StarMoneyOnlineUpdate.exe [699680 2012-12-21] (Star Finanz - Software Entwicklung und Vertriebs GmbH)
R2 StarMoney Business 6.0 OnlineUpdate; C:\Program Files (x86)\StarMoney Business 6.0 Deutsche Bank Edition\ouservice\StarMoneyOnlineUpdate.exe [663184 2013-10-11] (Star Finanz-Software Entwicklung und Vertriebs GmbH)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105856 2013-10-10] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132600 2013-10-10] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-10] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [83160 2013-10-10] (Avira Operations GmbH & Co. KG)
R2 cpuz135; C:\Windows\system32\drivers\cpuz135_x64.sys [21992 2011-09-21] (CPUID)
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-05-22] ()
S3 IAMTVE; C:\Windows\system32\DRIVERS\IAMTVE.sys [43416 2007-04-11] (Intel Corporation)
S3 IAMTXPE; C:\Windows\system32\DRIVERS\IAMTXPE.sys [51096 2007-04-11] (Intel Corporation)
R3 NWIM; C:\Windows\System32\DRIVERS\avmnwim.sys [412024 2010-03-30] (AVM Berlin)
S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [31744 2009-01-09] (Research in Motion Ltd)
S3 RTL8187B; C:\Windows\System32\DRIVERS\rtl8187B.sys [450048 2010-03-31] (Realtek Semiconductor Corporation                          )
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2009-12-18] (Duplex Secure Ltd.)
R3 vNICdrv; C:\Windows\System32\DRIVERS\vNICdrv.sys [20048 2012-09-09] (Iomega Corporation)
S3 nmwcdnsucx64; system32\drivers\nmwcdnsucx64.sys [x]
S3 nmwcdnsux64; system32\drivers\nmwcdnsux64.sys [x]
S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys [x]
S3 upperdev; system32\DRIVERS\usbser_lowerfltx64.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-13 09:58 - 2013-11-13 09:58 - 00026482 _____ C:\Users\Henrik\Desktop\FRST.txt
2013-11-13 09:57 - 2013-11-13 09:57 - 00000000 ____D C:\FRST
2013-11-13 09:56 - 2013-11-13 09:56 - 00377856 _____ C:\Users\Henrik\Desktop\gmer_2.1.19163.exe
2013-11-13 09:34 - 2013-11-13 09:34 - 00000584 _____ C:\Users\Henrik\Desktop\defogger_disable.log
2013-11-13 09:34 - 2013-11-13 09:34 - 00000020 _____ C:\Users\Henrik\defogger_reenable
2013-11-13 09:33 - 2013-11-13 09:33 - 01957610 _____ (Farbar) C:\Users\Henrik\Desktop\FRST64.exe
2013-11-13 09:30 - 2013-11-13 09:30 - 00050477 _____ C:\Users\Henrik\Desktop\Defogger.exe
2013-11-13 09:14 - 2013-11-13 09:32 - 00000000 ____D C:\Program Files\stinger
2013-11-07 11:01 - 2013-09-04 13:12 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-11-07 11:01 - 2013-09-04 13:11 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-11-07 11:01 - 2013-09-04 13:11 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2013-11-07 11:01 - 2013-09-04 13:11 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-11-07 11:01 - 2013-09-04 13:11 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2013-11-07 11:01 - 2013-09-04 13:11 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2013-11-07 11:01 - 2013-09-04 13:11 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2013-11-06 01:49 - 2013-11-06 01:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-10-30 13:06 - 2013-10-30 13:06 - 00000000 ____D C:\Users\Henrik\AppData\Roaming\Avira
2013-10-30 13:01 - 2013-10-30 13:01 - 00002034 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-10-30 13:01 - 2013-10-30 13:01 - 00000000 ____D C:\ProgramData\Avira
2013-10-30 13:01 - 2013-10-30 13:01 - 00000000 ____D C:\Program Files (x86)\Avira
2013-10-30 13:01 - 2013-10-10 19:14 - 00132600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-10-30 13:01 - 2013-10-10 19:14 - 00105856 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-10-30 13:01 - 2013-10-10 19:14 - 00083160 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-10-30 13:01 - 2013-10-10 19:14 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-10-30 11:07 - 2013-10-30 11:11 - 123853152 _____ C:\Users\Henrik\Downloads\avira_free_antivirus_de.exe
2013-10-27 20:14 - 2013-10-27 20:14 - 00000000 ____D C:\Program Files (x86)\Sony Media Go Install
2013-10-27 17:55 - 2013-10-27 17:55 - 00001500 _____ C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk
2013-10-25 09:16 - 2013-10-25 09:16 - 00001747 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-10-25 09:16 - 2013-10-25 09:16 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-10-25 09:16 - 2013-10-25 09:16 - 00000000 ____D C:\Program Files\iTunes
2013-10-25 09:16 - 2013-10-25 09:16 - 00000000 ____D C:\Program Files\iPod
2013-10-25 09:16 - 2013-10-25 09:16 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-10-24 11:16 - 2013-10-24 11:16 - 00001169 _____ C:\Users\Public\Desktop\LenovoEMC Storage Manager.lnk
2013-10-24 11:16 - 2013-10-24 11:16 - 00000000 ____D C:\Users\Henrik\AppData\Local\LenovoEMCStorageManager
2013-10-24 11:16 - 2013-10-24 11:16 - 00000000 ____D C:\ProgramData\LenovoEMCStorageManager
2013-10-24 11:15 - 2013-10-24 11:16 - 00000000 ____D C:\Program Files (x86)\LenovoEMC Storage Manager
2013-10-23 12:35 - 2013-10-23 12:35 - 00004278 _____ C:\Windows\SysWOW64\jupdate-1.7.0_45-b18.log
2013-10-23 12:35 - 2013-10-08 06:50 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-10-23 12:35 - 2013-10-08 06:46 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-10-23 12:35 - 2013-10-08 06:46 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-10-23 12:35 - 2013-10-08 06:46 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-10-21 18:25 - 2013-10-21 18:25 - 00001034 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-10-21 11:44 - 2013-10-21 11:46 - 17813896 _____ (Adobe Systems Incorporated) C:\Users\Henrik\Downloads\install_flash_player_11_plugin.exe
2013-10-21 11:42 - 2013-10-21 11:45 - 24278649 _____ C:\Users\Henrik\Downloads\vlc-2.1.0-win32.exe

==================== One Month Modified Files and Folders =======

2013-11-13 09:58 - 2013-11-13 09:58 - 00026482 _____ C:\Users\Henrik\Desktop\FRST.txt
2013-11-13 09:58 - 2009-12-17 12:04 - 01988263 _____ C:\Windows\WindowsUpdate.log
2013-11-13 09:58 - 2009-07-14 18:58 - 00654150 _____ C:\Windows\system32\perfh007.dat
2013-11-13 09:58 - 2009-07-14 18:58 - 00130022 _____ C:\Windows\system32\perfc007.dat
2013-11-13 09:58 - 2009-07-14 06:13 - 01498742 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-13 09:57 - 2013-11-13 09:57 - 00000000 ____D C:\FRST
2013-11-13 09:56 - 2013-11-13 09:56 - 00377856 _____ C:\Users\Henrik\Desktop\gmer_2.1.19163.exe
2013-11-13 09:52 - 2011-01-20 20:07 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-13 09:51 - 2011-09-12 17:07 - 00057484 _____ C:\Windows\setupact.log
2013-11-13 09:51 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-13 09:39 - 2010-01-04 10:07 - 00000000 ____D C:\ProgramData\Lexware
2013-11-13 09:35 - 2013-01-01 22:36 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-13 09:34 - 2013-11-13 09:34 - 00000584 _____ C:\Users\Henrik\Desktop\defogger_disable.log
2013-11-13 09:34 - 2013-11-13 09:34 - 00000020 _____ C:\Users\Henrik\defogger_reenable
2013-11-13 09:34 - 2009-12-17 12:05 - 00000000 ____D C:\Users\Henrik
2013-11-13 09:33 - 2013-11-13 09:33 - 01957610 _____ (Farbar) C:\Users\Henrik\Desktop\FRST64.exe
2013-11-13 09:32 - 2013-11-13 09:14 - 00000000 ____D C:\Program Files\stinger
2013-11-13 09:30 - 2013-11-13 09:30 - 00050477 _____ C:\Users\Henrik\Desktop\Defogger.exe
2013-11-13 09:21 - 2011-01-20 20:07 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-13 08:53 - 2009-07-14 05:45 - 00009888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-13 08:53 - 2009-07-14 05:45 - 00009888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-13 08:43 - 2012-05-12 09:46 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-11-12 21:32 - 2009-12-19 10:15 - 00000000 ____D C:\Users\Henrik\AppData\Roaming\UseNeXT
2013-11-12 21:18 - 2009-12-18 12:52 - 00000000 ____D C:\Users\Henrik\Documents\EJUseNeXT
2013-11-12 20:36 - 2009-12-18 12:52 - 00000000 ____D C:\Users\Henrik\Documents\Eigene Scans
2013-11-12 20:35 - 2009-12-18 13:34 - 00000000 ____D C:\Users\Henrik\Documents\AExport
2013-11-12 20:33 - 2010-02-01 20:34 - 00002516 ___SH C:\ProgramData\KGyGaAvL.sys
2013-11-12 18:40 - 2011-08-15 12:20 - 00000000 ____D C:\ProgramData\StarMoney Business 5.0
2013-11-12 09:12 - 2011-08-16 08:21 - 00000000 ____D C:\Program Files (x86)\StarMoney Business 5.0 Deutsche Bank Edition
2013-11-11 16:22 - 2013-03-22 10:10 - 00000000 ____D C:\Program Files (x86)\StarMoney Business 6.0 Deutsche Bank Edition
2013-11-08 10:37 - 2012-01-11 14:15 - 00000000 ____D C:\Users\Public\Documents\SoftPhone
2013-11-08 03:16 - 2011-10-14 02:22 - 00140198 _____ C:\Windows\PFRO.log
2013-11-06 01:50 - 2013-11-06 01:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-05 19:28 - 2009-12-18 12:37 - 00000000 ____D C:\Users\Henrik\Documents\1AA Dokumente
2013-11-05 09:49 - 2013-08-12 07:25 - 00000000 ____D C:\Users\Henrik\Documents\Calibre-Bibliothek
2013-11-04 23:56 - 2012-01-19 14:31 - 00003466 _____ C:\Windows\System32\Tasks\Henrik NBAgent 5 4
2013-11-03 18:17 - 2009-12-18 13:37 - 00000000 ____D C:\Users\Henrik\Documents\Privat
2013-10-30 13:06 - 2013-10-30 13:06 - 00000000 ____D C:\Users\Henrik\AppData\Roaming\Avira
2013-10-30 13:01 - 2013-10-30 13:01 - 00002034 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-10-30 13:01 - 2013-10-30 13:01 - 00000000 ____D C:\ProgramData\Avira
2013-10-30 13:01 - 2013-10-30 13:01 - 00000000 ____D C:\Program Files (x86)\Avira
2013-10-30 11:11 - 2013-10-30 11:07 - 123853152 _____ C:\Users\Henrik\Downloads\avira_free_antivirus_de.exe
2013-10-30 11:10 - 2013-01-16 11:42 - 00002134 _____ C:\Users\Public\Desktop\Lexware premium.lnk
2013-10-29 08:50 - 2009-12-18 11:04 - 00000000 ____D C:\Users\Henrik\Documents\Daniel
2013-10-27 20:14 - 2013-10-27 20:14 - 00000000 ____D C:\Program Files (x86)\Sony Media Go Install
2013-10-27 20:14 - 2013-07-22 10:44 - 00001849 _____ C:\Users\Public\Desktop\Media Go.lnk
2013-10-27 17:55 - 2013-10-27 17:55 - 00001500 _____ C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk
2013-10-27 17:55 - 2013-01-05 16:41 - 00000000 ____D C:\Users\Henrik\AppData\Roaming\DVDVideoSoft
2013-10-27 17:55 - 2013-01-05 16:41 - 00000000 ____D C:\Program Files (x86)\DVDVideoSoft
2013-10-25 09:16 - 2013-10-25 09:16 - 00001747 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-10-25 09:16 - 2013-10-25 09:16 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-10-25 09:16 - 2013-10-25 09:16 - 00000000 ____D C:\Program Files\iTunes
2013-10-25 09:16 - 2013-10-25 09:16 - 00000000 ____D C:\Program Files\iPod
2013-10-25 09:16 - 2013-10-25 09:16 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-10-24 15:11 - 2011-09-02 09:48 - 00000000 ____D C:\Users\Henrik\AppData\Local\FRITZ!
2013-10-24 11:16 - 2013-10-24 11:16 - 00001169 _____ C:\Users\Public\Desktop\LenovoEMC Storage Manager.lnk
2013-10-24 11:16 - 2013-10-24 11:16 - 00000000 ____D C:\Users\Henrik\AppData\Local\LenovoEMCStorageManager
2013-10-24 11:16 - 2013-10-24 11:16 - 00000000 ____D C:\ProgramData\LenovoEMCStorageManager
2013-10-24 11:16 - 2013-10-24 11:15 - 00000000 ____D C:\Program Files (x86)\LenovoEMC Storage Manager
2013-10-24 11:15 - 2011-12-16 08:59 - 00000000 ____D C:\Program Files (x86)\Iomega Storage Manager
2013-10-24 07:15 - 2013-10-13 12:45 - 00001825 _____ C:\Users\Henrik\Desktop\UseNeXT by Tangysoft.lnk
2013-10-24 07:15 - 2009-12-19 10:15 - 00000000 ____D C:\Program Files (x86)\UseNeXT
2013-10-23 12:35 - 2013-10-23 12:35 - 00004278 _____ C:\Windows\SysWOW64\jupdate-1.7.0_45-b18.log
2013-10-23 12:35 - 2013-09-26 15:37 - 00000000 ____D C:\ProgramData\Oracle
2013-10-23 12:35 - 2010-01-04 10:06 - 00000000 ____D C:\Program Files (x86)\Java
2013-10-21 18:25 - 2013-10-21 18:25 - 00001034 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-10-21 16:42 - 2013-01-01 22:36 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-10-21 16:42 - 2013-01-01 22:36 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-10-21 16:42 - 2013-01-01 22:36 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-10-21 11:46 - 2013-10-21 11:44 - 17813896 _____ (Adobe Systems Incorporated) C:\Users\Henrik\Downloads\install_flash_player_11_plugin.exe
2013-10-21 11:45 - 2013-10-21 11:42 - 24278649 _____ C:\Users\Henrik\Downloads\vlc-2.1.0-win32.exe
2013-10-21 11:32 - 2010-04-12 15:21 - 00000000 ____D C:\Users\Henrik\AppData\Local\Nero
2013-10-17 11:55 - 2009-12-18 12:20 - 00000000 ____D C:\Users\Henrik\Documents\Sonderordner
2013-10-17 02:23 - 2013-01-05 10:26 - 00002147 _____ C:\Users\Public\Desktop\Google Chrome.lnk

Files to move or delete:
====================
C:\Users\Henrik\dxdlmemea.exe


Some content of TEMP:
====================
C:\Users\Henrik\AppData\Local\Temp\1gue3tbn.dll
C:\Users\Henrik\AppData\Local\Temp\ApnStub.exe
C:\Users\Henrik\AppData\Local\Temp\AskSLib.dll
C:\Users\Henrik\AppData\Local\Temp\avgnt.exe
C:\Users\Henrik\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe
C:\Users\Henrik\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe
C:\Users\Henrik\AppData\Local\Temp\jre-6u30-windows-i586-iftw-rv.exe
C:\Users\Henrik\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\Henrik\AppData\Local\Temp\jre-6u32-windows-i586-iftw.exe
C:\Users\Henrik\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe
C:\Users\Henrik\AppData\Local\Temp\jre-6u34-windows-i586-iftw.exe
C:\Users\Henrik\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
C:\Users\Henrik\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe
C:\Users\Henrik\AppData\Local\Temp\jre-6u38-windows-i586-iftw.exe
C:\Users\Henrik\AppData\Local\Temp\jre-6u39-windows-i586-iftw.exe
C:\Users\Henrik\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\Henrik\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Henrik\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Henrik\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Henrik\AppData\Local\Temp\jre-7u40-windows-i586-iftw.exe
C:\Users\Henrik\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Henrik\AppData\Local\Temp\repair.exe
C:\Users\Henrik\AppData\Local\Temp\sfamcc00001.dll
C:\Users\Henrik\AppData\Local\Temp\sfextra.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-11-10 00:05

==================== End Of Log ============================
Hier Logfile Addition

Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-11-2013
Ran by Henrik at 2013-11-13 10:00:14
Running from C:\Users\Henrik\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

 Update for Microsoft Office 2007 (KB2508958) (x32)
3D-Viewer-innoPlus (x32 Version: 10.00.0119)
64 Bit HP CIO Components Installer (Version: 7.2.8)
7-Zip 9.20 (x32)
8500A909_eDocs (x32 Version: 1.00.0000)
8500A909_Help (x32 Version: 1.00.0000)
8500A909a (x32 Version: 140.0.000.000)
Aastra 2770ip (x32 Version: 1.0.0.78)
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117)
Adobe Reader X (10.1.8) - Deutsch (x32 Version: 10.1.8)
AirPort (x32 Version: 5.6.1.2)
AMD Drag and Drop Transcoding (Version: 2.00.0000)
Apple Application Support (x32 Version: 2.3.6)
Apple Mobile Device Support (Version: 7.0.0.117)
Apple Software Update (x32 Version: 2.1.3.127)
Ask Toolbar (x32 Version: 1.14.1.0)
Ask Toolbar Updater (HKCU Version: 1.2.0.20007)
ATI AVIVO64 Codecs (Version: 11.6.0.10126)
ATI Catalyst Install Manager (Version: 3.0.812.0)
Avira Free Antivirus (x32 Version: 14.0.0.411)
AVM FRITZ!fax für FRITZ!Box (x32)
Bing Bar (x32 Version: 7.2.241.0)
Bonjour (Version: 3.0.0.10)
BPD_DSWizards (x32 Version: 1.00.0000)
bpd_scan (x32 Version: 3.00.0000)
BPDSoftware (x32 Version: 140.0.000.000)
BPDSoftware_Ini (x32 Version: 1.00.0000)
BufferChm (x32 Version: 140.0.213.000)
Bullzip PDF Printer 7.1.0.1080
calibre (x32 Version: 0.9.43)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (x32 Version: 2011.0126.1749.31909)
Catalyst Control Center InstallProxy (x32 Version: 2011.0126.1749.31909)
Catalyst Control Center Localization All (x32 Version: 2011.0126.1749.31909)
CCC Help Chinese Standard (x32 Version: 2011.0126.1748.31909)
CCC Help Chinese Traditional (x32 Version: 2011.0126.1748.31909)
CCC Help Czech (x32 Version: 2011.0126.1748.31909)
CCC Help Danish (x32 Version: 2011.0126.1748.31909)
CCC Help Dutch (x32 Version: 2011.0126.1748.31909)
CCC Help English (x32 Version: 2011.0126.1748.31909)
CCC Help Finnish (x32 Version: 2011.0126.1748.31909)
CCC Help French (x32 Version: 2011.0126.1748.31909)
CCC Help German (x32 Version: 2011.0126.1748.31909)
CCC Help Greek (x32 Version: 2011.0126.1748.31909)
CCC Help Hungarian (x32 Version: 2011.0126.1748.31909)
CCC Help Italian (x32 Version: 2011.0126.1748.31909)
CCC Help Japanese (x32 Version: 2011.0126.1748.31909)
CCC Help Korean (x32 Version: 2011.0126.1748.31909)
CCC Help Norwegian (x32 Version: 2011.0126.1748.31909)
CCC Help Polish (x32 Version: 2011.0126.1748.31909)
CCC Help Portuguese (x32 Version: 2011.0126.1748.31909)
CCC Help Russian (x32 Version: 2011.0126.1748.31909)
CCC Help Spanish (x32 Version: 2011.0126.1748.31909)
CCC Help Swedish (x32 Version: 2011.0126.1748.31909)
CCC Help Thai (x32 Version: 2011.0126.1748.31909)
CCC Help Turkish (x32 Version: 2011.0126.1748.31909)
ccc-core-static (x32 Version: 2011.0126.1749.31909)
ccc-utility64 (Version: 2011.0126.1749.31909)
CCleaner (Version: 3.10)
Compatibility Pack für 2007 Office System (x32 Version: 12.0.6612.1000)
Corel Shell Extension - 64Bit (Version: 14.0)
CorelDRAW Graphics Suite X4 - Capture (x32 Version: 14.2)
CorelDRAW Graphics Suite X4 - Content (x32 Version: 14.2)
CorelDRAW Graphics Suite X4 - Draw (x32 Version: 14.2)
CorelDRAW Graphics Suite X4 - Filters (x32 Version: 14.2)
CorelDRAW Graphics Suite X4 - FontNav (x32 Version: 14.2)
CorelDRAW Graphics SUite X4 - ICA (x32 Version: 14.2)
CorelDRAW Graphics Suite X4 - IPM (x32 Version: 14.2)
CorelDRAW Graphics Suite X4 - Lang DE (x32 Version: 14.2)
CorelDRAW Graphics Suite X4 - PP (x32 Version: 14.2)
CorelDRAW Graphics Suite X4 - VBA (x32 Version: 14.2)
CorelDRAW Graphics Suite X4 (x32 Version: 14.2)
CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension (x32 Version: 1.1)
CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension (x32)
CorelDRAW(R) Graphics Suite X4 (x32)
CPUID CPU-Z 1.60
CyberLink LabelPrint (x32 Version: 2.5.1720)
CyberLink Power2Go (x32 Version: 6.1.2806)
dakota.ag (x32 Version: 5.2.0.8)
DDBAC (x32 Version: 4.3.66)
Designer 2.0 (x32 Version: 7.9.3)
Destinations (x32 Version: 140.0.77.000)
DeviceDiscovery (x32 Version: 140.0.213.000)
dm Digi Foto (x32 Version: 2.3.0.93)
dm Fotowelt (x32)
dm-Fotowelt (x32 Version: 5.0.1)
DocMgr (x32 Version: 130.0.000.000)
DocProc (x32 Version: 140.0.100.000)
DVD Shrink 3.2 (x32)
DVDx 4.0 Open Edition (x32 Version: 4.0 (Open Edition))
ELKA CP210x USB Device 0145 (Driver Removal) (x32)
ElsterFormular 2008/2009 (x32 Version: 10.3.2.0)
ElsterFormular-Upgrade (x32 Version: 14.3.11574)
eReg (x32 Version: 1.20.138.34)
Eumex 800 V1.30 (x32 Version: 1.30.0000)
Eumex RNDIS64 Treiber V1.02 (Version: 1.02.0000)
Fax (x32 Version: 140.0.213.000)
Foto Paradies (x32)
fotokasten comfort 5.0 (x32)
Free iPad Video Converter 3.7.2.1 (x32)
Free YouTube to MP3 Converter version 3.12.14.1022 (x32 Version: 3.12.14.1022)
FRITZ!Fernzugang (Version: 1.2.3)
Giant Savings (x32 Version: 1.23.151.151)
Google Chrome (x32 Version: 30.0.1599.101)
Google Earth Plug-in (x32 Version: 7.1.1.1888)
Google SketchUp 8 (x32 Version: 3.0.14358)
Google Update Helper (x32 Version: 1.3.21.165)
GPBaseService2 (x32 Version: 140.0.212.000)
GPL Ghostscript Lite 8.70 (x32)
Hard Disk Low Level Format Tool 2.36 build 1181 (x32)
Hewlett-Packard ACLM.NET v1.1.0.0 (x32 Version: 1.00.0000)
High-Definition Video Playback (x32 Version: 7.3.10900.8.0)
HP Customer Participation Program 14.0 (Version: 14.0)
HP Document Manager 2.0 (Version: 2.0)
HP Imaging Device Functions 14.0 (Version: 14.0)
HP Officejet Pro 8500 A909 Series (Version: 14.0)
HP Product Detection (x32 Version: 11.14.0001)
HP Smart Web Printing 4.60 (Version: 4.60)
HP Solution Center 14.0 (Version: 14.0)
HP Update (x32 Version: 5.005.000.001)
HPDiagnosticAlert (x32 Version: 1.00.0000)
HPProductAssistant (x32 Version: 140.0.213.000)
HPSSupply (x32 Version: 140.0.212.000)
HydraVision (x32 Version: 4.2.184.0)
ImagXpress (x32 Version: 7.0.74.0)
InfoTerminal Touch-Client 1v01 (x32)
Intel(R) Network Connections 14.3.100.0 (Version: 14.3.100.0)
Intel® Matrix Storage Manager
Iomega Product Registration (x32 Version: 7.24.0000)
iTunes (Version: 11.1.2.32)
Java 7 Update 45 (x32 Version: 7.0.450)
Java Auto Updater (x32 Version: 2.1.9.8)
Java(TM) 6 Update 13 (64-bit) (Version: 6.0.130)
Junk Mail filter update (x32 Version: 14.0.8089.726)
LenovoEMC Storage Manager (Version: 1.4.4.14439)
Lexware Elster (x32 Version: 13.15.00.0074)
Lexware financial office premium 2013 (x32 Version: 13.58.00.0384)
Lexware financial office premium Aktualisierung Februar 2010, Version 10.20 (x32 Version: 10.20.00.0023)
Lexware financial office premium Aktualisierung Januar 2010, Version 10.10 (x32 Version: 10.10.00.0040)
Lexware financial office premium Aktualisierung März 2010, Version 10.30 (x32 Version: 10.30.00.0045)
Lexware financial office premium Juli 2010 (x32 Version: 10.50.00.0155)
Lexware financial office premium Servicepack Aktualisierung 2010, Version 10.60 (x32 Version: 10.60.00.0034)
Lexware financial office premium Servicepack Aktualisierung 2010, Version 10.70 (x32 Version: 10.70.00.0053)
Lexware Info Service (x32 Version: 2.90.00.0009)
Lexware Installations Dienst (x32 Version: 2.00.00.0036)
Lexware lohn+gehalt pro premium Aktualisierung Kassenfusionen Oktober 2010 (x32 Version: 10.71.00.0008)
Lexware online banking (x32 Version: 20.00.00.0059)
Lexware premium 2013 (x32 Version: 13.00.00.0107)
Lexware premium Datenbank 2013 (x32 Version: 13.26.00.0074)
Logitech SetPoint 6.32 (Version: 6.32.20)
Lumac (x32 Version: 1.1.75.0)
MarketResearch (x32 Version: 140.0.214.000)
Media Go (x32 Version: 2.5.299)
Media Go Video Playback Engine 1.120.101.05010 (x32 Version: 1.120.101.05010)
Mein CEWE FOTOBUCH (x32 Version: 4.8.6)
Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme (x32 Version: 12.0.4518.1014)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30320)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Choice Guard (x32 Version: 2.0.48.0)
Microsoft Office 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Live Add-in 1.5 (x32 Version: 2.0.4024.1)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Outlook 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint Viewer 2007 (German) (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Outlook-Sicherung für Persönliche Ordner (x32 Version: 1.10.0.0)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SQL Server 2005 Compact Edition [DEU] (x32 Version: 3.1.0000)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Sync Framework Runtime Native v1.0 (x86) (x32 Version: 1.0.1215.0)
Microsoft Sync Framework Services Native v1.0 (x86) (x32 Version: 1.0.1215.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022.218 (Version: 9.0.21022.218)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Works (x32 Version: 9.7.0621)
Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0)
Mozilla Firefox 25.0 (x86 de) (x32 Version: 25.0)
Mozilla Maintenance Service (x32 Version: 25.0)
MPM (x32 Version: 1.00.0000)
MSVC80_x64_v2 (Version: 1.0.3.0)
MSVC80_x86_v2 (x32 Version: 1.0.3.0)
MSVC90_x64 (Version: 1.0.1.2)
MSVC90_x86 (x32 Version: 1.0.1.2)
MSVCRT (x32 Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
MyFreeCodec (HKCU)
MyPhoneExplorer (x32 Version: 1.8.4)
Nero 10 ClipartPack (x32 Version: 10.6.10000.11.0)
Nero 10 Kwik Themes 1 (x32 Version: 10.6.10000.1.0)
Nero 10 Kwik Themes 2 (x32 Version: 10.6.10000.2.0)
Nero 10 Kwik Themes 3 (x32 Version: 10.6.10000.1.0)
Nero 10 Kwik Themes 4 (x32 Version: 10.6.10000.1.0)
Nero 10 Menu TemplatePack 1 (x32 Version: 10.6.10000.0.0)
Nero 10 Menu TemplatePack 2 (x32 Version: 10.6.10000.0.0)
Nero 10 Menu TemplatePack 3 (x32 Version: 10.6.10000.1.0)
Nero 10 Menu TemplatePack Basic (x32 Version: 10.6.10000.0.0)
Nero 10 Movie ThemePack Basic (x32 Version: 10.6.10000.1.0)
Nero 10 PiP EffectPack 1 (x32 Version: 10.6.10000.0.0)
Nero 10 Sample ImagePack (x32 Version: 10.6.10000.11.0)
Nero 10 Sample Videos (x32 Version: 10.6.10000.11.0)
Nero 10 Video TransitionPack 1 (x32 Version: 10.6.10000.0.0)
Nero BackItUp 10 (x32 Version: 5.8.10400.4.100)
Nero BackItUp 10 Help (CHM) (x32 Version: 10.6.10600)
Nero Burning ROM 10 (x32 Version: 10.6.10600.4.100)
Nero BurningROM 10 Help (CHM) (x32 Version: 10.6.10600)
Nero BurnRights 10 (x32 Version: 4.4.10300.1.100)
Nero BurnRights 10 Help (CHM) (x32 Version: 10.6.10600)
Nero Control Center 10 (x32 Version: 10.6.13000.0.11)
Nero ControlCenter 10 Help (CHM) (x32 Version: 10.6.10700)
Nero Core Components 10 (x32 Version: 2.0.19800.9.10)
Nero CoverDesigner 10 (x32 Version: 5.6.10500.3.100)
Nero CoverDesigner 10 Help (CHM) (x32 Version: 10.6.10600)
Nero DiscSpeed 10 (x32 Version: 6.4.10400.0.100)
Nero DiscSpeed 10 Help (CHM) (x32 Version: 10.6.10600)
Nero Dolby Files 10 (x32 Version: 2.0.13000.0.10)
Nero Express 10 (x32 Version: 10.6.10600.4.100)
Nero Express 10 Help (CHM) (x32 Version: 10.6.10600)
Nero InfoTool 10 (x32 Version: 7.4.10200.0.100)
Nero InfoTool 10 Help (CHM) (x32 Version: 10.6.10600)
Nero Kwik Media (x32 Version: 1.6.16800.75.100)
Nero Multimedia Suite 10 Platinum HD (x32 Version: 10.6.11800)
Nero Recode 10 (x32 Version: 4.10.10600.4.100)
Nero Recode 10 Help (CHM) (x32 Version: 10.6.10600)
Nero RescueAgent 10 (x32 Version: 3.6.10500.3.100)
Nero RescueAgent 10 Help (CHM) (x32 Version: 10.6.10700)
Nero SoundTrax 10 (x32 Version: 4.10.10300.2.100)
Nero SoundTrax 10 Help (CHM) (x32 Version: 10.6.10600)
Nero StartSmart 10 (x32 Version: 10.6.10400.2.100)
Nero StartSmart 10 Help (CHM) (x32 Version: 10.6.10600)
Nero Update (x32 Version: 11.0.10022.15.0)
Nero Vision 10 (x32 Version: 7.4.10800.7.100)
Nero Vision 10 Help (CHM) (x32 Version: 10.6.10600)
Nero WaveEditor 10 (x32 Version: 5.10.10400.3.100)
Nero WaveEditor 10 Help (CHM) (x32 Version: 10.6.10600)
NeroKwikMedia Help (CHM) (x32 Version: 10.6.10700)
neroxml (x32 Version: 1.0.0)
Network64 (Version: 140.0.215.000)
Network64 (Version: 140.0.221.000)
NVIDIA PhysX (x32 Version: 9.09.0428)
NWZ-W270 WALKMAN Guide (x32 Version: 2.2.0.11162)
OCR Software by I.R.I.S. 14.0 (Version: 14.0)
OGA Notifier 2.0.0048.0 (x32 Version: 2.0.0048.0)
PC Connectivity Solution (x32 Version: 10.6.2.0)
PlayStation(R)Store (x32 Version: 4.16.2.15545)
ProductContext (x32 Version: 140.0.000.000)
QuickTime (x32 Version: 7.74.80.86)
ratDVD 0.78.1444 (x32 Version: 0.78.1444)
Ravensburger tiptoi (x32)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.5898)
RENESIS® Player Browser Plugins (x32 Version: 1.1.1)
Samsung Kies (x32 Version: 2.2.0.12014_18)
Samsung Story Album Viewer (x32 Version: 1.0.0.13052_1)
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.24.0)
Scan (x32 Version: 140.0.167.000)
Secure Eraser (x32 Version: 4.1.0.3)
Shop for HP Supplies (Version: 14.0)
SmartWebPrinting (x32 Version: 140.0.186.000)
SolutionCenter (x32 Version: 140.0.214.000)
SpeedFan (remove only) (x32)
StarMoney (x32 Version: 2.0)
StarMoney (x32 Version: 3.0.0.124)
StarMoney (x32 Version: 4.0.0.203)
StarMoney Business 4.0 Deutsche Bank Edition (x32 Version: 4.0)
StarMoney Business 5.0 Deutsche Bank Edition (x32 Version: 5.0)
StarMoney Business 6.0 Deutsche Bank Edition (x32 Version: 6.0)
Status (x32 Version: 140.0.256.000)
Stellarium 0.10.2 (x32)
SUPER © v2012.build.53 (Sep 13, 2012) Version v2012.build.53 (x32 Version: v2012.build.53)
sv.net (x32 Version: 10.1)
Toolbox (x32 Version: 140.0.428.000)
TrayApp (x32 Version: 140.0.213.000)
Uninstall 1.0.0.1 (x32)
Update for 2007 Microsoft Office System (KB967642) (x32)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (x32)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2827325) 32-Bit Edition (x32)
Update für Microsoft Office Excel 2007 Help (KB963678) (x32)
Update für Microsoft Office Outlook 2007 Help (KB963677) (x32)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (x32)
Update für Microsoft Office Word 2007 Help (KB963665) (x32)
UseNeXT by Tangysoft (x32)
Video Converter (HKCU)
Video Converter Packages (HKCU)
Visual Basic for Applications (R) Core - English (x32 Version: 6.4.99.69)
Visual Basic for Applications (R) Core - German (x32 Version: 6.4.99.69)
Visual Basic for Applications (R) Core (x32 Version: 6.4.99.69)
VLC media player 2.1.0 (x32 Version: 2.1.0)
WebReg (x32 Version: 140.0.213.017)
Windows Home Server Toolkit 1.1 (Version: 6.0.1800.0)
Windows Live Call (x32 Version: 14.0.8064.0206)
Windows Live Communications Platform (x32 Version: 14.0.8064.206)
Windows Live Essentials (x32 Version: 14.0.8089.0726)
Windows Live Essentials (x32 Version: 14.0.8089.726)
Windows Live Fotogalerie (x32 Version: 14.0.8081.709)
Windows Live ID-Anmelde-Assistent (Version: 6.500.3165.0)
Windows Live Mail (x32 Version: 14.0.8089.0726)
Windows Live Messenger (x32 Version: 14.0.8089.0726)
Windows Live Movie Maker (x32 Version: 14.0.8091.0730)
Windows Live Sync (x32 Version: 14.0.8089.726)
Windows Live Writer (x32 Version: 14.0.8089.0726)
Windows Live-Uploadtool (x32 Version: 14.0.8014.1029)
Windows Media Player Firefox Plugin (x32 Version: 1.0.0.8)
Windows Mobile-Gerätecenter (Version: 6.1.6965.0)
Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0) (Version: 08/22/2008 7.0.0.0)
Windows-Treiberpaket - T-Home Net  (06/30/2010 6.0.6000.16384) (Version: 06/30/2010 6.0.6000.16384)
WinRAR
WMV9/VC-1 Video Playback (Version: 1.00.0000)
YTD Video Downloader 3.9.6 (x32 Version: 3.9.6)

==================== Restore Points  =========================

05-11-2013 23:00:01 Geplanter Prüfpunkt
08-11-2013 02:00:11 Windows Update

==================== Hosts content: ==========================

2009-07-14 03:34 - 2011-10-18 09:16 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0084008D-C71D-4B2D-9877-C020F385442A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-21] (Adobe Systems Incorporated)
Task: {271AA180-FDD9-44BB-A6DE-448A50D4C63F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {2A967602-2609-42EE-ADEA-ECE41463D859} - System32\Tasks\Henrik => C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBCore.exe [2011-04-08] (Nero AG)
Task: {3686B905-E334-4897-BC4F-FF704154B99E} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => C:\Program Files\Microsoft IntelliPoint\IPoint.exe
Task: {42F16ACD-58BB-4DA8-BC13-A75ACDAD5CEC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-01-20] (Google Inc.)
Task: {50AD7194-77D1-4DC2-B1E7-F8330F6DFF59} - System32\Tasks\Henrik NBAgent 5 4 => C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe [2011-04-08] (Nero AG)
Task: {8ABF23E1-6C65-4ACF-BD03-636E796917EE} - System32\Tasks\Microsoft\Office Genuine Advantage\OGALogon => C:\Windows\system32\OGAExec.exe
Task: {A8FCC7F2-8B53-4E35-870A-8363114A40A1} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-23] (Microsoft Corporation)
Task: {C67058E4-7C99-4BC4-8C92-05A30E7CB46E} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe [2012-01-03] ()
Task: {C9B34855-92AB-40E2-B946-82A689FD1D26} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-01-20] (Google Inc.)
Task: {D05FF259-21A1-4F63-98E5-6B0F63F9084D} - System32\Tasks\Henrik - Kopieren => C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBCore.exe [2011-04-08] (Nero AG)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2010-01-02 12:34 - 2009-12-12 15:12 - 00166400 _____ () C:\Program Files\WinRAR\rarext.dll
2012-12-27 20:28 - 2012-09-07 16:57 - 00559424 _____ () C:\Program Files (x86)\ASCOMP Software\Secure Eraser\SecEraser64.dll
2011-10-07 10:39 - 2011-10-07 10:39 - 01304856 _____ () C:\Program Files\Logitech\SetPointP\Macros\MacroCore.dll
2013-10-30 13:01 - 2013-10-10 19:14 - 00394824 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2011-06-24 21:56 - 2011-06-24 21:56 - 00087328 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-06-24 21:56 - 2011-06-24 21:56 - 01241888 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-11-11 04:45 - 2009-10-06 14:36 - 00205312 _____ () C:\Program Files (x86)\StarMoney Business 4.0 Deutsche Bank Edition\ouservice\PATCHW32.dll
2013-02-06 15:55 - 2011-01-13 11:44 - 00232800 _____ () C:\Program Files (x86)\StarMoney Business 5.0 Deutsche Bank Edition\ouservice\PATCHW32.dll
2013-10-15 09:21 - 2011-01-13 10:44 - 00232800 _____ () C:\Program Files (x86)\StarMoney Business 6.0 Deutsche Bank Edition\ouservice\PATCHW32.dll
2013-11-06 01:49 - 2013-11-06 01:50 - 03368048 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2003-07-11 02:09 - 2003-07-11 02:09 - 00048192 _____ () C:\Program Files (x86)\Common Files\microsoft shared\Web Folders\1031\NSEXTINT.DLL

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\Temp:E7465851

==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/13/2013 08:38:54 AM) (Source: Application Hang) (User: )
Description: Programm avscan.exe, Version 14.0.0.383 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 9bc

Startzeit: 01cee03acfb93cf2

Endzeit: 8252

Anwendungspfad: C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe

Berichts-ID: 963b73ed-4c36-11e3-9857-000000e50e00

Error: (11/13/2013 08:27:36 AM) (Source: Application Hang) (User: )
Description: Programm Framework.exe, Version 13.51.0.181 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1658

Startzeit: 01cee04158ffc1b6

Endzeit: 15

Anwendungspfad: C:\Program Files (x86)\Lexware\premium\2013\Framework.exe

Berichts-ID:

Error: (11/13/2013 08:19:55 AM) (Source: Application Hang) (User: )
Description: Programm Framework.exe, Version 13.51.0.181 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1d20

Startzeit: 01cee03f88ed2dd2

Endzeit: 0

Anwendungspfad: C:\Program Files (x86)\Lexware\premium\2013\Framework.exe

Berichts-ID:

Error: (11/06/2013 09:18:53 AM) (Source: Bonjour Service) (User: )
Description: Client application bug: DNSServiceResolve(8c:fa:ba:a2:28:15@fe80::8efa:baff:fea2:2815._apple-mobdev._tcp.local.) active for over two minutes. This places considerable burden on the network.

Error: (11/05/2013 00:18:02 AM) (Source: Application Hang) (User: )
Description: Programm WINWORD.EXE, Version 12.0.6683.5002 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1fe4

Startzeit: 01ced980bec34cff

Endzeit: 16

Anwendungspfad: C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE

Berichts-ID: 4ed0f6fe-45a7-11e3-ac62-000000c10300

Error: (11/05/2013 00:15:25 AM) (Source: Application Hang) (User: )
Description: Programm Framework.exe, Version 13.51.0.181 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 204

Startzeit: 01ced5595cbb5f64

Endzeit: 10

Anwendungspfad: C:\Program Files (x86)\Lexware\premium\2013\Framework.exe

Berichts-ID:

Error: (11/04/2013 11:56:20 PM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance" ist ein unerwarteter Fehler aufgetreten. hr = 0x80040154, Klasse nicht registriert
.


Vorgang:
  VSS-Server wird instanziiert

Error: (11/04/2013 11:56:20 PM) (Source: VSS) (User: )
Description: Fehler im Volumenschattenkopie-Dienst: Eine vom Volumenschattenkopie-Dienst benötigte kritische Komponente ist nicht registriert.
Dies kann geschehen, wenn bei der Windows-Installation oder bei der Installation eines Schattenkopieanbieters ein Fehler aufgetreten ist.
Der von CoCreateInstance für die Klasse mit CLSID "{e579ab5f-1cc4-44b4-bed9-de0991ff0623}" und dem Namen "IVssCoordinatorEx2" zurückgegebene Fehler ist [0x80040154, Klasse nicht registriert
].


Vorgang:
  VSS-Server wird instanziiert

Error: (11/04/2013 06:26:22 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: WINWORD.EXE, Version: 12.0.6683.5002, Zeitstempel: 0x520bb457
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000004
ID des fehlerhaften Prozesses: 0x1fe4
Startzeit der fehlerhaften Anwendung: 0xWINWORD.EXE0
Pfad der fehlerhaften Anwendung: WINWORD.EXE1
Pfad des fehlerhaften Moduls: WINWORD.EXE2
Berichtskennung: WINWORD.EXE3

Error: (10/30/2013 07:56:39 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 24.0.0.5001, Zeitstempel: 0x522fd228
Name des fehlerhaften Moduls: NPSWF32_11_9_900_117.dll, Version: 11.9.900.117, Zeitstempel: 0x5244d60c
Ausnahmecode: 0x80000003
Fehleroffset: 0x00345b8d
ID des fehlerhaften Prozesses: 0xf88
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3


System errors:
=============
Error: (11/13/2013 09:55:09 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (11/13/2013 09:55:09 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Media Player-Netzwerkfreigabedienst erreicht.

Error: (11/13/2013 09:52:41 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst AVM FRITZ!Fernzugang Client erreicht.

Error: (11/13/2013 09:14:53 AM) (Source: Service Control Manager) (User: )
Description: Dienst "Volumeschattenkopie" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (11/13/2013 09:14:53 AM) (Source: Service Control Manager) (User: )
Description: Dienst "Nero Update" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (11/13/2013 09:14:53 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Live ID Sign-in Assistant" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (11/13/2013 09:14:53 AM) (Source: Service Control Manager) (User: )
Description: Dienst "Adobe Acrobat Update Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (11/13/2013 08:44:22 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst AVM FRITZ!Fernzugang Client erreicht.

Error: (11/06/2013 10:45:52 AM) (Source: DCOM) (User: )
Description: {877A5D52-5F6F-4175-907D-A6AC4E8F1171}

Error: (11/06/2013 09:18:02 AM) (Source: DCOM) (User: )
Description: {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}


Microsoft Office Sessions:
=========================
Error: (10/17/2013 06:22:18 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 1376 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (08/30/2013 03:06:51 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 3 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (08/01/2013 09:37:36 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 11 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (03/14/2013 09:08:56 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 9711 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (03/05/2013 06:18:14 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 467114 seconds with 12840 seconds of active time.  This session ended with a crash.

Error: (02/17/2013 06:26:10 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 19 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (01/06/2013 02:17:29 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 277146 seconds with 7260 seconds of active time.  This session ended with a crash.

Error: (12/07/2012 11:19:44 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 698550 seconds with 18840 seconds of active time.  This session ended with a crash.

Error: (11/12/2012 09:40:52 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 789 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (03/14/2012 09:23:45 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6654.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 8 seconds with 0 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2013-06-19 13:29:52.251
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-06-19 13:29:52.123
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-06-19 13:29:49.579
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-06-19 13:29:49.454
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-06-19 13:29:47.090
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-06-19 13:29:46.967
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-06-19 13:29:44.799
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sy_" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-06-19 13:29:44.676
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-06-19 13:29:42.207
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-06-19 13:29:42.081
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info ===========================

Percentage of memory in use: 24%
Total physical RAM: 12279.18 MB
Available physical RAM: 9314.63 MB
Total Pagefile: 24556.53 MB
Available Pagefile: 21466.61 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: (Boot) (Fixed) (Total:905.41 GB) (Free:135.92 GB) NTFS
Drive d: (Recover) (Fixed) (Total:25 GB) (Free:16.06 GB) NTFS
Drive u: (Backups) (Network) (Total:911.04 GB) (Free:475.24 GB) NTFS
Drive y: (Backups) (Network) (Total:2733.18 GB) (Free:1914.2 GB) NTFS
Drive z: (Movies) (Network) (Total:2733.18 GB) (Free:1914.2 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 932 GB) (Disk ID: 7BBFE4BE)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=905 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=25 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=1 GB) - (Type=12)

==================== End Of Log ============================
Hier Lofile Gmer

Code:
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-11-13 10:14:38
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.ST6O 931,51GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Henrik\AppData\Local\Temp\fgtdypod.sys


---- User code sections - GMER 2.1 ----

.text  C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BBSvc.exe[1800] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                              0000000077a51465 2 bytes [A5, 77]
.text  C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BBSvc.exe[1800] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                            0000000077a514bb 2 bytes [A5, 77]
.text  ...                                                                                                                                                                    * 2
.text  C:\Program Files (x86)\lexware\installer service\LxInstallerService.exe[1928] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                  0000000077a51465 2 bytes [A5, 77]
.text  C:\Program Files (x86)\lexware\installer service\LxInstallerService.exe[1928] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                  0000000077a514bb 2 bytes [A5, 77]
.text  ...                                                                                                                                                                    * 2
.text  C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[2532] C:\Windows\SysWOW64\ntdll.dll!DbgBreakPoint                                              0000000077a9000c 1 byte [C3]
.text  C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[2532] C:\Windows\SysWOW64\ntdll.dll!DbgUiRemoteBreakin                                        0000000077b1f8ea 5 bytes JMP 0000000177acd5c1
.text  C:\Program Files (x86)\Samsung\Kies\Kies.exe[2540] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                              0000000077a51465 2 bytes [A5, 77]
.text  C:\Program Files (x86)\Samsung\Kies\Kies.exe[2540] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                            0000000077a514bb 2 bytes [A5, 77]
.text  ...                                                                                                                                                                    * 2
.text  C:\Program Files (x86)\Ask.com\Updater\Updater.exe[2860] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                        0000000077a51465 2 bytes [A5, 77]
.text  C:\Program Files (x86)\Ask.com\Updater\Updater.exe[2860] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                      0000000077a514bb 2 bytes [A5, 77]
.text  ...                                                                                                                                                                    * 2
.text  C:\Program Files (x86)\StarMoney Business 4.0 Deutsche Bank Edition\ouservice\StarMoneyOnlineUpdate.exe[3256] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69  0000000077a51465 2 bytes [A5, 77]
.text  C:\Program Files (x86)\StarMoney Business 4.0 Deutsche Bank Edition\ouservice\StarMoneyOnlineUpdate.exe[3256] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  0000000077a514bb 2 bytes [A5, 77]
.text  ...                                                                                                                                                                    * 2
.text  C:\Program Files (x86)\StarMoney Business 5.0 Deutsche Bank Edition\ouservice\StarMoneyOnlineUpdate.exe[3288] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69  0000000077a51465 2 bytes [A5, 77]
.text  C:\Program Files (x86)\StarMoney Business 5.0 Deutsche Bank Edition\ouservice\StarMoneyOnlineUpdate.exe[3288] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  0000000077a514bb 2 bytes [A5, 77]
.text  ...                                                                                                                                                                    * 2
.text  C:\Program Files (x86)\StarMoney Business 6.0 Deutsche Bank Edition\ouservice\StarMoneyOnlineUpdate.exe[3524] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69  0000000077a51465 2 bytes [A5, 77]
.text  C:\Program Files (x86)\StarMoney Business 6.0 Deutsche Bank Edition\ouservice\StarMoneyOnlineUpdate.exe[3524] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  0000000077a514bb 2 bytes [A5, 77]
.text  ...                                                                                                                                                                    * 2

---- Registry - GMER 2.1 ----

Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                                                                       
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                                                                    C:\Program Files (x86)\DAEMON Tools Lite\
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                                                                    0xD4 0xC3 0x97 0x02 ...
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                                                                    0
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                                                                  0xA0 0x92 0xFC 0xC8 ...
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                                                                             
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                                                                            0x20 0x01 0x00 0x00 ...
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                                                                        0xB4 0xB0 0x22 0xC6 ...
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                                                                         
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                                                                    0x59 0x86 0x7B 0x8B ...
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                                                                   
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                                                                        C:\Program Files (x86)\DAEMON Tools Lite\
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                                                                        0xD4 0xC3 0x97 0x02 ...
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                                                                        0
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                                                                      0xA0 0x92 0xFC 0xC8 ...
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)                                                         
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                                                                                0x20 0x01 0x00 0x00 ...
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                                                                            0xB4 0xB0 0x22 0xC6 ...
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)                                                     
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                                                                        0x59 0x86 0x7B 0x8B ...

---- Disk sectors - GMER 2.1 ----

Disk  \Device\Harddisk0\DR0                                                                                                                                                  unknown MBR code

---- EOF - GMER 2.1 ----

schrauber 13.11.2013 10:37
hi,

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Heinzi1969 13.11.2013 11:23
Hier der Log. Vorab schon mal Dank für die schnelle Reaktion

Code:
ComboFix 13-11-12.01 - Henrik 13.11.2013  10:57:15.1.8 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.12279.9760 [GMT 1:00]
ausgeführt von:: c:\users\Henrik\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\program files (x86)\Giant Savings\GiANt savings.dll
c:\programdata\CBFB9419BB.sys
c:\users\Henrik\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_ndkhncnongaclekkbelchmeafffimifj_0
c:\users\Henrik\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_ndkhncnongaclekkbelchmeafffimifj_0\3
c:\users\Henrik\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_ndkhncnongaclekkbelchmeafffimifj_0\4
c:\users\Henrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj
c:\users\Henrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.20.44_4\background.html
c:\users\Henrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.20.44_4\crossriderManifest.json
c:\users\Henrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.20.44_4\icons\actions\1.png
c:\users\Henrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.20.44_4\icons\icon128.png
c:\users\Henrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.20.44_4\icons\icon16.png
c:\users\Henrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.20.44_4\icons\icon48.png
c:\users\Henrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.20.44_4\js\api\chrome.js
c:\users\Henrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.20.44_4\js\api\cookie.js
c:\users\Henrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.20.44_4\js\api\message.js
c:\users\Henrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.20.44_4\js\background.js
c:\users\Henrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.20.44_4\js\lib\app_api.js
c:\users\Henrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.20.44_4\js\lib\async_api.js
c:\users\Henrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.20.44_4\js\lib\bg_app_api.js
c:\users\Henrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.20.44_4\js\lib\cookie_store.js
c:\users\Henrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.20.44_4\js\lib\data_store.js
c:\users\Henrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.20.44_4\js\lib\delegate.js
c:\users\Henrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.20.44_4\js\lib\events.js
c:\users\Henrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.20.44_4\js\lib\onBGDocumentLoad.js
c:\users\Henrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.20.44_4\js\lib\reports.js
c:\users\Henrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.20.44_4\js\lib\util.js
c:\users\Henrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.20.44_4\manifest.json
c:\users\Henrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.20.44_4\popup.html
c:\users\Henrik\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ndkhncnongaclekkbelchmeafffimifj_0.localstorage-journal
c:\users\Henrik\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ndkhncnongaclekkbelchmeafffimifj_0.localstorage
c:\users\Henrik\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\users\Henrik\GoToAssistDownloadHelper.exe
c:\windows\IsUn0407.exe
c:\windows\iun6002.exe
c:\windows\SysWow64\FlashPlayerApp.exe
c:\windows\SysWow64\System32\MASetupCleaner.exe
c:\windows\SysWow64\System32\muzapp.exe
.
.
(((((((((((((((((((((((  Dateien erstellt von 2013-10-13 bis 2013-11-13  ))))))))))))))))))))))))))))))
.
.
2013-11-13 10:16 . 2013-11-13 10:16        --------        d-----w-        c:\users\Default\AppData\Local\temp
2013-11-13 08:57 . 2013-11-13 08:57        --------        d-----w-        C:\FRST
2013-11-13 08:14 . 2013-11-13 08:32        --------        d-----w-        c:\program files\stinger
2013-11-07 10:01 . 2013-09-04 12:12        343040        ----a-w-        c:\windows\system32\drivers\usbhub.sys
2013-11-07 10:01 . 2013-09-04 12:11        325120        ----a-w-        c:\windows\system32\drivers\usbport.sys
2013-11-07 10:01 . 2013-09-04 12:11        99840        ----a-w-        c:\windows\system32\drivers\usbccgp.sys
2013-11-07 10:01 . 2013-09-04 12:11        52736        ----a-w-        c:\windows\system32\drivers\usbehci.sys
2013-11-07 10:01 . 2013-09-04 12:11        30720        ----a-w-        c:\windows\system32\drivers\usbuhci.sys
2013-11-07 10:01 . 2013-09-04 12:11        25600        ----a-w-        c:\windows\system32\drivers\usbohci.sys
2013-11-07 10:01 . 2013-09-04 12:11        7808        ----a-w-        c:\windows\system32\drivers\usbd.sys
2013-10-30 12:06 . 2013-10-30 12:06        --------        d-----w-        c:\users\Henrik\AppData\Roaming\Avira
2013-10-30 12:01 . 2013-10-10 18:14        83160        ----a-w-        c:\windows\system32\drivers\avnetflt.sys
2013-10-30 12:01 . 2013-10-10 18:14        28600        ----a-w-        c:\windows\system32\drivers\avkmgr.sys
2013-10-30 12:01 . 2013-10-10 18:14        132600        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2013-10-30 12:01 . 2013-10-10 18:14        105856        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2013-10-30 12:01 . 2013-10-30 12:01        --------        d-----w-        c:\programdata\Avira
2013-10-30 12:01 . 2013-10-30 12:01        --------        d-----w-        c:\program files (x86)\Avira
2013-10-29 11:47 . 2013-10-14 07:12        10280728        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{9CE985BA-A7D8-4EB2-B118-4E6DB4F7FCA0}\mpengine.dll
2013-10-27 19:14 . 2013-10-27 19:14        --------        d-----w-        c:\program files (x86)\Sony Media Go Install
2013-10-27 16:53 . 2013-10-27 16:53        --------        d-----w-        c:\users\Henrik\AppData\Local\Programs
2013-10-25 08:16 . 2013-10-25 08:16        --------        d-----w-        c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-10-25 08:16 . 2013-10-25 08:16        --------        d-----w-        c:\program files\iTunes
2013-10-25 08:16 . 2013-10-25 08:16        --------        d-----w-        c:\program files (x86)\iTunes
2013-10-25 08:16 . 2013-10-25 08:16        --------        d-----w-        c:\program files\iPod
2013-10-24 10:16 . 2013-10-24 10:16        --------        d-----w-        c:\users\Henrik\AppData\Local\LenovoEMCStorageManager
2013-10-24 10:16 . 2013-10-24 10:16        --------        d-----w-        c:\programdata\LenovoEMCStorageManager
2013-10-24 10:15 . 2013-10-24 10:16        --------        d-----w-        c:\program files (x86)\LenovoEMC Storage Manager
2013-10-23 11:35 . 2013-10-08 05:50        96168        ----a-w-        c:\windows\SysWow64\WindowsAccessBridge-32.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-12 19:33 . 2010-02-01 19:34        2516        --sha-w-        c:\programdata\KGyGaAvL.sys
2013-10-21 15:42 . 2013-01-01 21:36        71048        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-12 01:04 . 2009-10-28 09:54        80541720        ----a-w-        c:\windows\system32\MRT.exe
2013-09-22 23:28 . 2013-10-12 01:12        1767936        ----a-w-        c:\windows\SysWow64\wininet.dll
2013-09-22 23:27 . 2013-10-12 01:12        2876928        ----a-w-        c:\windows\SysWow64\jscript9.dll
2013-09-22 23:27 . 2013-10-12 01:12        61440        ----a-w-        c:\windows\SysWow64\iesetup.dll
2013-09-22 23:27 . 2013-10-12 01:12        109056        ----a-w-        c:\windows\SysWow64\iesysprep.dll
2013-09-22 22:55 . 2013-10-12 01:12        51712        ----a-w-        c:\windows\system32\ie4uinit.exe
2013-09-22 22:55 . 2013-10-12 01:12        2241024        ----a-w-        c:\windows\system32\wininet.dll
2013-09-22 22:55 . 2013-10-12 01:12        1365504        ----a-w-        c:\windows\system32\urlmon.dll
2013-09-22 22:54 . 2013-10-12 01:12        603136        ----a-w-        c:\windows\system32\msfeeds.dll
2013-09-22 22:54 . 2013-10-12 01:12        19252224        ----a-w-        c:\windows\system32\mshtml.dll
2013-09-22 22:54 . 2013-10-12 01:12        855552        ----a-w-        c:\windows\system32\jscript.dll
2013-09-22 22:54 . 2013-10-12 01:12        3959296        ----a-w-        c:\windows\system32\jscript9.dll
2013-09-22 22:54 . 2013-10-12 01:12        53248        ----a-w-        c:\windows\system32\jsproxy.dll
2013-09-22 22:54 . 2013-10-12 01:12        526336        ----a-w-        c:\windows\system32\ieui.dll
2013-09-22 22:54 . 2013-10-12 01:12        67072        ----a-w-        c:\windows\system32\iesetup.dll
2013-09-22 22:54 . 2013-10-12 01:12        39936        ----a-w-        c:\windows\system32\iernonce.dll
2013-09-22 22:54 . 2013-10-12 01:12        2647552        ----a-w-        c:\windows\system32\iertutil.dll
2013-09-22 22:54 . 2013-10-12 01:12        136704        ----a-w-        c:\windows\system32\iesysprep.dll
2013-09-22 22:54 . 2013-10-12 01:12        15404544        ----a-w-        c:\windows\system32\ieframe.dll
2013-09-21 03:38 . 2013-10-12 01:12        2706432        ----a-w-        c:\windows\system32\mshtml.tlb
2013-09-21 03:30 . 2013-10-12 01:12        2706432        ----a-w-        c:\windows\SysWow64\mshtml.tlb
2013-09-21 02:48 . 2013-10-12 01:12        89600        ----a-w-        c:\windows\system32\RegisterIEPKEYs.exe
2013-09-21 02:39 . 2013-10-12 01:12        71680        ----a-w-        c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-09-14 01:10 . 2013-10-11 10:03        497152        ----a-w-        c:\windows\system32\drivers\afd.sys
2013-09-08 02:30 . 2013-10-11 10:03        1903552        ----a-w-        c:\windows\system32\drivers\tcpip.sys
2013-09-08 02:27 . 2013-10-11 10:03        327168        ----a-w-        c:\windows\system32\mswsock.dll
2013-09-08 02:03 . 2013-10-11 10:03        231424        ----a-w-        c:\windows\SysWow64\mswsock.dll
2013-09-03 12:35 . 2009-10-28 09:53        278800        ------w-        c:\windows\system32\MpSigStub.exe
2013-08-30 13:30 . 2013-08-30 13:30        4959800        ----a-w-        c:\windows\SysWow64\LxXtreme110.dll
2013-08-30 13:30 . 2013-08-30 13:30        26168        ----a-w-        c:\windows\SysWow64\LxTPSW100.dll
2013-08-30 13:30 . 2013-08-30 13:30        104504        ----a-w-        c:\windows\SysWow64\LxUISettingsN100.dll
2013-08-30 13:30 . 2013-08-30 13:30        1362488        ----a-w-        c:\windows\SysWow64\LxTool111.dll
2013-08-30 13:30 . 2013-08-30 13:30        63544        ----a-w-        c:\windows\SysWow64\LxPXTree100.dll
2013-08-30 13:30 . 2013-08-30 13:30        127544        ----a-w-        c:\windows\SysWow64\LxMail100.dll
2013-08-30 13:30 . 2013-08-30 13:30        49720        ----a-w-        c:\windows\SysWow64\LXCurr100.dll
2013-08-30 13:30 . 2013-08-30 13:30        68152        ----a-w-        c:\windows\SysWow64\LxCI12.dll
2013-08-30 13:30 . 2013-08-30 13:30        207928        ----a-w-        c:\windows\SysWow64\LxBasics100.dll
2013-08-29 02:17 . 2013-10-11 10:03        5549504        ----a-w-        c:\windows\system32\ntoskrnl.exe
2013-08-29 02:16 . 2013-10-11 10:02        1732032        ----a-w-        c:\windows\system32\ntdll.dll
2013-08-29 02:16 . 2013-10-11 10:02        243712        ----a-w-        c:\windows\system32\wow64.dll
2013-08-29 02:16 . 2013-10-11 10:02        859648        ----a-w-        c:\windows\system32\tdh.dll
2013-08-29 02:13 . 2013-10-11 10:03        878080        ----a-w-        c:\windows\system32\advapi32.dll
2013-08-29 01:51 . 2013-10-11 10:02        3969472        ----a-w-        c:\windows\SysWow64\ntkrnlpa.exe
2013-08-29 01:51 . 2013-10-11 10:02        3914176        ----a-w-        c:\windows\SysWow64\ntoskrnl.exe
2013-08-29 01:50 . 2013-10-11 10:02        5120        ----a-w-        c:\windows\SysWow64\wow32.dll
2013-08-29 01:50 . 2013-10-11 10:02        1292192        ----a-w-        c:\windows\SysWow64\ntdll.dll
2013-08-29 01:50 . 2013-10-11 10:02        619520        ----a-w-        c:\windows\SysWow64\tdh.dll
2013-08-29 01:48 . 2013-10-11 10:02        640512        ----a-w-        c:\windows\SysWow64\advapi32.dll
2013-08-29 01:48 . 2013-10-11 10:02        44032        ----a-w-        c:\windows\apppatch\acwow64.dll
2013-08-29 00:49 . 2013-10-11 10:02        25600        ----a-w-        c:\windows\SysWow64\setup16.exe
2013-08-29 00:49 . 2013-10-11 10:02        7680        ----a-w-        c:\windows\SysWow64\instnm.exe
2013-08-29 00:49 . 2013-10-11 10:02        14336        ----a-w-        c:\windows\SysWow64\ntvdm64.dll
2013-08-29 00:49 . 2013-10-11 10:02        2048        ----a-w-        c:\windows\SysWow64\user.exe
2013-08-28 01:21 . 2013-10-11 10:03        3155968        ----a-w-        c:\windows\system32\win32k.sys
2013-08-28 01:12 . 2013-10-11 10:02        461312        ----a-w-        c:\windows\system32\scavengeui.dll
2013-08-20 05:02 . 2013-08-20 05:02        204568        ----a-w-        c:\windows\system32\drivers\ssudmdm.sys
2013-08-20 05:02 . 2013-08-20 05:02        103576        ----a-w-        c:\windows\system32\drivers\ssudbus.sys
2006-05-03 10:06        163328        --sha-r-        c:\windows\SysWOW64\flvDX.dll
2007-02-21 11:47        31232        --sha-r-        c:\windows\SysWOW64\msfDX.dll
2008-03-16 13:30        216064        --sha-r-        c:\windows\SysWOW64\nbDX.dll
2010-01-06 22:00        107520        --sha-r-        c:\windows\SysWOW64\TAKDSDecoder.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{1dad3af3-ef2f-4f64-ac4b-11789189fcb6}]
2013-07-23 00:46        1451680        ----a-w-        c:\program files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-01-03 14:31        1514152        ----a-w-        c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
2013-10-22 19:18        277560        ----a-w-        c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2013-05-23 1106288]
"KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2013-05-23 1561968]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StarMoneyRunEntry"="c:\program files (x86)\StarMoney Business 4.0 Deutsche Bank Edition\app\oflagent.exe" [2011-09-22 57864]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-01-26 336384]
"SMB50StarMoneyRunEntry"="c:\program files (x86)\StarMoney Business 5.0 Deutsche Bank Edition\app\oflagent.exe" [2013-11-06 56976]
"NBAgent"="c:\program files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2011-04-08 1406248]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2013-05-23 311152]
"AirPort Base Station Agent"="c:\program files (x86)\AirPort\APAgent.exe" [2009-11-11 771360]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2012-01-03 1391272]
"LexwareInfoService"="c:\program files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe" [2011-07-31 189808]
"SMB60StarMoneyRunEntry"="c:\program files (x86)\StarMoney Business 6.0 Deutsche Bank Edition\app\oflagent.exe" [2013-10-18 48272]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-10-23 152392]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-10-10 681032]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
ControlCenter.lnk - c:\program files (x86)\T-Home\Eumex 800 V1.30\ControlCenter.exe [2007-2-9 221184]
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2010-5-28 276328]
LenovoEMC Storage Manager.lnk - c:\program files (x86)\LenovoEMC Storage Manager\LenovoEMCStorageManager.exe -s [2013-7-7 2542432]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.2.241.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.2.241.0\BBSvc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\SysWOW64\FsUsbExDisk.SYS;c:\windows\SysWOW64\FsUsbExDisk.SYS [x]
R3 IAMTVE;Treiber für Intel(R) Active-Management-Technologie - KCS;c:\windows\system32\DRIVERS\IAMTVE.sys;c:\windows\SYSNATIVE\DRIVERS\IAMTVE.sys [x]
R3 IAMTXPE;Treiber für Intel(R) Active-Management-Technologie - KCS;c:\windows\system32\DRIVERS\IAMTXPE.sys;c:\windows\SYSNATIVE\DRIVERS\IAMTXPE.sys [x]
R3 ioatdma1;ioatdma1;c:\windows\System32\Drivers\qd162x64.sys;c:\windows\SYSNATIVE\Drivers\qd162x64.sys [x]
R3 ioatdma2;Intel(R) QuickData Technology device ver.2;c:\windows\System32\Drivers\qd262x64.sys;c:\windows\SYSNATIVE\Drivers\qd262x64.sys [x]
R3 nmwcdnsucx64;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsucx64.sys;c:\windows\SYSNATIVE\drivers\nmwcdnsucx64.sys [x]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys;c:\windows\SYSNATIVE\drivers\nmwcdnsux64.sys [x]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64k.sys;c:\windows\SYSNATIVE\DRIVERS\point64k.sys [x]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\rtl8187B.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8187B.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R4 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe [x]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 avmike;AVM FRITZ!Fernzugang IKE Service;c:\program files\FRITZ!Fernzugang\avmike.exe;c:\program files\FRITZ!Fernzugang\avmike.exe [x]
S2 avnetflt;avnetflt;c:\windows\system32\DRIVERS\avnetflt.sys;c:\windows\SYSNATIVE\DRIVERS\avnetflt.sys [x]
S2 certsrv;AVM FRITZ!Fernzugang Cert Service;c:\program files\FRITZ!Fernzugang\certsrv.exe;c:\program files\FRITZ!Fernzugang\certsrv.exe [x]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys;c:\windows\SYSNATIVE\drivers\cpuz135_x64.sys [x]
S2 Lexware Installations Dienst;Lexware Installations Dienst;c:\program files (x86)\lexware\installer service\LxInstallerService.exe;c:\program files (x86)\lexware\installer service\LxInstallerService.exe [x]
S2 Lexware_Premium_Datenbank;Lexware Premium Datenbank;c:\program files (x86)\SQL Anywhere 12\Bin32\dbsrv12.exe;c:\program files (x86)\SQL Anywhere 12\Bin32\dbsrv12.exe [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S2 nwtsrv;AVM FRITZ!Fernzugang Client;c:\program files\FRITZ!Fernzugang\nwtsrv.exe;c:\program files\FRITZ!Fernzugang\nwtsrv.exe [x]
S2 PCloudd;PCloudd;c:\program files (x86)\LenovoEMC Storage Manager\pCloudd.exe;c:\program files (x86)\LenovoEMC Storage Manager\pCloudd.exe [x]
S2 StarMoney Business 4.0 OnlineUpdate;StarMoney Business 4.0 OnlineUpdate;c:\program files (x86)\StarMoney Business 4.0 Deutsche Bank Edition\ouservice\StarMoneyOnlineUpdate.exe;c:\program files (x86)\StarMoney Business 4.0 Deutsche Bank Edition\ouservice\StarMoneyOnlineUpdate.exe [x]
S2 StarMoney Business 5.0 OnlineUpdate;StarMoney Business 5.0 OnlineUpdate;c:\program files (x86)\StarMoney Business 5.0 Deutsche Bank Edition\ouservice\StarMoneyOnlineUpdate.exe;c:\program files (x86)\StarMoney Business 5.0 Deutsche Bank Edition\ouservice\StarMoneyOnlineUpdate.exe [x]
S2 StarMoney Business 6.0 OnlineUpdate;StarMoney Business 6.0 OnlineUpdate;c:\program files (x86)\StarMoney Business 6.0 Deutsche Bank Edition\ouservice\StarMoneyOnlineUpdate.exe;c:\program files (x86)\StarMoney Business 6.0 Deutsche Bank Edition\ouservice\StarMoneyOnlineUpdate.exe [x]
S3 BackupReader;BackupReader;c:\windows\system32\DRIVERS\BackupReader.sys;c:\windows\SYSNATIVE\DRIVERS\BackupReader.sys [x]
S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.exe [x]
S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y62x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1y62x64.sys [x]
S3 NWIM;AVM VPN Miniport;c:\windows\system32\DRIVERS\avmnwim.sys;c:\windows\SYSNATIVE\DRIVERS\avmnwim.sys [x]
S3 vNICdrv;Iomega Virtual Miniport;c:\windows\system32\DRIVERS\vNICdrv.sys;c:\windows\SYSNATIVE\DRIVERS\vNICdrv.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt        REG_MULTI_SZ          hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-10-17 01:22        1185744        ----a-w-        c:\program files (x86)\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-11-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-01 15:42]
.
2013-11-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-20 19:07]
.
2013-11-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-20 19:07]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
2013-10-22 19:18        336952        ----a-w-        c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-20 7981088]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-07-02 170496]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://www.google.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube Download - c:\users\Henrik\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm
IE: Free YouTube to MP3 Converter - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
Trusted Zone: norisbank.de
TCP: DhcpNameServer = 192.168.2.1
DPF: {B1953AD6-C50E-11D3-B020-00A0C9251384} - hxxp://www.o2c.de/download/O2CPlayer.CAB
FF - ProfilePath - c:\users\Henrik\AppData\Roaming\Mozilla\Firefox\Profiles\r56kwft5.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.de/
FF - ExtSQL: !HIDDEN! 2010-08-30 12:07; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{11111111-1111-1111-1111-110011441179} - c:\program files (x86)\Giant Savings\Giant Savings.dll
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Twonky Tray Control.lnk - c:\program files (x86)\TwonkyMedia\twonkymediaserverconfig.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-ELKACOMM&135E&0145 - c:\windows\system32\Silabs\DriverUninstaller.exe VCP CP210x Cardinal\ELKACOMM&135E&0145
AddRemove-FRITZ! 2.0 - c:\windows\IsUn0407.exe
AddRemove-Video Converter - c:\program files (x86)\VideoConverter\Uninstall\Uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\ >*]
"7040110900063D11C8EF10054038389C"="C?\\Windows\\SysWOW64\\FM20ENU.DLL"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
  00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-11-13  11:20:50
ComboFix-quarantined-files.txt  2013-11-13 10:20
.
Vor Suchlauf: 11 Verzeichnis(se), 146.079.330.304 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 154.686.775.296 Bytes frei
.
- - End Of File - - 3453E941326732A801C5870B38329DC7
C79B30CB8852157F6F908E4698CFE0D0

schrauber 13.11.2013 16:09
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

Heinzi1969 14.11.2013 10:40
So alles erledigt

Hier die Log MBAM
Code:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.11.14.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16721
Henrik :: MED7 [Administrator]

14.11.2013 09:30:18
mbam-log-2013-11-14 (09-30-18).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 220718
Laufzeit: 5 Minute(n), 57 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 10
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Giant Savings (PUP.Optional.GiantSavings.A) -> Keine Aktion durchgeführt.
HKCR\CrossriderApp0004479.BHO (PUP.Optional.CrossRider.A) -> Keine Aktion durchgeführt.
HKCR\CrossriderApp0004479.Sandbox (PUP.Optional.CrossRider.A) -> Keine Aktion durchgeführt.
HKCR\CrossriderApp0004479.Sandbox.1 (PUP.Optional.CrossRider.A) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\215 APPS (PUP.CrossFire.SA) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011441179} (PUP.Optional.CrossRider.M) -> Keine Aktion durchgeführt.
HKCR\CLSID\{11111111-1111-1111-1111-110011441179} (PUP.Optional.CrossRider.M) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011441179} (PUP.Optional.CrossRider.M) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011441179} (PUP.Optional.CrossRider.M) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 2
HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Daten: zwyE1P1J1Y1T1G0Z0N -> Keine Aktion durchgeführt.
HKCU\Software\InstalledBrowserExtensions\215 Apps|4479 (PUP.CrossFire.SA) -> Daten: Giant Savings -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 1
C:\Program Files (x86)\Giant Savings (PUP.Optional.GiantSavings.A) -> Keine Aktion durchgeführt.

Infizierte Dateien: 7
C:\Program Files (x86)\Giant Savings\Giant Savings.ico (PUP.Optional.GiantSavings.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Giant Savings\ButtonUtil.dll (PUP.Optional.GiantSavings.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Giant Savings\Giant Savings-bg.exe (PUP.Optional.GiantSavings.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Giant Savings\Giant Savings.exe (PUP.Optional.GiantSavings.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Giant Savings\Giant Savings.ini (PUP.Optional.GiantSavings.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Giant Savings\Giant SavingsInstaller.log (PUP.Optional.GiantSavings.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Giant Savings\Uninstall.exe (PUP.Optional.GiantSavings.A) -> Keine Aktion durchgeführt.

(Ende)
Hier die LOG ADW

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-11-2013
Ran by Henrik (administrator) on MED7 on 14-11-2013 10:32:21
Running from C:\Users\Henrik\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVM Berlin) C:\Program Files\FRITZ!Fernzugang\avmike.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(AVM Berlin) C:\Program Files\FRITZ!Fernzugang\certsrv.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\lexware\installer service\LxInstallerService.exe
(iAnywhere Solutions, Inc.) C:\Program Files (x86)\SQL Anywhere 12\Bin32\dbsrv12.exe
(AVM Berlin) C:\Program Files\FRITZ!Fernzugang\nwtsrv.exe
(LenovoEMC Ltd.) C:\Program Files (x86)\LenovoEMC Storage Manager\pCloudd.exe
(Protexis Inc.) c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Star Finanz - Software Entwicklung und Vertriebs GmbH) C:\Program Files (x86)\StarMoney Business 4.0 Deutsche Bank Edition\ouservice\StarMoneyOnlineUpdate.exe
(Star Finanz - Software Entwicklung und Vertriebs GmbH) C:\Program Files (x86)\StarMoney Business 5.0 Deutsche Bank Edition\ouservice\StarMoneyOnlineUpdate.exe
(Star Finanz-Software Entwicklung und Vertriebs GmbH) C:\Program Files (x86)\StarMoney Business 6.0 Deutsche Bank Edition\ouservice\StarMoneyOnlineUpdate.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jusched.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(T-Com) C:\Program Files (x86)\T-Home\Eumex 800 V1.30\ControlCenter.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(LenovoEMC) C:\Program Files (x86)\LenovoEMC Storage Manager\LenovoEMCStorageManager.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Apple Inc.) C:\Program Files (x86)\AirPort\APAgent.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IAAnotif] - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7981088 2009-07-20] (Realtek Semiconductor)
HKLM\...\Run: [Windows Mobile Device Center] - C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Java\jre6\bin\jusched.exe [170496 2010-07-02] (Sun Microsystems, Inc.)
HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [1744152 2011-10-07] (Logitech, Inc.)
Winlogon\Notify\LBTWlgn: C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
HKCU\...\Run: [KiesPDLR] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [1106288 2013-05-23] (Samsung)
HKCU\...\Run: [KiesPreload] - C:\Program Files (x86)\Samsung\Kies\Kies.exe [1561968 2013-05-23] (Samsung)
HKCU\...\Run: [] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [1106288 2013-05-23] (Samsung)
HKLM-x32\...\Run: [StarMoneyRunEntry] - C:\Program Files (x86)\StarMoney Business 4.0 Deutsche Bank Edition\app\OflAgent.exe [57864 2011-09-22] (Star Finanz - Software Entwicklung und Vertriebs GmbH)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-01-26] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SMB50StarMoneyRunEntry] - C:\Program Files (x86)\StarMoney Business 5.0 Deutsche Bank Edition\app\OflAgent.exe [56976 2013-11-06] (Star Finanz - Software Entwicklung und Vertriebs GmbH)
HKLM-x32\...\Run: [NBAgent] - C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe [1406248 2011-04-08] (Nero AG)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-05-23] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [AirPort Base Station Agent] - C:\Program Files (x86)\AirPort\APAgent.exe [771360 2009-11-11] (Apple Inc.)
HKLM-x32\...\Run: [LexwareInfoService] - C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe [189808 2011-07-31] (Haufe-Lexware GmbH & Co. KG)
HKLM-x32\...\Run: [SMB60StarMoneyRunEntry] - C:\Program Files (x86)\StarMoney Business 6.0 Deutsche Bank Edition\app\OflAgent.exe [48272 2013-10-18] (Star Finanz-Software Entwicklung und Vertriebs GmbH)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-10-23] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [681032 2013-10-10] (Avira Operations GmbH & Co. KG)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com
URLSearchHook: HKCU - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Bing Bar Helper - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM-x32 - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
DPF: HKLM-x32 {B1953AD6-C50E-11D3-B020-00A0C9251384} hxxp://www.o2c.de/download/O2CPlayer.CAB
DPF: HKLM-x32 {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-29-0.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Henrik\AppData\Roaming\Mozilla\Firefox\Profiles\r56kwft5.default
FF SearchEngineOrder.1: Ask.com
FF Homepage: https://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @innoplus.de/ino3DViewer - C:\Program Files (x86)\INNOVA-engineering GmbH\3D-Viewer-innoPlus\npIno3DViewer.dll (INNOVA-engineering GmbH Dresden)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.3 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM - C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF Plugin-x32: @SonyCreativeSoftware.com/Media Go,version=1.0 - C:\Program Files (x86)\Sony\Media Go\npmediago.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: sony.com/MediaGoDetector - C:\Program Files (x86)\Sony\Media Go\npMediaGoDetector.dll (Sony Network Entertainment International LLC)
FF SearchPlugin: C:\Users\Henrik\AppData\Roaming\Mozilla\Firefox\Profiles\r56kwft5.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Henrik\AppData\Roaming\Mozilla\Firefox\Profiles\r56kwft5.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\Henrik\AppData\Roaming\Mozilla\Firefox\Profiles\r56kwft5.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\Henrik\AppData\Roaming\Mozilla\Firefox\Profiles\r56kwft5.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: toolbar - C:\Users\Henrik\AppData\Roaming\Mozilla\Firefox\Profiles\r56kwft5.default\Extensions\toolbar@web.de.xpi
FF Extension: No Name - C:\Users\Henrik\AppData\Roaming\Mozilla\Firefox\Profiles\r56kwft5.default\Extensions\{146f1820-2b0d-49ef-acbf-d85a6986e10c}.xpi
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA}
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKCU\...\Thunderbird\Extensions: [{380AE6CB-09B9-4373-B360-D01C2462A6E7}] - C:\Program Files\BullGuard Ltd\BullGuard\files32\backup\thunderbirdbkplugin
FF HKCU\...\Thunderbird\Extensions: [{0E810812-F4BB-4309-942A-755587587A5E}] - C:\Program Files\BullGuard Ltd\BullGuard\files32\antispam\tbspamfilter

Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: (YouTube) - C:\Users\Henrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1
CHR Extension: (Google Search) - C:\Users\Henrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1
CHR Extension: (DVDVideoSoft Browser Extension) - C:\Users\Henrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0
CHR Extension: (Gmail) - C:\Users\Henrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440392 2013-10-10] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440392 2013-10-10] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1164360 2013-10-10] (Avira Operations GmbH & Co. KG)
R2 avmike; C:\Program Files\FRITZ!Fernzugang\avmike.exe [335224 2010-03-30] (AVM Berlin)
R2 certsrv; C:\Program Files\FRITZ!Fernzugang\certsrv.exe [143224 2010-03-30] (AVM Berlin)
R2 Lexware Installations Dienst; C:\Program Files (x86)\lexware\installer service\LxInstallerService.exe [24064 2012-10-07] (Haufe-Lexware GmbH & Co. KG)
R2 Lexware_Premium_Datenbank; C:\Program Files (x86)\SQL Anywhere 12\Bin32\dbsrv12.exe [141176 2012-06-01] (iAnywhere Solutions, Inc.)
R2 nwtsrv; C:\Program Files\FRITZ!Fernzugang\nwtsrv.exe [189304 2010-03-30] (AVM Berlin)
R2 PCloudd; C:\Program Files (x86)\LenovoEMC Storage Manager\pCloudd.exe [215040 2013-07-07] (LenovoEMC Ltd.)
R2 StarMoney Business 4.0 OnlineUpdate; C:\Program Files (x86)\StarMoney Business 4.0 Deutsche Bank Edition\ouservice\StarMoneyOnlineUpdate.exe [554160 2011-11-08] (Star Finanz - Software Entwicklung und Vertriebs GmbH)
R2 StarMoney Business 5.0 OnlineUpdate; C:\Program Files (x86)\StarMoney Business 5.0 Deutsche Bank Edition\ouservice\StarMoneyOnlineUpdate.exe [699680 2012-12-21] (Star Finanz - Software Entwicklung und Vertriebs GmbH)
R2 StarMoney Business 6.0 OnlineUpdate; C:\Program Files (x86)\StarMoney Business 6.0 Deutsche Bank Edition\ouservice\StarMoneyOnlineUpdate.exe [663184 2013-10-11] (Star Finanz-Software Entwicklung und Vertriebs GmbH)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105856 2013-10-10] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132600 2013-10-10] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-10] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [83160 2013-10-10] (Avira Operations GmbH & Co. KG)
R2 cpuz135; C:\Windows\system32\drivers\cpuz135_x64.sys [21992 2011-09-21] (CPUID)
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-05-22] ()
S3 IAMTVE; C:\Windows\system32\DRIVERS\IAMTVE.sys [43416 2007-04-11] (Intel Corporation)
S3 IAMTXPE; C:\Windows\system32\DRIVERS\IAMTXPE.sys [51096 2007-04-11] (Intel Corporation)
R3 NWIM; C:\Windows\System32\DRIVERS\avmnwim.sys [412024 2010-03-30] (AVM Berlin)
S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [31744 2009-01-09] (Research in Motion Ltd)
S3 RTL8187B; C:\Windows\System32\DRIVERS\rtl8187B.sys [450048 2010-03-31] (Realtek Semiconductor Corporation                          )
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2009-12-18] (Duplex Secure Ltd.)
R3 vNICdrv; C:\Windows\System32\DRIVERS\vNICdrv.sys [20048 2012-09-09] (Iomega Corporation)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 nmwcdnsucx64; system32\drivers\nmwcdnsucx64.sys [x]
S3 nmwcdnsux64; system32\drivers\nmwcdnsux64.sys [x]
S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys [x]
S3 upperdev; system32\DRIVERS\usbser_lowerfltx64.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-14 10:21 - 2013-11-14 10:21 - 01957794 _____ (Farbar) C:\Users\Henrik\Desktop\FRST64.exe
2013-11-14 10:11 - 2013-11-14 10:11 - 01957794 _____ (Farbar) C:\Users\Henrik\Downloads\FRST64.exe
2013-11-14 10:04 - 2013-11-14 10:04 - 00001312 _____ C:\Users\Henrik\Desktop\JRT.txt
2013-11-14 09:59 - 2013-11-14 09:59 - 00000000 ____D C:\Windows\ERUNT
2013-11-14 09:58 - 2013-11-14 09:58 - 00021580 _____ C:\Users\Henrik\Desktop\AdwCleaner[S0].txt
2013-11-14 09:39 - 2013-11-14 09:53 - 00000000 ____D C:\AdwCleaner
2013-11-14 09:27 - 2013-11-14 09:27 - 00000000 ____D C:\Users\Henrik\AppData\Roaming\Malwarebytes
2013-11-14 09:26 - 2013-11-14 09:26 - 00001077 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-11-14 09:26 - 2013-11-14 09:26 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-14 09:26 - 2013-11-14 09:26 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-14 09:26 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-11-14 09:23 - 2013-11-14 09:23 - 01085542 _____ C:\Users\Henrik\Desktop\adwcleaner.exe
2013-11-14 09:23 - 2013-11-14 09:23 - 01034531 _____ (Thisisu) C:\Users\Henrik\Desktop\JRT.exe
2013-11-13 11:20 - 2013-11-13 11:20 - 00032583 _____ C:\ComboFix.txt
2013-11-13 10:54 - 2013-11-13 11:20 - 00000000 ____D C:\Qoobox
2013-11-13 10:54 - 2013-11-13 11:19 - 00000000 ____D C:\Windows\erdnt
2013-11-13 10:54 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2013-11-13 10:54 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2013-11-13 10:54 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-11-13 10:54 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-11-13 10:54 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-11-13 10:54 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2013-11-13 10:54 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2013-11-13 10:54 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2013-11-13 10:53 - 2013-11-13 10:53 - 05147957 ____R (Swearware) C:\Users\Henrik\Desktop\ComboFix.exe
2013-11-13 10:46 - 2013-11-13 10:46 - 00455800 _____ C:\Windows\Minidump\111313-29125-01.dmp
2013-11-13 10:14 - 2013-11-13 10:14 - 00009101 _____ C:\Users\Henrik\Desktop\gmer.log
2013-11-13 10:00 - 2013-11-13 10:01 - 00040269 _____ C:\Users\Henrik\Desktop\Addition.txt
2013-11-13 09:58 - 2013-11-14 10:32 - 00021473 _____ C:\Users\Henrik\Desktop\FRST.txt
2013-11-13 09:57 - 2013-11-13 09:57 - 00000000 ____D C:\FRST
2013-11-13 09:56 - 2013-11-13 09:56 - 00377856 _____ C:\Users\Henrik\Desktop\gmer_2.1.19163.exe
2013-11-13 09:34 - 2013-11-13 09:34 - 00000584 _____ C:\Users\Henrik\Desktop\defogger_disable.log
2013-11-13 09:34 - 2013-11-13 09:34 - 00000020 _____ C:\Users\Henrik\defogger_reenable
2013-11-13 09:30 - 2013-11-13 09:30 - 00050477 _____ C:\Users\Henrik\Desktop\Defogger.exe
2013-11-13 09:14 - 2013-11-13 09:32 - 00000000 ____D C:\Program Files\stinger
2013-11-07 11:01 - 2013-09-04 13:12 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-11-07 11:01 - 2013-09-04 13:11 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-11-07 11:01 - 2013-09-04 13:11 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2013-11-07 11:01 - 2013-09-04 13:11 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-11-07 11:01 - 2013-09-04 13:11 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2013-11-07 11:01 - 2013-09-04 13:11 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2013-11-07 11:01 - 2013-09-04 13:11 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2013-11-06 01:49 - 2013-11-06 01:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-10-30 13:06 - 2013-10-30 13:06 - 00000000 ____D C:\Users\Henrik\AppData\Roaming\Avira
2013-10-30 13:01 - 2013-10-30 13:01 - 00002034 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-10-30 13:01 - 2013-10-30 13:01 - 00000000 ____D C:\ProgramData\Avira
2013-10-30 13:01 - 2013-10-30 13:01 - 00000000 ____D C:\Program Files (x86)\Avira
2013-10-30 13:01 - 2013-10-10 19:14 - 00132600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-10-30 13:01 - 2013-10-10 19:14 - 00105856 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-10-30 13:01 - 2013-10-10 19:14 - 00083160 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-10-30 13:01 - 2013-10-10 19:14 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-10-30 11:07 - 2013-10-30 11:11 - 123853152 _____ C:\Users\Henrik\Downloads\avira_free_antivirus_de.exe
2013-10-27 20:14 - 2013-10-27 20:14 - 00000000 ____D C:\Program Files (x86)\Sony Media Go Install
2013-10-27 17:55 - 2013-10-27 17:55 - 00001500 _____ C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk
2013-10-25 09:16 - 2013-10-25 09:16 - 00001747 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-10-25 09:16 - 2013-10-25 09:16 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-10-25 09:16 - 2013-10-25 09:16 - 00000000 ____D C:\Program Files\iTunes
2013-10-25 09:16 - 2013-10-25 09:16 - 00000000 ____D C:\Program Files\iPod
2013-10-25 09:16 - 2013-10-25 09:16 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-10-24 11:16 - 2013-10-24 11:16 - 00001169 _____ C:\Users\Public\Desktop\LenovoEMC Storage Manager.lnk
2013-10-24 11:16 - 2013-10-24 11:16 - 00000000 ____D C:\Users\Henrik\AppData\Local\LenovoEMCStorageManager
2013-10-24 11:16 - 2013-10-24 11:16 - 00000000 ____D C:\ProgramData\LenovoEMCStorageManager
2013-10-24 11:15 - 2013-10-24 11:16 - 00000000 ____D C:\Program Files (x86)\LenovoEMC Storage Manager
2013-10-23 12:35 - 2013-10-23 12:35 - 00004278 _____ C:\Windows\SysWOW64\jupdate-1.7.0_45-b18.log
2013-10-23 12:35 - 2013-10-08 06:50 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-10-23 12:35 - 2013-10-08 06:46 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-10-23 12:35 - 2013-10-08 06:46 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-10-23 12:35 - 2013-10-08 06:46 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-10-21 18:25 - 2013-10-21 18:25 - 00001034 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-10-21 11:44 - 2013-10-21 11:46 - 17813896 _____ (Adobe Systems Incorporated) C:\Users\Henrik\Downloads\install_flash_player_11_plugin.exe
2013-10-21 11:42 - 2013-10-21 11:45 - 24278649 _____ C:\Users\Henrik\Downloads\vlc-2.1.0-win32.exe

==================== One Month Modified Files and Folders =======

2013-11-14 10:32 - 2013-11-13 09:58 - 00021473 _____ C:\Users\Henrik\Desktop\FRST.txt
2013-11-14 10:21 - 2013-11-14 10:21 - 01957794 _____ (Farbar) C:\Users\Henrik\Desktop\FRST64.exe
2013-11-14 10:21 - 2011-01-20 20:07 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-14 10:11 - 2013-11-14 10:11 - 01957794 _____ (Farbar) C:\Users\Henrik\Downloads\FRST64.exe
2013-11-14 10:04 - 2013-11-14 10:04 - 00001312 _____ C:\Users\Henrik\Desktop\JRT.txt
2013-11-14 10:04 - 2009-07-14 05:45 - 00009888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-14 10:04 - 2009-07-14 05:45 - 00009888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-14 10:00 - 2009-07-14 18:58 - 00654150 _____ C:\Windows\system32\perfh007.dat
2013-11-14 10:00 - 2009-07-14 18:58 - 00130022 _____ C:\Windows\system32\perfc007.dat
2013-11-14 10:00 - 2009-07-14 06:13 - 01498742 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-14 09:59 - 2013-11-14 09:59 - 00000000 ____D C:\Windows\ERUNT
2013-11-14 09:58 - 2013-11-14 09:58 - 00021580 _____ C:\Users\Henrik\Desktop\AdwCleaner[S0].txt
2013-11-14 09:57 - 2011-01-20 20:07 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-14 09:55 - 2011-09-12 17:07 - 00057652 _____ C:\Windows\setupact.log
2013-11-14 09:55 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-14 09:54 - 2009-12-17 12:04 - 01487631 _____ C:\Windows\WindowsUpdate.log
2013-11-14 09:53 - 2013-11-14 09:39 - 00000000 ____D C:\AdwCleaner
2013-11-14 09:35 - 2013-01-01 22:36 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-14 09:27 - 2013-11-14 09:27 - 00000000 ____D C:\Users\Henrik\AppData\Roaming\Malwarebytes
2013-11-14 09:26 - 2013-11-14 09:26 - 00001077 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-11-14 09:26 - 2013-11-14 09:26 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-14 09:26 - 2013-11-14 09:26 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-14 09:23 - 2013-11-14 09:23 - 01085542 _____ C:\Users\Henrik\Desktop\adwcleaner.exe
2013-11-14 09:23 - 2013-11-14 09:23 - 01034531 _____ (Thisisu) C:\Users\Henrik\Desktop\JRT.exe
2013-11-13 15:21 - 2009-12-17 12:05 - 00000000 ____D C:\Users\Henrik
2013-11-13 13:24 - 2013-01-05 10:26 - 00002139 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-11-13 11:25 - 2011-10-14 02:22 - 00140756 _____ C:\Windows\PFRO.log
2013-11-13 11:20 - 2013-11-13 11:20 - 00032583 _____ C:\ComboFix.txt
2013-11-13 11:20 - 2013-11-13 10:54 - 00000000 ____D C:\Qoobox
2013-11-13 11:19 - 2013-11-13 10:54 - 00000000 ____D C:\Windows\erdnt
2013-11-13 11:17 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini
2013-11-13 10:53 - 2013-11-13 10:53 - 05147957 ____R (Swearware) C:\Users\Henrik\Desktop\ComboFix.exe
2013-11-13 10:46 - 2013-11-13 10:46 - 00455800 _____ C:\Windows\Minidump\111313-29125-01.dmp
2013-11-13 10:46 - 2011-12-20 10:09 - 674098613 _____ C:\Windows\MEMORY.DMP
2013-11-13 10:46 - 2011-02-25 09:41 - 00000000 ____D C:\Windows\Minidump
2013-11-13 10:14 - 2013-11-13 10:14 - 00009101 _____ C:\Users\Henrik\Desktop\gmer.log
2013-11-13 10:01 - 2013-11-13 10:00 - 00040269 _____ C:\Users\Henrik\Desktop\Addition.txt
2013-11-13 09:57 - 2013-11-13 09:57 - 00000000 ____D C:\FRST
2013-11-13 09:56 - 2013-11-13 09:56 - 00377856 _____ C:\Users\Henrik\Desktop\gmer_2.1.19163.exe
2013-11-13 09:39 - 2010-01-04 10:07 - 00000000 ____D C:\ProgramData\Lexware
2013-11-13 09:34 - 2013-11-13 09:34 - 00000584 _____ C:\Users\Henrik\Desktop\defogger_disable.log
2013-11-13 09:34 - 2013-11-13 09:34 - 00000020 _____ C:\Users\Henrik\defogger_reenable
2013-11-13 09:32 - 2013-11-13 09:14 - 00000000 ____D C:\Program Files\stinger
2013-11-13 09:30 - 2013-11-13 09:30 - 00050477 _____ C:\Users\Henrik\Desktop\Defogger.exe
2013-11-13 08:43 - 2012-05-12 09:46 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-11-12 21:32 - 2009-12-19 10:15 - 00000000 ____D C:\Users\Henrik\AppData\Roaming\UseNeXT
2013-11-12 21:18 - 2009-12-18 12:52 - 00000000 ____D C:\Users\Henrik\Documents\EJUseNeXT
2013-11-12 20:36 - 2009-12-18 12:52 - 00000000 ____D C:\Users\Henrik\Documents\Eigene Scans
2013-11-12 20:35 - 2009-12-18 13:34 - 00000000 ____D C:\Users\Henrik\Documents\AExport
2013-11-12 20:33 - 2010-02-01 20:34 - 00002516 ___SH C:\ProgramData\KGyGaAvL.sys
2013-11-12 18:40 - 2011-08-15 12:20 - 00000000 ____D C:\ProgramData\StarMoney Business 5.0
2013-11-12 09:12 - 2011-08-16 08:21 - 00000000 ____D C:\Program Files (x86)\StarMoney Business 5.0 Deutsche Bank Edition
2013-11-11 16:22 - 2013-03-22 10:10 - 00000000 ____D C:\Program Files (x86)\StarMoney Business 6.0 Deutsche Bank Edition
2013-11-08 10:37 - 2012-01-11 14:15 - 00000000 ____D C:\Users\Public\Documents\SoftPhone
2013-11-06 01:50 - 2013-11-06 01:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-05 19:28 - 2009-12-18 12:37 - 00000000 ____D C:\Users\Henrik\Documents\1AA Dokumente
2013-11-05 09:49 - 2013-08-12 07:25 - 00000000 ____D C:\Users\Henrik\Documents\Calibre-Bibliothek
2013-11-04 23:56 - 2012-01-19 14:31 - 00003466 _____ C:\Windows\System32\Tasks\Henrik NBAgent 5 4
2013-11-03 18:17 - 2009-12-18 13:37 - 00000000 ____D C:\Users\Henrik\Documents\Privat
2013-10-30 13:06 - 2013-10-30 13:06 - 00000000 ____D C:\Users\Henrik\AppData\Roaming\Avira
2013-10-30 13:01 - 2013-10-30 13:01 - 00002034 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-10-30 13:01 - 2013-10-30 13:01 - 00000000 ____D C:\ProgramData\Avira
2013-10-30 13:01 - 2013-10-30 13:01 - 00000000 ____D C:\Program Files (x86)\Avira
2013-10-30 11:11 - 2013-10-30 11:07 - 123853152 _____ C:\Users\Henrik\Downloads\avira_free_antivirus_de.exe
2013-10-30 11:10 - 2013-01-16 11:42 - 00002134 _____ C:\Users\Public\Desktop\Lexware premium.lnk
2013-10-29 08:50 - 2009-12-18 11:04 - 00000000 ____D C:\Users\Henrik\Documents\Daniel
2013-10-27 20:14 - 2013-10-27 20:14 - 00000000 ____D C:\Program Files (x86)\Sony Media Go Install
2013-10-27 20:14 - 2013-07-22 10:44 - 00001849 _____ C:\Users\Public\Desktop\Media Go.lnk
2013-10-27 17:55 - 2013-10-27 17:55 - 00001500 _____ C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk
2013-10-27 17:55 - 2013-01-05 16:41 - 00000000 ____D C:\Users\Henrik\AppData\Roaming\DVDVideoSoft
2013-10-27 17:55 - 2013-01-05 16:41 - 00000000 ____D C:\Program Files (x86)\DVDVideoSoft
2013-10-25 09:16 - 2013-10-25 09:16 - 00001747 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-10-25 09:16 - 2013-10-25 09:16 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-10-25 09:16 - 2013-10-25 09:16 - 00000000 ____D C:\Program Files\iTunes
2013-10-25 09:16 - 2013-10-25 09:16 - 00000000 ____D C:\Program Files\iPod
2013-10-25 09:16 - 2013-10-25 09:16 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-10-24 15:11 - 2011-09-02 09:48 - 00000000 ____D C:\Users\Henrik\AppData\Local\FRITZ!
2013-10-24 11:16 - 2013-10-24 11:16 - 00001169 _____ C:\Users\Public\Desktop\LenovoEMC Storage Manager.lnk
2013-10-24 11:16 - 2013-10-24 11:16 - 00000000 ____D C:\Users\Henrik\AppData\Local\LenovoEMCStorageManager
2013-10-24 11:16 - 2013-10-24 11:16 - 00000000 ____D C:\ProgramData\LenovoEMCStorageManager
2013-10-24 11:16 - 2013-10-24 11:15 - 00000000 ____D C:\Program Files (x86)\LenovoEMC Storage Manager
2013-10-24 11:15 - 2011-12-16 08:59 - 00000000 ____D C:\Program Files (x86)\Iomega Storage Manager
2013-10-24 07:15 - 2013-10-13 12:45 - 00001825 _____ C:\Users\Henrik\Desktop\UseNeXT by Tangysoft.lnk
2013-10-24 07:15 - 2009-12-19 10:15 - 00000000 ____D C:\Program Files (x86)\UseNeXT
2013-10-23 12:35 - 2013-10-23 12:35 - 00004278 _____ C:\Windows\SysWOW64\jupdate-1.7.0_45-b18.log
2013-10-23 12:35 - 2013-09-26 15:37 - 00000000 ____D C:\ProgramData\Oracle
2013-10-23 12:35 - 2010-01-04 10:06 - 00000000 ____D C:\Program Files (x86)\Java
2013-10-21 18:25 - 2013-10-21 18:25 - 00001034 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-10-21 16:42 - 2013-01-01 22:36 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-10-21 16:42 - 2013-01-01 22:36 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-10-21 11:46 - 2013-10-21 11:44 - 17813896 _____ (Adobe Systems Incorporated) C:\Users\Henrik\Downloads\install_flash_player_11_plugin.exe
2013-10-21 11:45 - 2013-10-21 11:42 - 24278649 _____ C:\Users\Henrik\Downloads\vlc-2.1.0-win32.exe
2013-10-21 11:32 - 2010-04-12 15:21 - 00000000 ____D C:\Users\Henrik\AppData\Local\Nero
2013-10-17 11:55 - 2009-12-18 12:20 - 00000000 ____D C:\Users\Henrik\Documents\Sonderordner

Some content of TEMP:
====================
C:\Users\Henrik\AppData\Local\Temp\avgnt.exe
C:\Users\Henrik\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-11-10 00:05

==================== End Of Log ============================
--- --- ---

--- --- ---


LOG JRT

Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Home Premium x64
Ran by Henrik on 14.11.2013 at  9:59:50,38
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\dt soft\daemon tools toolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{870B18EA-E9E9-42F8-8408-43A3F18C24F4}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\ytd video downloader"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader"



~~~ FireFox

Emptied folder: C:\Users\Henrik\AppData\Roaming\mozilla\firefox\profiles\r56kwft5.default\minidumps [116 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 14.11.2013 at 10:04:31,63
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
LOG FRST


FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-11-2013
Ran by Henrik (administrator) on MED7 on 14-11-2013 10:32:21
Running from C:\Users\Henrik\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVM Berlin) C:\Program Files\FRITZ!Fernzugang\avmike.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(AVM Berlin) C:\Program Files\FRITZ!Fernzugang\certsrv.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\lexware\installer service\LxInstallerService.exe
(iAnywhere Solutions, Inc.) C:\Program Files (x86)\SQL Anywhere 12\Bin32\dbsrv12.exe
(AVM Berlin) C:\Program Files\FRITZ!Fernzugang\nwtsrv.exe
(LenovoEMC Ltd.) C:\Program Files (x86)\LenovoEMC Storage Manager\pCloudd.exe
(Protexis Inc.) c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Star Finanz - Software Entwicklung und Vertriebs GmbH) C:\Program Files (x86)\StarMoney Business 4.0 Deutsche Bank Edition\ouservice\StarMoneyOnlineUpdate.exe
(Star Finanz - Software Entwicklung und Vertriebs GmbH) C:\Program Files (x86)\StarMoney Business 5.0 Deutsche Bank Edition\ouservice\StarMoneyOnlineUpdate.exe
(Star Finanz-Software Entwicklung und Vertriebs GmbH) C:\Program Files (x86)\StarMoney Business 6.0 Deutsche Bank Edition\ouservice\StarMoneyOnlineUpdate.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jusched.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(T-Com) C:\Program Files (x86)\T-Home\Eumex 800 V1.30\ControlCenter.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(LenovoEMC) C:\Program Files (x86)\LenovoEMC Storage Manager\LenovoEMCStorageManager.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Apple Inc.) C:\Program Files (x86)\AirPort\APAgent.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IAAnotif] - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7981088 2009-07-20] (Realtek Semiconductor)
HKLM\...\Run: [Windows Mobile Device Center] - C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Java\jre6\bin\jusched.exe [170496 2010-07-02] (Sun Microsystems, Inc.)
HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [1744152 2011-10-07] (Logitech, Inc.)
Winlogon\Notify\LBTWlgn: C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
HKCU\...\Run: [KiesPDLR] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [1106288 2013-05-23] (Samsung)
HKCU\...\Run: [KiesPreload] - C:\Program Files (x86)\Samsung\Kies\Kies.exe [1561968 2013-05-23] (Samsung)
HKCU\...\Run: [] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [1106288 2013-05-23] (Samsung)
HKLM-x32\...\Run: [StarMoneyRunEntry] - C:\Program Files (x86)\StarMoney Business 4.0 Deutsche Bank Edition\app\OflAgent.exe [57864 2011-09-22] (Star Finanz - Software Entwicklung und Vertriebs GmbH)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-01-26] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SMB50StarMoneyRunEntry] - C:\Program Files (x86)\StarMoney Business 5.0 Deutsche Bank Edition\app\OflAgent.exe [56976 2013-11-06] (Star Finanz - Software Entwicklung und Vertriebs GmbH)
HKLM-x32\...\Run: [NBAgent] - C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe [1406248 2011-04-08] (Nero AG)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-05-23] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [AirPort Base Station Agent] - C:\Program Files (x86)\AirPort\APAgent.exe [771360 2009-11-11] (Apple Inc.)
HKLM-x32\...\Run: [LexwareInfoService] - C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe [189808 2011-07-31] (Haufe-Lexware GmbH & Co. KG)
HKLM-x32\...\Run: [SMB60StarMoneyRunEntry] - C:\Program Files (x86)\StarMoney Business 6.0 Deutsche Bank Edition\app\OflAgent.exe [48272 2013-10-18] (Star Finanz-Software Entwicklung und Vertriebs GmbH)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-10-23] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [681032 2013-10-10] (Avira Operations GmbH & Co. KG)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com
URLSearchHook: HKCU - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Bing Bar Helper - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM-x32 - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
DPF: HKLM-x32 {B1953AD6-C50E-11D3-B020-00A0C9251384} hxxp://www.o2c.de/download/O2CPlayer.CAB
DPF: HKLM-x32 {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-29-0.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Henrik\AppData\Roaming\Mozilla\Firefox\Profiles\r56kwft5.default
FF SearchEngineOrder.1: Ask.com
FF Homepage: https://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @innoplus.de/ino3DViewer - C:\Program Files (x86)\INNOVA-engineering GmbH\3D-Viewer-innoPlus\npIno3DViewer.dll (INNOVA-engineering GmbH Dresden)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.3 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM - C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF Plugin-x32: @SonyCreativeSoftware.com/Media Go,version=1.0 - C:\Program Files (x86)\Sony\Media Go\npmediago.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: sony.com/MediaGoDetector - C:\Program Files (x86)\Sony\Media Go\npMediaGoDetector.dll (Sony Network Entertainment International LLC)
FF SearchPlugin: C:\Users\Henrik\AppData\Roaming\Mozilla\Firefox\Profiles\r56kwft5.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Henrik\AppData\Roaming\Mozilla\Firefox\Profiles\r56kwft5.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\Henrik\AppData\Roaming\Mozilla\Firefox\Profiles\r56kwft5.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\Henrik\AppData\Roaming\Mozilla\Firefox\Profiles\r56kwft5.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: toolbar - C:\Users\Henrik\AppData\Roaming\Mozilla\Firefox\Profiles\r56kwft5.default\Extensions\toolbar@web.de.xpi
FF Extension: No Name - C:\Users\Henrik\AppData\Roaming\Mozilla\Firefox\Profiles\r56kwft5.default\Extensions\{146f1820-2b0d-49ef-acbf-d85a6986e10c}.xpi
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA}
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKCU\...\Thunderbird\Extensions: [{380AE6CB-09B9-4373-B360-D01C2462A6E7}] - C:\Program Files\BullGuard Ltd\BullGuard\files32\backup\thunderbirdbkplugin
FF HKCU\...\Thunderbird\Extensions: [{0E810812-F4BB-4309-942A-755587587A5E}] - C:\Program Files\BullGuard Ltd\BullGuard\files32\antispam\tbspamfilter

Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: (YouTube) - C:\Users\Henrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1
CHR Extension: (Google Search) - C:\Users\Henrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1
CHR Extension: (DVDVideoSoft Browser Extension) - C:\Users\Henrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0
CHR Extension: (Gmail) - C:\Users\Henrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440392 2013-10-10] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440392 2013-10-10] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1164360 2013-10-10] (Avira Operations GmbH & Co. KG)
R2 avmike; C:\Program Files\FRITZ!Fernzugang\avmike.exe [335224 2010-03-30] (AVM Berlin)
R2 certsrv; C:\Program Files\FRITZ!Fernzugang\certsrv.exe [143224 2010-03-30] (AVM Berlin)
R2 Lexware Installations Dienst; C:\Program Files (x86)\lexware\installer service\LxInstallerService.exe [24064 2012-10-07] (Haufe-Lexware GmbH & Co. KG)
R2 Lexware_Premium_Datenbank; C:\Program Files (x86)\SQL Anywhere 12\Bin32\dbsrv12.exe [141176 2012-06-01] (iAnywhere Solutions, Inc.)
R2 nwtsrv; C:\Program Files\FRITZ!Fernzugang\nwtsrv.exe [189304 2010-03-30] (AVM Berlin)
R2 PCloudd; C:\Program Files (x86)\LenovoEMC Storage Manager\pCloudd.exe [215040 2013-07-07] (LenovoEMC Ltd.)
R2 StarMoney Business 4.0 OnlineUpdate; C:\Program Files (x86)\StarMoney Business 4.0 Deutsche Bank Edition\ouservice\StarMoneyOnlineUpdate.exe [554160 2011-11-08] (Star Finanz - Software Entwicklung und Vertriebs GmbH)
R2 StarMoney Business 5.0 OnlineUpdate; C:\Program Files (x86)\StarMoney Business 5.0 Deutsche Bank Edition\ouservice\StarMoneyOnlineUpdate.exe [699680 2012-12-21] (Star Finanz - Software Entwicklung und Vertriebs GmbH)
R2 StarMoney Business 6.0 OnlineUpdate; C:\Program Files (x86)\StarMoney Business 6.0 Deutsche Bank Edition\ouservice\StarMoneyOnlineUpdate.exe [663184 2013-10-11] (Star Finanz-Software Entwicklung und Vertriebs GmbH)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105856 2013-10-10] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132600 2013-10-10] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-10] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [83160 2013-10-10] (Avira Operations GmbH & Co. KG)
R2 cpuz135; C:\Windows\system32\drivers\cpuz135_x64.sys [21992 2011-09-21] (CPUID)
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-05-22] ()
S3 IAMTVE; C:\Windows\system32\DRIVERS\IAMTVE.sys [43416 2007-04-11] (Intel Corporation)
S3 IAMTXPE; C:\Windows\system32\DRIVERS\IAMTXPE.sys [51096 2007-04-11] (Intel Corporation)
R3 NWIM; C:\Windows\System32\DRIVERS\avmnwim.sys [412024 2010-03-30] (AVM Berlin)
S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [31744 2009-01-09] (Research in Motion Ltd)
S3 RTL8187B; C:\Windows\System32\DRIVERS\rtl8187B.sys [450048 2010-03-31] (Realtek Semiconductor Corporation                          )
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2009-12-18] (Duplex Secure Ltd.)
R3 vNICdrv; C:\Windows\System32\DRIVERS\vNICdrv.sys [20048 2012-09-09] (Iomega Corporation)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 nmwcdnsucx64; system32\drivers\nmwcdnsucx64.sys [x]
S3 nmwcdnsux64; system32\drivers\nmwcdnsux64.sys [x]
S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys [x]
S3 upperdev; system32\DRIVERS\usbser_lowerfltx64.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-14 10:21 - 2013-11-14 10:21 - 01957794 _____ (Farbar) C:\Users\Henrik\Desktop\FRST64.exe
2013-11-14 10:11 - 2013-11-14 10:11 - 01957794 _____ (Farbar) C:\Users\Henrik\Downloads\FRST64.exe
2013-11-14 10:04 - 2013-11-14 10:04 - 00001312 _____ C:\Users\Henrik\Desktop\JRT.txt
2013-11-14 09:59 - 2013-11-14 09:59 - 00000000 ____D C:\Windows\ERUNT
2013-11-14 09:58 - 2013-11-14 09:58 - 00021580 _____ C:\Users\Henrik\Desktop\AdwCleaner[S0].txt
2013-11-14 09:39 - 2013-11-14 09:53 - 00000000 ____D C:\AdwCleaner
2013-11-14 09:27 - 2013-11-14 09:27 - 00000000 ____D C:\Users\Henrik\AppData\Roaming\Malwarebytes
2013-11-14 09:26 - 2013-11-14 09:26 - 00001077 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-11-14 09:26 - 2013-11-14 09:26 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-14 09:26 - 2013-11-14 09:26 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-14 09:26 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-11-14 09:23 - 2013-11-14 09:23 - 01085542 _____ C:\Users\Henrik\Desktop\adwcleaner.exe
2013-11-14 09:23 - 2013-11-14 09:23 - 01034531 _____ (Thisisu) C:\Users\Henrik\Desktop\JRT.exe
2013-11-13 11:20 - 2013-11-13 11:20 - 00032583 _____ C:\ComboFix.txt
2013-11-13 10:54 - 2013-11-13 11:20 - 00000000 ____D C:\Qoobox
2013-11-13 10:54 - 2013-11-13 11:19 - 00000000 ____D C:\Windows\erdnt
2013-11-13 10:54 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2013-11-13 10:54 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2013-11-13 10:54 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-11-13 10:54 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-11-13 10:54 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-11-13 10:54 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2013-11-13 10:54 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2013-11-13 10:54 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2013-11-13 10:53 - 2013-11-13 10:53 - 05147957 ____R (Swearware) C:\Users\Henrik\Desktop\ComboFix.exe
2013-11-13 10:46 - 2013-11-13 10:46 - 00455800 _____ C:\Windows\Minidump\111313-29125-01.dmp
2013-11-13 10:14 - 2013-11-13 10:14 - 00009101 _____ C:\Users\Henrik\Desktop\gmer.log
2013-11-13 10:00 - 2013-11-13 10:01 - 00040269 _____ C:\Users\Henrik\Desktop\Addition.txt
2013-11-13 09:58 - 2013-11-14 10:32 - 00021473 _____ C:\Users\Henrik\Desktop\FRST.txt
2013-11-13 09:57 - 2013-11-13 09:57 - 00000000 ____D C:\FRST
2013-11-13 09:56 - 2013-11-13 09:56 - 00377856 _____ C:\Users\Henrik\Desktop\gmer_2.1.19163.exe
2013-11-13 09:34 - 2013-11-13 09:34 - 00000584 _____ C:\Users\Henrik\Desktop\defogger_disable.log
2013-11-13 09:34 - 2013-11-13 09:34 - 00000020 _____ C:\Users\Henrik\defogger_reenable
2013-11-13 09:30 - 2013-11-13 09:30 - 00050477 _____ C:\Users\Henrik\Desktop\Defogger.exe
2013-11-13 09:14 - 2013-11-13 09:32 - 00000000 ____D C:\Program Files\stinger
2013-11-07 11:01 - 2013-09-04 13:12 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-11-07 11:01 - 2013-09-04 13:11 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-11-07 11:01 - 2013-09-04 13:11 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2013-11-07 11:01 - 2013-09-04 13:11 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-11-07 11:01 - 2013-09-04 13:11 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2013-11-07 11:01 - 2013-09-04 13:11 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2013-11-07 11:01 - 2013-09-04 13:11 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2013-11-06 01:49 - 2013-11-06 01:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-10-30 13:06 - 2013-10-30 13:06 - 00000000 ____D C:\Users\Henrik\AppData\Roaming\Avira
2013-10-30 13:01 - 2013-10-30 13:01 - 00002034 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-10-30 13:01 - 2013-10-30 13:01 - 00000000 ____D C:\ProgramData\Avira
2013-10-30 13:01 - 2013-10-30 13:01 - 00000000 ____D C:\Program Files (x86)\Avira
2013-10-30 13:01 - 2013-10-10 19:14 - 00132600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-10-30 13:01 - 2013-10-10 19:14 - 00105856 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-10-30 13:01 - 2013-10-10 19:14 - 00083160 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-10-30 13:01 - 2013-10-10 19:14 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-10-30 11:07 - 2013-10-30 11:11 - 123853152 _____ C:\Users\Henrik\Downloads\avira_free_antivirus_de.exe
2013-10-27 20:14 - 2013-10-27 20:14 - 00000000 ____D C:\Program Files (x86)\Sony Media Go Install
2013-10-27 17:55 - 2013-10-27 17:55 - 00001500 _____ C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk
2013-10-25 09:16 - 2013-10-25 09:16 - 00001747 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-10-25 09:16 - 2013-10-25 09:16 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-10-25 09:16 - 2013-10-25 09:16 - 00000000 ____D C:\Program Files\iTunes
2013-10-25 09:16 - 2013-10-25 09:16 - 00000000 ____D C:\Program Files\iPod
2013-10-25 09:16 - 2013-10-25 09:16 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-10-24 11:16 - 2013-10-24 11:16 - 00001169 _____ C:\Users\Public\Desktop\LenovoEMC Storage Manager.lnk
2013-10-24 11:16 - 2013-10-24 11:16 - 00000000 ____D C:\Users\Henrik\AppData\Local\LenovoEMCStorageManager
2013-10-24 11:16 - 2013-10-24 11:16 - 00000000 ____D C:\ProgramData\LenovoEMCStorageManager
2013-10-24 11:15 - 2013-10-24 11:16 - 00000000 ____D C:\Program Files (x86)\LenovoEMC Storage Manager
2013-10-23 12:35 - 2013-10-23 12:35 - 00004278 _____ C:\Windows\SysWOW64\jupdate-1.7.0_45-b18.log
2013-10-23 12:35 - 2013-10-08 06:50 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-10-23 12:35 - 2013-10-08 06:46 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-10-23 12:35 - 2013-10-08 06:46 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-10-23 12:35 - 2013-10-08 06:46 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-10-21 18:25 - 2013-10-21 18:25 - 00001034 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-10-21 11:44 - 2013-10-21 11:46 - 17813896 _____ (Adobe Systems Incorporated) C:\Users\Henrik\Downloads\install_flash_player_11_plugin.exe
2013-10-21 11:42 - 2013-10-21 11:45 - 24278649 _____ C:\Users\Henrik\Downloads\vlc-2.1.0-win32.exe

==================== One Month Modified Files and Folders =======

2013-11-14 10:32 - 2013-11-13 09:58 - 00021473 _____ C:\Users\Henrik\Desktop\FRST.txt
2013-11-14 10:21 - 2013-11-14 10:21 - 01957794 _____ (Farbar) C:\Users\Henrik\Desktop\FRST64.exe
2013-11-14 10:21 - 2011-01-20 20:07 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-14 10:11 - 2013-11-14 10:11 - 01957794 _____ (Farbar) C:\Users\Henrik\Downloads\FRST64.exe
2013-11-14 10:04 - 2013-11-14 10:04 - 00001312 _____ C:\Users\Henrik\Desktop\JRT.txt
2013-11-14 10:04 - 2009-07-14 05:45 - 00009888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-14 10:04 - 2009-07-14 05:45 - 00009888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-14 10:00 - 2009-07-14 18:58 - 00654150 _____ C:\Windows\system32\perfh007.dat
2013-11-14 10:00 - 2009-07-14 18:58 - 00130022 _____ C:\Windows\system32\perfc007.dat
2013-11-14 10:00 - 2009-07-14 06:13 - 01498742 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-14 09:59 - 2013-11-14 09:59 - 00000000 ____D C:\Windows\ERUNT
2013-11-14 09:58 - 2013-11-14 09:58 - 00021580 _____ C:\Users\Henrik\Desktop\AdwCleaner[S0].txt
2013-11-14 09:57 - 2011-01-20 20:07 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-14 09:55 - 2011-09-12 17:07 - 00057652 _____ C:\Windows\setupact.log
2013-11-14 09:55 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-14 09:54 - 2009-12-17 12:04 - 01487631 _____ C:\Windows\WindowsUpdate.log
2013-11-14 09:53 - 2013-11-14 09:39 - 00000000 ____D C:\AdwCleaner
2013-11-14 09:35 - 2013-01-01 22:36 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-14 09:27 - 2013-11-14 09:27 - 00000000 ____D C:\Users\Henrik\AppData\Roaming\Malwarebytes
2013-11-14 09:26 - 2013-11-14 09:26 - 00001077 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-11-14 09:26 - 2013-11-14 09:26 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-14 09:26 - 2013-11-14 09:26 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-14 09:23 - 2013-11-14 09:23 - 01085542 _____ C:\Users\Henrik\Desktop\adwcleaner.exe
2013-11-14 09:23 - 2013-11-14 09:23 - 01034531 _____ (Thisisu) C:\Users\Henrik\Desktop\JRT.exe
2013-11-13 15:21 - 2009-12-17 12:05 - 00000000 ____D C:\Users\Henrik
2013-11-13 13:24 - 2013-01-05 10:26 - 00002139 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-11-13 11:25 - 2011-10-14 02:22 - 00140756 _____ C:\Windows\PFRO.log
2013-11-13 11:20 - 2013-11-13 11:20 - 00032583 _____ C:\ComboFix.txt
2013-11-13 11:20 - 2013-11-13 10:54 - 00000000 ____D C:\Qoobox
2013-11-13 11:19 - 2013-11-13 10:54 - 00000000 ____D C:\Windows\erdnt
2013-11-13 11:17 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini
2013-11-13 10:53 - 2013-11-13 10:53 - 05147957 ____R (Swearware) C:\Users\Henrik\Desktop\ComboFix.exe
2013-11-13 10:46 - 2013-11-13 10:46 - 00455800 _____ C:\Windows\Minidump\111313-29125-01.dmp
2013-11-13 10:46 - 2011-12-20 10:09 - 674098613 _____ C:\Windows\MEMORY.DMP
2013-11-13 10:46 - 2011-02-25 09:41 - 00000000 ____D C:\Windows\Minidump
2013-11-13 10:14 - 2013-11-13 10:14 - 00009101 _____ C:\Users\Henrik\Desktop\gmer.log
2013-11-13 10:01 - 2013-11-13 10:00 - 00040269 _____ C:\Users\Henrik\Desktop\Addition.txt
2013-11-13 09:57 - 2013-11-13 09:57 - 00000000 ____D C:\FRST
2013-11-13 09:56 - 2013-11-13 09:56 - 00377856 _____ C:\Users\Henrik\Desktop\gmer_2.1.19163.exe
2013-11-13 09:39 - 2010-01-04 10:07 - 00000000 ____D C:\ProgramData\Lexware
2013-11-13 09:34 - 2013-11-13 09:34 - 00000584 _____ C:\Users\Henrik\Desktop\defogger_disable.log
2013-11-13 09:34 - 2013-11-13 09:34 - 00000020 _____ C:\Users\Henrik\defogger_reenable
2013-11-13 09:32 - 2013-11-13 09:14 - 00000000 ____D C:\Program Files\stinger
2013-11-13 09:30 - 2013-11-13 09:30 - 00050477 _____ C:\Users\Henrik\Desktop\Defogger.exe
2013-11-13 08:43 - 2012-05-12 09:46 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-11-12 21:32 - 2009-12-19 10:15 - 00000000 ____D C:\Users\Henrik\AppData\Roaming\UseNeXT
2013-11-12 21:18 - 2009-12-18 12:52 - 00000000 ____D C:\Users\Henrik\Documents\EJUseNeXT
2013-11-12 20:36 - 2009-12-18 12:52 - 00000000 ____D C:\Users\Henrik\Documents\Eigene Scans
2013-11-12 20:35 - 2009-12-18 13:34 - 00000000 ____D C:\Users\Henrik\Documents\AExport
2013-11-12 20:33 - 2010-02-01 20:34 - 00002516 ___SH C:\ProgramData\KGyGaAvL.sys
2013-11-12 18:40 - 2011-08-15 12:20 - 00000000 ____D C:\ProgramData\StarMoney Business 5.0
2013-11-12 09:12 - 2011-08-16 08:21 - 00000000 ____D C:\Program Files (x86)\StarMoney Business 5.0 Deutsche Bank Edition
2013-11-11 16:22 - 2013-03-22 10:10 - 00000000 ____D C:\Program Files (x86)\StarMoney Business 6.0 Deutsche Bank Edition
2013-11-08 10:37 - 2012-01-11 14:15 - 00000000 ____D C:\Users\Public\Documents\SoftPhone
2013-11-06 01:50 - 2013-11-06 01:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-05 19:28 - 2009-12-18 12:37 - 00000000 ____D C:\Users\Henrik\Documents\1AA Dokumente
2013-11-05 09:49 - 2013-08-12 07:25 - 00000000 ____D C:\Users\Henrik\Documents\Calibre-Bibliothek
2013-11-04 23:56 - 2012-01-19 14:31 - 00003466 _____ C:\Windows\System32\Tasks\Henrik NBAgent 5 4
2013-11-03 18:17 - 2009-12-18 13:37 - 00000000 ____D C:\Users\Henrik\Documents\Privat
2013-10-30 13:06 - 2013-10-30 13:06 - 00000000 ____D C:\Users\Henrik\AppData\Roaming\Avira
2013-10-30 13:01 - 2013-10-30 13:01 - 00002034 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-10-30 13:01 - 2013-10-30 13:01 - 00000000 ____D C:\ProgramData\Avira
2013-10-30 13:01 - 2013-10-30 13:01 - 00000000 ____D C:\Program Files (x86)\Avira
2013-10-30 11:11 - 2013-10-30 11:07 - 123853152 _____ C:\Users\Henrik\Downloads\avira_free_antivirus_de.exe
2013-10-30 11:10 - 2013-01-16 11:42 - 00002134 _____ C:\Users\Public\Desktop\Lexware premium.lnk
2013-10-29 08:50 - 2009-12-18 11:04 - 00000000 ____D C:\Users\Henrik\Documents\Daniel
2013-10-27 20:14 - 2013-10-27 20:14 - 00000000 ____D C:\Program Files (x86)\Sony Media Go Install
2013-10-27 20:14 - 2013-07-22 10:44 - 00001849 _____ C:\Users\Public\Desktop\Media Go.lnk
2013-10-27 17:55 - 2013-10-27 17:55 - 00001500 _____ C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk
2013-10-27 17:55 - 2013-01-05 16:41 - 00000000 ____D C:\Users\Henrik\AppData\Roaming\DVDVideoSoft
2013-10-27 17:55 - 2013-01-05 16:41 - 00000000 ____D C:\Program Files (x86)\DVDVideoSoft
2013-10-25 09:16 - 2013-10-25 09:16 - 00001747 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-10-25 09:16 - 2013-10-25 09:16 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-10-25 09:16 - 2013-10-25 09:16 - 00000000 ____D C:\Program Files\iTunes
2013-10-25 09:16 - 2013-10-25 09:16 - 00000000 ____D C:\Program Files\iPod
2013-10-25 09:16 - 2013-10-25 09:16 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-10-24 15:11 - 2011-09-02 09:48 - 00000000 ____D C:\Users\Henrik\AppData\Local\FRITZ!
2013-10-24 11:16 - 2013-10-24 11:16 - 00001169 _____ C:\Users\Public\Desktop\LenovoEMC Storage Manager.lnk
2013-10-24 11:16 - 2013-10-24 11:16 - 00000000 ____D C:\Users\Henrik\AppData\Local\LenovoEMCStorageManager
2013-10-24 11:16 - 2013-10-24 11:16 - 00000000 ____D C:\ProgramData\LenovoEMCStorageManager
2013-10-24 11:16 - 2013-10-24 11:15 - 00000000 ____D C:\Program Files (x86)\LenovoEMC Storage Manager
2013-10-24 11:15 - 2011-12-16 08:59 - 00000000 ____D C:\Program Files (x86)\Iomega Storage Manager
2013-10-24 07:15 - 2013-10-13 12:45 - 00001825 _____ C:\Users\Henrik\Desktop\UseNeXT by Tangysoft.lnk
2013-10-24 07:15 - 2009-12-19 10:15 - 00000000 ____D C:\Program Files (x86)\UseNeXT
2013-10-23 12:35 - 2013-10-23 12:35 - 00004278 _____ C:\Windows\SysWOW64\jupdate-1.7.0_45-b18.log
2013-10-23 12:35 - 2013-09-26 15:37 - 00000000 ____D C:\ProgramData\Oracle
2013-10-23 12:35 - 2010-01-04 10:06 - 00000000 ____D C:\Program Files (x86)\Java
2013-10-21 18:25 - 2013-10-21 18:25 - 00001034 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-10-21 16:42 - 2013-01-01 22:36 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-10-21 16:42 - 2013-01-01 22:36 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-10-21 11:46 - 2013-10-21 11:44 - 17813896 _____ (Adobe Systems Incorporated) C:\Users\Henrik\Downloads\install_flash_player_11_plugin.exe
2013-10-21 11:45 - 2013-10-21 11:42 - 24278649 _____ C:\Users\Henrik\Downloads\vlc-2.1.0-win32.exe
2013-10-21 11:32 - 2010-04-12 15:21 - 00000000 ____D C:\Users\Henrik\AppData\Local\Nero
2013-10-17 11:55 - 2009-12-18 12:20 - 00000000 ____D C:\Users\Henrik\Documents\Sonderordner

Some content of TEMP:
====================
C:\Users\Henrik\AppData\Local\Temp\avgnt.exe
C:\Users\Henrik\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-11-10 00:05

==================== End Of Log ============================
--- --- ---

--- --- ---


Sorry, bei ADW versehentlich die FRST reinkopiert.
Hier die richtige

Code:
# AdwCleaner v3.012 - Bericht erstellt am 14/11/2013 um 09:53:41
# Updated 11/11/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Henrik - MED7
# Gestartet von : C:\Users\Henrik\Desktop\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Ask
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\myfree codec
Ordner Gelöscht : C:\Program Files (x86)\Ask.com
Ordner Gelöscht : C:\Program Files (x86)\Giant Savings
Ordner Gelöscht : C:\Program Files (x86)\iMesh Applications
Ordner Gelöscht : C:\Program Files (x86)\myfree codec
Ordner Gelöscht : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
Ordner Gelöscht : C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}
Ordner Gelöscht : C:\Users\Henrik\AppData\Local\Giant Savings
Ordner Gelöscht : C:\Users\Henrik\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Users\Henrik\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\Henrik\AppData\Roaming\Mozilla\Firefox\Profiles\r56kwft5.default\Conduit
Ordner Gelöscht : C:\Users\Henrik\AppData\Roaming\Mozilla\Firefox\Profiles\r56kwft5.default\ConduitEngine
Datei Gelöscht : C:\Users\Henrik\AppData\Roaming\Mozilla\Firefox\Profiles\r56kwft5.default\searchplugins\11-suche.xml
Datei Gelöscht : C:\Users\Henrik\AppData\Roaming\Mozilla\Firefox\Profiles\r56kwft5.default\searchplugins\Askcom.xml
Datei Gelöscht : C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{ACAA314B-EEBA-48E4-AD47-84E31C44796C}]
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\ndkhncnongaclekkbelchmeafffimifj
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Giant Savings_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Giant Savings_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0004479.BHO
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0004479.Sandbox
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0004479.Sandbox.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5C3B5DAA-0AFF-4808-90FB-0F2F2D760E36}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FD501041-8EBE-11CE-8183-00AA00577DA2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110011441179}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220022442279}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550055445579}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066446679}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011441179}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011441179}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011441179}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550055445579}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066446679}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\APN PIP
Schlüssel Gelöscht : HKCU\Software\Ask.com
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\installedbrowserextensions
Schlüssel Gelöscht : HKCU\Software\Myfree Codec
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Giant Savings
Schlüssel Gelöscht : HKLM\Software\AskToolbar
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\eRightSoft\OpenCandy
Schlüssel Gelöscht : HKLM\Software\Myfree Codec
Schlüssel Gelöscht : HKLM\Software\PIP
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Giant Savings
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF

***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.16720


-\\ Mozilla Firefox v25.0 (de)

[ Datei : C:\Users\Henrik\AppData\Roaming\Mozilla\Firefox\Profiles\r56kwft5.default\prefs.js ]

Zeile gelöscht : user_pref("CT2269050.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Zeile gelöscht : user_pref("CT2269050.CTID", "CT2269050");
Zeile gelöscht : user_pref("CT2269050.CurrentServerDate", "20-1-2011");
Zeile gelöscht : user_pref("CT2269050.DialogsAlignMode", "LTR");
Zeile gelöscht : user_pref("CT2269050.DownloadReferralCookieData", "");
Zeile gelöscht : user_pref("CT2269050.EMailNotifierPollDate", "Thu Jan 20 2011 08:50:28 GMT+0100");
Zeile gelöscht : user_pref("CT2269050.FirstServerDate", "14-11-2010");
Zeile gelöscht : user_pref("CT2269050.FirstTime", true);
Zeile gelöscht : user_pref("CT2269050.FirstTimeFF3", true);
Zeile gelöscht : user_pref("CT2269050.FirstTimeSettingsDone", true);
Zeile gelöscht : user_pref("CT2269050.FixPageNotFoundErrors", true);
Zeile gelöscht : user_pref("CT2269050.GroupingServerCheckInterval", 1440);
Zeile gelöscht : user_pref("CT2269050.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Zeile gelöscht : user_pref("CT2269050.Initialize", true);
Zeile gelöscht : user_pref("CT2269050.InitializeCommonPrefs", true);
Zeile gelöscht : user_pref("CT2269050.InstallationAndCookieDataSentCount", 3);
Zeile gelöscht : user_pref("CT2269050.InstallationType", "UnknownIntegration");
Zeile gelöscht : user_pref("CT2269050.InstalledDate", "Sun Nov 14 2010 20:18:38 GMT+0100");
Zeile gelöscht : user_pref("CT2269050.InvalidateCache", false);
Zeile gelöscht : user_pref("CT2269050.IsGrouping", false);
Zeile gelöscht : user_pref("CT2269050.IsMulticommunity", false);
Zeile gelöscht : user_pref("CT2269050.IsOpenThankYouPage", false);
Zeile gelöscht : user_pref("CT2269050.IsOpenUninstallPage", false);
Zeile gelöscht : user_pref("CT2269050.LanguagePackLastCheckTime", "Thu Jan 20 2011 08:50:29 GMT+0100");
Zeile gelöscht : user_pref("CT2269050.LanguagePackReloadIntervalMM", 1440);
Zeile gelöscht : user_pref("CT2269050.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
Zeile gelöscht : user_pref("CT2269050.LastLogin_2.7.2.0", "Thu Jan 20 2011 08:50:28 GMT+0100");
Zeile gelöscht : user_pref("CT2269050.LatestVersion", "3.2.5.2");
Zeile gelöscht : user_pref("CT2269050.Locale", "en");
Zeile gelöscht : user_pref("CT2269050.LoginCache", 4);
Zeile gelöscht : user_pref("CT2269050.MCDetectTooltipHeight", "83");
Zeile gelöscht : user_pref("CT2269050.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Zeile gelöscht : user_pref("CT2269050.MCDetectTooltipWidth", "295");
Zeile gelöscht : user_pref("CT2269050.RadioIsPodcast", false);
Zeile gelöscht : user_pref("CT2269050.RadioLastCheckTime", "Thu Jan 20 2011 08:50:28 GMT+0100");
Zeile gelöscht : user_pref("CT2269050.RadioLastUpdateIPServer", "3");
Zeile gelöscht : user_pref("CT2269050.RadioLastUpdateServer", "129132338014870000");
Zeile gelöscht : user_pref("CT2269050.RadioMediaID", "12473383");
Zeile gelöscht : user_pref("CT2269050.RadioMediaType", "Media Player");
Zeile gelöscht : user_pref("CT2269050.RadioMenuSelectedID", "EBRadioMenu_CT226905012473383");
Zeile gelöscht : user_pref("CT2269050.RadioStationName", "Hotmix%20108");
Zeile gelöscht : user_pref("CT2269050.RadioStationURL", "hxxp://67.202.67.18:8082");
Zeile gelöscht : user_pref("CT2269050.SHRINK_TOOLBAR", 1);
Zeile gelöscht : user_pref("CT2269050.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TERM&ctid=CT2269050&octid=EB_ORIGINAL_CTID&SearchSource=1");
Zeile gelöscht : user_pref("CT2269050.SearchFromAddressBarIsInit", true);
Zeile gelöscht : user_pref("CT2269050.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q=");
Zeile gelöscht : user_pref("CT2269050.SearchInNewTabEnabled", true);
Zeile gelöscht : user_pref("CT2269050.SearchInNewTabIntervalMM", 1440);
Zeile gelöscht : user_pref("CT2269050.SearchInNewTabLastCheckTime", "Thu Jan 20 2011 08:50:28 GMT+0100");
Zeile gelöscht : user_pref("CT2269050.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
Zeile gelöscht : user_pref("CT2269050.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID");
Zeile gelöscht : user_pref("CT2269050.SettingsCheckIntervalMin", 120);
Zeile gelöscht : user_pref("CT2269050.SettingsLastCheckTime", "Thu Jan 20 2011 08:50:28 GMT+0100");
Zeile gelöscht : user_pref("CT2269050.SettingsLastUpdate", "1294659234");
Zeile gelöscht : user_pref("CT2269050.ThirdPartyComponentsInterval", 504);
Zeile gelöscht : user_pref("CT2269050.ThirdPartyComponentsLastCheck", "Thu Jan 20 2011 08:50:27 GMT+0100");
Zeile gelöscht : user_pref("CT2269050.ThirdPartyComponentsLastUpdate", "1246790578");
Zeile gelöscht : user_pref("CT2269050.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=101&sealid=112");
Zeile gelöscht : user_pref("CT2269050.UserID", "UN47408958076849717");
Zeile gelöscht : user_pref("CT2269050.ValidationData_Search", 0);
Zeile gelöscht : user_pref("CT2269050.ValidationData_Toolbar", 2);
Zeile gelöscht : user_pref("CT2269050.WeatherNetwork", "");
Zeile gelöscht : user_pref("CT2269050.WeatherPollDate", "Thu Jan 20 2011 08:52:16 GMT+0100");
Zeile gelöscht : user_pref("CT2269050.WeatherUnit", "C");
Zeile gelöscht : user_pref("CT2269050.alertChannelId", "666138");
Zeile gelöscht : user_pref("CT2269050.clientLogIsEnabled", false);
Zeile gelöscht : user_pref("CT2269050.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
Zeile gelöscht : user_pref("CT2269050.myStuffEnabled", true);
Zeile gelöscht : user_pref("CT2269050.myStuffPublihserMinWidth", 400);
Zeile gelöscht : user_pref("CT2269050.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
Zeile gelöscht : user_pref("CT2269050.myStuffServiceIntervalMM", 1440);
Zeile gelöscht : user_pref("CT2269050.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
Zeile gelöscht : user_pref("CT2269050.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/666138/661999/DE", "\"0\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/DE", "\"0\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"01ffa8b1cc6cb1:0\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3.2", "\"0652eeacc6cb1:0\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "634356118310000000");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/2011 11:17:11 AM", "634356118310000000");
Zeile gelöscht : user_pref("CommunityToolbar.EngineOwner", "ConduitEngine");
Zeile gelöscht : user_pref("CommunityToolbar.EngineOwnerGuid", "engine@conduit.com");
Zeile gelöscht : user_pref("CommunityToolbar.EngineOwnerToolbarId", "conduitengine");
Zeile gelöscht : user_pref("CommunityToolbar.IsEngineShown", true);
Zeile gelöscht : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Zeile gelöscht : user_pref("CommunityToolbar.OriginalEngineOwner", "ConduitEngine");
Zeile gelöscht : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "engine@conduit.com");
Zeile gelöscht : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "conduitengine");
Zeile gelöscht : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.properties");
Zeile gelöscht : user_pref("CommunityToolbar.ToolbarsList", "CT2269050,ConduitEngine");
Zeile gelöscht : user_pref("CommunityToolbar.ToolbarsList2", "CT2269050");
Zeile gelöscht : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Fri Apr 01 2011 06:50:39 GMT+0200");
Zeile gelöscht : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Zeile gelöscht : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Fri Apr 01 2011 07:50:49 GMT+0200");
Zeile gelöscht : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Zeile gelöscht : user_pref("CommunityToolbar.alert.firstTimeAlertShown", true);
Zeile gelöscht : user_pref("CommunityToolbar.alert.locale", "en");
Zeile gelöscht : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Zeile gelöscht : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Fri Apr 01 2011 06:50:38 GMT+0200");
Zeile gelöscht : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1291048634");
Zeile gelöscht : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Zeile gelöscht : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Zeile gelöscht : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Zeile gelöscht : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Zeile gelöscht : user_pref("CommunityToolbar.alert.userId", "{761ffa1a-ea61-43fb-aa6b-477abb3b93f9}");
Zeile gelöscht : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Thu Jan 20 2011 08:50:28 GMT+0100");
Zeile gelöscht : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Zeile gelöscht : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Zeile gelöscht : user_pref("ConduitEngine.AppTrackingLastCheckTime", "Fri Apr 01 2011 06:50:50 GMT+0200");
Zeile gelöscht : user_pref("ConduitEngine.CTID", "ConduitEngine");
Zeile gelöscht : user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Fri Apr 01 2011 06:50:40 GMT+0200");
Zeile gelöscht : user_pref("ConduitEngine.FirstServerDate", "04/01/2011 07");
Zeile gelöscht : user_pref("ConduitEngine.FirstTime", true);
Zeile gelöscht : user_pref("ConduitEngine.FirstTimeFF3", true);
Zeile gelöscht : user_pref("ConduitEngine.HasUserGlobalKeys", true);
Zeile gelöscht : user_pref("ConduitEngine.Initialize", true);
Zeile gelöscht : user_pref("ConduitEngine.InitializeCommonPrefs", true);
Zeile gelöscht : user_pref("ConduitEngine.InstalledDate", "Fri Apr 01 2011 06:50:40 GMT+0200");
Zeile gelöscht : user_pref("ConduitEngine.IsMulticommunity", false);
Zeile gelöscht : user_pref("ConduitEngine.IsOpenThankYouPage", false);
Zeile gelöscht : user_pref("ConduitEngine.IsOpenUninstallPage", true);
Zeile gelöscht : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Fri Apr 01 2011 06:50:40 GMT+0200");
Zeile gelöscht : user_pref("ConduitEngine.LastLogin_3.3.3.2", "Fri Apr 01 2011 12:50:40 GMT+0200");
Zeile gelöscht : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
Zeile gelöscht : user_pref("ConduitEngine.SettingsLastCheckTime", "Fri Apr 01 2011 12:50:40 GMT+0200");
Zeile gelöscht : user_pref("ConduitEngine.UserID", "UN42583038318264554");
Zeile gelöscht : user_pref("ConduitEngine.componentAlertEnabled", false);
Zeile gelöscht : user_pref("ConduitEngine.engineLocale", "de");
Zeile gelöscht : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Fri Apr 01 2011 06:50:40 GMT+0200");
Zeile gelöscht : user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Fri Apr 01 2011 14:50:40 GMT+0200");
Zeile gelöscht : user_pref("ConduitEngine.initDone", true);
Zeile gelöscht : user_pref("ConduitEngine.isAppTrackingManagerOn", true);
Zeile gelöscht : user_pref("extensions.asktb.ff-original-keyword-url", "");
Zeile gelöscht : user_pref("extensions.crossrider.bic", "13a9c3b5287164ec129bc9e53695c49a");

*************************

AdwCleaner[R0].txt - [21882 octets] - [14/11/2013 09:39:19]
AdwCleaner[S0].txt - [21394 octets] - [14/11/2013 09:53:41]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [21455 octets] ##########

schrauber 14.11.2013 13:55

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

Heinzi1969 14.11.2013 19:54
Der Scan hat wirklich lange gedauert :headbang:

Hier die Ergebnisse:
Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=13af5b6aee337047aee8bfcdf7460d6f
# engine=15883
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-11-14 06:11:48
# local_time=2013-11-14 07:11:48 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 94 30216 3023866 26592 0
# compatibility_mode=5893 16776574 100 94 1318232 136082558 0 0
# scanned=641926
# found=0
# cleaned=0
# scan_time=16772
Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=13af5b6aee337047aee8bfcdf7460d6f
# engine=15883
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-11-14 06:11:48
# local_time=2013-11-14 07:11:48 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 94 30216 3023866 26592 0
# compatibility_mode=5893 16776574 100 94 1318232 136082558 0 0
# scanned=641926
# found=0
# cleaned=0
# scan_time=16772
Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=13af5b6aee337047aee8bfcdf7460d6f
# engine=15883
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-11-14 06:11:48
# local_time=2013-11-14 07:11:48 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 94 30216 3023866 26592 0
# compatibility_mode=5893 16776574 100 94 1318232 136082558 0 0
# scanned=641926
# found=0
# cleaned=0
# scan_time=16772
Avira ist still und friedlich, gibt keine Meldungen mehr aus.:crazy:

Irgendwie bin ich zu deppert zum Kopieren/Einfügen (meine Maus tuts nicht wie gewohnt)
Code:
Results of screen317's Security Check version 0.99.76 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 10 
``````````````Antivirus/Firewall Check:``````````````
Avira Desktop 
 Antivirus up to date!  (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware Version 1.75.0.1300 
 Java 7 Update 45 
 Adobe Flash Player 11.9.900.117 
 Adobe Reader 10.1.8 Adobe Reader out of Date! 
 Mozilla Firefox (25.0)
 Google Chrome 30.0.1599.101 
 Google Chrome 31.0.1650.48 
````````Process Check: objlist.exe by Laurent```````` 
 Avira Antivir avgnt.exe
 Avira Antivir avguard.exe
 StarMoney Business 4.0 Deutsche Bank Edition ouservice StarMoneyOnlineUpdate.exe 
 StarMoney Business 5.0 Deutsche Bank Edition ouservice StarMoneyOnlineUpdate.exe 
 StarMoney Business 6.0 Deutsche Bank Edition ouservice StarMoneyOnlineUpdate.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 
````````````````````End of Log``````````````````````

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-11-2013
Ran by Henrik (administrator) on MED7 on 14-11-2013 19:40:41
Running from C:\Users\Henrik\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVM Berlin) C:\Program Files\FRITZ!Fernzugang\avmike.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(AVM Berlin) C:\Program Files\FRITZ!Fernzugang\certsrv.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\lexware\installer service\LxInstallerService.exe
(iAnywhere Solutions, Inc.) C:\Program Files (x86)\SQL Anywhere 12\Bin32\dbsrv12.exe
(AVM Berlin) C:\Program Files\FRITZ!Fernzugang\nwtsrv.exe
(LenovoEMC Ltd.) C:\Program Files (x86)\LenovoEMC Storage Manager\pCloudd.exe
(Protexis Inc.) c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Star Finanz - Software Entwicklung und Vertriebs GmbH) C:\Program Files (x86)\StarMoney Business 4.0 Deutsche Bank Edition\ouservice\StarMoneyOnlineUpdate.exe
(Star Finanz - Software Entwicklung und Vertriebs GmbH) C:\Program Files (x86)\StarMoney Business 5.0 Deutsche Bank Edition\ouservice\StarMoneyOnlineUpdate.exe
(Star Finanz-Software Entwicklung und Vertriebs GmbH) C:\Program Files (x86)\StarMoney Business 6.0 Deutsche Bank Edition\ouservice\StarMoneyOnlineUpdate.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jusched.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(T-Com) C:\Program Files (x86)\T-Home\Eumex 800 V1.30\ControlCenter.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(LenovoEMC) C:\Program Files (x86)\LenovoEMC Storage Manager\LenovoEMCStorageManager.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Apple Inc.) C:\Program Files (x86)\AirPort\APAgent.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Common Files\Lexware\LxWebAccess\LxWebAccess.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IAAnotif] - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7981088 2009-07-20] (Realtek Semiconductor)
HKLM\...\Run: [Windows Mobile Device Center] - C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Java\jre6\bin\jusched.exe [170496 2010-07-02] (Sun Microsystems, Inc.)
HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [1744152 2011-10-07] (Logitech, Inc.)
Winlogon\Notify\LBTWlgn: C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
HKCU\...\Run: [KiesPDLR] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [1106288 2013-05-23] (Samsung)
HKCU\...\Run: [KiesPreload] - C:\Program Files (x86)\Samsung\Kies\Kies.exe [1561968 2013-05-23] (Samsung)
HKCU\...\Run: [] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [1106288 2013-05-23] (Samsung)
HKLM-x32\...\Run: [StarMoneyRunEntry] - C:\Program Files (x86)\StarMoney Business 4.0 Deutsche Bank Edition\app\OflAgent.exe [57864 2011-09-22] (Star Finanz - Software Entwicklung und Vertriebs GmbH)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-01-26] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SMB50StarMoneyRunEntry] - C:\Program Files (x86)\StarMoney Business 5.0 Deutsche Bank Edition\app\OflAgent.exe [56976 2013-11-06] (Star Finanz - Software Entwicklung und Vertriebs GmbH)
HKLM-x32\...\Run: [NBAgent] - C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe [1406248 2011-04-08] (Nero AG)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-05-23] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [AirPort Base Station Agent] - C:\Program Files (x86)\AirPort\APAgent.exe [771360 2009-11-11] (Apple Inc.)
HKLM-x32\...\Run: [LexwareInfoService] - C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe [189808 2011-07-31] (Haufe-Lexware GmbH & Co. KG)
HKLM-x32\...\Run: [SMB60StarMoneyRunEntry] - C:\Program Files (x86)\StarMoney Business 6.0 Deutsche Bank Edition\app\OflAgent.exe [48272 2013-10-18] (Star Finanz-Software Entwicklung und Vertriebs GmbH)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-10-23] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [683576 2013-11-14] (Avira Operations GmbH & Co. KG)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com
URLSearchHook: HKCU - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Bing Bar Helper - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM-x32 - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
DPF: HKLM-x32 {B1953AD6-C50E-11D3-B020-00A0C9251384} hxxp://www.o2c.de/download/O2CPlayer.CAB
DPF: HKLM-x32 {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-29-0.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Henrik\AppData\Roaming\Mozilla\Firefox\Profiles\r56kwft5.default
FF SearchEngineOrder.1: Ask.com
FF Homepage: https://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @innoplus.de/ino3DViewer - C:\Program Files (x86)\INNOVA-engineering GmbH\3D-Viewer-innoPlus\npIno3DViewer.dll (INNOVA-engineering GmbH Dresden)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.3 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM - C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF Plugin-x32: @SonyCreativeSoftware.com/Media Go,version=1.0 - C:\Program Files (x86)\Sony\Media Go\npmediago.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: sony.com/MediaGoDetector - C:\Program Files (x86)\Sony\Media Go\npMediaGoDetector.dll (Sony Network Entertainment International LLC)
FF SearchPlugin: C:\Users\Henrik\AppData\Roaming\Mozilla\Firefox\Profiles\r56kwft5.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Henrik\AppData\Roaming\Mozilla\Firefox\Profiles\r56kwft5.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\Henrik\AppData\Roaming\Mozilla\Firefox\Profiles\r56kwft5.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\Henrik\AppData\Roaming\Mozilla\Firefox\Profiles\r56kwft5.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: toolbar - C:\Users\Henrik\AppData\Roaming\Mozilla\Firefox\Profiles\r56kwft5.default\Extensions\toolbar@web.de.xpi
FF Extension: No Name - C:\Users\Henrik\AppData\Roaming\Mozilla\Firefox\Profiles\r56kwft5.default\Extensions\{146f1820-2b0d-49ef-acbf-d85a6986e10c}.xpi
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA}
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKCU\...\Thunderbird\Extensions: [{380AE6CB-09B9-4373-B360-D01C2462A6E7}] - C:\Program Files\BullGuard Ltd\BullGuard\files32\backup\thunderbirdbkplugin
FF HKCU\...\Thunderbird\Extensions: [{0E810812-F4BB-4309-942A-755587587A5E}] - C:\Program Files\BullGuard Ltd\BullGuard\files32\antispam\tbspamfilter

Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: (YouTube) - C:\Users\Henrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1
CHR Extension: (Google Search) - C:\Users\Henrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1
CHR Extension: (DVDVideoSoft Browser Extension) - C:\Users\Henrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0
CHR Extension: (Gmail) - C:\Users\Henrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-11-14] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-14] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1164360 2013-10-10] (Avira Operations GmbH & Co. KG)
R2 avmike; C:\Program Files\FRITZ!Fernzugang\avmike.exe [335224 2010-03-30] (AVM Berlin)
R2 certsrv; C:\Program Files\FRITZ!Fernzugang\certsrv.exe [143224 2010-03-30] (AVM Berlin)
R2 Lexware Installations Dienst; C:\Program Files (x86)\lexware\installer service\LxInstallerService.exe [24064 2012-10-07] (Haufe-Lexware GmbH & Co. KG)
R2 Lexware_Premium_Datenbank; C:\Program Files (x86)\SQL Anywhere 12\Bin32\dbsrv12.exe [141176 2012-06-01] (iAnywhere Solutions, Inc.)
R2 nwtsrv; C:\Program Files\FRITZ!Fernzugang\nwtsrv.exe [189304 2010-03-30] (AVM Berlin)
R2 PCloudd; C:\Program Files (x86)\LenovoEMC Storage Manager\pCloudd.exe [215040 2013-07-07] (LenovoEMC Ltd.)
R2 StarMoney Business 4.0 OnlineUpdate; C:\Program Files (x86)\StarMoney Business 4.0 Deutsche Bank Edition\ouservice\StarMoneyOnlineUpdate.exe [554160 2011-11-08] (Star Finanz - Software Entwicklung und Vertriebs GmbH)
R2 StarMoney Business 5.0 OnlineUpdate; C:\Program Files (x86)\StarMoney Business 5.0 Deutsche Bank Edition\ouservice\StarMoneyOnlineUpdate.exe [699680 2012-12-21] (Star Finanz - Software Entwicklung und Vertriebs GmbH)
R2 StarMoney Business 6.0 OnlineUpdate; C:\Program Files (x86)\StarMoney Business 6.0 Deutsche Bank Edition\ouservice\StarMoneyOnlineUpdate.exe [663184 2013-10-11] (Star Finanz-Software Entwicklung und Vertriebs GmbH)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [106904 2013-11-14] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132600 2013-11-14] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-10] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [83160 2013-10-10] (Avira Operations GmbH & Co. KG)
R2 cpuz135; C:\Windows\system32\drivers\cpuz135_x64.sys [21992 2011-09-21] (CPUID)
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-05-22] ()
S3 IAMTVE; C:\Windows\system32\DRIVERS\IAMTVE.sys [43416 2007-04-11] (Intel Corporation)
S3 IAMTXPE; C:\Windows\system32\DRIVERS\IAMTXPE.sys [51096 2007-04-11] (Intel Corporation)
R3 NWIM; C:\Windows\System32\DRIVERS\avmnwim.sys [412024 2010-03-30] (AVM Berlin)
S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [31744 2009-01-09] (Research in Motion Ltd)
S3 RTL8187B; C:\Windows\System32\DRIVERS\rtl8187B.sys [450048 2010-03-31] (Realtek Semiconductor Corporation                          )
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2009-12-18] (Duplex Secure Ltd.)
R3 vNICdrv; C:\Windows\System32\DRIVERS\vNICdrv.sys [20048 2012-09-09] (Iomega Corporation)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 nmwcdnsucx64; system32\drivers\nmwcdnsucx64.sys [x]
S3 nmwcdnsux64; system32\drivers\nmwcdnsux64.sys [x]
S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys [x]
S3 upperdev; system32\DRIVERS\usbser_lowerfltx64.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-14 19:27 - 2013-11-14 19:11 - 00000714 _____ C:\Users\Henrik\Desktop\eset.txt
2013-11-14 14:25 - 2013-11-14 14:25 - 00891184 _____ C:\Users\Henrik\Desktop\SecurityCheck.exe
2013-11-14 10:54 - 2013-10-12 09:45 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-14 10:54 - 2013-10-12 09:45 - 01364992 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-14 10:54 - 2013-10-12 09:45 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-14 10:54 - 2013-10-12 09:43 - 19269632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-14 10:54 - 2013-10-12 09:43 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-14 10:54 - 2013-10-12 09:43 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-14 10:54 - 2013-10-12 09:43 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-14 10:54 - 2013-10-12 09:43 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-14 10:54 - 2013-10-12 09:43 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-14 10:54 - 2013-10-12 09:43 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-14 10:54 - 2013-10-12 09:43 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-14 10:54 - 2013-10-12 09:43 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-14 10:54 - 2013-10-12 09:43 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-14 10:54 - 2013-10-12 09:43 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-14 10:54 - 2013-10-12 08:03 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-14 10:54 - 2013-10-12 08:03 - 01138176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-14 10:54 - 2013-10-12 08:02 - 14355968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-14 10:54 - 2013-10-12 08:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-14 10:54 - 2013-10-12 08:02 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-14 10:54 - 2013-10-12 08:02 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-14 10:54 - 2013-10-12 08:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-14 10:54 - 2013-10-12 08:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-14 10:54 - 2013-10-12 08:02 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-14 10:54 - 2013-10-12 08:02 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-14 10:54 - 2013-10-12 08:02 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-14 10:54 - 2013-10-12 08:02 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-14 10:54 - 2013-10-12 08:02 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-14 10:54 - 2013-10-12 07:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-14 10:54 - 2013-10-12 07:08 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-14 10:54 - 2013-10-12 06:44 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-14 10:54 - 2013-10-12 06:15 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-14 10:21 - 2013-11-14 10:21 - 01957794 _____ (Farbar) C:\Users\Henrik\Desktop\FRST64.exe
2013-11-14 10:11 - 2013-11-14 10:11 - 01957794 _____ (Farbar) C:\Users\Henrik\Downloads\FRST64.exe
2013-11-14 10:04 - 2013-11-14 10:04 - 00001312 _____ C:\Users\Henrik\Desktop\JRT.txt
2013-11-14 09:59 - 2013-11-14 09:59 - 00000000 ____D C:\Windows\ERUNT
2013-11-14 09:58 - 2013-11-14 09:58 - 00021580 _____ C:\Users\Henrik\Desktop\AdwCleaner[S0].txt
2013-11-14 09:39 - 2013-11-14 09:53 - 00000000 ____D C:\AdwCleaner
2013-11-14 09:27 - 2013-11-14 09:27 - 00000000 ____D C:\Users\Henrik\AppData\Roaming\Malwarebytes
2013-11-14 09:26 - 2013-11-14 09:26 - 00001077 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-11-14 09:26 - 2013-11-14 09:26 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-14 09:26 - 2013-11-14 09:26 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-14 09:26 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-11-14 09:25 - 2013-10-05 21:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-14 09:25 - 2013-10-05 20:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-14 09:25 - 2013-10-04 03:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-11-14 09:25 - 2013-10-04 03:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-11-14 09:25 - 2013-10-04 03:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-14 09:25 - 2013-10-04 02:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2013-11-14 09:25 - 2013-10-04 02:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-14 09:25 - 2013-10-04 02:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2013-11-14 09:25 - 2013-10-03 03:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-14 09:25 - 2013-10-03 03:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-14 09:25 - 2013-09-28 02:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-11-14 09:25 - 2013-09-25 03:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-11-14 09:25 - 2013-09-25 03:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-11-14 09:25 - 2013-09-25 03:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-11-14 09:25 - 2013-09-25 03:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-11-14 09:25 - 2013-09-25 03:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-11-14 09:25 - 2013-09-25 03:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-14 09:25 - 2013-09-25 03:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-11-14 09:25 - 2013-09-25 03:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-11-14 09:25 - 2013-09-25 02:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-11-14 09:25 - 2013-09-25 02:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-14 09:25 - 2013-09-25 02:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-11-14 09:25 - 2013-09-25 02:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-11-14 09:25 - 2013-09-25 02:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-11-14 09:25 - 2013-07-04 13:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-11-14 09:23 - 2013-11-14 09:23 - 01085542 _____ C:\Users\Henrik\Desktop\adwcleaner.exe
2013-11-14 09:23 - 2013-11-14 09:23 - 01034531 _____ (Thisisu) C:\Users\Henrik\Desktop\JRT.exe
2013-11-14 09:22 - 2013-10-12 03:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-11-14 09:22 - 2013-10-12 03:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-14 09:22 - 2013-10-12 03:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-14 09:22 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-11-14 09:22 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-11-13 11:20 - 2013-11-13 11:20 - 00032583 _____ C:\ComboFix.txt
2013-11-13 10:54 - 2013-11-13 11:20 - 00000000 ____D C:\Qoobox
2013-11-13 10:54 - 2013-11-13 11:19 - 00000000 ____D C:\Windows\erdnt
2013-11-13 10:54 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2013-11-13 10:54 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2013-11-13 10:54 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-11-13 10:54 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-11-13 10:54 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-11-13 10:54 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2013-11-13 10:54 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2013-11-13 10:54 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2013-11-13 10:53 - 2013-11-13 10:53 - 05147957 ____R (Swearware) C:\Users\Henrik\Desktop\ComboFix.exe
2013-11-13 10:46 - 2013-11-13 10:46 - 00455800 _____ C:\Windows\Minidump\111313-29125-01.dmp
2013-11-13 10:14 - 2013-11-13 10:14 - 00009101 _____ C:\Users\Henrik\Desktop\gmer.log
2013-11-13 10:00 - 2013-11-13 10:01 - 00040269 _____ C:\Users\Henrik\Desktop\Addition.txt
2013-11-13 09:58 - 2013-11-14 19:40 - 00021447 _____ C:\Users\Henrik\Desktop\FRST.txt
2013-11-13 09:57 - 2013-11-13 09:57 - 00000000 ____D C:\FRST
2013-11-13 09:56 - 2013-11-13 09:56 - 00377856 _____ C:\Users\Henrik\Desktop\gmer_2.1.19163.exe
2013-11-13 09:34 - 2013-11-13 09:34 - 00000584 _____ C:\Users\Henrik\Desktop\defogger_disable.log
2013-11-13 09:34 - 2013-11-13 09:34 - 00000020 _____ C:\Users\Henrik\defogger_reenable
2013-11-13 09:30 - 2013-11-13 09:30 - 00050477 _____ C:\Users\Henrik\Desktop\Defogger.exe
2013-11-13 09:14 - 2013-11-13 09:32 - 00000000 ____D C:\Program Files\stinger
2013-11-07 11:01 - 2013-09-04 13:12 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-11-07 11:01 - 2013-09-04 13:11 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-11-07 11:01 - 2013-09-04 13:11 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2013-11-07 11:01 - 2013-09-04 13:11 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-11-07 11:01 - 2013-09-04 13:11 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2013-11-07 11:01 - 2013-09-04 13:11 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2013-11-07 11:01 - 2013-09-04 13:11 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2013-11-06 01:49 - 2013-11-06 01:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-10-30 13:06 - 2013-10-30 13:06 - 00000000 ____D C:\Users\Henrik\AppData\Roaming\Avira
2013-10-30 13:01 - 2013-11-14 10:47 - 00132600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-10-30 13:01 - 2013-11-14 10:47 - 00106904 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-10-30 13:01 - 2013-10-30 13:01 - 00002034 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-10-30 13:01 - 2013-10-30 13:01 - 00000000 ____D C:\ProgramData\Avira
2013-10-30 13:01 - 2013-10-30 13:01 - 00000000 ____D C:\Program Files (x86)\Avira
2013-10-30 13:01 - 2013-10-10 19:14 - 00083160 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-10-30 13:01 - 2013-10-10 19:14 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-10-30 11:07 - 2013-10-30 11:11 - 123853152 _____ C:\Users\Henrik\Downloads\avira_free_antivirus_de.exe
2013-10-27 20:14 - 2013-10-27 20:14 - 00000000 ____D C:\Program Files (x86)\Sony Media Go Install
2013-10-27 17:55 - 2013-10-27 17:55 - 00001500 _____ C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk
2013-10-25 09:16 - 2013-10-25 09:16 - 00001747 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-10-25 09:16 - 2013-10-25 09:16 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-10-25 09:16 - 2013-10-25 09:16 - 00000000 ____D C:\Program Files\iTunes
2013-10-25 09:16 - 2013-10-25 09:16 - 00000000 ____D C:\Program Files\iPod
2013-10-25 09:16 - 2013-10-25 09:16 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-10-24 11:16 - 2013-10-24 11:16 - 00001169 _____ C:\Users\Public\Desktop\LenovoEMC Storage Manager.lnk
2013-10-24 11:16 - 2013-10-24 11:16 - 00000000 ____D C:\Users\Henrik\AppData\Local\LenovoEMCStorageManager
2013-10-24 11:16 - 2013-10-24 11:16 - 00000000 ____D C:\ProgramData\LenovoEMCStorageManager
2013-10-24 11:15 - 2013-10-24 11:16 - 00000000 ____D C:\Program Files (x86)\LenovoEMC Storage Manager
2013-10-23 12:35 - 2013-10-23 12:35 - 00004278 _____ C:\Windows\SysWOW64\jupdate-1.7.0_45-b18.log
2013-10-23 12:35 - 2013-10-08 06:50 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-10-23 12:35 - 2013-10-08 06:46 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-10-23 12:35 - 2013-10-08 06:46 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-10-23 12:35 - 2013-10-08 06:46 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-10-21 18:25 - 2013-10-21 18:25 - 00001034 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-10-21 11:44 - 2013-10-21 11:46 - 17813896 _____ (Adobe Systems Incorporated) C:\Users\Henrik\Downloads\install_flash_player_11_plugin.exe
2013-10-21 11:42 - 2013-10-21 11:45 - 24278649 _____ C:\Users\Henrik\Downloads\vlc-2.1.0-win32.exe

==================== One Month Modified Files and Folders =======

2013-11-14 19:40 - 2013-11-13 09:58 - 00021447 _____ C:\Users\Henrik\Desktop\FRST.txt
2013-11-14 19:40 - 2009-07-14 18:58 - 00654150 _____ C:\Windows\system32\perfh007.dat
2013-11-14 19:40 - 2009-07-14 18:58 - 00130022 _____ C:\Windows\system32\perfc007.dat
2013-11-14 19:40 - 2009-07-14 06:13 - 01498742 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-14 19:35 - 2013-01-01 22:36 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-14 19:21 - 2011-01-20 20:07 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-14 19:11 - 2013-11-14 19:27 - 00000714 _____ C:\Users\Henrik\Desktop\eset.txt
2013-11-14 18:50 - 2009-12-17 12:04 - 01755050 _____ C:\Windows\WindowsUpdate.log
2013-11-14 14:25 - 2013-11-14 14:25 - 00891184 _____ C:\Users\Henrik\Desktop\SecurityCheck.exe
2013-11-14 13:21 - 2011-01-20 20:07 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-14 11:03 - 2009-07-14 05:45 - 00009888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-14 11:03 - 2009-07-14 05:45 - 00009888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-14 10:57 - 2011-09-12 17:07 - 00057764 _____ C:\Windows\setupact.log
2013-11-14 10:57 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-14 10:54 - 2009-10-28 10:00 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-11-14 10:53 - 2013-07-30 02:01 - 00000000 ____D C:\Windows\system32\MRT
2013-11-14 10:50 - 2009-10-28 10:54 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-11-14 10:47 - 2013-10-30 13:01 - 00132600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-11-14 10:47 - 2013-10-30 13:01 - 00106904 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-11-14 10:21 - 2013-11-14 10:21 - 01957794 _____ (Farbar) C:\Users\Henrik\Desktop\FRST64.exe
2013-11-14 10:11 - 2013-11-14 10:11 - 01957794 _____ (Farbar) C:\Users\Henrik\Downloads\FRST64.exe
2013-11-14 10:04 - 2013-11-14 10:04 - 00001312 _____ C:\Users\Henrik\Desktop\JRT.txt
2013-11-14 09:59 - 2013-11-14 09:59 - 00000000 ____D C:\Windows\ERUNT
2013-11-14 09:58 - 2013-11-14 09:58 - 00021580 _____ C:\Users\Henrik\Desktop\AdwCleaner[S0].txt
2013-11-14 09:53 - 2013-11-14 09:39 - 00000000 ____D C:\AdwCleaner
2013-11-14 09:27 - 2013-11-14 09:27 - 00000000 ____D C:\Users\Henrik\AppData\Roaming\Malwarebytes
2013-11-14 09:26 - 2013-11-14 09:26 - 00001077 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-11-14 09:26 - 2013-11-14 09:26 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-14 09:26 - 2013-11-14 09:26 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-14 09:23 - 2013-11-14 09:23 - 01085542 _____ C:\Users\Henrik\Desktop\adwcleaner.exe
2013-11-14 09:23 - 2013-11-14 09:23 - 01034531 _____ (Thisisu) C:\Users\Henrik\Desktop\JRT.exe
2013-11-13 15:21 - 2009-12-17 12:05 - 00000000 ____D C:\Users\Henrik
2013-11-13 13:24 - 2013-01-05 10:26 - 00002139 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-11-13 11:25 - 2011-10-14 02:22 - 00140756 _____ C:\Windows\PFRO.log
2013-11-13 11:20 - 2013-11-13 11:20 - 00032583 _____ C:\ComboFix.txt
2013-11-13 11:20 - 2013-11-13 10:54 - 00000000 ____D C:\Qoobox
2013-11-13 11:19 - 2013-11-13 10:54 - 00000000 ____D C:\Windows\erdnt
2013-11-13 11:17 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini
2013-11-13 10:53 - 2013-11-13 10:53 - 05147957 ____R (Swearware) C:\Users\Henrik\Desktop\ComboFix.exe
2013-11-13 10:46 - 2013-11-13 10:46 - 00455800 _____ C:\Windows\Minidump\111313-29125-01.dmp
2013-11-13 10:46 - 2011-12-20 10:09 - 674098613 _____ C:\Windows\MEMORY.DMP
2013-11-13 10:46 - 2011-02-25 09:41 - 00000000 ____D C:\Windows\Minidump
2013-11-13 10:14 - 2013-11-13 10:14 - 00009101 _____ C:\Users\Henrik\Desktop\gmer.log
2013-11-13 10:01 - 2013-11-13 10:00 - 00040269 _____ C:\Users\Henrik\Desktop\Addition.txt
2013-11-13 09:57 - 2013-11-13 09:57 - 00000000 ____D C:\FRST
2013-11-13 09:56 - 2013-11-13 09:56 - 00377856 _____ C:\Users\Henrik\Desktop\gmer_2.1.19163.exe
2013-11-13 09:39 - 2010-01-04 10:07 - 00000000 ____D C:\ProgramData\Lexware
2013-11-13 09:34 - 2013-11-13 09:34 - 00000584 _____ C:\Users\Henrik\Desktop\defogger_disable.log
2013-11-13 09:34 - 2013-11-13 09:34 - 00000020 _____ C:\Users\Henrik\defogger_reenable
2013-11-13 09:32 - 2013-11-13 09:14 - 00000000 ____D C:\Program Files\stinger
2013-11-13 09:30 - 2013-11-13 09:30 - 00050477 _____ C:\Users\Henrik\Desktop\Defogger.exe
2013-11-13 08:43 - 2012-05-12 09:46 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-11-12 21:32 - 2009-12-19 10:15 - 00000000 ____D C:\Users\Henrik\AppData\Roaming\UseNeXT
2013-11-12 21:18 - 2009-12-18 12:52 - 00000000 ____D C:\Users\Henrik\Documents\EJUseNeXT
2013-11-12 20:36 - 2009-12-18 12:52 - 00000000 ____D C:\Users\Henrik\Documents\Eigene Scans
2013-11-12 20:35 - 2009-12-18 13:34 - 00000000 ____D C:\Users\Henrik\Documents\AExport
2013-11-12 20:33 - 2010-02-01 20:34 - 00002516 ___SH C:\ProgramData\KGyGaAvL.sys
2013-11-12 18:40 - 2011-08-15 12:20 - 00000000 ____D C:\ProgramData\StarMoney Business 5.0
2013-11-12 09:12 - 2011-08-16 08:21 - 00000000 ____D C:\Program Files (x86)\StarMoney Business 5.0 Deutsche Bank Edition
2013-11-11 16:22 - 2013-03-22 10:10 - 00000000 ____D C:\Program Files (x86)\StarMoney Business 6.0 Deutsche Bank Edition
2013-11-08 10:37 - 2012-01-11 14:15 - 00000000 ____D C:\Users\Public\Documents\SoftPhone
2013-11-06 01:50 - 2013-11-06 01:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-05 19:28 - 2009-12-18 12:37 - 00000000 ____D C:\Users\Henrik\Documents\1AA Dokumente
2013-11-05 09:49 - 2013-08-12 07:25 - 00000000 ____D C:\Users\Henrik\Documents\Calibre-Bibliothek
2013-11-04 23:56 - 2012-01-19 14:31 - 00003466 _____ C:\Windows\System32\Tasks\Henrik NBAgent 5 4
2013-11-03 18:17 - 2009-12-18 13:37 - 00000000 ____D C:\Users\Henrik\Documents\Privat
2013-10-30 13:06 - 2013-10-30 13:06 - 00000000 ____D C:\Users\Henrik\AppData\Roaming\Avira
2013-10-30 13:01 - 2013-10-30 13:01 - 00002034 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-10-30 13:01 - 2013-10-30 13:01 - 00000000 ____D C:\ProgramData\Avira
2013-10-30 13:01 - 2013-10-30 13:01 - 00000000 ____D C:\Program Files (x86)\Avira
2013-10-30 11:11 - 2013-10-30 11:07 - 123853152 _____ C:\Users\Henrik\Downloads\avira_free_antivirus_de.exe
2013-10-30 11:10 - 2013-01-16 11:42 - 00002134 _____ C:\Users\Public\Desktop\Lexware premium.lnk
2013-10-29 08:50 - 2009-12-18 11:04 - 00000000 ____D C:\Users\Henrik\Documents\Daniel
2013-10-27 20:14 - 2013-10-27 20:14 - 00000000 ____D C:\Program Files (x86)\Sony Media Go Install
2013-10-27 20:14 - 2013-07-22 10:44 - 00001849 _____ C:\Users\Public\Desktop\Media Go.lnk
2013-10-27 17:55 - 2013-10-27 17:55 - 00001500 _____ C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk
2013-10-27 17:55 - 2013-01-05 16:41 - 00000000 ____D C:\Users\Henrik\AppData\Roaming\DVDVideoSoft
2013-10-27 17:55 - 2013-01-05 16:41 - 00000000 ____D C:\Program Files (x86)\DVDVideoSoft
2013-10-25 09:16 - 2013-10-25 09:16 - 00001747 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-10-25 09:16 - 2013-10-25 09:16 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-10-25 09:16 - 2013-10-25 09:16 - 00000000 ____D C:\Program Files\iTunes
2013-10-25 09:16 - 2013-10-25 09:16 - 00000000 ____D C:\Program Files\iPod
2013-10-25 09:16 - 2013-10-25 09:16 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-10-24 15:11 - 2011-09-02 09:48 - 00000000 ____D C:\Users\Henrik\AppData\Local\FRITZ!
2013-10-24 11:16 - 2013-10-24 11:16 - 00001169 _____ C:\Users\Public\Desktop\LenovoEMC Storage Manager.lnk
2013-10-24 11:16 - 2013-10-24 11:16 - 00000000 ____D C:\Users\Henrik\AppData\Local\LenovoEMCStorageManager
2013-10-24 11:16 - 2013-10-24 11:16 - 00000000 ____D C:\ProgramData\LenovoEMCStorageManager
2013-10-24 11:16 - 2013-10-24 11:15 - 00000000 ____D C:\Program Files (x86)\LenovoEMC Storage Manager
2013-10-24 11:15 - 2011-12-16 08:59 - 00000000 ____D C:\Program Files (x86)\Iomega Storage Manager
2013-10-24 07:15 - 2013-10-13 12:45 - 00001825 _____ C:\Users\Henrik\Desktop\UseNeXT by Tangysoft.lnk
2013-10-24 07:15 - 2009-12-19 10:15 - 00000000 ____D C:\Program Files (x86)\UseNeXT
2013-10-23 12:35 - 2013-10-23 12:35 - 00004278 _____ C:\Windows\SysWOW64\jupdate-1.7.0_45-b18.log
2013-10-23 12:35 - 2013-09-26 15:37 - 00000000 ____D C:\ProgramData\Oracle
2013-10-23 12:35 - 2010-01-04 10:06 - 00000000 ____D C:\Program Files (x86)\Java
2013-10-21 18:25 - 2013-10-21 18:25 - 00001034 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-10-21 16:42 - 2013-01-01 22:36 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-10-21 16:42 - 2013-01-01 22:36 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-10-21 11:46 - 2013-10-21 11:44 - 17813896 _____ (Adobe Systems Incorporated) C:\Users\Henrik\Downloads\install_flash_player_11_plugin.exe
2013-10-21 11:45 - 2013-10-21 11:42 - 24278649 _____ C:\Users\Henrik\Downloads\vlc-2.1.0-win32.exe
2013-10-21 11:32 - 2010-04-12 15:21 - 00000000 ____D C:\Users\Henrik\AppData\Local\Nero
2013-10-17 11:55 - 2009-12-18 12:20 - 00000000 ____D C:\Users\Henrik\Documents\Sonderordner

Some content of TEMP:
====================
C:\Users\Henrik\AppData\Local\Temp\avgnt.exe
C:\Users\Henrik\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-11-10 00:05

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---

Noch eine Frage:

Ich habe zwei NAS als Sicherungsfestplatten angeschlossen. Ist diesbezüglich etwas zu unternehmen?

Es sind auch zwei weitere PC im Netzwerk, diese waren aber nicht angeschaltet und bleiben es auch bis auf weiteres (Verbindung Internet/Netzwerk getrennt)

schrauber 15.11.2013 12:07
NAS und andere PC sollten save sein.

Fertig :)

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.


Alle Zeitangaben in WEZ +1. Es ist jetzt 02:22 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131