Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   www.qvo6.com als startseite wegbekommen (https://www.trojaner-board.de/141253-www-qvo6-com-startseite-wegbekommen.html)

bjo 09.09.2013 17:58
www.qvo6.com als startseite wegbekommen
 
hey, wie schon oben im thema hab ich ein problem diese startseite in firefox wegzubekommen. ein anderes thema hat mir auch schon sehr geholfen und ich habe die übeltäter auch schon entfernt, ( hoffe ich zumindestens :/ ) dennoch wird mir die startseite angezeigt :(
adwcleaner durchlaufen lassen
frst64 durchlaufen lassen
malwarebytes durchlaufen lassen
tfc durchlaufenlassen

aber die startseite, auch wenn ich sie ändere bleibt.... :/

Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.5.9 (09.07.2013:1)
OS: Windows 7 Home Premium x64
Ran by Bjoern on 09.09.2013 at 17:20:38,88
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Successfully stopped: [Service] wsyssvc
Successfully deleted: [Service] wsyssvc



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\intermediate
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\scheck
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ssync
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-1225557953-2483263610-2332851641-1000\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\httogroup
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\piccshare
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\powerpack
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\esafeseccontrol
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\qvo6software
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\wajam_install_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\wajam_install_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\wajamupdater_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\wajamupdater_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\webcakedesktop_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\webcakedesktop_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\wsyscontrol
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\PricePeepInstaller_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\PricePeepInstaller_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\PricePeep_RocketFuelInstaller_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\PricePeep_RocketFuelInstaller_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_fuer_geogebra_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_fuer_geogebra_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\PricePeepInstaller_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\PricePeepInstaller_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\PricePeep_RocketFuelInstaller_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\PricePeep_RocketFuelInstaller_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_geogebra_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_geogebra_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}



~~~ Files

Successfully disinfected: [Shortcut] C:\Users\Bjoern\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Successfully disinfected: [Shortcut] C:\Users\Bjoern\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk
Successfully disinfected: [Shortcut] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
Successfully disinfected: [Shortcut] C:\Users\Bjoern\AppData\Roaming\microsoft\windows\start menu\Programs\Internet Explorer (64-bit).lnk
Successfully disinfected: [Shortcut] C:\Users\Bjoern\AppData\Roaming\microsoft\windows\start menu\Programs\Internet Explorer.lnk
Successfully disinfected: [Shortcut] C:\Users\Bjoern\AppData\Roaming\microsoft\windows\start menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\esafe"
Successfully deleted: [Folder] "C:\ProgramData\tarma installer"
Successfully deleted: [Folder] "C:\Users\Bjoern\AppData\Roaming\datamgr"
Successfully deleted: [Folder] "C:\Users\Bjoern\AppData\Roaming\intermediate"
Successfully deleted: [Folder] "C:\Users\Bjoern\AppData\Roaming\scheck"
Successfully deleted: [Folder] "C:\Users\Bjoern\AppData\Roaming\ssync"



~~~ FireFox

Successfully deleted: [File] C:\Users\Bjoern\AppData\Roaming\mozilla\firefox\profiles\n4l6st3n.default\user.js
Successfully deleted: [File] C:\Users\Bjoern\AppData\Roaming\mozilla\firefox\profiles\n4l6st3n.default\searchplugins\search.xml
Successfully deleted the following from C:\Users\Bjoern\AppData\Roaming\mozilla\firefox\profiles\n4l6st3n.default\prefs.js

user_pref("browser.newtab.url", "hxxp://www.qvo6.com/?utm_source=b&utm_medium=vtt&utm_campaign=eXQ&utm_content=hp&from=vtt&uid=SAMSUNGXHD502HJ_S20BJ90BA15712&ts=1378740192");
user_pref("browser.search.defaultenginename", "qvo6");
user_pref("browser.search.order.1", "qvo6");
user_pref("browser.search.selectedEngine", "qvo6");
user_pref("browser.startup.homepage", "hxxp://www.qvo6.com/?utm_source=b&utm_medium=vtt&utm_campaign=eXQ&utm_content=hp&from=vtt&uid=SAMSUNGXHD502HJ_S20BJ90BA15712&ts=13787401
user_pref("keyword.URL", "hxxp://search.fbdownloader.com/search.php?channel=sfde203fbdgy21&q=");
user_pref("om.config", "{\"active\":true,\"name\":\"twde\",\"id\":25,\"dispId\":\"CH-25\",\"aboutLink\":\"\",\"trackingGeneral\":true,\"gaAccount\":\"UA-39484183-1\",\"gaDomai
Emptied folder: C:\Users\Bjoern\AppData\Roaming\mozilla\firefox\profiles\n4l6st3n.default\minidumps [77 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 09.09.2013 at 17:24:45,47
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

schrauber 09.09.2013 17:59
hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


bjo 09.09.2013 18:32
FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-09-2013 01
Ran by Bjoern (administrator) on PRIVAT-BL05 on 09-09-2013 19:25:49
Running from C:\Users\Bjoern\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(Woodtale Technology Inc) C:\Users\Bjoern\AppData\Local\DProtect\DProtectSvc.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(devolo AG) C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Windows\SysWOW64\PnkBstrB.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Spotify Ltd) C:\Users\Bjoern\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(FNet Co., Ltd.) C:\Program Files (x86)\XFastUsb\XFastUsb.exe
(Creative Technology Ltd) C:\Program Files (x86)\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe
() C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
(Apple Inc.) D:\Program Files (x86)\iTunes\iTunesHelper.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(Macrovision Europe Ltd.) C:\Users\Bjoern\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001
() C:\Program Files (x86)\Razer\DeathAdder\razertra.exe
(Creative Labs) C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe
(Razer Inc.) C:\Program Files (x86)\Razer\DeathAdder\razerofa.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11101800 2010-07-28] (Realtek Semiconductor)
HKLM\...\Run: [RunDLLEntry] - C:\Windows\system32\RunDLL32.exe C:\Windows\system32\AmbRunE.dll,RunDLLEntry
HKLM\...\Policies\Explorer: [NoActiveDesktop] 1
HKLM\...\Policies\Explorer: [NoActiveDesktopChanges] 1
HKCU\...\Run: [ASRockXTU] - [x]
HKCU\...\Run: [zASRockInstantBoot] - [x]
HKCU\...\Run: [Spotify] - C:\Users\Bjoern\AppData\Roaming\Spotify\Spotify.exe [7880664 2012-10-27] (Spotify Ltd)
HKCU\...\Run: [Spotify Web Helper] - C:\Users\Bjoern\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1199576 2012-10-27] (Spotify Ltd)
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [17417392 2012-07-03] (Skype Technologies S.A.)
HKCU\...\Run: [Steam] - D:\games\Steam\steam.exe [1811880 2013-08-28] (Valve Corporation)
HKCU\...\Run: [HydraVisionDesktopManager] - C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [393216 2011-05-24] (AMD)
HKCU\...\Run: [Snoozer] - C:\Users\Bjoern\AppData\Roaming\Snz\Snz.exe [1137764 2013-08-28] ()
HKLM-x32\...\Run: [XFastUsb] - C:\Program Files (x86)\XFastUsb\XFastUsb.exe [4942336 2012-03-27] (FNet Co., Ltd.)
HKLM-x32\...\Run: [CTSyncService] - C:\Program Files (x86)\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe [1233195 2009-07-08] (Creative Technology Ltd)
HKLM-x32\...\Run: [VolPanel] - C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe [241789 2009-05-04] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] - C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [DeathAdder] - C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe [163840 2009-09-22] ()
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-05-24] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - D:\Program Files (x86)\iTunes\iTunesHelper.exe [421736 2012-03-27] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [347192 2013-08-20] (Avira Operations GmbH & Co. KG)
AppInit_DLLs-x32: C:\Users\Bjoern\AppData\Local\DProtect\eBP.dll,C:\Users\Bjoern\AppData\Local\DProtect\eBPSD.dll [62016 2013-09-09] ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.qvo6.com/?utm_source=b&utm_medium=vtt&utm_campaign=eXQ&utm_content=hp&from=vtt&uid=SAMSUNGXHD502HJ_S20BJ90BA15712&ts=1378739046
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.qvo6.com/?utm_source=b&utm_medium=vtt&utm_campaign=eXQ&utm_content=hp&from=vtt&uid=SAMSUNGXHD502HJ_S20BJ90BA15712&ts=1378739046
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe hxxp://www.qvo6.com/?utm_source=b&utm_medium=vtt&utm_campaign=eXQ&utm_content=sc&from=vtt&uid=SAMSUNGXHD502HJ_S20BJ90BA15712&ts=1378740507
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=ASRK
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=ASRK
BHO-x32: ChromeFrame BHO - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files (x86)\Google\Chrome Frame\Application\29.0.1547.66\npchrome_frame.dll (Google Inc.)
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} -  No File
Handler-x32: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome Frame\Application\29.0.1547.66\npchrome_frame.dll (Google Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Bjoern\AppData\Roaming\Mozilla\Firefox\Profiles\n4l6st3n.default
FF NewTab: hxxp://www.qvo6.com/?utm_source=b&utm_medium=vtt&utm_campaign=eXQ&utm_content=hp&from=vtt&uid=SAMSUNGXHD502HJ_S20BJ90BA15712&ts=1378745193
FF DefaultSearchEngine: qvo6
FF SearchEngineOrder.1: qvo6
FF SelectedSearchEngine: qvo6
FF Homepage: hxxp://www.qvo6.com/?utm_source=b&utm_medium=vtt&utm_campaign=eXQ&utm_content=hp&from=vtt&uid=SAMSUNGXHD502HJ_S20BJ90BA15712&ts=1378745193
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - D:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=1.118.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=2.1.2 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.1.7 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @idsoftware.com/QuakeLive - C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: ProxTube - Gesperrte YouTube Videos entsperren - C:\Users\Bjoern\AppData\Roaming\Mozilla\Firefox\Profiles\n4l6st3n.default\Extensions\ich@maltegoetz.de
FF Extension: Repto Control - User - C:\Users\Bjoern\AppData\Roaming\Mozilla\Firefox\Profiles\n4l6st3n.default\Extensions\reptocontrol@user
FF Extension: No Name - C:\Users\Bjoern\AppData\Roaming\Mozilla\Firefox\Profiles\n4l6st3n.default\Extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3618C}.xpi
FF Extension: No Name - C:\Users\Bjoern\AppData\Roaming\Mozilla\Firefox\Profiles\n4l6st3n.default\Extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
FF Extension: No Name - C:\Users\Bjoern\AppData\Roaming\Mozilla\Firefox\Profiles\n4l6st3n.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://www.qvo6.com/?utm_source=b&utm_medium=vtt&utm_campaign=eXQ&utm_content=sc&from=vtt&uid=SAMSUNGXHD502HJ_S20BJ90BA15712&ts=1378740507

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-08-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-08-20] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [815160 2013-08-20] (Avira Operations GmbH & Co. KG)
R2 DevoloNetworkService; C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe [3128856 2012-02-28] (devolo AG)
R2 DPService; C:\Users\Bjoern\AppData\Local\DProtect\DProtectSvc.exe [342592 2013-09-09] (Woodtale Technology Inc)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75136 2013-07-29] ()
R2 PnkBstrB; C:\Windows\SysWow64\PnkBstrB.exe [189248 2013-07-29] ()

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105344 2013-09-04] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132088 2013-08-20] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-08-13] (Avira Operations GmbH & Co. KG)
S3 FNETTBOH_305; C:\Windows\System32\drivers\FNETTBOH_305.SYS [31808 2012-03-27] (FNet Co., Ltd.)
R1 FNETURPX; C:\Windows\System32\drivers\FNETURPX.SYS [15936 2012-03-27] (FNet Co., Ltd.)
R2 NPF_devolo; C:\Windows\sysWOW64\drivers\npf_devolo.sys [34048 2012-01-31] (CACE Technologies)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-09 18:26 - 2013-09-09 18:26 - 00448512 _____ (OldTimer Tools) C:\Users\Bjoern\Desktop\TFC.exe
2013-09-09 17:35 - 2013-09-09 17:35 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-09-09 17:35 - 2013-09-09 17:35 - 00000000 ____D C:\Users\Bjoern\AppData\Roaming\Malwarebytes
2013-09-09 17:35 - 2013-09-09 17:35 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-09 17:35 - 2013-09-09 17:35 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-09 17:35 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-09-09 17:33 - 2013-09-09 17:33 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Bjoern\Desktop\mbam-setup-1.75.0.1300.exe
2013-09-09 17:31 - 2013-09-09 17:31 - 02347384 _____ (ESET) C:\Users\Bjoern\Desktop\esetsmartinstaller_enu.exe
2013-09-09 17:31 - 2013-09-09 17:31 - 00000000 ____D C:\Program Files (x86)\ESET
2013-09-09 17:29 - 2013-09-09 17:29 - 00000000 ____D C:\FRST
2013-09-09 17:26 - 2013-09-09 17:27 - 00000000 ____D C:\AdwCleaner
2013-09-09 17:24 - 2013-09-09 17:24 - 00008897 _____ C:\Users\Bjoern\Desktop\JRT.txt
2013-09-09 17:21 - 2013-09-09 17:21 - 01037278 _____ C:\Users\Bjoern\Desktop\adwcleaner.exe
2013-09-09 17:20 - 2013-09-09 17:20 - 00000000 ____D C:\Windows\ERUNT
2013-09-09 17:04 - 2013-09-09 18:30 - 00000000 ____D C:\Users\Bjoern\AppData\Local\DProtect
2013-09-04 17:38 - 2013-09-04 17:38 - 681779541 _____ C:\Windows\MEMORY.DMP
2013-09-04 17:38 - 2013-09-04 17:38 - 00274640 _____ C:\Windows\Minidump\090413-14008-01.dmp
2013-09-04 17:38 - 2013-09-04 17:38 - 00000000 ____D C:\Windows\Minidump
2013-08-30 15:51 - 2013-09-04 01:45 - 00000000 ____D C:\Users\Bjoern\AppData\Local\Battle.net
2013-08-30 15:51 - 2013-08-30 15:53 - 00000000 ____D C:\Users\Bjoern\AppData\Roaming\Battle.net
2013-08-30 15:51 - 2013-08-30 15:51 - 00000838 _____ C:\Users\Public\Desktop\Battle.net.lnk
2013-08-30 15:51 - 2013-08-30 15:51 - 00000000 ____D C:\Users\Bjoern\AppData\Local\Blizzard Entertainment
2013-08-21 12:28 - 2013-08-21 12:28 - 01467128 _____ C:\Users\Bjoern\Desktop\SystemCheck_deDE.exe
2013-08-17 15:54 - 2013-08-17 15:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-13 17:39 - 2013-08-13 17:39 - 00000000 ____D C:\Users\Bjoern\AppData\Roaming\Avira
2013-08-13 17:37 - 2013-08-20 11:02 - 00081112 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-08-13 17:36 - 2013-09-04 14:10 - 00105344 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-08-13 17:36 - 2013-08-20 11:02 - 00132088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-08-13 17:36 - 2013-08-13 17:36 - 00001994 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-08-13 17:36 - 2013-08-13 17:10 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-08-13 17:35 - 2013-08-13 17:36 - 00000000 ____D C:\ProgramData\Avira
2013-08-13 17:35 - 2013-08-13 17:35 - 00000000 ____D C:\Program Files (x86)\Avira

==================== One Month Modified Files and Folders =======

2013-09-09 19:25 - 2013-09-09 19:25 - 01949196 _____ (Farbar) C:\Users\Bjoern\Desktop\FRST64.exe
2013-09-09 19:24 - 2012-03-27 02:35 - 00001721 _____ C:\Users\Bjoern\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-09-09 19:24 - 2012-03-27 02:35 - 00001687 _____ C:\Users\Bjoern\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2013-09-09 19:18 - 2013-02-28 14:02 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-09 19:05 - 2012-06-06 21:20 - 00000000 ____D C:\Users\Bjoern\AppData\Roaming\Spotify
2013-09-09 18:41 - 2009-07-14 06:45 - 00021664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-09 18:41 - 2009-07-14 06:45 - 00021664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-09 18:38 - 2013-07-15 17:23 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-09 18:37 - 2012-03-27 02:36 - 02017761 _____ C:\Windows\WindowsUpdate.log
2013-09-09 18:35 - 2013-07-15 17:23 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-09 18:33 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-09 18:33 - 2009-07-14 06:51 - 00069978 _____ C:\Windows\setupact.log
2013-09-09 18:30 - 2013-09-09 17:04 - 00000000 ____D C:\Users\Bjoern\AppData\Local\DProtect
2013-09-09 18:30 - 2010-11-21 05:47 - 00279942 _____ C:\Windows\PFRO.log
2013-09-09 18:28 - 2012-04-23 22:48 - 00000000 ____D C:\ProgramData\Windows
2013-09-09 18:26 - 2013-09-09 18:26 - 00448512 _____ (OldTimer Tools) C:\Users\Bjoern\Desktop\TFC.exe
2013-09-09 17:35 - 2013-09-09 17:35 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-09-09 17:35 - 2013-09-09 17:35 - 00000000 ____D C:\Users\Bjoern\AppData\Roaming\Malwarebytes
2013-09-09 17:35 - 2013-09-09 17:35 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-09 17:35 - 2013-09-09 17:35 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-09 17:33 - 2013-09-09 17:33 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Bjoern\Desktop\mbam-setup-1.75.0.1300.exe
2013-09-09 17:31 - 2013-09-09 17:31 - 02347384 _____ (ESET) C:\Users\Bjoern\Desktop\esetsmartinstaller_enu.exe
2013-09-09 17:31 - 2013-09-09 17:31 - 00000000 ____D C:\Program Files (x86)\ESET
2013-09-09 17:29 - 2013-09-09 17:29 - 00000000 ____D C:\FRST
2013-09-09 17:27 - 2013-09-09 17:26 - 00000000 ____D C:\AdwCleaner
2013-09-09 17:27 - 2013-07-15 17:22 - 00000000 ____D C:\Users\Bjoern\AppData\Roaming\Common
2013-09-09 17:24 - 2013-09-09 17:24 - 00008897 _____ C:\Users\Bjoern\Desktop\JRT.txt
2013-09-09 17:21 - 2013-09-09 17:21 - 01037278 _____ C:\Users\Bjoern\Desktop\adwcleaner.exe
2013-09-09 17:20 - 2013-09-09 17:20 - 00000000 ____D C:\Windows\ERUNT
2013-09-09 17:11 - 2012-03-27 02:34 - 00000000 ___RD C:\Users\Bjoern\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-09 17:10 - 2013-01-05 17:51 - 00000426 _____ C:\Users\Bjoern\Desktop\links.txt
2013-09-05 18:40 - 2011-04-12 09:43 - 00696620 _____ C:\Windows\system32\perfh007.dat
2013-09-05 18:40 - 2011-04-12 09:43 - 00147916 _____ C:\Windows\system32\perfc007.dat
2013-09-05 18:40 - 2009-07-14 07:13 - 01612484 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-04 17:38 - 2013-09-04 17:38 - 681779541 _____ C:\Windows\MEMORY.DMP
2013-09-04 17:38 - 2013-09-04 17:38 - 00274640 _____ C:\Windows\Minidump\090413-14008-01.dmp
2013-09-04 17:38 - 2013-09-04 17:38 - 00000000 ____D C:\Windows\Minidump
2013-09-04 14:10 - 2013-08-13 17:36 - 00105344 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-09-04 08:10 - 2012-03-27 02:34 - 00000000 ____D C:\Users\Bjoern
2013-09-04 01:45 - 2013-08-30 15:51 - 00000000 ____D C:\Users\Bjoern\AppData\Local\Battle.net
2013-09-02 12:20 - 2009-07-14 07:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-08-30 16:17 - 2012-04-23 22:54 - 00000000 ____D C:\Users\Bjoern\AppData\Roaming\DVDVideoSoft
2013-08-30 15:53 - 2013-08-30 15:51 - 00000000 ____D C:\Users\Bjoern\AppData\Roaming\Battle.net
2013-08-30 15:51 - 2013-08-30 15:51 - 00000838 _____ C:\Users\Public\Desktop\Battle.net.lnk
2013-08-30 15:51 - 2013-08-30 15:51 - 00000000 ____D C:\Users\Bjoern\AppData\Local\Blizzard Entertainment
2013-08-27 10:52 - 2012-04-26 17:33 - 00000000 ____D C:\Users\Bjoern\AppData\Local\CrashDumps
2013-08-21 12:28 - 2013-08-21 12:28 - 01467128 _____ C:\Users\Bjoern\Desktop\SystemCheck_deDE.exe
2013-08-20 11:02 - 2013-08-13 17:37 - 00081112 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-08-20 11:02 - 2013-08-13 17:36 - 00132088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-08-20 10:54 - 2012-05-03 11:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-08-17 15:54 - 2013-08-17 15:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-13 17:39 - 2013-08-13 17:39 - 00000000 ____D C:\Users\Bjoern\AppData\Roaming\Avira
2013-08-13 17:36 - 2013-08-13 17:36 - 00001994 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-08-13 17:36 - 2013-08-13 17:35 - 00000000 ____D C:\ProgramData\Avira
2013-08-13 17:35 - 2013-08-13 17:35 - 00000000 ____D C:\Program Files (x86)\Avira
2013-08-13 17:10 - 2013-08-13 17:36 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-08-12 10:01

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---

--- --- ---

--- --- ---

--- --- ---

Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-09-2013 01
Ran by Bjoern at 2013-09-09 19:26:02
Running from C:\Users\Bjoern\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

 
7-Zip 9.20 (x32)
Acrobat.com (x32 Version: 0.0.0)
Acrobat.com (x32 Version: 1.1.377)
Adobe AIR (x32 Version: 3.4.0.2710)
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94)
Adobe Reader X (10.1.7) - Deutsch (x32 Version: 10.1.7)
AMD APP SDK Runtime (Version: 2.4.650.9)
Apple Application Support (x32 Version: 2.1.7)
Apple Mobile Device Support (Version: 5.1.1.4)
Apple Software Update (x32 Version: 2.1.3.127)
appsmaker DataRescue (x32)
ASRock eXtreme Tuner v0.1.27 (x32)
ASRock InstantBoot v1.26 (x32)
ASUS VGA Driver (x32 Version: 3.0.0.1)
ATI AVIVO64 Codecs (Version: 11.6.0.51125)
ATI Catalyst Install Manager (Version: 3.0.829.0)
Avira Free Antivirus (x32 Version: 13.0.0.4052)
Battle.net (x32)
Battlefield 3™ (x32 Version: 1.0.0.0)
Battlelog Web Plugins (x32 Version: 2.1.7)
Belkin N+ Wireless USB Adapter (x32 Version: 2.00.11)
Blacklight: Retribution (x32)
Bonjour (Version: 3.0.0.10)
Call of Duty: Black Ops - Multiplayer (x32)
Call of Duty: Black Ops II - Multiplayer (x32)
Call of Duty: Black Ops II - Zombies (x32)
Call of Duty: Black Ops II (x32)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center (x32 Version: 2011.0524.2352.41027)
Catalyst Control Center InstallProxy (x32 Version: 2011.0524.2352.41027)
Catalyst Control Center Localization All (x32 Version: 2011.0524.2352.41027)
Catalyst Control Center Profiles Desktop (x32 Version: 2011.0524.2352.41027)
CCC Help Chinese Standard (x32 Version: 2011.0524.2351.41027)
CCC Help Chinese Traditional (x32 Version: 2011.0524.2351.41027)
CCC Help Czech (x32 Version: 2011.0524.2351.41027)
CCC Help Danish (x32 Version: 2011.0524.2351.41027)
CCC Help Dutch (x32 Version: 2011.0524.2351.41027)
CCC Help English (x32 Version: 2011.0524.2351.41027)
CCC Help Finnish (x32 Version: 2011.0524.2351.41027)
CCC Help French (x32 Version: 2011.0524.2351.41027)
CCC Help German (x32 Version: 2011.0524.2351.41027)
CCC Help Greek (x32 Version: 2011.0524.2351.41027)
CCC Help Hungarian (x32 Version: 2011.0524.2351.41027)
CCC Help Italian (x32 Version: 2011.0524.2351.41027)
CCC Help Japanese (x32 Version: 2011.0524.2351.41027)
CCC Help Korean (x32 Version: 2011.0524.2351.41027)
CCC Help Norwegian (x32 Version: 2011.0524.2351.41027)
CCC Help Polish (x32 Version: 2011.0524.2351.41027)
CCC Help Portuguese (x32 Version: 2011.0524.2351.41027)
CCC Help Russian (x32 Version: 2011.0524.2351.41027)
CCC Help Spanish (x32 Version: 2011.0524.2351.41027)
CCC Help Swedish (x32 Version: 2011.0524.2351.41027)
CCC Help Thai (x32 Version: 2011.0524.2351.41027)
CCC Help Turkish (x32 Version: 2011.0524.2351.41027)
ccc-utility64 (Version: 2011.0524.2352.41027)
Counter-Strike (x32)
Counter-Strike: Global Offensive Beta (x32)
Dead Island (x32)
devolo dLAN Cockpit (x32 Version: 3.2.0.0)
Diablo III (x32 Version: 1.0.8.16603)
Dishonored (x32 Version: 1.0)
dLAN Cockpit (x32 Version: 3.2.28)
DProtect (x32)
Enterprise Dynamics Developer 8.2.5.1153 1940 (x32)
ESET Online Scanner v3 (x32)
ESN Sonar (x32 Version: 0.70.4)
Etron USB3.0 Host Controller (x32 Version: 0.96)
Google Chrome Frame (x32 Version: 65.119.72)
Google Update Helper (x32 Version: 1.3.21.153)
HydraVision (x32 Version: 4.2.206.0)
Intel(R) Management Engine Components (x32 Version: 7.0.0.1144)
iTunes (Version: 10.6.1.7)
League of Legends (x32 Version: 1.02.0000)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Medal of Honor™ Warfighter (x32 Version: 1.0.0.3)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (x32 Version: 9.0.30411)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
MiKTeX 2.9 (HKCU Version: 2.9)
Mozilla Firefox 23.0.1 (x86 de) (x32 Version: 23.0.1)
Mozilla Maintenance Service (x32 Version: 23.0.1)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
Nero 10 Movie ThemePack Basic (x32 Version: 10.0.10600.6.0)
Nero BurnRights 10 (x32 Version: 4.0.11300.14.100)
Nero BurnRights 10 Help (CHM) (x32 Version: 1.0.10900)
Nero Control Center 10 (x32 Version: 10.0.12900.2.6)
Nero ControlCenter 10 Help (CHM) (x32 Version: 1.0.10900)
Nero Core Components 10 (x32 Version: 2.0.16800.7.15)
Nero CoverDesigner 10 (x32 Version: 5.0.11200.16.100)
Nero CoverDesigner 10 Help (CHM) (x32 Version: 1.0.10900)
Nero DiscSpeed 10 (x32 Version: 6.0.11400.18.100)
Nero DiscSpeed 10 Help (CHM) (x32 Version: 1.0.10900)
Nero Express 10 (x32 Version: 10.0.12300.23.100)
Nero Express 10 Help (CHM) (x32 Version: 1.0.10900)
Nero InfoTool 10 (x32 Version: 7.0.11400.15.100)
Nero InfoTool 10 Help (CHM) (x32 Version: 1.0.10900)
Nero MediaHub 10 (x32 Version: 1.0.14800.28.100)
Nero MediaHub 10 Help (CHM) (x32 Version: 1.0.10900)
Nero Multimedia Suite 10 Essentials (x32 Version: 10.0.10300)
Nero StartSmart 10 (x32 Version: 10.0.12600.30.100)
Nero StartSmart 10 Help (CHM) (x32 Version: 1.0.10900)
Nero Update (x32 Version: 1.0.0018)
NVIDIA PhysX (x32 Version: 9.10.0513)
Open Broadcaster Software (x32)
OpenOffice.org 3.4 (x32 Version: 3.4.9590)
Origin (x32 Version: 8.5.0.4554)
PunkBuster Services (x32 Version: 0.991)
Quake Live Mozilla Plugin (x32 Version: 1.0.520)
Razer DeathAdder(TM) Mouse (x32 Version: 5.01)
Realtek Ethernet Controller Driver For Windows 7 (x32 Version: 7.23.623.2010)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6167)
Resident Evil 6 / Biohazard 6 (x32)
rosoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Skype™ 5.10 (x32 Version: 5.10.115)
Sound Blaster X-Fi MB (x32 Version: 1.0)
Spotify (HKCU Version: 0.8.5.1333.g822e0de8)
Steam (x32 Version: 1.0.0.0)
TeamSpeak 3 Client (Version: 3.0.10.1)
World of Warcraft (x32)
XFastUsb (x32)

==================== Restore Points  =========================

14-07-2013 09:49:27 Geplanter Prüfpunkt
17-07-2013 17:05:06 DirectX wurde installiert
24-07-2013 10:19:55 Removed Google Chrome Frame
01-08-2013 00:00:46 Geplanter Prüfpunkt
12-08-2013 08:08:43 Geplanter Prüfpunkt
19-08-2013 13:45:23 Geplanter Prüfpunkt

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {044A6734-E90E-4F8F-B357-B2DC8AB3B5EC} - System32\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime => Sc.exe start w32time task_started
Task: {2ACD2C21-D0E0-43C0-823E-614B956D86F6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-15] (Google Inc.)
Task: {576B3890-68E2-4C83-8A80-83DB3488CAFE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-15] (Google Inc.)
Task: {7A3891E2-2D56-4D6B-BD69-43A629AE753C} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation)
Task: {F82C0E1B-BEC8-4298-BFCE-350ABA567C76} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-11] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2011-05-24 22:48 - 2011-05-24 22:48 - 00242176 _____ (AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDMH64.dll
2012-03-27 02:50 - 2009-02-26 12:08 - 00017920 ____N (Creative Technology Ltd.) C:\Windows\system32\AmbRunE.dll
2012-03-27 02:44 - 2010-07-28 12:26 - 00149608 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2012-03-27 02:44 - 2010-07-28 12:25 - 02618984 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkAPO64.dll
2011-05-24 23:47 - 2011-05-24 23:47 - 00290816 _____ (Advanced Mirco Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Graphics.Runtime.dll
2011-05-24 23:47 - 2011-05-24 23:47 - 00167936 _____ (Advanced Mirco Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Graphics.Shared.dll
2009-01-20 13:51 - 2009-01-20 13:51 - 00007168 _____ ( ) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atixclib.dll
2011-03-14 14:20 - 2011-03-14 14:20 - 00430080 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2011-03-14 14:20 - 2011-03-14 14:20 - 00032768 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\BrandingResources.dll
2011-05-24 23:51 - 2011-05-24 23:51 - 00027648 _____ (Advanced Mirco Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.AMDHome.Graphics.Dashboard.dll
2011-05-24 23:50 - 2011-05-24 23:50 - 00243712 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2013-09-09 17:04 - 2013-09-09 17:04 - 00506944 _____ () C:\Users\Bjoern\AppData\Local\DProtect\eBP.dll
2013-09-09 17:04 - 2013-09-09 17:04 - 00062016 _____ () C:\Users\Bjoern\AppData\Local\DProtect\eBPSD.dll
2011-05-24 22:48 - 2011-05-24 22:48 - 00217088 _____ (AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDMH.dll
2011-05-24 22:47 - 2011-05-24 22:47 - 00094208 _____ (AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDeu.dll
2013-09-09 18:35 - 2013-09-09 18:35 - 00697884 _____ () C:\Users\Bjoern\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001.dir.0000\~df394b.tmp
2013-09-09 18:35 - 2013-09-09 18:35 - 00592896 _____ () C:\Users\Bjoern\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001.dir.0000\~de6248.tmp
2012-03-27 02:50 - 2008-01-11 10:10 - 00065536 ____N (Creative Technology Ltd) C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\CTAudSeu.dll
2012-03-27 02:50 - 2009-02-23 11:41 - 00413696 ____N (Creative Technology Ltd) C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\CTAudEp.dll
2012-03-27 02:50 - 2005-01-06 17:26 - 00053248 ____N (Creative Technology Ltd) C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\CTIniFu.dll
2012-03-27 02:50 - 2009-01-06 09:44 - 00077824 ____N (Creative Technology Ltd) C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanel.crl
2012-03-27 02:49 - 2009-03-18 16:00 - 00151552 ____N (Creative Technology Ltd) C:\Program Files (x86)\Creative\ShareDLL\CADI\CTCadiEP.dll
2012-03-27 02:50 - 2009-02-06 18:52 - 00073728 _____ () C:\Windows\SysWOW64\CmdRtr.DLL
2012-03-27 02:50 - 2009-04-20 11:55 - 00148480 _____ () C:\Windows\SysWOW64\APOMngr.DLL
2012-03-27 02:50 - 2009-02-03 13:52 - 00102400 _____ (Creative Technology Ltd) C:\Windows\SysWow64\cttele32.dll
2012-03-27 02:44 - 2009-11-18 01:13 - 00531032 _____ (Creative Technology Ltd.) C:\Windows\SysWow64\MBAPO32.DLL
2012-03-27 02:49 - 2008-05-02 17:37 - 00163840 ____N (Creative Technology Ltd) C:\Program Files (x86)\Creative\ShareDLL\CADI\ctcadi.dll
2012-03-27 02:50 - 2007-03-07 14:07 - 00176128 ____N (Creative Technology Ltd) C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\CTThemeU.dll
2012-03-27 02:50 - 2005-11-23 10:28 - 00040960 ____N (Creative Technology Ltd.) C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\CtrlSrcU.dll
2012-03-27 02:50 - 2006-03-31 17:26 - 00335872 ____N (Creative Technology Ltd) C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\GDICtrl.sku
2012-03-27 02:50 - 2007-03-07 14:56 - 00151552 ____N (Creative Technology Ltd) C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\GDICtrl2.sku
2012-03-27 02:50 - 2006-05-04 17:11 - 00110592 ____N (Creative Technology Ltd) C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\GDICtrl3.sku
2012-03-27 02:50 - 2006-03-28 16:21 - 00114757 ____N (Creative Technology Ltd) C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\RtxCtrl.sku
2012-03-27 02:49 - 2009-04-16 14:59 - 00442368 ____N (Creative Technology Ltd) C:\Program Files (x86)\Creative\ShareDLL\CADI\CTRice.dll
2012-03-27 05:09 - 2012-03-27 05:09 - 00156520 _____ (Apple Inc.) D:\Program Files (x86)\iTunes\iTunesHelper.dll
2012-02-20 21:28 - 2012-02-20 21:28 - 00053608 _____ (Open Source Software community project) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\pthreadVC2.dll
2012-03-27 05:55 - 2012-03-27 05:55 - 00050024 _____ (Apple Inc.) D:\Program Files (x86)\iTunes\iTunesHelper.Resources\de.lproj\iTunesHelperLocalized.DLL
2012-03-27 05:09 - 2012-03-27 05:09 - 00048488 _____ (Apple Inc.) D:\Program Files (x86)\iTunes\iTunesHelper.Resources\iTunesHelper.DLL
2012-02-20 21:29 - 2012-02-20 21:29 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-02-20 21:28 - 2012-02-20 21:28 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-08-30 23:05 - 2011-08-30 23:05 - 00085864 _____ (Apple Inc.) C:\Windows\system32\dnssd.dll
2013-08-13 17:36 - 2013-08-20 11:01 - 00055352 _____ (Avira Operations GmbH & Co. KG) c:\program files (x86)\avira\antivir desktop\cfglib.dll
2013-08-13 17:36 - 2013-08-20 11:02 - 00349752 _____ (Avira Operations GmbH & Co. KG) c:\program files (x86)\avira\antivir desktop\ccguard.dll
2013-08-13 17:36 - 2013-08-20 11:02 - 00029240 _____ (Avira Operations GmbH & Co. KG) c:\program files (x86)\avira\antivir desktop\ccgrdrc.dll
2013-08-13 17:36 - 2013-08-20 11:02 - 00229432 _____ (Avira Operations GmbH & Co. KG) c:\program files (x86)\avira\antivir desktop\ccgrdw.dll
2013-08-13 17:36 - 2013-08-20 11:02 - 00218168 _____ (Avira Operations GmbH & Co. KG) c:\program files (x86)\avira\antivir desktop\gpipc.dll
2013-08-13 17:36 - 2013-08-20 11:02 - 00419384 _____ (Avira Operations GmbH & Co. KG) c:\program files (x86)\avira\antivir desktop\ccwgrd.dll
2013-08-13 17:36 - 2013-08-20 11:02 - 00807992 _____ (Avira Operations GmbH & Co. KG) c:\program files (x86)\avira\antivir desktop\ccgen.dll
2013-08-13 17:36 - 2013-08-20 11:02 - 00049720 _____ (Avira Operations GmbH & Co. KG) c:\program files (x86)\avira\antivir desktop\ccgenrc.dll
2013-08-13 17:36 - 2013-08-20 11:02 - 00220216 _____ (Avira Operations GmbH & Co. KG) c:\program files (x86)\avira\antivir desktop\ccupdate.dll
2013-08-13 17:36 - 2013-08-20 11:02 - 00028728 _____ (Avira Operations GmbH & Co. KG) c:\program files (x86)\avira\antivir desktop\ccupdrc.dll
2013-08-13 17:36 - 2013-08-20 11:02 - 00083000 _____ (Avira Operations GmbH & Co. KG) c:\program files (x86)\avira\antivir desktop\cclic.dll
2013-08-13 17:36 - 2013-08-20 11:02 - 00009784 _____ (Avira Operations GmbH & Co. KG) c:\program files (x86)\avira\antivir desktop\cclicrc.dll
2013-08-13 17:36 - 2013-08-20 11:02 - 00237624 _____ (Avira Operations GmbH & Co. KG) c:\program files (x86)\avira\antivir desktop\ccmsg.dll
2013-08-13 17:36 - 2013-08-20 11:02 - 00010296 _____ (Avira Operations GmbH & Co. KG) c:\program files (x86)\avira\antivir desktop\ccmsgrc.dll
2013-08-13 17:36 - 2013-08-20 11:02 - 00014392 _____ (Avira Operations GmbH & Co. KG) c:\program files (x86)\avira\antivir desktop\ccmainrc.dll
2012-03-27 03:50 - 2009-09-01 09:48 - 00249856 _____ (Razer, Inc.) C:\Program Files (x86)\Razer\DeathAdder\razerlan.dll
2013-08-17 15:54 - 2013-08-17 15:54 - 03551640 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) ==========



==================== Faulty Device Manager Devices =============

Name: Netzwerkcontroller
Description: Netzwerkcontroller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/09/2013 06:35:45 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/09/2013 06:32:34 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/09/2013 06:06:45 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (09/09/2013 05:31:56 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/09/2013 05:31:50 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/09/2013 05:31:50 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/09/2013 05:31:48 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/09/2013 05:31:48 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/09/2013 05:30:00 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (09/09/2013 06:35:00 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (09/09/2013 06:33:19 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (09/09/2013 06:31:52 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (09/09/2013 06:31:39 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "DPService" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10 Millisekunden durchgeführt: Neustart des Diensts.

Error: (09/09/2013 06:29:58 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (09/09/2013 05:29:19 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (09/09/2013 05:27:39 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}


Microsoft Office Sessions:
=========================
Error: (09/09/2013 06:35:45 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/09/2013 06:32:34 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/09/2013 06:06:45 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestD:\downloads\SoftonicDownloader_fuer_geogebra.exe

Error: (09/09/2013 05:31:56 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Bjoern\Desktop\esetsmartinstaller_enu.exe

Error: (09/09/2013 05:31:50 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Bjoern\Desktop\esetsmartinstaller_enu.exe

Error: (09/09/2013 05:31:50 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Bjoern\Desktop\esetsmartinstaller_enu.exe

Error: (09/09/2013 05:31:48 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Bjoern\Desktop\esetsmartinstaller_enu.exe

Error: (09/09/2013 05:31:48 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Bjoern\Desktop\esetsmartinstaller_enu.exe

Error: (09/09/2013 05:30:00 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info ===========================

Percentage of memory in use: 16%
Total physical RAM: 16366.7 MB
Available physical RAM: 13741.14 MB
Total Pagefile: 32731.59 MB
Available Pagefile: 29889.82 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:196.13 GB) (Free:130.64 GB) NTFS
Drive d: () (Fixed) (Total:269.53 GB) (Free:86.45 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 38C1CEC9)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=196 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=270 GB) - (Type=07 NTFS)

==================== End Of Log ============================
sry nochmal :/ hab mich bei den txt datein geirrt

hoffe es stimmt jetzt alles?

schrauber 10.09.2013 06:53
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

bjo 10.09.2013 18:12
malwarebytes :
Code:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.09.10.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Bjoern :: [Administrator]

10.09.2013 14:47:35
mbam-log-2013-09-10 (14-47-35).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 462631
Laufzeit: 38 Minute(n), 27 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
adwcleaner :
Code:
# AdwCleaner v3.003 - Bericht erstellt am 10/09/2013 um 15:30:23
# Updated 07/09/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername :
# Gestartet von : C:\Users\Bjoern\Desktop\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Datei Gelöscht : C:\Users\Bjoern\AppData\Roaming\Mozilla\Firefox\Profiles\n4l6st3n.default\foxydeal.sqlite

***** [ Verknüpfungen ] *****

Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
Verknüpfung Desinfiziert : C:\Users\Bjoern\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
Verknüpfung Desinfiziert : C:\Users\Bjoern\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Verknüpfung Desinfiziert : C:\Users\Bjoern\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Verknüpfung Desinfiziert : C:\Users\Bjoern\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Verknüpfung Desinfiziert : C:\Users\Bjoern\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk

***** [ Registrierungsdatenbank ] *****

Daten Wiederhergestellt : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Daten Wiederhergestellt : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command

***** [ Browser ] *****

-\\ Internet Explorer v9.0.8112.16490


-\\ Mozilla Firefox v23.0.1 (de)

[ Datei : C:\Users\Bjoern\AppData\Roaming\Mozilla\Firefox\Profiles\n4l6st3n.default\prefs.js ]

Zeile gelöscht : user_pref("browser.newtab.url", "hxxp://www.qvo6.com/?utm_source=b&utm_medium=vtt&utm_campaign=eXQ&utm_content=hp&from=vtt&uid=SAMSUNGXHD502HJ_S20BJ90BA15712&ts=1378817181");
Zeile gelöscht : user_pref("browser.search.defaultenginename", "qvo6");
Zeile gelöscht : user_pref("browser.search.order.1", "qvo6");
Zeile gelöscht : user_pref("browser.search.selectedEngine", "qvo6");
Zeile gelöscht : user_pref("browser.startup.homepage", "hxxp://www.qvo6.com/?utm_source=b&utm_medium=vtt&utm_campaign=eXQ&utm_content=hp&from=vtt&uid=SAMSUNGXHD502HJ_S20BJ90BA15712&ts=1378817181");

*************************

AdwCleaner[R0].txt - [2928 octets] - [09/09/2013 17:26:14]
AdwCleaner[R1].txt - [3872 octets] - [10/09/2013 15:29:08]
AdwCleaner[S0].txt - [2602 octets] - [09/09/2013 17:27:15]
AdwCleaner[S1].txt - [2566 octets] - [10/09/2013 15:30:23]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [2626 octets] ##########
JRT :
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.5.9 (09.07.2013:1)
OS: Windows 7 Home Premium x64
Ran by Bjoern on 10.09.2013 at 15:37:41,23
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs



~~~ Registry Keys



~~~ Files

Successfully disinfected: [Shortcut] C:\Users\Bjoern\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Successfully disinfected: [Shortcut] C:\Users\Bjoern\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk
Successfully disinfected: [Shortcut] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
Successfully disinfected: [Shortcut] C:\Users\Bjoern\AppData\Roaming\microsoft\windows\start menu\Programs\Internet Explorer (64-bit).lnk
Successfully disinfected: [Shortcut] C:\Users\Bjoern\AppData\Roaming\microsoft\windows\start menu\Programs\Internet Explorer.lnk
Successfully disinfected: [Shortcut] C:\Users\Bjoern\AppData\Roaming\microsoft\windows\start menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk



~~~ Folders



~~~ FireFox

Successfully deleted the following from C:\Users\Bjoern\AppData\Roaming\mozilla\firefox\profiles\n4l6st3n.default\prefs.js

user_pref("browser.newtab.url", "hxxp://www.qvo6.com/?utm_source=b&utm_medium=vtt&utm_campaign=eXQ&utm_content=hp&from=vtt&uid=SAMSUNGXHD502HJ_S20BJ90BA15712&ts=1378820034");
user_pref("browser.search.defaultenginename", "qvo6");
user_pref("browser.search.order.1", "qvo6");
user_pref("browser.search.selectedEngine", "qvo6");
user_pref("browser.startup.homepage", "hxxp://www.qvo6.com/?utm_source=b&utm_medium=vtt&utm_campaign=eXQ&utm_content=hp&from=vtt&uid=SAMSUNGXHD502HJ_S20BJ90BA15712&ts=13788200
Emptied folder: C:\Users\Bjoern\AppData\Roaming\mozilla\firefox\profiles\n4l6st3n.default\minidumps [1 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 10.09.2013 at 15:41:36,66
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST :

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-09-2013 01
Ran by Bjoern (administrator) on 10-09-2013 17:14:50
Running from C:\Users\Bjoern\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(Woodtale Technology Inc) C:\Users\Bjoern\AppData\Local\DProtect\DProtectSvc.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(devolo AG) C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Windows\SysWOW64\PnkBstrB.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Spotify Ltd) C:\Users\Bjoern\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(FNet Co., Ltd.) C:\Program Files (x86)\XFastUsb\XFastUsb.exe
(Creative Technology Ltd) C:\Program Files (x86)\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe
() C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
(Apple Inc.) D:\Program Files (x86)\iTunes\iTunesHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Macrovision Europe Ltd.) C:\Users\Bjoern\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001
() C:\Program Files (x86)\Razer\DeathAdder\razertra.exe
(Creative Labs) C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe
(Razer Inc.) C:\Program Files (x86)\Razer\DeathAdder\razerofa.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11101800 2010-07-28] (Realtek Semiconductor)
HKLM\...\Run: [RunDLLEntry] - C:\Windows\system32\RunDLL32.exe C:\Windows\system32\AmbRunE.dll,RunDLLEntry
HKLM\...\Policies\Explorer: [NoActiveDesktop] 1
HKLM\...\Policies\Explorer: [NoActiveDesktopChanges] 1
HKCU\...\Run: [ASRockXTU] - [x]
HKCU\...\Run: [zASRockInstantBoot] - [x]
HKCU\...\Run: [Steam] - D:\games\Steam\steam.exe [1811368 2013-09-06] (Valve Corporation)
HKCU\...\Run: [HydraVisionDesktopManager] - C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [393216 2011-05-24] (AMD)
HKCU\...\Run: [Snoozer] - C:\Users\Bjoern\AppData\Roaming\Snz\Snz.exe [1137764 2013-08-28] ()
HKLM-x32\...\Run: [XFastUsb] - C:\Program Files (x86)\XFastUsb\XFastUsb.exe [4942336 2012-03-27] (FNet Co., Ltd.)
HKLM-x32\...\Run: [CTSyncService] - C:\Program Files (x86)\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe [1233195 2009-07-08] (Creative Technology Ltd)
HKLM-x32\...\Run: [VolPanel] - C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe [241789 2009-05-04] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] - C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [DeathAdder] - C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe [163840 2009-09-22] ()
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-05-24] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [347192 2013-08-20] (Avira Operations GmbH & Co. KG)
AppInit_DLLs-x32: C:\Users\Bjoern\AppData\Local\DProtect\eBP.dll,C:\Users\Bjoern\AppData\Local\DProtect\eBPSD.dll [62016 2013-09-09] ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.qvo6.com/?utm_source=b&utm_medium=vtt&utm_campaign=eXQ&utm_content=hp&from=vtt&uid=SAMSUNGXHD502HJ_S20BJ90BA15712&ts=1378825229
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.qvo6.com/?utm_source=b&utm_medium=vtt&utm_campaign=eXQ&utm_content=hp&from=vtt&uid=SAMSUNGXHD502HJ_S20BJ90BA15712&ts=1378825229
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.qvo6.com/?utm_source=b&utm_medium=vtt&utm_campaign=eXQ&utm_content=hp&from=vtt&uid=SAMSUNGXHD502HJ_S20BJ90BA15712&ts=1378825229
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.qvo6.com/?utm_source=b&utm_medium=vtt&utm_campaign=eXQ&utm_content=hp&from=vtt&uid=SAMSUNGXHD502HJ_S20BJ90BA15712&ts=1378825229
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.qvo6.com/?utm_source=b&utm_medium=vtt&utm_campaign=eXQ&utm_content=hp&from=vtt&uid=SAMSUNGXHD502HJ_S20BJ90BA15712&ts=1378825229
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.qvo6.com/?utm_source=b&utm_medium=vtt&utm_campaign=eXQ&utm_content=hp&from=vtt&uid=SAMSUNGXHD502HJ_S20BJ90BA15712&ts=1378825229
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe hxxp://www.qvo6.com/?utm_source=b&utm_medium=vtt&utm_campaign=eXQ&utm_content=sc&from=vtt&uid=SAMSUNGXHD502HJ_S20BJ90BA15712&ts=1378819889
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=vtt&utm_campaign=eXQ&utm_content=ds&from=vtt&uid=SAMSUNGXHD502HJ_S20BJ90BA15712&ts=1378825228
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=vtt&utm_campaign=eXQ&utm_content=ds&from=vtt&uid=SAMSUNGXHD502HJ_S20BJ90BA15712&ts=1378825228
SearchScopes: HKCU - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=vtt&utm_campaign=eXQ&utm_content=ds&from=vtt&uid=SAMSUNGXHD502HJ_S20BJ90BA15712&ts=1378825228
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=ASRK
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=vtt&utm_campaign=eXQ&utm_content=ds&from=vtt&uid=SAMSUNGXHD502HJ_S20BJ90BA15712&ts=1378825228
BHO-x32: ChromeFrame BHO - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files (x86)\Google\Chrome Frame\Application\29.0.1547.66\npchrome_frame.dll (Google Inc.)
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} -  No File
Handler-x32: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome Frame\Application\29.0.1547.66\npchrome_frame.dll (Google Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Bjoern\AppData\Roaming\Mozilla\Firefox\Profiles\n4l6st3n.default
FF NewTab: hxxp://www.qvo6.com/?utm_source=b&utm_medium=vtt&utm_campaign=eXQ&utm_content=hp&from=vtt&uid=SAMSUNGXHD502HJ_S20BJ90BA15712&ts=1378826043
FF DefaultSearchEngine: qvo6
FF SearchEngineOrder.1: qvo6
FF SelectedSearchEngine: qvo6
FF Homepage: hxxp://www.qvo6.com/?utm_source=b&utm_medium=vtt&utm_campaign=eXQ&utm_content=hp&from=vtt&uid=SAMSUNGXHD502HJ_S20BJ90BA15712&ts=1378826043
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - D:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=1.118.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=2.1.2 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.1.7 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @idsoftware.com/QuakeLive - C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\qvo6.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: ProxTube - Gesperrte YouTube Videos entsperren - C:\Users\Bjoern\AppData\Roaming\Mozilla\Firefox\Profiles\n4l6st3n.default\Extensions\ich@maltegoetz.de
FF Extension: Repto Control - User - C:\Users\Bjoern\AppData\Roaming\Mozilla\Firefox\Profiles\n4l6st3n.default\Extensions\reptocontrol@user
FF Extension: No Name - C:\Users\Bjoern\AppData\Roaming\Mozilla\Firefox\Profiles\n4l6st3n.default\Extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3618C}.xpi
FF Extension: No Name - C:\Users\Bjoern\AppData\Roaming\Mozilla\Firefox\Profiles\n4l6st3n.default\Extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
FF Extension: No Name - C:\Users\Bjoern\AppData\Roaming\Mozilla\Firefox\Profiles\n4l6st3n.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://www.qvo6.com/?utm_source=b&utm_medium=vtt&utm_campaign=eXQ&utm_content=sc&from=vtt&uid=SAMSUNGXHD502HJ_S20BJ90BA15712&ts=1378819889

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-08-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-08-20] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [815160 2013-08-20] (Avira Operations GmbH & Co. KG)
R2 DevoloNetworkService; C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe [3128856 2012-02-28] (devolo AG)
R2 DPService; C:\Users\Bjoern\AppData\Local\DProtect\DProtectSvc.exe [342592 2013-09-09] (Woodtale Technology Inc)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75136 2013-07-29] ()
R2 PnkBstrB; C:\Windows\SysWow64\PnkBstrB.exe [189248 2013-07-29] ()

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105344 2013-09-04] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132088 2013-08-20] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-08-13] (Avira Operations GmbH & Co. KG)
S3 FNETTBOH_305; C:\Windows\System32\drivers\FNETTBOH_305.SYS [31808 2012-03-27] (FNet Co., Ltd.)
R1 FNETURPX; C:\Windows\System32\drivers\FNETURPX.SYS [15936 2012-03-27] (FNet Co., Ltd.)
R2 NPF_devolo; C:\Windows\sysWOW64\drivers\npf_devolo.sys [34048 2012-01-31] (CACE Technologies)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-10 17:10 - 2013-09-10 17:10 - 00000000 ____D C:\Program Files\CCleaner
2013-09-10 17:03 - 2013-09-10 17:09 - 00000000 ____D C:\Users\Bjoern\AppData\Roaming\Wise Registry Cleaner
2013-09-10 15:41 - 2013-09-10 15:41 - 00002509 _____ C:\Users\Bjoern\Desktop\JRT.txt
2013-09-10 15:35 - 2013-09-10 15:35 - 01029490 _____ (Thisisu) C:\Users\Bjoern\Desktop\JRT.exe
2013-09-09 19:26 - 2013-09-09 19:26 - 00029464 _____ C:\Users\Bjoern\Desktop\Addition.txt
2013-09-09 19:25 - 2013-09-09 19:25 - 01949196 _____ (Farbar) C:\Users\Bjoern\Desktop\FRST64.exe
2013-09-09 18:26 - 2013-09-09 18:26 - 00448512 _____ (OldTimer Tools) C:\Users\Bjoern\Desktop\TFC.exe
2013-09-09 17:35 - 2013-09-09 17:35 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-09-09 17:35 - 2013-09-09 17:35 - 00000000 ____D C:\Users\Bjoern\AppData\Roaming\Malwarebytes
2013-09-09 17:35 - 2013-09-09 17:35 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-09 17:35 - 2013-09-09 17:35 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-09 17:35 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-09-09 17:33 - 2013-09-09 17:33 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Bjoern\Desktop\mbam-setup-1.75.0.1300.exe
2013-09-09 17:31 - 2013-09-09 17:31 - 02347384 _____ (ESET) C:\Users\Bjoern\Desktop\esetsmartinstaller_enu.exe
2013-09-09 17:31 - 2013-09-09 17:31 - 00000000 ____D C:\Program Files (x86)\ESET
2013-09-09 17:29 - 2013-09-09 17:29 - 00000000 ____D C:\FRST
2013-09-09 17:26 - 2013-09-10 15:30 - 00000000 ____D C:\AdwCleaner
2013-09-09 17:21 - 2013-09-09 17:21 - 01037278 _____ C:\Users\Bjoern\Desktop\adwcleaner.exe
2013-09-09 17:20 - 2013-09-09 17:20 - 00000000 ____D C:\Windows\ERUNT
2013-09-09 17:04 - 2013-09-09 18:30 - 00000000 ____D C:\Users\Bjoern\AppData\Local\DProtect
2013-09-04 17:38 - 2013-09-04 17:38 - 681779541 _____ C:\Windows\MEMORY.DMP
2013-09-04 17:38 - 2013-09-04 17:38 - 00274640 _____ C:\Windows\Minidump\090413-14008-01.dmp
2013-09-04 17:38 - 2013-09-04 17:38 - 00000000 ____D C:\Windows\Minidump
2013-08-30 15:51 - 2013-09-04 01:45 - 00000000 ____D C:\Users\Bjoern\AppData\Local\Battle.net
2013-08-30 15:51 - 2013-08-30 15:53 - 00000000 ____D C:\Users\Bjoern\AppData\Roaming\Battle.net
2013-08-30 15:51 - 2013-08-30 15:51 - 00000838 _____ C:\Users\Public\Desktop\Battle.net.lnk
2013-08-30 15:51 - 2013-08-30 15:51 - 00000000 ____D C:\Users\Bjoern\AppData\Local\Blizzard Entertainment
2013-08-21 12:28 - 2013-08-21 12:28 - 01467128 _____ C:\Users\Bjoern\Desktop\SystemCheck_deDE.exe
2013-08-17 15:54 - 2013-08-17 15:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-13 17:39 - 2013-08-13 17:39 - 00000000 ____D C:\Users\Bjoern\AppData\Roaming\Avira
2013-08-13 17:37 - 2013-08-20 11:02 - 00081112 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-08-13 17:36 - 2013-09-04 14:10 - 00105344 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-08-13 17:36 - 2013-08-20 11:02 - 00132088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-08-13 17:36 - 2013-08-13 17:36 - 00001994 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-08-13 17:36 - 2013-08-13 17:10 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-08-13 17:35 - 2013-08-13 17:36 - 00000000 ____D C:\ProgramData\Avira
2013-08-13 17:35 - 2013-08-13 17:35 - 00000000 ____D C:\Program Files (x86)\Avira

==================== One Month Modified Files and Folders =======

2013-09-10 17:11 - 2012-03-27 02:35 - 00001450 _____ C:\Users\Bjoern\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-09-10 17:11 - 2012-03-27 02:35 - 00001263 _____ C:\Users\Bjoern\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2013-09-10 17:10 - 2013-09-10 17:10 - 00002774 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2013-09-10 17:10 - 2013-09-10 17:10 - 00000000 ____D C:\Program Files\CCleaner
2013-09-10 17:09 - 2013-09-10 17:03 - 00000000 ____D C:\Users\Bjoern\AppData\Roaming\Wise Registry Cleaner
2013-09-10 16:38 - 2013-07-15 17:23 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-10 16:18 - 2013-02-28 14:02 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-10 15:41 - 2013-09-10 15:41 - 00002509 _____ C:\Users\Bjoern\Desktop\JRT.txt
2013-09-10 15:39 - 2009-07-14 06:45 - 00021664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-10 15:39 - 2009-07-14 06:45 - 00021664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-10 15:35 - 2013-09-10 15:35 - 01029490 _____ (Thisisu) C:\Users\Bjoern\Desktop\JRT.exe
2013-09-10 15:35 - 2012-03-27 02:36 - 02044098 _____ C:\Windows\WindowsUpdate.log
2013-09-10 15:33 - 2013-07-15 17:23 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-10 15:33 - 2012-06-06 21:20 - 00000000 ____D C:\Users\Bjoern\AppData\Roaming\Spotify
2013-09-10 15:31 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-10 15:31 - 2009-07-14 06:51 - 00070090 _____ C:\Windows\setupact.log
2013-09-10 15:30 - 2013-09-09 17:26 - 00000000 ____D C:\AdwCleaner
2013-09-09 19:26 - 2013-09-09 19:26 - 00029464 _____ C:\Users\Bjoern\Desktop\Addition.txt
2013-09-09 19:25 - 2013-09-09 19:25 - 01949196 _____ (Farbar) C:\Users\Bjoern\Desktop\FRST64.exe
2013-09-09 18:30 - 2013-09-09 17:04 - 00000000 ____D C:\Users\Bjoern\AppData\Local\DProtect
2013-09-09 18:30 - 2010-11-21 05:47 - 00279942 _____ C:\Windows\PFRO.log
2013-09-09 18:28 - 2012-04-23 22:48 - 00000000 ____D C:\ProgramData\Windows
2013-09-09 18:26 - 2013-09-09 18:26 - 00448512 _____ (OldTimer Tools) C:\Users\Bjoern\Desktop\TFC.exe
2013-09-09 17:35 - 2013-09-09 17:35 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-09-09 17:35 - 2013-09-09 17:35 - 00000000 ____D C:\Users\Bjoern\AppData\Roaming\Malwarebytes
2013-09-09 17:35 - 2013-09-09 17:35 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-09 17:35 - 2013-09-09 17:35 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-09 17:33 - 2013-09-09 17:33 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Bjoern\Desktop\mbam-setup-1.75.0.1300.exe
2013-09-09 17:31 - 2013-09-09 17:31 - 02347384 _____ (ESET) C:\Users\Bjoern\Desktop\esetsmartinstaller_enu.exe
2013-09-09 17:31 - 2013-09-09 17:31 - 00000000 ____D C:\Program Files (x86)\ESET
2013-09-09 17:29 - 2013-09-09 17:29 - 00000000 ____D C:\FRST
2013-09-09 17:27 - 2013-07-15 17:22 - 00000000 ____D C:\Users\Bjoern\AppData\Roaming\Common
2013-09-09 17:21 - 2013-09-09 17:21 - 01037278 _____ C:\Users\Bjoern\Desktop\adwcleaner.exe
2013-09-09 17:20 - 2013-09-09 17:20 - 00000000 ____D C:\Windows\ERUNT
2013-09-09 17:11 - 2012-03-27 02:34 - 00000000 ___RD C:\Users\Bjoern\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-09 17:10 - 2013-01-05 17:51 - 00000426 _____ C:\Users\Bjoern\Desktop\links.txt
2013-09-05 18:40 - 2011-04-12 09:43 - 00696620 _____ C:\Windows\system32\perfh007.dat
2013-09-05 18:40 - 2011-04-12 09:43 - 00147916 _____ C:\Windows\system32\perfc007.dat
2013-09-05 18:40 - 2009-07-14 07:13 - 01612484 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-04 17:38 - 2013-09-04 17:38 - 681779541 _____ C:\Windows\MEMORY.DMP
2013-09-04 17:38 - 2013-09-04 17:38 - 00274640 _____ C:\Windows\Minidump\090413-14008-01.dmp
2013-09-04 17:38 - 2013-09-04 17:38 - 00000000 ____D C:\Windows\Minidump
2013-09-04 14:10 - 2013-08-13 17:36 - 00105344 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-09-04 08:10 - 2012-03-27 02:34 - 00000000 ____D C:\Users\Bjoern
2013-09-04 01:45 - 2013-08-30 15:51 - 00000000 ____D C:\Users\Bjoern\AppData\Local\Battle.net
2013-09-02 12:20 - 2009-07-14 07:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-08-30 16:17 - 2012-04-23 22:54 - 00000000 ____D C:\Users\Bjoern\AppData\Roaming\DVDVideoSoft
2013-08-30 15:53 - 2013-08-30 15:51 - 00000000 ____D C:\Users\Bjoern\AppData\Roaming\Battle.net
2013-08-30 15:51 - 2013-08-30 15:51 - 00000838 _____ C:\Users\Public\Desktop\Battle.net.lnk
2013-08-30 15:51 - 2013-08-30 15:51 - 00000000 ____D C:\Users\Bjoern\AppData\Local\Blizzard Entertainment
2013-08-27 10:52 - 2012-04-26 17:33 - 00000000 ____D C:\Users\Bjoern\AppData\Local\CrashDumps
2013-08-21 12:28 - 2013-08-21 12:28 - 01467128 _____ C:\Users\Bjoern\Desktop\SystemCheck_deDE.exe
2013-08-20 11:02 - 2013-08-13 17:37 - 00081112 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-08-20 11:02 - 2013-08-13 17:36 - 00132088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-08-20 10:54 - 2012-05-03 11:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-08-17 15:54 - 2013-08-17 15:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-13 17:39 - 2013-08-13 17:39 - 00000000 ____D C:\Users\Bjoern\AppData\Roaming\Avira
2013-08-13 17:36 - 2013-08-13 17:36 - 00001994 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-08-13 17:36 - 2013-08-13 17:35 - 00000000 ____D C:\ProgramData\Avira
2013-08-13 17:35 - 2013-08-13 17:35 - 00000000 ____D C:\Program Files (x86)\Avira
2013-08-13 17:10 - 2013-08-13 17:36 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys

Files to move or delete:
====================
C:\Users\Bjoern\AppData\Local\Temp\Quarantine.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-08-12 10:01

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---

--- --- ---

--- --- ---

--- --- ---

Addition :
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-09-2013 01
Ran by Bjoern at 2013-09-10 17:15:06
Running from C:\Users\Bjoern\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

 
7-Zip 9.20 (x32)
Acrobat.com (x32 Version: 0.0.0)
Acrobat.com (x32 Version: 1.1.377)
Adobe AIR (x32 Version: 3.4.0.2710)
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94)
Adobe Reader X (10.1.7) - Deutsch (x32 Version: 10.1.7)
AMD APP SDK Runtime (Version: 2.4.650.9)
Apple Application Support (x32 Version: 2.1.7)
Apple Mobile Device Support (Version: 5.1.1.4)
Apple Software Update (x32 Version: 2.1.3.127)
appsmaker DataRescue (x32)
ASRock eXtreme Tuner v0.1.27 (x32)
ASRock InstantBoot v1.26 (x32)
ASUS VGA Driver (x32 Version: 3.0.0.1)
ATI AVIVO64 Codecs (Version: 11.6.0.51125)
ATI Catalyst Install Manager (Version: 3.0.829.0)
Avira Free Antivirus (x32 Version: 13.0.0.4052)
Battle.net (x32)
Battlefield 3™ (x32 Version: 1.0.0.0)
Battlelog Web Plugins (x32 Version: 2.1.7)
Belkin N+ Wireless USB Adapter (x32 Version: 2.00.11)
Blacklight: Retribution (x32)
Bonjour (Version: 3.0.0.10)
Call of Duty: Black Ops - Multiplayer (x32)
Call of Duty: Black Ops II - Multiplayer (x32)
Call of Duty: Black Ops II - Zombies (x32)
Call of Duty: Black Ops II (x32)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center (x32 Version: 2011.0524.2352.41027)
Catalyst Control Center InstallProxy (x32 Version: 2011.0524.2352.41027)
Catalyst Control Center Localization All (x32 Version: 2011.0524.2352.41027)
Catalyst Control Center Profiles Desktop (x32 Version: 2011.0524.2352.41027)
CCC Help Chinese Standard (x32 Version: 2011.0524.2351.41027)
CCC Help Chinese Traditional (x32 Version: 2011.0524.2351.41027)
CCC Help Czech (x32 Version: 2011.0524.2351.41027)
CCC Help Danish (x32 Version: 2011.0524.2351.41027)
CCC Help Dutch (x32 Version: 2011.0524.2351.41027)
CCC Help English (x32 Version: 2011.0524.2351.41027)
CCC Help Finnish (x32 Version: 2011.0524.2351.41027)
CCC Help French (x32 Version: 2011.0524.2351.41027)
CCC Help German (x32 Version: 2011.0524.2351.41027)
CCC Help Greek (x32 Version: 2011.0524.2351.41027)
CCC Help Hungarian (x32 Version: 2011.0524.2351.41027)
CCC Help Italian (x32 Version: 2011.0524.2351.41027)
CCC Help Japanese (x32 Version: 2011.0524.2351.41027)
CCC Help Korean (x32 Version: 2011.0524.2351.41027)
CCC Help Norwegian (x32 Version: 2011.0524.2351.41027)
CCC Help Polish (x32 Version: 2011.0524.2351.41027)
CCC Help Portuguese (x32 Version: 2011.0524.2351.41027)
CCC Help Russian (x32 Version: 2011.0524.2351.41027)
CCC Help Spanish (x32 Version: 2011.0524.2351.41027)
CCC Help Swedish (x32 Version: 2011.0524.2351.41027)
CCC Help Thai (x32 Version: 2011.0524.2351.41027)
CCC Help Turkish (x32 Version: 2011.0524.2351.41027)
ccc-utility64 (Version: 2011.0524.2352.41027)
Counter-Strike (x32)
Counter-Strike: Global Offensive Beta (x32)
Dead Island (x32)
devolo dLAN Cockpit (x32 Version: 3.2.0.0)
Diablo III (x32 Version: 1.0.8.16603)
Dishonored (x32 Version: 1.0)
dLAN Cockpit (x32 Version: 3.2.28)
DProtect (x32)
eaner (Version: 4.05)
Enterprise Dynamics Developer 8.2.5.1153 1940 (x32)
ESET Online Scanner v3 (x32)
ESN Sonar (x32 Version: 0.70.4)
Etron USB3.0 Host Controller (x32 Version: 0.96)
Google Chrome Frame (x32 Version: 65.119.72)
Google Update Helper (x32 Version: 1.3.21.153)
HydraVision (x32 Version: 4.2.206.0)
Intel(R) Management Engine Components (x32 Version: 7.0.0.1144)
iTunes (Version: 10.6.1.7)
League of Legends (x32 Version: 1.02.0000)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Medal of Honor™ Warfighter (x32 Version: 1.0.0.3)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (x32 Version: 9.0.30411)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
MiKTeX 2.9 (HKCU Version: 2.9)
Mozilla Firefox 23.0.1 (x86 de) (x32 Version: 23.0.1)
Mozilla Maintenance Service (x32 Version: 23.0.1)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
Nero 10 Movie ThemePack Basic (x32 Version: 10.0.10600.6.0)
Nero BurnRights 10 (x32 Version: 4.0.11300.14.100)
Nero BurnRights 10 Help (CHM) (x32 Version: 1.0.10900)
Nero Control Center 10 (x32 Version: 10.0.12900.2.6)
Nero ControlCenter 10 Help (CHM) (x32 Version: 1.0.10900)
Nero Core Components 10 (x32 Version: 2.0.16800.7.15)
Nero CoverDesigner 10 (x32 Version: 5.0.11200.16.100)
Nero CoverDesigner 10 Help (CHM) (x32 Version: 1.0.10900)
Nero DiscSpeed 10 (x32 Version: 6.0.11400.18.100)
Nero DiscSpeed 10 Help (CHM) (x32 Version: 1.0.10900)
Nero Express 10 (x32 Version: 10.0.12300.23.100)
Nero Express 10 Help (CHM) (x32 Version: 1.0.10900)
Nero InfoTool 10 (x32 Version: 7.0.11400.15.100)
Nero InfoTool 10 Help (CHM) (x32 Version: 1.0.10900)
Nero MediaHub 10 (x32 Version: 1.0.14800.28.100)
Nero MediaHub 10 Help (CHM) (x32 Version: 1.0.10900)
Nero Multimedia Suite 10 Essentials (x32 Version: 10.0.10300)
Nero StartSmart 10 (x32 Version: 10.0.12600.30.100)
Nero StartSmart 10 Help (CHM) (x32 Version: 1.0.10900)
Nero Update (x32 Version: 1.0.0018)
NVIDIA PhysX (x32 Version: 9.10.0513)
Open Broadcaster Software (x32)
OpenOffice.org 3.4 (x32 Version: 3.4.9590)
Origin (x32 Version: 8.5.0.4554)
PunkBuster Services (x32 Version: 0.991)
Quake Live Mozilla Plugin (x32 Version: 1.0.520)
Razer DeathAdder(TM) Mouse (x32 Version: 5.01)
Realtek Ethernet Controller Driver For Windows 7 (x32 Version: 7.23.623.2010)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6167)
Resident Evil 6 / Biohazard 6 (x32)
Skype™ 5.10 (x32 Version: 5.10.115)
Sound Blaster X-Fi MB (x32 Version: 1.0)
Spotify (HKCU Version: 0.8.5.1333.g822e0de8)
Steam (x32 Version: 1.0.0.0)
TeamSpeak 3 Client (Version: 3.0.10.1)
Wise Registry Cleaner 7.84 (x32 Version: 7.84)
World of Warcraft (x32)
XFastUsb (x32)

==================== Restore Points  =========================

14-07-2013 09:49:27 Geplanter Prüfpunkt
17-07-2013 17:05:06 DirectX wurde installiert
24-07-2013 10:19:55 Removed Google Chrome Frame
01-08-2013 00:00:46 Geplanter Prüfpunkt
12-08-2013 08:08:43 Geplanter Prüfpunkt
19-08-2013 13:45:23 Geplanter Prüfpunkt

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {044A6734-E90E-4F8F-B357-B2DC8AB3B5EC} - System32\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime => Sc.exe start w32time task_started
Task: {2ACD2C21-D0E0-43C0-823E-614B956D86F6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-15] (Google Inc.)
Task: {576B3890-68E2-4C83-8A80-83DB3488CAFE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-15] (Google Inc.)
Task: {5E7728EA-06DD-4053-B3C9-960B5CFCEA36} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-08-21] (Piriform Ltd)
Task: {F4EEEAB1-1E3C-44F3-BC4A-9FD88DDDD9BB} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation)
Task: {F82C0E1B-BEC8-4298-BFCE-350ABA567C76} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-11] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2011-05-24 22:48 - 2011-05-24 22:48 - 00242176 _____ (AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDMH64.dll
2012-03-27 02:44 - 2010-07-28 12:26 - 00149608 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2012-03-27 02:44 - 2010-07-28 12:25 - 02618984 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkAPO64.dll
2011-05-24 23:47 - 2011-05-24 23:47 - 00290816 _____ (Advanced Mirco Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Graphics.Runtime.dll
2011-05-24 23:47 - 2011-05-24 23:47 - 00167936 _____ (Advanced Mirco Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Graphics.Shared.dll
2009-01-20 13:51 - 2009-01-20 13:51 - 00007168 _____ ( ) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atixclib.dll
2011-03-14 14:20 - 2011-03-14 14:20 - 00430080 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2011-03-14 14:20 - 2011-03-14 14:20 - 00032768 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\BrandingResources.dll
2011-05-24 23:51 - 2011-05-24 23:51 - 00027648 _____ (Advanced Mirco Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.AMDHome.Graphics.Dashboard.dll
2011-05-24 23:50 - 2011-05-24 23:50 - 00243712 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2013-09-09 17:04 - 2013-09-09 17:04 - 00506944 _____ () C:\Users\Bjoern\AppData\Local\DProtect\eBP.dll
2013-09-09 17:04 - 2013-09-09 17:04 - 00062016 _____ () C:\Users\Bjoern\AppData\Local\DProtect\eBPSD.dll
2011-05-24 22:48 - 2011-05-24 22:48 - 00217088 _____ (AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDMH.dll
2011-05-24 22:47 - 2011-05-24 22:47 - 00094208 _____ (AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDeu.dll
2013-09-10 15:33 - 2013-09-10 15:33 - 00697884 _____ () C:\Users\Bjoern\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001.dir.0000\~df394b.tmp
2013-09-10 15:33 - 2013-09-10 15:33 - 00592896 _____ () C:\Users\Bjoern\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001.dir.0000\~de6248.tmp
2012-03-27 02:50 - 2008-01-11 10:10 - 00065536 ____N (Creative Technology Ltd) C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\CTAudSeu.dll
2012-03-27 02:50 - 2009-02-23 11:41 - 00413696 ____N (Creative Technology Ltd) C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\CTAudEp.dll
2012-03-27 02:50 - 2005-01-06 17:26 - 00053248 ____N (Creative Technology Ltd) C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\CTIniFu.dll
2012-03-27 02:50 - 2009-01-06 09:44 - 00077824 ____N (Creative Technology Ltd) C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanel.crl
2012-03-27 02:49 - 2009-03-18 16:00 - 00151552 ____N (Creative Technology Ltd) C:\Program Files (x86)\Creative\ShareDLL\CADI\CTCadiEP.dll
2012-03-27 02:50 - 2009-02-06 18:52 - 00073728 _____ () C:\Windows\SysWOW64\CmdRtr.DLL
2012-03-27 02:50 - 2009-04-20 11:55 - 00148480 _____ () C:\Windows\SysWOW64\APOMngr.DLL
2012-03-27 02:50 - 2009-02-03 13:52 - 00102400 _____ (Creative Technology Ltd) C:\Windows\SysWow64\cttele32.dll
2012-03-27 02:44 - 2009-11-18 01:13 - 00531032 _____ (Creative Technology Ltd.) C:\Windows\SysWow64\MBAPO32.DLL
2012-03-27 02:49 - 2008-05-02 17:37 - 00163840 ____N (Creative Technology Ltd) C:\Program Files (x86)\Creative\ShareDLL\CADI\ctcadi.dll
2012-03-27 02:50 - 2007-03-07 14:07 - 00176128 ____N (Creative Technology Ltd) C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\CTThemeU.dll
2012-03-27 02:50 - 2005-11-23 10:28 - 00040960 ____N (Creative Technology Ltd.) C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\CtrlSrcU.dll
2012-03-27 02:50 - 2006-03-31 17:26 - 00335872 ____N (Creative Technology Ltd) C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\GDICtrl.sku
2012-03-27 02:50 - 2007-03-07 14:56 - 00151552 ____N (Creative Technology Ltd) C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\GDICtrl2.sku
2012-03-27 02:50 - 2006-05-04 17:11 - 00110592 ____N (Creative Technology Ltd) C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\GDICtrl3.sku
2012-03-27 02:50 - 2006-03-28 16:21 - 00114757 ____N (Creative Technology Ltd) C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\RtxCtrl.sku
2012-03-27 02:49 - 2009-04-16 14:59 - 00442368 ____N (Creative Technology Ltd) C:\Program Files (x86)\Creative\ShareDLL\CADI\CTRice.dll
2012-03-27 05:09 - 2012-03-27 05:09 - 00156520 _____ (Apple Inc.) D:\Program Files (x86)\iTunes\iTunesHelper.dll
2012-02-20 21:28 - 2012-02-20 21:28 - 00053608 _____ (Open Source Software community project) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\pthreadVC2.dll
2012-03-27 05:55 - 2012-03-27 05:55 - 00050024 _____ (Apple Inc.) D:\Program Files (x86)\iTunes\iTunesHelper.Resources\de.lproj\iTunesHelperLocalized.DLL
2012-03-27 05:09 - 2012-03-27 05:09 - 00048488 _____ (Apple Inc.) D:\Program Files (x86)\iTunes\iTunesHelper.Resources\iTunesHelper.DLL
2012-02-20 21:29 - 2012-02-20 21:29 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-02-20 21:28 - 2012-02-20 21:28 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-08-30 23:05 - 2011-08-30 23:05 - 00085864 _____ (Apple Inc.) C:\Windows\system32\dnssd.dll
2013-08-13 17:36 - 2013-08-20 11:01 - 00055352 _____ (Avira Operations GmbH & Co. KG) c:\program files (x86)\avira\antivir desktop\cfglib.dll
2013-08-13 17:36 - 2013-08-20 11:02 - 00349752 _____ (Avira Operations GmbH & Co. KG) c:\program files (x86)\avira\antivir desktop\ccguard.dll
2013-08-13 17:36 - 2013-08-20 11:02 - 00029240 _____ (Avira Operations GmbH & Co. KG) c:\program files (x86)\avira\antivir desktop\ccgrdrc.dll
2013-08-13 17:36 - 2013-08-20 11:02 - 00229432 _____ (Avira Operations GmbH & Co. KG) c:\program files (x86)\avira\antivir desktop\ccgrdw.dll
2013-08-13 17:36 - 2013-08-20 11:02 - 00218168 _____ (Avira Operations GmbH & Co. KG) c:\program files (x86)\avira\antivir desktop\gpipc.dll
2013-08-13 17:36 - 2013-08-20 11:02 - 00419384 _____ (Avira Operations GmbH & Co. KG) c:\program files (x86)\avira\antivir desktop\ccwgrd.dll
2013-08-13 17:36 - 2013-08-20 11:02 - 00807992 _____ (Avira Operations GmbH & Co. KG) c:\program files (x86)\avira\antivir desktop\ccgen.dll
2013-08-13 17:36 - 2013-08-20 11:02 - 00049720 _____ (Avira Operations GmbH & Co. KG) c:\program files (x86)\avira\antivir desktop\ccgenrc.dll
2013-08-13 17:36 - 2013-08-20 11:02 - 00220216 _____ (Avira Operations GmbH & Co. KG) c:\program files (x86)\avira\antivir desktop\ccupdate.dll
2013-08-13 17:36 - 2013-08-20 11:02 - 00028728 _____ (Avira Operations GmbH & Co. KG) c:\program files (x86)\avira\antivir desktop\ccupdrc.dll
2013-08-13 17:36 - 2013-08-20 11:02 - 00083000 _____ (Avira Operations GmbH & Co. KG) c:\program files (x86)\avira\antivir desktop\cclic.dll
2013-08-13 17:36 - 2013-08-20 11:02 - 00009784 _____ (Avira Operations GmbH & Co. KG) c:\program files (x86)\avira\antivir desktop\cclicrc.dll
2013-08-13 17:36 - 2013-08-20 11:02 - 00237624 _____ (Avira Operations GmbH & Co. KG) c:\program files (x86)\avira\antivir desktop\ccmsg.dll
2013-08-13 17:36 - 2013-08-20 11:02 - 00010296 _____ (Avira Operations GmbH & Co. KG) c:\program files (x86)\avira\antivir desktop\ccmsgrc.dll
2013-08-13 17:36 - 2013-08-20 11:02 - 00014392 _____ (Avira Operations GmbH & Co. KG) c:\program files (x86)\avira\antivir desktop\ccmainrc.dll
2012-03-27 03:50 - 2009-09-01 09:48 - 00249856 _____ (Razer, Inc.) C:\Program Files (x86)\Razer\DeathAdder\razerlan.dll
2013-08-17 15:54 - 2013-08-17 15:54 - 03551640 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) ==========



==================== Faulty Device Manager Devices =============

Name: Netzwerkcontroller
Description: Netzwerkcontroller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Percentage of memory in use: 15%
Total physical RAM: 16366.7 MB
Available physical RAM: 13886.34 MB
Total Pagefile: 32731.59 MB
Available Pagefile: 30103.48 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:196.13 GB) (Free:130.39 GB) NTFS
Drive d: () (Fixed) (Total:269.53 GB) (Free:86.42 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 38C1CEC9)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=196 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=270 GB) - (Type=07 NTFS)

==================== End Of Log ============================
also die startseite und auch in der suchmaschinen auswahl, ist es noch vorhanden.
hab auch mal internet explorer geöffnet da besteht das selbe problem :(

hab ein wenig vorgearbeitet hoffe des ist okay
hier der esetlog :
Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=c37a767b096b8842b725c18227e893ab
# engine=15079
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-09-10 04:55:04
# local_time=2013-09-10 06:55:04 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 94 15126 124598724 7913 0
# compatibility_mode=5893 16776573 100 94 3334411 130461954 0 0
# scanned=253470
# found=0
# cleaned=0
# scan_time=2188
hab auch nochmal ein Systemlook durchgeführt mit
:filefind
*qvo6*
:regfind
qvo6

da kam einiges zusammen :/
Code:
SystemLook 30.07.11 by jpshortstuff
Log created at 19:08 on 10/09/2013 by Bjoern
Administrator - Elevation successful

========== filefind ==========

Searching for "*qvo6*"
C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\qvo6.xml        --a---- 733 bytes        [13:42 10/09/2013]        [13:42 10/09/2013] 2BA3E883B1436C2C85A0D000C5D91D12
C:\Users\Bjoern\AppData\Local\Microsoft\Internet Explorer\DOMStore\4Q3BLIDV\www.qvo6[1].xml        --a---- 13 bytes        [15:00 10/09/2013]        [15:00 10/09/2013] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
C:\Users\Bjoern\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6JIBCQ2J\qvo6_com[1].htm        --a---- 11658 bytes        [15:00 10/09/2013]        [15:00 10/09/2013] 95CA037EAB1DFDE8331F2319D226B94D

========== regfind ==========

Searching for "qvo6"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://www.qvo6.com/?utm_source=b&utm_medium=vtt&utm_campaign=eXQ&utm_content=hp&from=vtt&uid=SAMSUNGXHD502HJ_S20BJ90BA15712&ts=1378825229"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="hxxp://www.qvo6.com/?utm_source=b&utm_medium=vtt&utm_campaign=eXQ&utm_content=hp&from=vtt&uid=SAMSUNGXHD502HJ_S20BJ90BA15712&ts=1378825229"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}]
"DisplayName"="qvo6"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}]
"URL"="hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=vtt&utm_campaign=eXQ&utm_content=ds&from=vtt&uid=SAMSUNGXHD502HJ_S20BJ90BA15712&ts=1378825228"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command]
@="C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://www.qvo6.com/?utm_source=b&utm_medium=vtt&utm_campaign=eXQ&utm_content=sc&from=vtt&uid=SAMSUNGXHD502HJ_S20BJ90BA15712&ts=1378819889"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command]
@="C:\Program Files (x86)\Internet Explorer\iexplore.exe hxxp://www.qvo6.com/?utm_source=b&utm_medium=vtt&utm_campaign=eXQ&utm_content=sc&from=vtt&uid=SAMSUNGXHD502HJ_S20BJ90BA15712&ts=1378819889"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN]
"Default_Page_URL"="hxxp://www.qvo6.com/?utm_source=b&utm_medium=vtt&utm_campaign=eXQ&utm_content=hp&from=vtt&uid=SAMSUNGXHD502HJ_S20BJ90BA15712&ts=1378825229"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN]
"Start Page"="hxxp://www.qvo6.com/?utm_source=b&utm_medium=vtt&utm_campaign=eXQ&utm_content=hp&from=vtt&uid=SAMSUNGXHD502HJ_S20BJ90BA15712&ts=1378825229"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\DProtect]
"name"="qvo6"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\DProtect]
"addr"="hxxp://www.qvo6.com/?"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN]
"Default_Page_URL"="hxxp://www.qvo6.com/?utm_source=b&utm_medium=vtt&utm_campaign=eXQ&utm_content=hp&from=vtt&uid=SAMSUNGXHD502HJ_S20BJ90BA15712&ts=1378825229"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN]
"Start Page"="hxxp://www.qvo6.com/?utm_source=b&utm_medium=vtt&utm_campaign=eXQ&utm_content=hp&from=vtt&uid=SAMSUNGXHD502HJ_S20BJ90BA15712&ts=1378825229"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}]
"DisplayName"="qvo6"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}]
"URL"="hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=vtt&utm_campaign=eXQ&utm_content=ds&from=vtt&uid=SAMSUNGXHD502HJ_S20BJ90BA15712&ts=1378825228"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\vtt_ar_qvo6_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\vtt_ar_qvo6_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command]
@="C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://www.qvo6.com/?utm_source=b&utm_medium=vtt&utm_campaign=eXQ&utm_content=sc&from=vtt&uid=SAMSUNGXHD502HJ_S20BJ90BA15712&ts=1378819889"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command]
@="C:\Program Files (x86)\Internet Explorer\iexplore.exe hxxp://www.qvo6.com/?utm_source=b&utm_medium=vtt&utm_campaign=eXQ&utm_content=sc&from=vtt&uid=SAMSUNGXHD502HJ_S20BJ90BA15712&ts=1378819889"
[HKEY_USERS\S-1-5-21-1225557953-2483263610-2332851641-1000\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://www.qvo6.com/?utm_source=b&utm_medium=vtt&utm_campaign=eXQ&utm_content=hp&from=vtt&uid=SAMSUNGXHD502HJ_S20BJ90BA15712&ts=1378825229"
[HKEY_USERS\S-1-5-21-1225557953-2483263610-2332851641-1000\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="hxxp://www.qvo6.com/?utm_source=b&utm_medium=vtt&utm_campaign=eXQ&utm_content=hp&from=vtt&uid=SAMSUNGXHD502HJ_S20BJ90BA15712&ts=1378825229"
[HKEY_USERS\S-1-5-21-1225557953-2483263610-2332851641-1000\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}]
"DisplayName"="qvo6"
[HKEY_USERS\S-1-5-21-1225557953-2483263610-2332851641-1000\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}]
"URL"="hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=vtt&utm_campaign=eXQ&utm_content=ds&from=vtt&uid=SAMSUNGXHD502HJ_S20BJ90BA15712&ts=1378825228"

-= EOF =-

schrauber 10.09.2013 20:11
Nett :)

Firefox deinstallieren, keine Daten behalten, neu installieren.

Setze folgendermassen den Internet Explorer zurück:
  • Öffne den Internet Explorer und gehe zu Extras -> Internetoptionen.
  • Klicke in der Registerkarte Erweitert unter "Internet Explorer-Einstellungen zurücksetzen" auf Zurücksetzen...
  • Klicke im Dialogfeld "Internet Explorer-Einstellungen zurücksetzen" zum Bestätigen auf Zurücksetzen.
(Hier findest du die bebilderte Anleitung.)


dann nochmal testen.

bjo 11.09.2013 13:03
hi schrauber, also habe alles gemacht wie oben von dir beschrieben aber es ist bei beidem browsern noch die startseite qvo6.....
wollte bei mozilla die startseite auf google.com ändern, hab es übernommen browser geschlossen und geöffnet und sofort kam wieder der qvo6 **********dreck :/
glaub der blödsinn sitzt in der reg oder? bzw wie soll ich weiter vorgehen???

hab nochmal systemlook gemacht weis nicht ob das okay war, und nochmal geschaut was drin steht, hat sich leider nichts verändert :/
Code:
SystemLook 30.07.11 by jpshortstuff
Log created at 14:00 on 11/09/2013 by Bjoern
Administrator - Elevation successful

========== filefind ==========

Searching for "*qvo6*"
C:\Users\Bjoern\AppData\Local\Microsoft\Internet Explorer\DOMStore\4Q3BLIDV\www.qvo6[1].xml        --a---- 13 bytes        [15:00 10/09/2013]        [15:00 10/09/2013] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
C:\Users\Bjoern\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\W3AJZH21\qvo6_com[1].htm        --a---- 11658 bytes        [11:50 11/09/2013]        [11:50 11/09/2013] 95CA037EAB1DFDE8331F2319D226B94D
C:\Users\Bjoern\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\2TJH30KN\www.qvo6[1].xml        --a---- 13 bytes        [11:50 11/09/2013]        [11:50 11/09/2013] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5

========== regfind ==========

Searching for "qvo6"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://www.qvo6.com/?utm_source=b&utm_medium=vtt&utm_campaign=eXQ&utm_content=hp&from=vtt&uid=SAMSUNGXHD502HJ_S20BJ90BA15712&ts=1378900445"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="hxxp://www.qvo6.com/?utm_source=b&utm_medium=vtt&utm_campaign=eXQ&utm_content=hp&from=vtt&uid=SAMSUNGXHD502HJ_S20BJ90BA15712&ts=1378900445"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}]
"DisplayName"="qvo6"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}]
"URL"="hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=vtt&utm_campaign=eXQ&utm_content=ds&from=vtt&uid=SAMSUNGXHD502HJ_S20BJ90BA15712&ts=1378900236"
[HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN]
"Start Page"="hxxp://www.qvo6.com/?utm_source=b&utm_medium=vtt&utm_campaign=eXQ&utm_content=hp&from=vtt&uid=SAMSUNGXHD502HJ_S20BJ90BA15712&ts=1378900445"
[HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN]
"Default_Page_URL"="hxxp://www.qvo6.com/?utm_source=b&utm_medium=vtt&utm_campaign=eXQ&utm_content=hp&from=vtt&uid=SAMSUNGXHD502HJ_S20BJ90BA15712&ts=1378900445"
[HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN]
"Start Page"="hxxp://www.qvo6.com/?utm_source=b&utm_medium=vtt&utm_campaign=eXQ&utm_content=hp&from=vtt&uid=SAMSUNGXHD502HJ_S20BJ90BA15712&ts=1378900445"
[HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN]
"Default_Page_URL"="hxxp://www.qvo6.com/?utm_source=b&utm_medium=vtt&utm_campaign=eXQ&utm_content=hp&from=vtt&uid=SAMSUNGXHD502HJ_S20BJ90BA15712&ts=1378900445"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command]
@="C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://www.qvo6.com/?utm_source=b&utm_medium=vtt&utm_campaign=eXQ&utm_content=sc&from=vtt&uid=SAMSUNGXHD502HJ_S20BJ90BA15712&ts=1378900342"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command]
@="C:\Program Files (x86)\Internet Explorer\iexplore.exe hxxp://www.qvo6.com/?utm_source=b&utm_medium=vtt&utm_campaign=eXQ&utm_content=sc&from=vtt&uid=SAMSUNGXHD502HJ_S20BJ90BA15712&ts=1378819889"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN]
"Default_Page_URL"="hxxp://www.qvo6.com/?utm_source=b&utm_medium=vtt&utm_campaign=eXQ&utm_content=hp&from=vtt&uid=SAMSUNGXHD502HJ_S20BJ90BA15712&ts=1378825229"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN]
"Start Page"="hxxp://www.qvo6.com/?utm_source=b&utm_medium=vtt&utm_campaign=eXQ&utm_content=hp&from=vtt&uid=SAMSUNGXHD502HJ_S20BJ90BA15712&ts=1378825229"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\DProtect]
"name"="qvo6"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\DProtect]
"addr"="hxxp://www.qvo6.com/?"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN]
"Default_Page_URL"="hxxp://www.qvo6.com/?utm_source=b&utm_medium=vtt&utm_campaign=eXQ&utm_content=hp&from=vtt&uid=SAMSUNGXHD502HJ_S20BJ90BA15712&ts=1378825229"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN]
"Start Page"="hxxp://www.qvo6.com/?utm_source=b&utm_medium=vtt&utm_campaign=eXQ&utm_content=hp&from=vtt&uid=SAMSUNGXHD502HJ_S20BJ90BA15712&ts=1378825229"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}]
"DisplayName"="qvo6"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}]
"URL"="hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=vtt&utm_campaign=eXQ&utm_content=ds&from=vtt&uid=SAMSUNGXHD502HJ_S20BJ90BA15712&ts=1378825228"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\vtt_ar_qvo6_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\vtt_ar_qvo6_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command]
@="C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://www.qvo6.com/?utm_source=b&utm_medium=vtt&utm_campaign=eXQ&utm_content=sc&from=vtt&uid=SAMSUNGXHD502HJ_S20BJ90BA15712&ts=1378900342"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command]
@="C:\Program Files (x86)\Internet Explorer\iexplore.exe hxxp://www.qvo6.com/?utm_source=b&utm_medium=vtt&utm_campaign=eXQ&utm_content=sc&from=vtt&uid=SAMSUNGXHD502HJ_S20BJ90BA15712&ts=1378819889"
[HKEY_USERS\S-1-5-21-1225557953-2483263610-2332851641-1000\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://www.qvo6.com/?utm_source=b&utm_medium=vtt&utm_campaign=eXQ&utm_content=hp&from=vtt&uid=SAMSUNGXHD502HJ_S20BJ90BA15712&ts=1378900445"
[HKEY_USERS\S-1-5-21-1225557953-2483263610-2332851641-1000\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="hxxp://www.qvo6.com/?utm_source=b&utm_medium=vtt&utm_campaign=eXQ&utm_content=hp&from=vtt&uid=SAMSUNGXHD502HJ_S20BJ90BA15712&ts=1378900445"
[HKEY_USERS\S-1-5-21-1225557953-2483263610-2332851641-1000\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}]
"DisplayName"="qvo6"
[HKEY_USERS\S-1-5-21-1225557953-2483263610-2332851641-1000\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}]
"URL"="hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=vtt&utm_campaign=eXQ&utm_content=ds&from=vtt&uid=SAMSUNGXHD502HJ_S20BJ90BA15712&ts=1378900236"
[HKEY_USERS\S-1-5-21-1225557953-2483263610-2332851641-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN]
"Start Page"="hxxp://www.qvo6.com/?utm_source=b&utm_medium=vtt&utm_campaign=eXQ&utm_content=hp&from=vtt&uid=SAMSUNGXHD502HJ_S20BJ90BA15712&ts=1378900445"
[HKEY_USERS\S-1-5-21-1225557953-2483263610-2332851641-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN]
"Default_Page_URL"="hxxp://www.qvo6.com/?utm_source=b&utm_medium=vtt&utm_campaign=eXQ&utm_content=hp&from=vtt&uid=SAMSUNGXHD502HJ_S20BJ90BA15712&ts=1378900445"
[HKEY_USERS\S-1-5-21-1225557953-2483263610-2332851641-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN]
"Start Page"="hxxp://www.qvo6.com/?utm_source=b&utm_medium=vtt&utm_campaign=eXQ&utm_content=hp&from=vtt&uid=SAMSUNGXHD502HJ_S20BJ90BA15712&ts=1378900445"
[HKEY_USERS\S-1-5-21-1225557953-2483263610-2332851641-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN]
"Default_Page_URL"="hxxp://www.qvo6.com/?utm_source=b&utm_medium=vtt&utm_campaign=eXQ&utm_content=hp&from=vtt&uid=SAMSUNGXHD502HJ_S20BJ90BA15712&ts=1378900445"
[HKEY_USERS\S-1-5-21-1225557953-2483263610-2332851641-1000_Classes\VirtualStore\MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN]
"Start Page"="hxxp://www.qvo6.com/?utm_source=b&utm_medium=vtt&utm_campaign=eXQ&utm_content=hp&from=vtt&uid=SAMSUNGXHD502HJ_S20BJ90BA15712&ts=1378900445"
[HKEY_USERS\S-1-5-21-1225557953-2483263610-2332851641-1000_Classes\VirtualStore\MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN]
"Default_Page_URL"="hxxp://www.qvo6.com/?utm_source=b&utm_medium=vtt&utm_campaign=eXQ&utm_content=hp&from=vtt&uid=SAMSUNGXHD502HJ_S20BJ90BA15712&ts=1378900445"
[HKEY_USERS\S-1-5-21-1225557953-2483263610-2332851641-1000_Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN]
"Start Page"="hxxp://www.qvo6.com/?utm_source=b&utm_medium=vtt&utm_campaign=eXQ&utm_content=hp&from=vtt&uid=SAMSUNGXHD502HJ_S20BJ90BA15712&ts=1378900445"
[HKEY_USERS\S-1-5-21-1225557953-2483263610-2332851641-1000_Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN]
"Default_Page_URL"="hxxp://www.qvo6.com/?utm_source=b&utm_medium=vtt&utm_campaign=eXQ&utm_content=hp&from=vtt&uid=SAMSUNGXHD502HJ_S20BJ90BA15712&ts=1378900445"

-= EOF =-
hab sogar das gefühl das mehr dazu gekommen ist oO

schrauber 11.09.2013 17:10
poste mal ein frisches FRST log.

bjo 11.09.2013 18:12
das frische Frst :

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-09-2013
Ran by Bjoern (administrator) on 11-09-2013 18:42:45
Running from C:\Users\Bjoern\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(Woodtale Technology Inc) C:\Users\Bjoern\AppData\Local\DProtect\DProtectSvc.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(devolo AG) C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Windows\SysWOW64\PnkBstrB.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(FNet Co., Ltd.) C:\Program Files (x86)\XFastUsb\XFastUsb.exe
(Creative Technology Ltd) C:\Program Files (x86)\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe
(Macrovision Europe Ltd.) C:\Users\Bjoern\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001
() C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
(Creative Labs) C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
() C:\Program Files (x86)\Razer\DeathAdder\razertra.exe
(Razer Inc.) C:\Program Files (x86)\Razer\DeathAdder\razerofa.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11101800 2010-07-28] (Realtek Semiconductor)
HKLM\...\Run: [RunDLLEntry] - C:\Windows\system32\RunDLL32.exe C:\Windows\system32\AmbRunE.dll,RunDLLEntry
HKLM\...\Policies\Explorer: [NoActiveDesktop] 1
HKLM\...\Policies\Explorer: [NoActiveDesktopChanges] 1
HKCU\...\Run: [ASRockXTU] - [x]
HKCU\...\Run: [zASRockInstantBoot] - [x]
HKCU\...\Run: [Steam] - D:\games\Steam\steam.exe [1811368 2013-09-06] (Valve Corporation)
HKCU\...\Run: [HydraVisionDesktopManager] - C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [393216 2011-05-24] (AMD)
HKCU\...\Run: [Snoozer] - C:\Users\Bjoern\AppData\Roaming\Snz\Snz.exe [1137764 2013-08-28] ()
HKLM-x32\...\Run: [XFastUsb] - C:\Program Files (x86)\XFastUsb\XFastUsb.exe [4942336 2012-03-27] (FNet Co., Ltd.)
HKLM-x32\...\Run: [CTSyncService] - C:\Program Files (x86)\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe [1233195 2009-07-08] (Creative Technology Ltd)
HKLM-x32\...\Run: [VolPanel] - C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe [241789 2009-05-04] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] - C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [DeathAdder] - C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe [163840 2009-09-22] ()
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-05-24] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [347192 2013-08-20] (Avira Operations GmbH & Co. KG)
AppInit_DLLs-x32: C:\Users\Bjoern\AppData\Local\DProtect\eBP.dll,C:\Users\Bjoern\AppData\Local\DProtect\eBPSD.dll [62016 2013-09-09] ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.qvo6.com/?utm_source=b&utm_medium=vtt&utm_campaign=eXQ&utm_content=hp&from=vtt&uid=SAMSUNGXHD502HJ_S20BJ90BA15712&ts=1378900445
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.qvo6.com/?utm_source=b&utm_medium=vtt&utm_campaign=eXQ&utm_content=hp&from=vtt&uid=SAMSUNGXHD502HJ_S20BJ90BA15712&ts=1378900445
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.qvo6.com/?utm_source=b&utm_medium=vtt&utm_campaign=eXQ&utm_content=hp&from=vtt&uid=SAMSUNGXHD502HJ_S20BJ90BA15712&ts=1378825229
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.qvo6.com/?utm_source=b&utm_medium=vtt&utm_campaign=eXQ&utm_content=hp&from=vtt&uid=SAMSUNGXHD502HJ_S20BJ90BA15712&ts=1378825229
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.qvo6.com/?utm_source=b&utm_medium=vtt&utm_campaign=eXQ&utm_content=hp&from=vtt&uid=SAMSUNGXHD502HJ_S20BJ90BA15712&ts=1378825229
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.qvo6.com/?utm_source=b&utm_medium=vtt&utm_campaign=eXQ&utm_content=hp&from=vtt&uid=SAMSUNGXHD502HJ_S20BJ90BA15712&ts=1378825229
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe hxxp://www.qvo6.com/?utm_source=b&utm_medium=vtt&utm_campaign=eXQ&utm_content=sc&from=vtt&uid=SAMSUNGXHD502HJ_S20BJ90BA15712&ts=1378819889
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=vtt&utm_campaign=eXQ&utm_content=ds&from=vtt&uid=SAMSUNGXHD502HJ_S20BJ90BA15712&ts=1378825228
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=vtt&utm_campaign=eXQ&utm_content=ds&from=vtt&uid=SAMSUNGXHD502HJ_S20BJ90BA15712&ts=1378825228
SearchScopes: HKCU - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=vtt&utm_campaign=eXQ&utm_content=ds&from=vtt&uid=SAMSUNGXHD502HJ_S20BJ90BA15712&ts=1378900236
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=vtt&utm_campaign=eXQ&utm_content=ds&from=vtt&uid=SAMSUNGXHD502HJ_S20BJ90BA15712&ts=1378900236
BHO-x32: ChromeFrame BHO - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files (x86)\Google\Chrome Frame\Application\29.0.1547.66\npchrome_frame.dll (Google Inc.)
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} -  No File
Handler-x32: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome Frame\Application\29.0.1547.66\npchrome_frame.dll (Google Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Bjoern\AppData\Roaming\Mozilla\Firefox\Profiles\7euf8m2j.default
FF Homepage: hxxp://www.qvo6.com/?utm_source=b&utm_medium=vtt&utm_campaign=eXQ&utm_content=hp&from=vtt&uid=SAMSUNGXHD502HJ_S20BJ90BA15712&ts=1378914065
FF NewTab: hxxp://www.qvo6.com/?utm_source=b&utm_medium=vtt&utm_campaign=eXQ&utm_content=hp&from=vtt&uid=SAMSUNGXHD502HJ_S20BJ90BA15712&ts=1378914065
FF DefaultSearchEngine: qvo6
FF SearchEngineOrder.1: qvo6
FF SelectedSearchEngine: qvo6
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - D:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=1.118.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=2.1.2 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.1.7 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @idsoftware.com/QuakeLive - C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://www.qvo6.com/?utm_source=b&utm_medium=vtt&utm_campaign=eXQ&utm_content=sc&from=vtt&uid=SAMSUNGXHD502HJ_S20BJ90BA15712&ts=1378900342

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-08-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-08-20] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [815160 2013-08-20] (Avira Operations GmbH & Co. KG)
R2 DevoloNetworkService; C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe [3128856 2012-02-28] (devolo AG)
R2 DPService; C:\Users\Bjoern\AppData\Local\DProtect\DProtectSvc.exe [342592 2013-09-09] (Woodtale Technology Inc)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75136 2013-07-29] ()
R2 PnkBstrB; C:\Windows\SysWow64\PnkBstrB.exe [189248 2013-07-29] ()

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105344 2013-09-04] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132088 2013-08-20] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-08-13] (Avira Operations GmbH & Co. KG)
S3 FNETTBOH_305; C:\Windows\System32\drivers\FNETTBOH_305.SYS [31808 2012-03-27] (FNet Co., Ltd.)
R1 FNETURPX; C:\Windows\System32\drivers\FNETURPX.SYS [15936 2012-03-27] (FNet Co., Ltd.)
R2 NPF_devolo; C:\Windows\sysWOW64\drivers\npf_devolo.sys [34048 2012-01-31] (CACE Technologies)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-11 17:27 - 2013-09-11 17:27 - 97124766 _____ C:\Windows\SysWOW64\䰙奠
2013-09-11 13:55 - 2013-09-11 13:55 - 00000000 ____D C:\Users\Bjoern\AppData\Roaming\Mozilla
2013-09-11 13:55 - 2013-09-11 13:55 - 00000000 ____D C:\Users\Bjoern\AppData\Local\Mozilla
2013-09-11 13:54 - 2013-09-11 13:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-10 19:08 - 2013-09-11 14:00 - 00017872 _____ C:\Users\Bjoern\Desktop\SystemLook.txt
2013-09-10 19:08 - 2013-09-10 19:08 - 00165376 _____ C:\Users\Bjoern\Desktop\SystemLook_x64.exe
2013-09-10 15:41 - 2013-09-10 15:41 - 00002509 _____ C:\Users\Bjoern\Desktop\JRT.txt
2013-09-10 15:35 - 2013-09-10 15:35 - 01029490 _____ (Thisisu) C:\Users\Bjoern\Desktop\JRT.exe
2013-09-09 19:26 - 2013-09-10 17:15 - 00018205 _____ C:\Users\Bjoern\Desktop\Addition.txt
2013-09-09 18:26 - 2013-09-09 18:26 - 00448512 _____ (OldTimer Tools) C:\Users\Bjoern\Desktop\TFC.exe
2013-09-09 17:35 - 2013-09-09 17:35 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-09-09 17:35 - 2013-09-09 17:35 - 00000000 ____D C:\Users\Bjoern\AppData\Roaming\Malwarebytes
2013-09-09 17:35 - 2013-09-09 17:35 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-09 17:35 - 2013-09-09 17:35 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-09 17:35 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-09-09 17:33 - 2013-09-09 17:33 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Bjoern\Desktop\mbam-setup-1.75.0.1300.exe
2013-09-09 17:29 - 2013-09-09 17:29 - 00000000 ____D C:\FRST
2013-09-09 17:26 - 2013-09-10 15:30 - 00000000 ____D C:\AdwCleaner
2013-09-09 17:21 - 2013-09-09 17:21 - 01037278 _____ C:\Users\Bjoern\Desktop\adwcleaner.exe
2013-09-09 17:20 - 2013-09-09 17:20 - 00000000 ____D C:\Windows\ERUNT
2013-09-09 17:04 - 2013-09-09 18:30 - 00000000 ____D C:\Users\Bjoern\AppData\Local\DProtect
2013-09-04 17:38 - 2013-09-04 17:38 - 681779541 _____ C:\Windows\MEMORY.DMP
2013-09-04 17:38 - 2013-09-04 17:38 - 00274640 _____ C:\Windows\Minidump\090413-14008-01.dmp
2013-09-04 17:38 - 2013-09-04 17:38 - 00000000 ____D C:\Windows\Minidump
2013-08-30 15:51 - 2013-09-04 01:45 - 00000000 ____D C:\Users\Bjoern\AppData\Local\Battle.net
2013-08-30 15:51 - 2013-08-30 15:53 - 00000000 ____D C:\Users\Bjoern\AppData\Roaming\Battle.net
2013-08-30 15:51 - 2013-08-30 15:51 - 00000838 _____ C:\Users\Public\Desktop\Battle.net.lnk
2013-08-30 15:51 - 2013-08-30 15:51 - 00000000 ____D C:\Users\Bjoern\AppData\Local\Blizzard Entertainment
2013-08-21 12:28 - 2013-08-21 12:28 - 01467128 _____ C:\Users\Bjoern\Desktop\SystemCheck_deDE.exe
2013-08-13 17:39 - 2013-08-13 17:39 - 00000000 ____D C:\Users\Bjoern\AppData\Roaming\Avira
2013-08-13 17:37 - 2013-08-20 11:02 - 00081112 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-08-13 17:36 - 2013-09-04 14:10 - 00105344 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-08-13 17:36 - 2013-08-20 11:02 - 00132088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-08-13 17:36 - 2013-08-13 17:36 - 00001994 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-08-13 17:36 - 2013-08-13 17:10 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-08-13 17:35 - 2013-08-13 17:36 - 00000000 ____D C:\ProgramData\Avira
2013-08-13 17:35 - 2013-08-13 17:35 - 00000000 ____D C:\Program Files (x86)\Avira

==================== One Month Modified Files and Folders =======

2013-09-11 18:41 - 2013-09-11 18:41 - 01949408 _____ (Farbar) C:\Users\Bjoern\Desktop\FRST64.exe
2013-09-11 18:39 - 2012-03-27 02:35 - 00001450 _____ C:\Users\Bjoern\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-09-11 18:39 - 2012-03-27 02:35 - 00001263 _____ C:\Users\Bjoern\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2013-09-11 18:38 - 2013-07-15 17:23 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-11 18:18 - 2013-02-28 14:02 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-11 17:27 - 2013-09-11 17:27 - 97124766 _____ C:\Windows\SysWOW64\䰙奠
2013-09-11 16:18 - 2013-02-28 14:02 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-09-11 16:18 - 2012-04-26 18:06 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-11 16:18 - 2012-03-27 05:24 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-11 14:45 - 2012-03-27 02:36 - 01053387 _____ C:\Windows\WindowsUpdate.log
2013-09-11 14:38 - 2013-07-15 17:23 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-11 14:00 - 2013-09-10 19:08 - 00017872 _____ C:\Users\Bjoern\Desktop\SystemLook.txt
2013-09-11 13:59 - 2009-07-14 06:45 - 00021664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-11 13:59 - 2009-07-14 06:45 - 00021664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-11 13:55 - 2013-09-11 13:55 - 00000000 ____D C:\Users\Bjoern\AppData\Roaming\Mozilla
2013-09-11 13:55 - 2013-09-11 13:55 - 00000000 ____D C:\Users\Bjoern\AppData\Local\Mozilla
2013-09-11 13:54 - 2013-09-11 13:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-11 13:52 - 2010-11-21 05:47 - 00281106 _____ C:\Windows\PFRO.log
2013-09-11 13:52 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-11 13:52 - 2009-07-14 06:51 - 00070258 _____ C:\Windows\setupact.log
2013-09-10 19:08 - 2013-09-10 19:08 - 00165376 _____ C:\Users\Bjoern\Desktop\SystemLook_x64.exe
2013-09-10 17:15 - 2013-09-09 19:26 - 00018205 _____ C:\Users\Bjoern\Desktop\Addition.txt
2013-09-10 15:41 - 2013-09-10 15:41 - 00002509 _____ C:\Users\Bjoern\Desktop\JRT.txt
2013-09-10 15:35 - 2013-09-10 15:35 - 01029490 _____ (Thisisu) C:\Users\Bjoern\Desktop\JRT.exe
2013-09-10 15:33 - 2012-06-06 21:20 - 00000000 ____D C:\Users\Bjoern\AppData\Roaming\Spotify
2013-09-10 15:30 - 2013-09-09 17:26 - 00000000 ____D C:\AdwCleaner
2013-09-09 18:30 - 2013-09-09 17:04 - 00000000 ____D C:\Users\Bjoern\AppData\Local\DProtect
2013-09-09 18:28 - 2012-04-23 22:48 - 00000000 ____D C:\ProgramData\Windows
2013-09-09 18:26 - 2013-09-09 18:26 - 00448512 _____ (OldTimer Tools) C:\Users\Bjoern\Desktop\TFC.exe
2013-09-09 17:35 - 2013-09-09 17:35 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-09-09 17:35 - 2013-09-09 17:35 - 00000000 ____D C:\Users\Bjoern\AppData\Roaming\Malwarebytes
2013-09-09 17:35 - 2013-09-09 17:35 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-09 17:35 - 2013-09-09 17:35 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-09 17:33 - 2013-09-09 17:33 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Bjoern\Desktop\mbam-setup-1.75.0.1300.exe
2013-09-09 17:29 - 2013-09-09 17:29 - 00000000 ____D C:\FRST
2013-09-09 17:27 - 2013-07-15 17:22 - 00000000 ____D C:\Users\Bjoern\AppData\Roaming\Common
2013-09-09 17:21 - 2013-09-09 17:21 - 01037278 _____ C:\Users\Bjoern\Desktop\adwcleaner.exe
2013-09-09 17:20 - 2013-09-09 17:20 - 00000000 ____D C:\Windows\ERUNT
2013-09-09 17:11 - 2012-03-27 02:34 - 00000000 ___RD C:\Users\Bjoern\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-09 17:10 - 2013-01-05 17:51 - 00000426 _____ C:\Users\Bjoern\Desktop\links.txt
2013-09-05 18:40 - 2011-04-12 09:43 - 00696620 _____ C:\Windows\system32\perfh007.dat
2013-09-05 18:40 - 2011-04-12 09:43 - 00147916 _____ C:\Windows\system32\perfc007.dat
2013-09-05 18:40 - 2009-07-14 07:13 - 01612484 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-04 17:38 - 2013-09-04 17:38 - 681779541 _____ C:\Windows\MEMORY.DMP
2013-09-04 17:38 - 2013-09-04 17:38 - 00274640 _____ C:\Windows\Minidump\090413-14008-01.dmp
2013-09-04 17:38 - 2013-09-04 17:38 - 00000000 ____D C:\Windows\Minidump
2013-09-04 14:10 - 2013-08-13 17:36 - 00105344 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-09-04 08:10 - 2012-03-27 02:34 - 00000000 ____D C:\Users\Bjoern
2013-09-04 01:45 - 2013-08-30 15:51 - 00000000 ____D C:\Users\Bjoern\AppData\Local\Battle.net
2013-09-02 12:20 - 2009-07-14 07:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-08-30 16:17 - 2012-04-23 22:54 - 00000000 ____D C:\Users\Bjoern\AppData\Roaming\DVDVideoSoft
2013-08-30 15:53 - 2013-08-30 15:51 - 00000000 ____D C:\Users\Bjoern\AppData\Roaming\Battle.net
2013-08-30 15:51 - 2013-08-30 15:51 - 00000838 _____ C:\Users\Public\Desktop\Battle.net.lnk
2013-08-30 15:51 - 2013-08-30 15:51 - 00000000 ____D C:\Users\Bjoern\AppData\Local\Blizzard Entertainment
2013-08-27 10:52 - 2012-04-26 17:33 - 00000000 ____D C:\Users\Bjoern\AppData\Local\CrashDumps
2013-08-21 12:28 - 2013-08-21 12:28 - 01467128 _____ C:\Users\Bjoern\Desktop\SystemCheck_deDE.exe
2013-08-20 11:02 - 2013-08-13 17:37 - 00081112 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-08-20 11:02 - 2013-08-13 17:36 - 00132088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-08-13 17:39 - 2013-08-13 17:39 - 00000000 ____D C:\Users\Bjoern\AppData\Roaming\Avira
2013-08-13 17:36 - 2013-08-13 17:36 - 00001994 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-08-13 17:36 - 2013-08-13 17:35 - 00000000 ____D C:\ProgramData\Avira
2013-08-13 17:35 - 2013-08-13 17:35 - 00000000 ____D C:\Program Files (x86)\Avira
2013-08-13 17:10 - 2013-08-13 17:36 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys

Files to move or delete:
====================
C:\Users\Bjoern\AppData\Local\Temp\Quarantine.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-11 11:44

==================== End Of Log ============================
--- --- ---

--- --- ---


hab auch nochmal ein malwarscan druchgeführt,leider hat er weider was gefunden :(
Code:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.09.11.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Bjoern :: PRIVAT-BL05 [Administrator]

11.09.2013 18:50:02
mbam-log-2013-09-11 (18-50-02).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 317652
Laufzeit: 19 Minute(n), 27 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 4
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (Hijack.StartPage) -> Bösartig: (hxxp://www.qvo6.com/?utm_source=b&utm_medium=vtt&utm_campaign=eXQ&utm_content=hp&from=vtt&uid=SAMSUNGXHD502HJ_S20BJ90BA15712&ts=1378900445) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Default_Page_URL (Hijack.StartPage) -> Bösartig: (hxxp://www.qvo6.com/?utm_source=b&utm_medium=vtt&utm_campaign=eXQ&utm_content=hp&from=vtt&uid=SAMSUNGXHD502HJ_S20BJ90BA15712&ts=1378900445) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Default_Page_URL (Hijack.StartPage) -> Bösartig: (hxxp://www.qvo6.com/?utm_source=b&utm_medium=vtt&utm_campaign=eXQ&utm_content=hp&from=vtt&uid=SAMSUNGXHD502HJ_S20BJ90BA15712&ts=1378825229) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (Hijack.StartPage) -> Bösartig: (hxxp://www.qvo6.com/?utm_source=b&utm_medium=vtt&utm_campaign=eXQ&utm_content=hp&from=vtt&uid=SAMSUNGXHD502HJ_S20BJ90BA15712&ts=1378825229) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

schrauber 12.09.2013 09:08
War der Malwarescan vor oder nach FRST?

bjo 12.09.2013 09:15
der malwarescan war nachdem ich frst durchlaufen hab lassen

schrauber 12.09.2013 11:10
Dann bitte ein frisches FRST log, sonst ist das verfälscht.

bjo 12.09.2013 19:20
frisches FRST :

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-09-2013 02
Ran by Bjoern (administrator)on 12-09-2013 20:16:40
Running from C:\Users\Bjoern\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(Woodtale Technology Inc) C:\Users\Bjoern\AppData\Local\DProtect\DProtectSvc.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(devolo AG) C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Windows\SysWOW64\PnkBstrB.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(FNet Co., Ltd.) C:\Program Files (x86)\XFastUsb\XFastUsb.exe
(Creative Technology Ltd) C:\Program Files (x86)\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe
() C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Macrovision Europe Ltd.) C:\Users\Bjoern\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Creative Labs) C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe
() C:\Program Files (x86)\Razer\DeathAdder\razertra.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Razer Inc.) C:\Program Files (x86)\Razer\DeathAdder\razerofa.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
(Microsoft Corporation) C:\Windows\system32\msiexec.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11101800 2010-07-28] (Realtek Semiconductor)
HKLM\...\Run: [RunDLLEntry] - C:\Windows\system32\RunDLL32.exe C:\Windows\system32\AmbRunE.dll,RunDLLEntry
HKCU\...\Run: [ASRockXTU] - [x]
HKCU\...\Run: [zASRockInstantBoot] - [x]
HKCU\...\Run: [Steam] - D:\games\Steam\steam.exe [1811368 2013-09-06] (Valve Corporation)
HKCU\...\Run: [HydraVisionDesktopManager] - C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [393216 2011-05-24] (AMD)
HKCU\...\Run: [Snoozer] - C:\Users\Bjoern\AppData\Roaming\Snz\Snz.exe [1137764 2013-08-28] ()
HKLM-x32\...\Run: [XFastUsb] - C:\Program Files (x86)\XFastUsb\XFastUsb.exe [4942336 2012-03-27] (FNet Co., Ltd.)
HKLM-x32\...\Run: [CTSyncService] - C:\Program Files (x86)\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe [1233195 2009-07-08] (Creative Technology Ltd)
HKLM-x32\...\Run: [VolPanel] - C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe [241789 2009-05-04] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] - C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [DeathAdder] - C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe [163840 2009-09-22] ()
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-05-24] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [347192 2013-08-20] (Avira Operations GmbH & Co. KG)
AppInit_DLLs-x32: C:\Users\Bjoern\AppData\Local\DProtect\eBP.dll,C:\Users\Bjoern\AppData\Local\DProtect\eBPSD.dll [62016 2013-09-09] ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.qvo6.com/?utm_source=b&utm_medium=vtt&utm_campaign=eXQ&utm_content=hp&from=vtt&uid=SAMSUNGXHD502HJ_S20BJ90BA15712&ts=1378825229
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.qvo6.com/?utm_source=b&utm_medium=vtt&utm_campaign=eXQ&utm_content=hp&from=vtt&uid=SAMSUNGXHD502HJ_S20BJ90BA15712&ts=1378825229
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe hxxp://www.qvo6.com/?utm_source=b&utm_medium=vtt&utm_campaign=eXQ&utm_content=sc&from=vtt&uid=SAMSUNGXHD502HJ_S20BJ90BA15712&ts=1378819889
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=vtt&utm_campaign=eXQ&utm_content=ds&from=vtt&uid=SAMSUNGXHD502HJ_S20BJ90BA15712&ts=1378825228
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=vtt&utm_campaign=eXQ&utm_content=ds&from=vtt&uid=SAMSUNGXHD502HJ_S20BJ90BA15712&ts=1378825228
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=vtt&utm_campaign=eXQ&utm_content=ds&from=vtt&uid=SAMSUNGXHD502HJ_S20BJ90BA15712&ts=1378919684
BHO-x32: ChromeFrame BHO - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files (x86)\Google\Chrome Frame\Application\29.0.1547.66\npchrome_frame.dll (Google Inc.)
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} -  No File
Handler-x32: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome Frame\Application\29.0.1547.66\npchrome_frame.dll (Google Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Bjoern\AppData\Roaming\Mozilla\Firefox\Profiles\7euf8m2j.default
FF NewTab: hxxp://www.qvo6.com/?utm_source=b&utm_medium=vtt&utm_campaign=eXQ&utm_content=hp&from=vtt&uid=SAMSUNGXHD502HJ_S20BJ90BA15712&ts=1379009433
FF DefaultSearchEngine: qvo6
FF SearchEngineOrder.1: qvo6
FF SelectedSearchEngine: qvo6
FF Homepage: hxxp://www.qvo6.com/?utm_source=b&utm_medium=vtt&utm_campaign=eXQ&utm_content=hp&from=vtt&uid=SAMSUNGXHD502HJ_S20BJ90BA15712&ts=1379009433
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - D:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=1.118.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=2.1.2 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.1.7 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @idsoftware.com/QuakeLive - C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://www.qvo6.com/?utm_source=b&utm_medium=vtt&utm_campaign=eXQ&utm_content=sc&from=vtt&uid=SAMSUNGXHD502HJ_S20BJ90BA15712&ts=1378900342

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-08-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-08-20] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [815160 2013-08-20] (Avira Operations GmbH & Co. KG)
R2 DevoloNetworkService; C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe [3128856 2012-02-28] (devolo AG)
R2 DPService; C:\Users\Bjoern\AppData\Local\DProtect\DProtectSvc.exe [342592 2013-09-09] (Woodtale Technology Inc)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75136 2013-07-29] ()
R2 PnkBstrB; C:\Windows\SysWow64\PnkBstrB.exe [189248 2013-07-29] ()

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105344 2013-09-04] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132088 2013-08-20] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-08-13] (Avira Operations GmbH & Co. KG)
S3 FNETTBOH_305; C:\Windows\System32\drivers\FNETTBOH_305.SYS [31808 2012-03-27] (FNet Co., Ltd.)
R1 FNETURPX; C:\Windows\System32\drivers\FNETURPX.SYS [15936 2012-03-27] (FNet Co., Ltd.)
R2 NPF_devolo; C:\Windows\sysWOW64\drivers\npf_devolo.sys [34048 2012-01-31] (CACE Technologies)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-11 13:55 - 2013-09-11 13:55 - 00000000 ____D C:\Users\Bjoern\AppData\Roaming\Mozilla
2013-09-11 13:55 - 2013-09-11 13:55 - 00000000 ____D C:\Users\Bjoern\AppData\Local\Mozilla
2013-09-11 13:54 - 2013-09-11 13:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-10 19:08 - 2013-09-11 14:00 - 00017872 _____ C:\Users\Bjoern\Desktop\SystemLook.txt
2013-09-10 19:08 - 2013-09-10 19:08 - 00165376 _____ C:\Users\Bjoern\Desktop\SystemLook_x64.exe
2013-09-10 15:41 - 2013-09-10 15:41 - 00002509 _____ C:\Users\Bjoern\Desktop\JRT.txt
2013-09-10 15:35 - 2013-09-10 15:35 - 01029490 _____ (Thisisu) C:\Users\Bjoern\Desktop\JRT.exe
2013-09-09 18:26 - 2013-09-09 18:26 - 00448512 _____ (OldTimer Tools) C:\Users\Bjoern\Desktop\TFC.exe
2013-09-09 17:35 - 2013-09-09 17:35 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-09-09 17:35 - 2013-09-09 17:35 - 00000000 ____D C:\Users\Bjoern\AppData\Roaming\Malwarebytes
2013-09-09 17:35 - 2013-09-09 17:35 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-09 17:35 - 2013-09-09 17:35 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-09 17:35 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-09-09 17:33 - 2013-09-09 17:33 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Bjoern\Desktop\mbam-setup-1.75.0.1300.exe
2013-09-09 17:29 - 2013-09-09 17:29 - 00000000 ____D C:\FRST
2013-09-09 17:26 - 2013-09-10 15:30 - 00000000 ____D C:\AdwCleaner
2013-09-09 17:21 - 2013-09-09 17:21 - 01037278 _____ C:\Users\Bjoern\Desktop\adwcleaner.exe
2013-09-09 17:20 - 2013-09-09 17:20 - 00000000 ____D C:\Windows\ERUNT
2013-09-09 17:04 - 2013-09-09 18:30 - 00000000 ____D C:\Users\Bjoern\AppData\Local\DProtect
2013-09-04 17:38 - 2013-09-04 17:38 - 681779541 _____ C:\Windows\MEMORY.DMP
2013-09-04 17:38 - 2013-09-04 17:38 - 00274640 _____ C:\Windows\Minidump\090413-14008-01.dmp
2013-09-04 17:38 - 2013-09-04 17:38 - 00000000 ____D C:\Windows\Minidump
2013-08-30 15:51 - 2013-09-04 01:45 - 00000000 ____D C:\Users\Bjoern\AppData\Local\Battle.net
2013-08-30 15:51 - 2013-08-30 15:53 - 00000000 ____D C:\Users\Bjoern\AppData\Roaming\Battle.net
2013-08-30 15:51 - 2013-08-30 15:51 - 00000838 _____ C:\Users\Public\Desktop\Battle.net.lnk
2013-08-30 15:51 - 2013-08-30 15:51 - 00000000 ____D C:\Users\Bjoern\AppData\Local\Blizzard Entertainment
2013-08-21 12:28 - 2013-08-21 12:28 - 01467128 _____ C:\Users\Bjoern\Desktop\SystemCheck_deDE.exe
2013-08-13 17:39 - 2013-08-13 17:39 - 00000000 ____D C:\Users\Bjoern\AppData\Roaming\Avira
2013-08-13 17:37 - 2013-08-20 11:02 - 00081112 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-08-13 17:36 - 2013-09-04 14:10 - 00105344 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-08-13 17:36 - 2013-08-20 11:02 - 00132088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-08-13 17:36 - 2013-08-13 17:36 - 00001994 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-08-13 17:36 - 2013-08-13 17:10 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-08-13 17:35 - 2013-08-13 17:36 - 00000000 ____D C:\ProgramData\Avira
2013-08-13 17:35 - 2013-08-13 17:35 - 00000000 ____D C:\Program Files (x86)\Avira

==================== One Month Modified Files and Folders =======

2013-09-12 20:15 - 2012-03-27 02:35 - 00001450 _____ C:\Users\Bjoern\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-09-12 20:15 - 2012-03-27 02:35 - 00001263 _____ C:\Users\Bjoern\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2013-09-12 19:38 - 2013-07-15 17:23 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-12 19:18 - 2013-02-28 14:02 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-12 18:29 - 2013-07-15 17:23 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-12 18:29 - 2012-03-27 02:36 - 01090243 _____ C:\Windows\WindowsUpdate.log
2013-09-12 17:56 - 2009-07-14 06:45 - 00021664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-12 17:56 - 2009-07-14 06:45 - 00021664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-12 17:48 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-12 17:48 - 2009-07-14 06:51 - 00070370 _____ C:\Windows\setupact.log
2013-09-11 16:18 - 2013-02-28 14:02 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-09-11 16:18 - 2012-04-26 18:06 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-11 16:18 - 2012-03-27 05:24 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-11 14:00 - 2013-09-10 19:08 - 00017872 _____ C:\Users\Bjoern\Desktop\SystemLook.txt
2013-09-11 13:55 - 2013-09-11 13:55 - 00000000 ____D C:\Users\Bjoern\AppData\Roaming\Mozilla
2013-09-11 13:55 - 2013-09-11 13:55 - 00000000 ____D C:\Users\Bjoern\AppData\Local\Mozilla
2013-09-11 13:54 - 2013-09-11 13:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-11 13:52 - 2010-11-21 05:47 - 00281106 _____ C:\Windows\PFRO.log
2013-09-10 19:08 - 2013-09-10 19:08 - 00165376 _____ C:\Users\Bjoern\Desktop\SystemLook_x64.exe
2013-09-10 15:41 - 2013-09-10 15:41 - 00002509 _____ C:\Users\Bjoern\Desktop\JRT.txt
2013-09-10 15:35 - 2013-09-10 15:35 - 01029490 _____ (Thisisu) C:\Users\Bjoern\Desktop\JRT.exe
2013-09-10 15:33 - 2012-06-06 21:20 - 00000000 ____D C:\Users\Bjoern\AppData\Roaming\Spotify
2013-09-10 15:30 - 2013-09-09 17:26 - 00000000 ____D C:\AdwCleaner
2013-09-09 18:30 - 2013-09-09 17:04 - 00000000 ____D C:\Users\Bjoern\AppData\Local\DProtect
2013-09-09 18:28 - 2012-04-23 22:48 - 00000000 ____D C:\ProgramData\Windows
2013-09-09 18:26 - 2013-09-09 18:26 - 00448512 _____ (OldTimer Tools) C:\Users\Bjoern\Desktop\TFC.exe
2013-09-09 17:35 - 2013-09-09 17:35 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-09-09 17:35 - 2013-09-09 17:35 - 00000000 ____D C:\Users\Bjoern\AppData\Roaming\Malwarebytes
2013-09-09 17:35 - 2013-09-09 17:35 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-09 17:35 - 2013-09-09 17:35 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-09 17:33 - 2013-09-09 17:33 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Bjoern\Desktop\mbam-setup-1.75.0.1300.exe
2013-09-09 17:29 - 2013-09-09 17:29 - 00000000 ____D C:\FRST
2013-09-09 17:27 - 2013-07-15 17:22 - 00000000 ____D C:\Users\Bjoern\AppData\Roaming\Common
2013-09-09 17:21 - 2013-09-09 17:21 - 01037278 _____ C:\Users\Bjoern\Desktop\adwcleaner.exe
2013-09-09 17:20 - 2013-09-09 17:20 - 00000000 ____D C:\Windows\ERUNT
2013-09-09 17:11 - 2012-03-27 02:34 - 00000000 ___RD C:\Users\Bjoern\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-09 17:10 - 2013-01-05 17:51 - 00000426 _____ C:\Users\Bjoern\Desktop\links.txt
2013-09-05 18:40 - 2011-04-12 09:43 - 00696620 _____ C:\Windows\system32\perfh007.dat
2013-09-05 18:40 - 2011-04-12 09:43 - 00147916 _____ C:\Windows\system32\perfc007.dat
2013-09-05 18:40 - 2009-07-14 07:13 - 01612484 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-04 17:38 - 2013-09-04 17:38 - 681779541 _____ C:\Windows\MEMORY.DMP
2013-09-04 17:38 - 2013-09-04 17:38 - 00274640 _____ C:\Windows\Minidump\090413-14008-01.dmp
2013-09-04 17:38 - 2013-09-04 17:38 - 00000000 ____D C:\Windows\Minidump
2013-09-04 14:10 - 2013-08-13 17:36 - 00105344 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-09-04 08:10 - 2012-03-27 02:34 - 00000000 ____D C:\Users\Bjoern
2013-09-04 01:45 - 2013-08-30 15:51 - 00000000 ____D C:\Users\Bjoern\AppData\Local\Battle.net
2013-09-02 12:20 - 2009-07-14 07:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-08-30 16:17 - 2012-04-23 22:54 - 00000000 ____D C:\Users\Bjoern\AppData\Roaming\DVDVideoSoft
2013-08-30 15:53 - 2013-08-30 15:51 - 00000000 ____D C:\Users\Bjoern\AppData\Roaming\Battle.net
2013-08-30 15:51 - 2013-08-30 15:51 - 00000838 _____ C:\Users\Public\Desktop\Battle.net.lnk
2013-08-30 15:51 - 2013-08-30 15:51 - 00000000 ____D C:\Users\Bjoern\AppData\Local\Blizzard Entertainment
2013-08-27 10:52 - 2012-04-26 17:33 - 00000000 ____D C:\Users\Bjoern\AppData\Local\CrashDumps
2013-08-21 12:28 - 2013-08-21 12:28 - 01467128 _____ C:\Users\Bjoern\Desktop\SystemCheck_deDE.exe
2013-08-20 11:02 - 2013-08-13 17:37 - 00081112 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-08-20 11:02 - 2013-08-13 17:36 - 00132088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-08-13 17:39 - 2013-08-13 17:39 - 00000000 ____D C:\Users\Bjoern\AppData\Roaming\Avira
2013-08-13 17:36 - 2013-08-13 17:36 - 00001994 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-08-13 17:36 - 2013-08-13 17:35 - 00000000 ____D C:\ProgramData\Avira
2013-08-13 17:35 - 2013-08-13 17:35 - 00000000 ____D C:\Program Files (x86)\Avira
2013-08-13 17:10 - 2013-08-13 17:36 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys

Files to move or delete:
====================
C:\Users\Bjoern\AppData\Local\Temp\Quarantine.exe
C:\Users\Bjoern\AppData\Local\Temp\SHSetup.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-11 11:44

==================== End Of Log ============================
--- --- ---

schrauber 13.09.2013 08:36
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
AppInit_DLLs-x32: C:\Users\Bjoern\AppData\Local\DProtect\eBP.dll,C:\Users\Bjoern\AppData\Local\DProtect\eBPSD.dll [62016 2013-09-09] ()
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.qvo6.com/?utm_source=b&utm_medium=vtt&utm_campaign=eXQ&utm_content=hp&from=vtt&uid=SAMSUNGXHD502HJ_S20BJ90BA15712&ts=1378825229
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.qvo6.com/?utm_source=b&utm_medium=vtt&utm_campaign=eXQ&utm_content=hp&from=vtt&uid=SAMSUNGXHD502HJ_S20BJ90BA15712&ts=1378825229
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe hxxp://www.qvo6.com/?utm_source=b&utm_medium=vtt&utm_campaign=eXQ&utm_content=sc&from=vtt&uid=SAMSUNGXHD502HJ_S20BJ90BA15712&ts=1378819889
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=vtt&utm_campaign=eXQ&utm_content=ds&from=vtt&uid=SAMSUNGXHD502HJ_S20BJ90BA15712&ts=1378825228
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=vtt&utm_campaign=eXQ&utm_content=ds&from=vtt&uid=SAMSUNGXHD502HJ_S20BJ90BA15712&ts=1378825228
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=vtt&utm_campaign=eXQ&utm_content=ds&from=vtt&uid=SAMSUNGXHD502HJ_S20BJ90BA15712&ts=1378919684
FF NewTab: hxxp://www.qvo6.com/?utm_source=b&utm_medium=vtt&utm_campaign=eXQ&utm_content=hp&from=vtt&uid=SAMSUNGXHD502HJ_S20BJ90BA15712&ts=1379009433
FF DefaultSearchEngine: qvo6
FF SearchEngineOrder.1: qvo6
FF SelectedSearchEngine: qvo6
FF Homepage: hxxp://www.qvo6.com/?utm_source=b&utm_medium=vtt&utm_campaign=eXQ&utm_content=hp&from=vtt&uid=SAMSUNGXHD502HJ_S20BJ90BA15712&ts=1379009433
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://www.qvo6.com/?utm_source=b&utm_medium=vtt&utm_campaign=eXQ&utm_content=sc&from=vtt&uid=SAMSUNGXHD502HJ_S20BJ90BA15712&ts=1378900342

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.


bjo 15.09.2013 10:07
hey schrauber, danke schonmal für den fix! werde ihn am montag ausprobieren. war und bin das ganze wochende unterwegs. werde dir aber morgen bescheid geben ob es funktioniert hat.
soll ich danach noch einen schritt ausführen bzw soll ich nochmal etwas durchlaufen lassen und wieder hochladen?

mfg bjo, danke schonmal im vorraus :)

schrauber 15.09.2013 15:43
einfach testen ob noch Probleme da sind :)

bjo 16.09.2013 17:54
hey schrauber, hier der fixlog :
Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 16-09-2013 01
Ran by Bjoern at 2013-09-16 13:45:47 Run:3
Running from C:\Users\Bjoern\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
AppInit_DLLs-x32: C:\Users\Bjoern\AppData\Local\DProtect\eBP.dll,C:\Users\Bjoern\AppData\Local\DProtect\eBPSD.dll [62016 2013-09-09] ()
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.qvo6.com/?utm_source=b&utm_medium=vtt&utm_campaign=eXQ&utm_content=hp&from=vtt&uid=SAMSUNGXHD502HJ_S20BJ90BA15712&ts=1378825229
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.qvo6.com/?utm_source=b&utm_medium=vtt&utm_campaign=eXQ&utm_content=hp&from=vtt&uid=SAMSUNGXHD502HJ_S20BJ90BA15712&ts=1378825229
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe hxxp://www.qvo6.com/?utm_source=b&utm_medium=vtt&utm_campaign=eXQ&utm_content=sc&from=vtt&uid=SAMSUNGXHD502HJ_S20BJ90BA15712&ts=1378819889
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=vtt&utm_campaign=eXQ&utm_content=ds&from=vtt&uid=SAMSUNGXHD502HJ_S20BJ90BA15712&ts=1378825228
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=vtt&utm_campaign=eXQ&utm_content=ds&from=vtt&uid=SAMSUNGXHD502HJ_S20BJ90BA15712&ts=1378825228
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=vtt&utm_campaign=eXQ&utm_content=ds&from=vtt&uid=SAMSUNGXHD502HJ_S20BJ90BA15712&ts=1378919684
FF NewTab: hxxp://www.qvo6.com/?utm_source=b&utm_medium=vtt&utm_campaign=eXQ&utm_content=hp&from=vtt&uid=SAMSUNGXHD502HJ_S20BJ90BA15712&ts=1379009433
FF DefaultSearchEngine: qvo6
FF SearchEngineOrder.1: qvo6
FF SelectedSearchEngine: qvo6
FF Homepage: hxxp://www.qvo6.com/?utm_source=b&utm_medium=vtt&utm_campaign=eXQ&utm_content=hp&from=vtt&uid=SAMSUNGXHD502HJ_S20BJ90BA15712&ts=1379009433
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://www.qvo6.com/?utm_source=b&utm_medium=vtt&utm_campaign=eXQ&utm_content=sc&from=vtt&uid=SAMSUNGXHD502HJ_S20BJ90BA15712&ts=1378900342
*****************

HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs => Error setting value.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key deleted successfully.
HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found.
Firefox newtab deleted successfully.
Firefox DefaultSearchEngine deleted successfully.
Firefox SearchEngineOrder.1 deleted successfully.
Firefox SelectedSearchEngine deleted successfully.
Firefox homepage deleted successfully.
HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\\Default => Value was restored successfully.

==== End of Fixlog ====
_____________________________________________________________________________




huhu schrauber, hab malware nochmal durchlaufen lassen und der hatte nochmal was entdeckt...

hab ein update gezocken bin offline gegangen und habe avira runtergeschmissen und alles nochmal von anfang bis ende durchlaufen lassen, seitdem hab ich weder in firefox noch IE die qvo6.com seite :)

werde dir auch noch schnell eine malewarelog schicken und FRSt, hoffe damit sind wir fertig? :)
vielen vielen dank schonmal, echt klasse dieses forum und ich hoffe ich bin frei von jeglicher schadenssoftware ;)
dir natürlich auch sehr sehr vielen dank, für deine mühen!!!

malewarelog :
Code:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.09.16.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Bjoern ::[Administrator]

16.09.2013 18:55:06
mbam-log-2013-09-16 (18-55-06).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 220076
Laufzeit: 52 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
der FRSTlog :

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-09-2013 01
Ran by Bjoern (administrator) on 16-09-2013 18:56:46
Running from C:\Users\Bjoern\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(devolo AG) C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Windows\SysWOW64\PnkBstrB.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(FNet Co., Ltd.) C:\Program Files (x86)\XFastUsb\XFastUsb.exe
(Creative Technology Ltd) C:\Program Files (x86)\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe
() C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Macrovision Europe Ltd.) C:\Users\Bjoern\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001
() C:\Program Files (x86)\Razer\DeathAdder\razertra.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(Creative Labs) C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe
(Razer Inc.) C:\Program Files (x86)\Razer\DeathAdder\razerofa.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11101800 2010-07-28] (Realtek Semiconductor)
HKLM\...\Run: [RunDLLEntry] - C:\Windows\system32\RunDLL32.exe C:\Windows\system32\AmbRunE.dll,RunDLLEntry
HKCU\...\Run: [ASRockXTU] - [x]
HKCU\...\Run: [zASRockInstantBoot] - [x]
HKCU\...\Run: [Steam] - D:\games\Steam\steam.exe [1811368 2013-09-06] (Valve Corporation)
HKCU\...\Run: [HydraVisionDesktopManager] - C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [393216 2011-05-24] (AMD)
HKCU\...\Run: [Snoozer] - "C:\Users\Bjoern\AppData\Roaming\Snz\Snz.exe"
HKLM-x32\...\Run: [XFastUsb] - C:\Program Files (x86)\XFastUsb\XFastUsb.exe [4942336 2012-03-27] (FNet Co., Ltd.)
HKLM-x32\...\Run: [CTSyncService] - C:\Program Files (x86)\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe [1233195 2009-07-08] (Creative Technology Ltd)
HKLM-x32\...\Run: [VolPanel] - C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe [241789 2009-05-04] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] - C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [DeathAdder] - C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe [163840 2009-09-22] ()
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-05-24] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
AppInit_DLLs-x32: C:\Users\Bjoern\AppData\Local\DProtect\eBP.dll,C:\Users\Bjoern\AppData\Local\DProtect\eBPSD.dll [ ] ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: ChromeFrame BHO - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files (x86)\Google\Chrome Frame\Application\29.0.1547.66\npchrome_frame.dll (Google Inc.)
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} -  No File
Handler-x32: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome Frame\Application\29.0.1547.66\npchrome_frame.dll (Google Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] ...................

FireFox:
========
FF ProfilePath: C:\Users\Bjoern\AppData\Roaming\Mozilla\Firefox\Profiles\nohs96de.default
FF Homepage: google.de
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - D:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=1.118.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=2.1.2 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.1.7 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @idsoftware.com/QuakeLive - C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

==================== Services (Whitelisted) =================

R2 DevoloNetworkService; C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe [3128856 2012-02-28] (devolo AG)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75136 2013-07-29] ()
R2 PnkBstrB; C:\Windows\SysWow64\PnkBstrB.exe [189248 2013-07-29] ()

==================== Drivers (Whitelisted) ====================

S3 FNETTBOH_305; C:\Windows\System32\drivers\FNETTBOH_305.SYS [31808 2012-03-27] (FNet Co., Ltd.)
R1 FNETURPX; C:\Windows\System32\drivers\FNETURPX.SYS [15936 2012-03-27] (FNet Co., Ltd.)
R2 NPF_devolo; C:\Windows\sysWOW64\drivers\npf_devolo.sys [34048 2012-01-31] (CACE Technologies)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-16 18:40 - 2013-09-16 18:40 - 00000000 ____D C:\Users\Bjoern\AppData\Roaming\Mozilla
2013-09-16 18:40 - 2013-09-16 18:40 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-16 18:25 - 2013-09-16 18:25 - 00315280 _____ C:\Windows\Minidump\091613-13540-01.dmp
2013-09-16 18:21 - 2013-09-16 18:21 - 00000894 _____ C:\Users\Bjoern\Desktop\JRT.txt
2013-09-16 13:44 - 2013-09-16 13:45 - 01951150 _____ (Farbar) C:\Users\Bjoern\Desktop\FRST64.exe
2013-09-11 13:55 - 2013-09-11 13:55 - 00000000 ____D C:\Users\Bjoern\AppData\Local\Mozilla
2013-09-10 19:08 - 2013-09-11 14:00 - 00017872 _____ C:\Users\Bjoern\Desktop\SystemLook.txt
2013-09-10 19:08 - 2013-09-10 19:08 - 00165376 _____ C:\Users\Bjoern\Desktop\SystemLook_x64.exe
2013-09-10 15:35 - 2013-09-10 15:35 - 01029490 _____ (Thisisu) C:\Users\Bjoern\Desktop\JRT.exe
2013-09-09 18:26 - 2013-09-09 18:26 - 00448512 _____ (OldTimer Tools) C:\Users\Bjoern\Desktop\TFC.exe
2013-09-09 17:35 - 2013-09-09 17:35 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-09-09 17:35 - 2013-09-09 17:35 - 00000000 ____D C:\Users\Bjoern\AppData\Roaming\Malwarebytes
2013-09-09 17:35 - 2013-09-09 17:35 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-09 17:35 - 2013-09-09 17:35 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-09 17:35 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-09-09 17:33 - 2013-09-09 17:33 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Bjoern\Desktop\mbam-setup-1.75.0.1300.exe
2013-09-09 17:29 - 2013-09-09 17:29 - 00000000 ____D C:\FRST
2013-09-09 17:26 - 2013-09-16 18:36 - 00000000 ____D C:\AdwCleaner
2013-09-09 17:21 - 2013-09-09 17:21 - 01037278 _____ C:\Users\Bjoern\Desktop\adwcleaner.exe
2013-09-09 17:20 - 2013-09-09 17:20 - 00000000 ____D C:\Windows\ERUNT
2013-09-04 17:38 - 2013-09-16 18:25 - 1112854549 _____ C:\Windows\MEMORY.DMP
2013-09-04 17:38 - 2013-09-16 18:25 - 00000000 ____D C:\Windows\Minidump
2013-09-04 17:38 - 2013-09-04 17:38 - 00274640 _____ C:\Windows\Minidump\090413-14008-01.dmp
2013-08-30 15:51 - 2013-09-04 01:45 - 00000000 ____D C:\Users\Bjoern\AppData\Local\Battle.net
2013-08-30 15:51 - 2013-08-30 15:53 - 00000000 ____D C:\Users\Bjoern\AppData\Roaming\Battle.net
2013-08-30 15:51 - 2013-08-30 15:51 - 00000838 _____ C:\Users\Public\Desktop\Battle.net.lnk
2013-08-30 15:51 - 2013-08-30 15:51 - 00000000 ____D C:\Users\Bjoern\AppData\Local\Blizzard Entertainment
2013-08-21 12:28 - 2013-08-21 12:28 - 01467128 _____ C:\Users\Bjoern\Desktop\SystemCheck_deDE.exe

==================== One Month Modified Files and Folders =======

2013-09-16 18:51 - 2009-07-14 06:45 - 00021664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-16 18:51 - 2009-07-14 06:45 - 00021664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-16 18:47 - 2012-03-27 02:36 - 01246074 _____ C:\Windows\WindowsUpdate.log
2013-09-16 18:45 - 2013-07-15 17:23 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-16 18:43 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-16 18:43 - 2009-07-14 06:51 - 00071490 _____ C:\Windows\setupact.log
2013-09-16 18:40 - 2013-09-16 18:40 - 00000000 ____D C:\Users\Bjoern\AppData\Roaming\Mozilla
2013-09-16 18:40 - 2013-09-16 18:40 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-16 18:38 - 2013-07-15 17:23 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-16 18:36 - 2013-09-09 17:26 - 00000000 ____D C:\AdwCleaner
2013-09-16 18:25 - 2013-09-16 18:25 - 00315280 _____ C:\Windows\Minidump\091613-13540-01.dmp
2013-09-16 18:25 - 2013-09-04 17:38 - 1112854549 _____ C:\Windows\MEMORY.DMP
2013-09-16 18:25 - 2013-09-04 17:38 - 00000000 ____D C:\Windows\Minidump
2013-09-16 18:21 - 2013-09-16 18:21 - 00000894 _____ C:\Users\Bjoern\Desktop\JRT.txt
2013-09-16 18:18 - 2013-02-28 14:02 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-16 15:24 - 2012-03-27 02:35 - 00001172 _____ C:\Users\Bjoern\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-09-16 15:24 - 2012-03-27 02:35 - 00000985 _____ C:\Users\Bjoern\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2013-09-16 14:44 - 2010-11-21 05:47 - 00286892 _____ C:\Windows\PFRO.log
2013-09-16 13:57 - 2013-08-13 17:35 - 00000000 ____D C:\ProgramData\Avira
2013-09-16 13:45 - 2013-09-16 13:44 - 01951150 _____ (Farbar) C:\Users\Bjoern\Desktop\FRST64.exe
2013-09-11 16:18 - 2013-02-28 14:02 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-09-11 16:18 - 2012-04-26 18:06 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-11 16:18 - 2012-03-27 05:24 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-11 14:00 - 2013-09-10 19:08 - 00017872 _____ C:\Users\Bjoern\Desktop\SystemLook.txt
2013-09-11 13:55 - 2013-09-11 13:55 - 00000000 ____D C:\Users\Bjoern\AppData\Local\Mozilla
2013-09-10 19:08 - 2013-09-10 19:08 - 00165376 _____ C:\Users\Bjoern\Desktop\SystemLook_x64.exe
2013-09-10 15:35 - 2013-09-10 15:35 - 01029490 _____ (Thisisu) C:\Users\Bjoern\Desktop\JRT.exe
2013-09-10 15:33 - 2012-06-06 21:20 - 00000000 ____D C:\Users\Bjoern\AppData\Roaming\Spotify
2013-09-09 18:28 - 2012-04-23 22:48 - 00000000 ____D C:\ProgramData\Windows
2013-09-09 18:26 - 2013-09-09 18:26 - 00448512 _____ (OldTimer Tools) C:\Users\Bjoern\Desktop\TFC.exe
2013-09-09 17:35 - 2013-09-09 17:35 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-09-09 17:35 - 2013-09-09 17:35 - 00000000 ____D C:\Users\Bjoern\AppData\Roaming\Malwarebytes
2013-09-09 17:35 - 2013-09-09 17:35 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-09 17:35 - 2013-09-09 17:35 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-09 17:33 - 2013-09-09 17:33 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Bjoern\Desktop\mbam-setup-1.75.0.1300.exe
2013-09-09 17:29 - 2013-09-09 17:29 - 00000000 ____D C:\FRST
2013-09-09 17:21 - 2013-09-09 17:21 - 01037278 _____ C:\Users\Bjoern\Desktop\adwcleaner.exe
2013-09-09 17:20 - 2013-09-09 17:20 - 00000000 ____D C:\Windows\ERUNT
2013-09-09 17:11 - 2012-03-27 02:34 - 00000000 ___RD C:\Users\Bjoern\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-09 17:10 - 2013-01-05 17:51 - 00000426 _____ C:\Users\Bjoern\Desktop\links.txt
2013-09-05 18:40 - 2011-04-12 09:43 - 00696620 _____ C:\Windows\system32\perfh007.dat
2013-09-05 18:40 - 2011-04-12 09:43 - 00147916 _____ C:\Windows\system32\perfc007.dat
2013-09-05 18:40 - 2009-07-14 07:13 - 01612484 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-04 17:38 - 2013-09-04 17:38 - 00274640 _____ C:\Windows\Minidump\090413-14008-01.dmp
2013-09-04 08:10 - 2012-03-27 02:34 - 00000000 ____D C:\Users\Bjoern
2013-09-04 01:45 - 2013-08-30 15:51 - 00000000 ____D C:\Users\Bjoern\AppData\Local\Battle.net
2013-09-02 12:20 - 2009-07-14 07:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-08-30 16:17 - 2012-04-23 22:54 - 00000000 ____D C:\Users\Bjoern\AppData\Roaming\DVDVideoSoft
2013-08-30 15:53 - 2013-08-30 15:51 - 00000000 ____D C:\Users\Bjoern\AppData\Roaming\Battle.net
2013-08-30 15:51 - 2013-08-30 15:51 - 00000838 _____ C:\Users\Public\Desktop\Battle.net.lnk
2013-08-30 15:51 - 2013-08-30 15:51 - 00000000 ____D C:\Users\Bjoern\AppData\Local\Blizzard Entertainment
2013-08-27 10:52 - 2012-04-26 17:33 - 00000000 ____D C:\Users\Bjoern\AppData\Local\CrashDumps
2013-08-21 12:28 - 2013-08-21 12:28 - 01467128 _____ C:\Users\Bjoern\Desktop\SystemCheck_deDE.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-11 11:44

==================== End Of Log ============================
--- --- ---

--- --- ---

schrauber 16.09.2013 20:05
Fertig :)

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.


Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.


Alle Zeitangaben in WEZ +1. Es ist jetzt 16:25 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131