Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Auf USB-Sticks werden nur Verknüpfungen angezeigt! Win7 (https://www.trojaner-board.de/154987-usb-sticks-nur-verknuepfungen-angezeigt-win7.html)

NeoAnderson 09.06.2014 18:38
Auf USB-Sticks werden nur Verknüpfungen angezeigt! Win7
 
Hallo Experten von Trojaner-Board :)

habe das selbe bzw. ein ähnliches Problem wie bei diesem Post:
http://www.trojaner-board.de/154663-...uepfungen.html

Auf allen usb-sticks werden sofort nachdem ich eine Datei drauf kopier, davon Verknüpfungen erstellt.

Hab das Problem gegoogelt und daraufhin Malewarbites runter geladen. Hab dass dann laufen lassen und ca. 25 "Probleme" bzw. Maleware gefunden. In Quarantäne verschoben und dann auch gleich gelöscht. Danach alle USB-sticks angeschlossen und formatiert, und dann mit den angeschlossenen usb-sticks nochmal laufen lassen um nochmal 2 vieren bzw. trojaner oder was auch immer zu finden!

Jedoch hat dies das problem bis jetzt nicht behoben. Es werden weiterhin verknüpfungen erstellt, sobald ich was auf die Sticks kopier :(

Bitte um Hilfe!!!

Beste Grüße David

schrauber 09.06.2014 19:25
hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


NeoAnderson 09.06.2014 20:38
FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-06-2014 03
Ran by NeoAnderson (administrator) on NEOANDERSON-PC on 09-06-2014 21:28:53
Running from C:\Users\NeoAnderson\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
(Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Windows\PLFSetI.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
() C:\Program Files (x86)\LexmarkX83\AcBtnMgr_X83.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
({StringFileInfo_CompanyName}) C:\Program Files (x86)\Ask.com\Updater\Updater.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [323584 2009-09-23] (Alcor Micro Corp.)
HKLM\...\Run: [mwlDaemon] => C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9643552 2009-12-11] (Realtek Semiconductor)
HKLM\...\Run: [PLFSetI] => C:\Windows\PLFSetI.exe [206208 2010-01-13] ()
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [325120 2009-10-22] (Alps Electric Co., Ltd.)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [860192 2010-02-05] (Acer Incorporated)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2009-12-24] (Intel Corporation)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] => C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe [588648 2009-07-25] (Symantec Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-01-22] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Lexmark X83 Button Monitor] => C:\Program Files (x86)\LexmarkX83\ACMonitor_X83.exe [40960 2001-10-12] (Jetsoft Development Company)
HKLM-x32\...\Run: [Lexmark X83 Button Manager] => C:\Program Files (x86)\LexmarkX83\AcBtnMgr_X83.exe [53248 2001-06-10] ()
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-03-12] (Hewlett-Packard)
HKLM-x32\...\Run: [ApnUpdater] => C:\Program Files (x86)\Ask.com\Updater\Updater.exe [397992 2011-07-27] ({StringFileInfo_CompanyName})
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-06] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [737872 2014-05-27] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKU\S-1-5-21-2651761445-4232749871-4208900344-1000\...\Run: [swg] => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
HKU\S-1-5-21-2651761445-4232749871-4208900344-1000\...\Run: [Facebook Update] => C:\Users\NeoAnderson\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-03-14] (Facebook Inc.)
HKU\S-1-5-21-2651761445-4232749871-4208900344-1000\...\Run: [sdfczjzvgu] => wscript.exe //B "C:\Users\NEOAND~1\AppData\Local\Temp\sdfczjzvgu.vbs" <===== ATTENTION
HKU\S-1-5-21-2651761445-4232749871-4208900344-1000\...\MountPoints2: {a466ce84-c8a9-11e0-a6cb-207c8f011892} - E:\pushinst.exe
HKU\S-1-5-21-2651761445-4232749871-4208900344-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [swg] => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
HKU\S-1-5-21-2651761445-4232749871-4208900344-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Facebook Update] => C:\Users\NeoAnderson\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-03-14] (Facebook Inc.)
HKU\S-1-5-21-2651761445-4232749871-4208900344-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [sdfczjzvgu] => wscript.exe //B "C:\Users\NEOAND~1\AppData\Local\Temp\sdfczjzvgu.vbs" <===== ATTENTION
HKU\S-1-5-21-2651761445-4232749871-4208900344-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {a466ce84-c8a9-11e0-a6cb-207c8f011892} - E:\pushinst.exe
Startup: C:\Users\NeoAnderson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sdfczjzvgu.vbs ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7741&r=27361010i116l04h8z135t46l1o738
URLSearchHook: HKCU - (No Name) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No File
SearchScopes: HKLM-x32 - DefaultScope {F5F8E4F7-23A1-4430-99E6-9C6CDD2A8E67} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://startsear.ch/?aff=1&q={searchTerms}
SearchScopes: HKLM-x32 - {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
SearchScopes: HKLM-x32 - {F5F8E4F7-23A1-4430-99E6-9C6CDD2A8E67} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKCU - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE400DE401
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.delta-search.com/?q={searchTerms}&affID=119357&tt=gc_&babsrc=SP_ss&mntrId=F6662A7C8F011892
SearchScopes: HKCU - {1E6927AA-AC2D-4B51-9EF3-2B50538423EB} URL = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE400DE401
SearchScopes: HKCU - {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
SearchScopes: HKCU - {C7E8BFF5-1185-4C90-BA78-674FBFF66493} URL = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie
SearchScopes: HKCU - {CA4FE4C1-426C-4B1C-B33D-07E84A0CCDEA} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=244506&p={searchTerms}
SearchScopes: HKCU - {E1A3DDAF-BCEC-474A-8717-B13FBCEF83DF} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {E1C6CAEC-781F-4593-B449-BDC9173291B4} URL = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {F5F8E4F7-23A1-4430-99E6-9C6CDD2A8E67} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE400DE401
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Avira SearchFree Toolbar plus Web Protection - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKLM-x32 - Avira SearchFree Toolbar plus Web Protection - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} -  No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKCU - No Name - {C424171E-592A-415A-9EB1-DFD6D95D3530} -  No File
DPF: HKLM-x32 {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\NeoAnderson\AppData\Roaming\Mozilla\Firefox\Profiles\dg0s8sd6.default
FF Homepage: https://www.google.de/
FF NetworkProxy: "ftp", "195.103.219.106"
FF NetworkProxy: "ftp_port", 8080
FF NetworkProxy: "http", "195.103.219.106"
FF NetworkProxy: "http_port", 8080
FF NetworkProxy: "no_proxies_on", "*.local, stealthy.co"
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "195.103.219.106"
FF NetworkProxy: "socks_port", 8080
FF NetworkProxy: "ssl", "195.103.219.106"
FF NetworkProxy: "ssl_port", 8080
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\NeoAnderson\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF user.js: detected! => C:\Users\NeoAnderson\AppData\Roaming\Mozilla\Firefox\Profiles\dg0s8sd6.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Stealthy - C:\Users\NeoAnderson\AppData\Roaming\Mozilla\Firefox\Profiles\dg0s8sd6.default\Extensions\stealthyextension@gmail.com.xpi [2012-06-22]
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\NeoAnderson\AppData\Roaming\Mozilla\Firefox\Profiles\dg0s8sd6.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2012-11-22]
FF HKLM-x32\...\Firefox\Extensions: [fmdownloader@gmail.com] - C:\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\
FF Extension: Freemake Video Downloader Plugin - C:\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ []

Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR HKLM-x32\...\Chrome\Extension: [bpegkgagfojjbcpkihigfmkojdmmimdf] - C:\Freemake\Freemake Video Downloader\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx [2011-08-19]

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-05-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-05-27] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1039440 2014-05-27] (Avira Operations GmbH & Co. KG)
S2 CLKMSVC10_9EC60124; c:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [240112 2011-02-11] (CyberLink)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [112080 2014-05-27] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-05-27] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-07] (Avira Operations GmbH & Co. KG)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-06-09] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl64.sys [22528 2011-05-10] (Apple Inc.) [File not signed]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD}; c:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl [146928 2010-01-22] (CyberLink Corp.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2099-04-01 18:22 - 2010-11-20 22:28 - 00000193 _____ () C:\Windows\X83_DS.ini
2099-02-24 15:15 - 2001-04-02 17:30 - 00000821 _____ () C:\Windows\Lexmark_ICM.ini
2099-02-16 17:09 - 2001-02-16 16:37 - 00000062 _____ () C:\Windows\SysWOW64\LXASUSCI.INI
2014-06-09 21:28 - 2014-06-09 21:29 - 00019695 _____ () C:\Users\NeoAnderson\Downloads\FRST.txt
2014-06-09 21:28 - 2014-06-09 21:28 - 00000000 ____D () C:\FRST
2014-06-09 21:27 - 2014-06-09 21:28 - 02080768 _____ (Farbar) C:\Users\NeoAnderson\Downloads\FRST64.exe
2014-06-03 19:54 - 2014-06-09 19:40 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-03 19:54 - 2014-06-03 19:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-03 19:54 - 2014-06-03 19:54 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-03 19:54 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-03 19:54 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-03 19:54 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-30 15:21 - 2014-06-03 23:37 - 00000000 ____D () C:\temp
2014-05-30 15:20 - 2014-06-03 23:41 - 00000000 ____D () C:\Program Files\003
2014-05-30 14:47 - 2014-05-30 15:28 - 00000000 ____D () C:\Users\Gäste Konto\AppData\Roaming\systweak
2014-05-30 14:47 - 2014-05-30 15:05 - 00000000 ____D () C:\Program Files (x86)\RegClean Pro
2014-05-30 14:47 - 2014-05-30 14:47 - 00000000 ____D () C:\Users\Gäste Konto\AppData\Roaming\rightbackup
2014-05-30 14:44 - 2014-05-30 14:44 - 05071792 _____ (Systweak Inc ) C:\Users\Gäste Konto\Downloads\rcp_dcomnew_sec_300.exe
2014-05-27 16:50 - 2014-05-27 16:50 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-27 16:49 - 2014-05-27 16:50 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\NeoAnderson\Downloads\mbam-setup-2.0.2.1012.exe
2014-05-15 17:51 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-15 17:51 - 2014-05-06 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-15 17:51 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-15 17:51 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-15 17:51 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-15 17:51 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-15 17:36 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-15 17:36 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-15 17:35 - 2014-05-09 08:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-15 17:35 - 2014-05-09 08:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-15 17:29 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-15 17:29 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-15 17:29 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-15 17:29 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-15 17:29 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-15 17:29 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-15 17:29 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-15 17:29 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-15 17:29 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-15 17:29 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-15 17:29 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-15 17:29 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-15 17:29 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-15 17:29 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-15 17:29 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-15 17:29 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-15 17:29 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-15 17:29 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-15 17:29 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-15 17:29 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-15 17:29 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-15 17:29 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-15 17:29 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-15 17:29 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-15 17:29 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-15 17:29 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-15 17:29 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-15 17:29 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-15 17:29 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-15 17:29 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-15 17:29 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-15 17:29 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-15 17:29 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-15 17:29 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-15 17:29 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-15 17:29 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-15 17:29 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-15 17:29 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-15 17:29 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-15 17:29 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-15 17:29 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-15 02:02 - 2014-05-15 02:02 - 00000000 __SHD () C:\Users\Gäste Konto\AppData\Local\EmieUserList
2014-05-15 02:02 - 2014-05-15 02:02 - 00000000 __SHD () C:\Users\Gäste Konto\AppData\Local\EmieSiteList
2014-05-12 00:55 - 2014-05-12 00:56 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2014-06-09 21:29 - 2014-06-09 21:28 - 00019695 _____ () C:\Users\NeoAnderson\Downloads\FRST.txt
2014-06-09 21:29 - 2010-10-09 18:33 - 00000000 ____D () C:\Users\NeoAnderson\AppData\Local\Temp
2014-06-09 21:28 - 2014-06-09 21:28 - 00000000 ____D () C:\FRST
2014-06-09 21:28 - 2014-06-09 21:27 - 02080768 _____ (Farbar) C:\Users\NeoAnderson\Downloads\FRST64.exe
2014-06-09 21:16 - 2012-04-03 18:52 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-09 21:05 - 2011-11-12 20:08 - 00000336 _____ () C:\Windows\Tasks\HP Photo Creations Communicator.job
2014-06-09 19:40 - 2014-06-03 19:54 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-09 18:54 - 2013-03-14 01:49 - 00000952 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2651761445-4232749871-4208900344-1000UA.job
2014-06-09 18:37 - 2009-07-14 06:45 - 00017376 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-09 18:37 - 2009-07-14 06:45 - 00017376 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-09 17:53 - 2010-05-31 12:56 - 01634846 _____ () C:\Windows\WindowsUpdate.log
2014-06-09 17:48 - 2010-11-20 20:57 - 00000020 _____ () C:\Windows\ACMonitor_X83.ini
2014-06-09 17:45 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-09 17:45 - 2009-07-14 06:51 - 00159428 _____ () C:\Windows\setupact.log
2014-06-09 17:35 - 2013-03-14 01:49 - 00000930 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2651761445-4232749871-4208900344-1000Core.job
2014-06-09 00:19 - 2011-09-04 17:16 - 00000000 ____D () C:\Users\Gäste Konto\AppData\Local\Temp
2014-06-04 19:56 - 2011-04-17 19:00 - 00000000 ____D () C:\Users\NeoAnderson\Desktop\Eigene Dateien
2014-06-04 19:45 - 2010-03-25 06:39 - 00263154 _____ () C:\Windows\PFRO.log
2014-06-03 23:41 - 2014-05-30 15:20 - 00000000 ____D () C:\Program Files\003
2014-06-03 23:41 - 2010-03-25 06:29 - 00000000 ____D () C:\Windows\oem
2014-06-03 23:37 - 2014-05-30 15:21 - 00000000 ____D () C:\temp
2014-06-03 19:54 - 2014-06-03 19:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-03 19:54 - 2014-06-03 19:54 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-31 17:12 - 2012-11-18 23:43 - 00000000 ____D () C:\Users\Gäste Konto\AppData\Local\Facebook
2014-05-30 15:29 - 2012-10-27 00:34 - 00000000 ____D () C:\Program Files (x86)\PokerStars.EU
2014-05-30 15:28 - 2014-05-30 14:47 - 00000000 ____D () C:\Users\Gäste Konto\AppData\Roaming\systweak
2014-05-30 15:05 - 2014-05-30 14:47 - 00000000 ____D () C:\Program Files (x86)\RegClean Pro
2014-05-30 14:47 - 2014-05-30 14:47 - 00000000 ____D () C:\Users\Gäste Konto\AppData\Roaming\rightbackup
2014-05-30 14:44 - 2014-05-30 14:44 - 05071792 _____ (Systweak Inc ) C:\Users\Gäste Konto\Downloads\rcp_dcomnew_sec_300.exe
2014-05-27 17:45 - 2010-05-31 22:42 - 00699682 _____ () C:\Windows\system32\perfh007.dat
2014-05-27 17:45 - 2010-05-31 22:42 - 00149790 _____ () C:\Windows\system32\perfc007.dat
2014-05-27 17:45 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-27 16:50 - 2014-05-27 16:50 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-27 16:50 - 2014-05-27 16:49 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\NeoAnderson\Downloads\mbam-setup-2.0.2.1012.exe
2014-05-27 14:14 - 2013-03-28 02:08 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-05-27 14:14 - 2013-03-28 02:08 - 00112080 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-05-26 17:59 - 2012-10-27 00:34 - 00000000 ____D () C:\Users\NeoAnderson\AppData\Local\PokerStars.EU
2014-05-26 17:53 - 2012-02-18 22:28 - 00000000 ____D () C:\Users\NeoAnderson\AppData\Roaming\vlc
2014-05-26 16:48 - 2011-09-01 23:11 - 00000000 ____D () C:\Users\NeoAnderson\AppData\Local\Apple Computer
2014-05-26 15:05 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-05-23 16:24 - 2010-10-09 18:33 - 00113512 _____ () C:\Users\NeoAnderson\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-22 15:41 - 2011-09-04 17:16 - 00113512 _____ () C:\Users\Gäste Konto\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-22 15:40 - 2009-07-14 06:45 - 00447248 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-05-21 19:27 - 2010-03-25 06:31 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-21 19:26 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\System
2014-05-21 19:26 - 2009-07-14 04:34 - 00000478 _____ () C:\Windows\win.ini
2014-05-21 19:17 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-05-18 20:22 - 2013-02-18 16:47 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-05-18 20:11 - 2011-09-04 17:16 - 00000000 ___RD () C:\Users\Gäste Konto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-18 20:11 - 2011-09-04 17:16 - 00000000 ___RD () C:\Users\Gäste Konto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-17 18:33 - 2010-10-09 18:33 - 00000000 ___RD () C:\Users\NeoAnderson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-17 18:33 - 2010-10-09 18:33 - 00000000 ___RD () C:\Users\NeoAnderson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-17 18:20 - 2014-05-08 03:01 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-17 18:18 - 2013-02-27 19:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-05-16 01:16 - 2012-04-03 18:52 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-16 01:16 - 2012-04-03 18:52 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-16 01:16 - 2011-08-17 11:44 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-15 18:58 - 2012-05-05 18:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-15 17:46 - 2013-08-15 03:06 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-15 17:43 - 2011-10-19 22:21 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-15 02:02 - 2014-05-15 02:02 - 00000000 __SHD () C:\Users\Gäste Konto\AppData\Local\EmieUserList
2014-05-15 02:02 - 2014-05-15 02:02 - 00000000 __SHD () C:\Users\Gäste Konto\AppData\Local\EmieSiteList
2014-05-13 15:36 - 2011-09-20 20:51 - 00000000 ____D () C:\Program Files (x86)\ElsterFormular
2014-05-13 15:32 - 2010-10-09 18:33 - 00000000 ____D () C:\Users\NeoAnderson
2014-05-12 07:26 - 2014-06-03 19:54 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:26 - 2014-06-03 19:54 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-06-03 19:54 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-12 00:56 - 2014-05-12 00:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

Some content of TEMP:
====================
C:\Users\Gäste Konto\AppData\Local\Temp\77BF.exe
C:\Users\Gäste Konto\AppData\Local\Temp\avgnt.exe
C:\Users\Gäste Konto\AppData\Local\Temp\nskCDF6.tmp.exe
C:\Users\Gäste Konto\AppData\Local\Temp\tbDVD0.dll
C:\Users\Gäste Konto\AppData\Local\Temp\_unps.exe
C:\Users\NeoAnderson\AppData\Local\Temp\AskSLib.dll
C:\Users\NeoAnderson\AppData\Local\Temp\avgnt.exe
C:\Users\NeoAnderson\AppData\Local\Temp\chutil.dll
C:\Users\NeoAnderson\AppData\Local\Temp\COMAP.EXE
C:\Users\NeoAnderson\AppData\Local\Temp\FlashPlayerUpdate.exe
C:\Users\NeoAnderson\AppData\Local\Temp\GLF28C9.tmp.ConduitEngineSetup.exe
C:\Users\NeoAnderson\AppData\Local\Temp\GLF28C9.tmp.tbDVDV.dll
C:\Users\NeoAnderson\AppData\Local\Temp\GLF912E.tmp.ConduitEngineSetup.exe
C:\Users\NeoAnderson\AppData\Local\Temp\prxGLF28C9.tmp.tbDVDV.dll
C:\Users\NeoAnderson\AppData\Local\Temp\prxGLF912E.tmp.tbDVDV.dll
C:\Users\NeoAnderson\AppData\Local\Temp\SearchWithGoogleUpdate.exe
C:\Users\NeoAnderson\AppData\Local\Temp\sqlite3.dll
C:\Users\NeoAnderson\AppData\Local\Temp\uninst1.exe
C:\Users\NeoAnderson\AppData\Local\Temp\WEB.DE_Toolbar_IE_Setup.exe
C:\Users\NeoAnderson\AppData\Local\Temp\WEB.DE_Toolbar_IE_Setup_quiet.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-09 18:10

==================== End Of Log ============================
--- --- ---

--- --- ---


Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-06-2014 03
Ran by NeoAnderson at 2014-06-09 21:29:48
Running from C:\Users\NeoAnderson\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Acer Crystal Eye Webcam (HKLM-x32\...\{7760D94E-B1B5-40A0-9AA0-ABF942108755}) (Version: 5.2.11.2 - Suyin Optronics Corp)
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 5.00.3002 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3007 - Acer Incorporated)
Acer GameZone Console (HKLM-x32\...\{ABEE079E-648E-488B-8301-0C3DB48C1BCE}_is1) (Version: 6.1.0.2 - Oberon Media, Inc.)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.02.3006 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0122.2010 - Acer Incorporated)
Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3001 - Acer Incorporated)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.0.7220 - Adobe Systems Inc.) Hidden
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader (HKLM-x32\...\InstallShield_{6030FCD7-8F1A-427D-AF05-8DD1A2EA2ABA}) (Version: 1.5.17.05094 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.5.17.05094 - Alcor Micro Corp.) Hidden
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.105.2015.1107 - Alps Electric)
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C6579A65-9CAE-4B31-8B6B-3306E0630A66}) (Version: 2.1.3.127 - Apple Inc.)
Ask Toolbar (HKLM-x32\...\{86D4B82A-ABED-442A-BE86-96357B70F4FE}) (Version: 1.12.5.0 - Ask.com) <==== ATTENTION
ATI Catalyst Install Manager (HKLM\...\{8B79B3A9-6E49-5FFB-2017-A822BBDC4992}) (Version: 3.0.758.0 - ATI Technologies, Inc.)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.4.642 - Avira)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom Gigabit NetLink Controller (HKLM\...\{A84DB02B-9C2B-4272-9D2D-A80E00A56513}) (Version: 12.52.03 - Broadcom Corporation)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Core Implementation (x32 Version: 2010.0122.858.16002 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (x32 Version: 2010.0122.858.16002 - ATI) Hidden
Catalyst Control Center Graphics Full New (x32 Version: 2010.0122.858.16002 - ATI) Hidden
Catalyst Control Center Graphics Light (x32 Version: 2010.0122.858.16002 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0122.858.16002 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2010.0122.858.16002 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2010.0122.858.16002 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
CCC Help Czech (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
CCC Help Danish (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
CCC Help Dutch (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
CCC Help English (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
CCC Help Finnish (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
CCC Help French (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
CCC Help German (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
CCC Help Greek (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
CCC Help Italian (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
CCC Help Japanese (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
CCC Help Korean (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
CCC Help Polish (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
CCC Help Russian (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
CCC Help Spanish (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
CCC Help Swedish (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
CCC Help Thai (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
CCC Help Turkish (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
ccc-core-static (x32 Version: 2010.0122.858.16002 - Ihr Firmenname) Hidden
ccc-utility64 (Version: 2010.0122.858.16002 - ATI) Hidden
CyberLink PowerDVD 9 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.3814.50 - CyberLink Corp.)
CyberLink PowerDVD 9 (x32 Version: 9.0.3814.50 - CyberLink Corp.) Hidden
Dairy Dash (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}) (Version:  - Oberon Media)
Definition Update for Microsoft Office 2013 (KB2760587) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{5A06C25A-366E-46CC-880E-3F904B634E9E}) (Version:  - Microsoft)
Dream Day First Home (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}) (Version:  - Oberon Media)
eBay Worldwide (HKLM-x32\...\{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}) (Version: 2.1.0901 - OEM)
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 15.1.13904 - Landesfinanzdirektion Thüringen)
ElsterFormular-Upgrade (HKLM-x32\...\ElsterFormular für Privatanwender 12.3.2.6814p) (Version: 15.2.13992 - )
eSobi v2 (HKLM-x32\...\InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}) (Version: 2.0.4.000274 - esobi Inc.)
eSobi v2 (x32 Version: 2.0.4.000274 - esobi Inc.) Hidden
Facebook Video Calling 2.0.0.447 (HKLM-x32\...\{8DF41A9F-FE13-43E8-A003-5F9B55A011EE}) (Version: 2.0.447 - Skype Limited)
Free Audio CD Burner version 1.4 (HKLM-x32\...\Free Audio CD Burner_is1) (Version:  - DVDVideoSoft Limited.)
Free FLV Converter V 7.0.0 (HKLM-x32\...\Free FLV Converter_is1) (Version: 7.0.0.0 - Koyote Soft)
Free YouTube to MP3 Converter version 3.11.35.1031 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.11.35.1031 - DVDVideoSoft Ltd.)
Freemake Video Downloader (HKLM-x32\...\Freemake Video Downloader_is1) (Version: 2.1.8 - Ellora Assets Corporation)
HP Deskjet 2050 J510 series - Grundlegende Software für das Gerät (HKLM\...\{C263ED32-78DB-40EB-8B12-2925C8213E28}) (Version: 22.0.334.0 - Hewlett-Packard Co.)
HP Deskjet 2050 J510 series Hilfe (HKLM-x32\...\{7A3DF2E2-CF13-44FB-A93E-F71D5381DB3F}) (Version: 140.0.61.61 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP Photo Creations Powered by RocketLife)
HP Update (HKLM-x32\...\{787D1A33-A97B-4245-87C0-7174609A540C}) (Version: 5.002.005.003 - Hewlett-Packard)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.5.6.1001 - Intel Corporation)
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Lexmark X83 (HKLM-x32\...\Lexmark X83) (Version:  - )
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Access MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft DCF MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Excel MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Groove MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft InfoPath MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Lync MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office 32-bit Components 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Korrekturhilfen 2013 - Deutsch (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office OSM MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office OSM UX MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - English (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - Italiano (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft OneNote MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Outlook MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft PowerPoint MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Publisher MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Word MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Mozilla Firefox 29.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
Norton Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 1.2.0.36 - Symantec)
NTI Media Maker 8 (HKLM-x32\...\InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}) (Version: 8.0.12.6630 - NewTech Infosystems)
NTI Media Maker 8 (x32 Version: 8.0.12.6630 - NewTech Infosystems) Hidden
Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PokerStars.eu (HKLM-x32\...\PokerStars.eu) (Version:  - PokerStars.eu)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6000 - Realtek Semiconductor Corp.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden
TeamViewer 7 (HKLM-x32\...\TeamViewer 7) (Version: 7.0.15723 - TeamViewer)
Uninstall 1.0.0.1 (HKLM-x32\...\Uninstall_is1) (Version:  - )
Update for Microsoft Excel 2013 (KB2880475) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{4BC9BBF4-A2FB-4DBA-ABEA-5526E62E3B4D}) (Version:  - Microsoft)
Update for Microsoft Excel 2013 (KB2880475) 64-Bit Edition (HKLM\...\{90150000-0016-0407-1000-0000000FF1CE}_Office15.PROPLUS_{4BC9BBF4-A2FB-4DBA-ABEA-5526E62E3B4D}) (Version:  - Microsoft)
Update for Microsoft Excel 2013 (KB2880475) 64-Bit Edition (HKLM\...\{90150000-0018-0407-1000-0000000FF1CE}_Office15.PROPLUS_{4BC9BBF4-A2FB-4DBA-ABEA-5526E62E3B4D}) (Version:  - Microsoft)
Update for Microsoft Excel 2013 (KB2880475) 64-Bit Edition (HKLM\...\{90150000-001B-0407-1000-0000000FF1CE}_Office15.PROPLUS_{4BC9BBF4-A2FB-4DBA-ABEA-5526E62E3B4D}) (Version:  - Microsoft)
Update for Microsoft Excel 2013 (KB2880475) 64-Bit Edition (HKLM\...\{90150000-00C1-0407-1000-0000000FF1CE}_Office15.PROPLUS_{4BC9BBF4-A2FB-4DBA-ABEA-5526E62E3B4D}) (Version:  - Microsoft)
Update for Microsoft Lync 2013 (KB2817678) 64-Bit Edition (HKLM\...\{90150000-012B-0407-1000-0000000FF1CE}_Office15.PROPLUS_{237834D6-FA98-44E1-8739-ABD56DDADC59}) (Version:  - Microsoft)
Update for Microsoft Lync 2013 (KB2880980) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{E5ADC5AD-C469-4A96-A3F7-0D4644CF54FC}) (Version:  - Microsoft)
Update for Microsoft Lync 2013 (KB2880980) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{E5ADC5AD-C469-4A96-A3F7-0D4644CF54FC}) (Version:  - Microsoft)
Update for Microsoft Lync 2013 (KB2880980) 64-Bit Edition (HKLM\...\{90150000-012B-0407-1000-0000000FF1CE}_Office15.PROPLUS_{E5ADC5AD-C469-4A96-A3F7-0D4644CF54FC}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760344) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{EF77B4A6-DFEC-4010-A87D-9B6BF87FABEC}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760544) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{62857CDD-2985-4939-91BA-19ED0B0031A5}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2768012) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{0814662C-FD28-4DE0-ACE5-EE50D1D6C8FB}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2817302) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{E79EFFDB-192A-4D9E-A2DB-C0F774E6EC32}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2817302) 64-Bit Edition (HKLM\...\{90150000-0016-0407-1000-0000000FF1CE}_Office15.PROPLUS_{E79EFFDB-192A-4D9E-A2DB-C0F774E6EC32}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2826040) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{C4AEA56A-0759-4D08-9FAB-31A92137D0B8}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2837644) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D692E9FF-84BF-4F44-A0EA-D58ECE0D538E}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2863825) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{327EABFD-EDD3-44E7-AB47-7592DF33B719}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2863843) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{290D80DE-03AB-47EC-9402-108AF4CE4F66}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2863844) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{50F31E04-D56A-4159-BF36-CF3CE27DB30C}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880462) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{24584DD4-C680-4FEB-A464-D760C7A5B041}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880462) 64-Bit Edition (HKLM\...\{90150000-006E-0407-1000-0000000FF1CE}_Office15.PROPLUS_{24584DD4-C680-4FEB-A464-D760C7A5B041}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880462) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{24584DD4-C680-4FEB-A464-D760C7A5B041}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880464) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{88B29AA5-71EE-4692-91E2-E89407F0B783}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880476) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D3FC5B59-0F86-4B9A-94DF-FC213DF4FA63}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880476) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D3FC5B59-0F86-4B9A-94DF-FC213DF4FA63}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880478) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{8116ED50-F1E7-49E1-9D8D-421497D34B0F}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880482) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{FB1E57CA-A425-48F5-B882-CFC0793823AE}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880482) 64-Bit Edition (HKLM\...\{90150000-0016-0407-1000-0000000FF1CE}_Office15.PROPLUS_{FB1E57CA-A425-48F5-B882-CFC0793823AE}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880482) 64-Bit Edition (HKLM\...\{90150000-0090-0407-1000-0000000FF1CE}_Office15.PROPLUS_{FB1E57CA-A425-48F5-B882-CFC0793823AE}) (Version:  - Microsoft)
Update for Microsoft OneDrive for Business (KB2880480) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{663B7CD7-32AE-4AB5-8E20-12C0FA6963D4}) (Version:  - Microsoft)
Update for Microsoft OneDrive for Business (KB2880480) 64-Bit Edition (HKLM\...\{90150000-00BA-0407-1000-0000000FF1CE}_Office15.PROPLUS_{663B7CD7-32AE-4AB5-8E20-12C0FA6963D4}) (Version:  - Microsoft)
Update for Microsoft OneDrive for Business (KB2880480) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{663B7CD7-32AE-4AB5-8E20-12C0FA6963D4}) (Version:  - Microsoft)
Update for Microsoft OneDrive for Business (KB2880480) 64-Bit Edition (HKLM\...\{90150000-00C1-0407-1000-0000000FF1CE}_Office15.PROPLUS_{663B7CD7-32AE-4AB5-8E20-12C0FA6963D4}) (Version:  - Microsoft)
Update for Microsoft OneNote 2013 (KB2817628) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{9367C385-2EF9-4BE3-8351-7D2AB0798A57}) (Version:  - Microsoft)
Update for Microsoft OneNote 2013 (KB2817628) 64-Bit Edition (HKLM\...\{90150000-00A1-0407-1000-0000000FF1CE}_Office15.PROPLUS_{9367C385-2EF9-4BE3-8351-7D2AB0798A57}) (Version:  - Microsoft)
Update for Microsoft OneNote 2013 (KB2817628) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{9367C385-2EF9-4BE3-8351-7D2AB0798A57}) (Version:  - Microsoft)
Update for Microsoft Outlook 2013 (KB2880470) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{34A169EC-990A-4DAE-AC65-9F981158B7DB}) (Version:  - Microsoft)
Update for Microsoft Outlook 2013 (KB2880470) 64-Bit Edition (HKLM\...\{90150000-001A-0407-1000-0000000FF1CE}_Office15.PROPLUS_{34A169EC-990A-4DAE-AC65-9F981158B7DB}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2013 (KB2878315) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{95F0CF54-BC3E-4C6F-B11D-89D6D8C6452E}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2013 (KB2878315) 64-Bit Edition (HKLM\...\{90150000-0018-0407-1000-0000000FF1CE}_Office15.PROPLUS_{95F0CF54-BC3E-4C6F-B11D-89D6D8C6452E}) (Version:  - Microsoft)
Update for Microsoft Publisher 2013 (KB2726952) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{03B2C707-503D-4979-8322-CA92C45AD6B4}) (Version:  - Microsoft)
Update for Microsoft Publisher 2013 (KB2726952) 64-Bit Edition (HKLM\...\{90150000-0019-0407-1000-0000000FF1CE}_Office15.PROPLUS_{03B2C707-503D-4979-8322-CA92C45AD6B4}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2013 (KB2817301) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{8E5CD68A-CDF8-4930-88DF-B7778B1871A9}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2013 (KB2817301) 64-Bit Edition (HKLM\...\{90150000-006E-0407-1000-0000000FF1CE}_Office15.PROPLUS_{8E5CD68A-CDF8-4930-88DF-B7778B1871A9}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2878319) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{BC51FE30-3A56-4802-8D9E-E9BC05B56B49}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2880455) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{302A5BF1-9DB4-4204-988C-53073C15EF67}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2880455) 64-Bit Edition (HKLM\...\{90150000-001A-0407-1000-0000000FF1CE}_Office15.PROPLUS_{302A5BF1-9DB4-4204-988C-53073C15EF67}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2880455) 64-Bit Edition (HKLM\...\{90150000-001B-0407-1000-0000000FF1CE}_Office15.PROPLUS_{302A5BF1-9DB4-4204-988C-53073C15EF67}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2880455) 64-Bit Edition (HKLM\...\{90150000-012B-0407-1000-0000000FF1CE}_Office15.PROPLUS_{302A5BF1-9DB4-4204-988C-53073C15EF67}) (Version:  - Microsoft)
VLC media player 1.0.3 (HKLM-x32\...\VLC media player) (Version: 1.0.3 - VideoLAN Team)
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.00.3013 - Acer Incorporated)
Windows Live Call (x32 Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 14.0.8081.709 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Live Mail (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 14.0.8091.0730 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Writer (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Center Add-in for Silverlight (HKLM-x32\...\{0EDBEB2B-7C8D-42E6-8312-0F84394A3223}) (Version: 4.7.3.0 - Microsoft Corporation)
WinZip 17.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240DB}) (Version: 17.5.10480 - WinZip Computing, S.L. )

==================== Restore Points  =========================

27-05-2014 13:07:19 Geplanter Prüfpunkt
30-05-2014 12:17:10 Windows Update
30-05-2014 12:55:00 RegClean Pro Fr, Mai 30, 14  14:54
30-05-2014 13:30:55 Removed Facebook Video Calling 2.0.0.447
03-06-2014 17:20:43 Windows Update

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {34C6F549-6802-4A44-8CEA-8D4F652F4AA2} - System32\Tasks\Recovery Management\Burn Notification => C:\Program Files\Acer\Acer eRecovery Management\NotificationCenter\Notification.exe [2009-11-03] (Acer)
Task: {3810390C-D58B-4D0F-A0FB-9EC6D7AF302E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-16] (Adobe Systems Incorporated)
Task: {5284C463-AB70-43B0-AB55-617681A90AF9} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2651761445-4232749871-4208900344-1000UA => C:\Users\NeoAnderson\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-03-14] (Facebook Inc.)
Task: {54511C1E-0904-491B-9D32-0E5E28B0A943} - System32\Tasks\DSite => C:\Users\NEOAND~1\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {69272696-5099-4B5D-8EB3-2DEED7E0599D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {6D11C304-0630-4AB9-AFE4-C3FE6A7B291A} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {7EE1E9D6-F3C4-4E42-AC29-AC20BB00436C} - System32\Tasks\DealPly => C:\Users\NEOAND~1\AppData\Roaming\DealPly\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {864080EB-0806-47A4-8FC5-2839C6AA45CD} - System32\Tasks\QtraxPlayer => C:\Program Files (x86)\Microsoft Silverlight\sllauncher.exe [2014-02-13] (Microsoft Corporation)
Task: {A4D7801C-452F-4D18-9D2E-DBA03788463A} - System32\Tasks\HP Photo Creations Communicator => C:\ProgramData\HP Photo Creations\MessageCheck.exe [2012-05-27] ()
Task: {B58DA383-0B57-4696-ADBC-0B21975C6102} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {BFC049D9-277D-4FC5-81EC-8F42C1B499E0} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {CD1A26C1-73FE-4A0D-A513-06D7C04A9EC7} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2651761445-4232749871-4208900344-1000Core => C:\Users\NeoAnderson\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-03-14] (Facebook Inc.)
Task: {DE459BA3-E27E-41DB-86F1-22A7BCC21F16} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DSite.job => C:\Users\NEOAND~1\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2651761445-4232749871-4208900344-1000Core.job => C:\Users\NeoAnderson\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2651761445-4232749871-4208900344-1000UA.job => C:\Users\NeoAnderson\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\HP Photo Creations Communicator.job => C:\ProgramData\HP Photo Creations\MessageCheck.exe

==================== Loaded Modules (whitelisted) =============

2010-05-31 12:58 - 2010-01-13 10:47 - 00206208 _____ () C:\Windows\PLFSetI.exe
2001-05-22 11:37 - 2001-06-10 16:00 - 00053248 _____ () C:\Program Files (x86)\LexmarkX83\AcBtnMgr_X83.exe
2010-01-07 14:42 - 2010-01-07 14:42 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-05-31 12:56 - 2010-05-31 12:56 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2014-02-06 01:52 - 2014-02-06 01:52 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-06 01:52 - 2014-02-06 01:52 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2010-03-25 06:54 - 2009-12-24 02:32 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2014-05-12 00:55 - 2014-05-12 00:56 - 03839088 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-05-16 01:16 - 2014-05-16 01:16 - 16361136 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/09/2014 08:25:54 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (06/09/2014 08:19:39 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Das Stammelement der Manifestdatei muss assembliert sein.

Error: (06/09/2014 08:00:03 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: Die Sicherung wurde aufgrund eines Fehlers beim Schreiben am Sicherungsspeicherort "E:\" nicht abgeschlossen. Fehler: "Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)"

Error: (06/09/2014 06:11:19 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Das Stammelement der Manifestdatei muss assembliert sein.

Error: (06/09/2014 05:56:05 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418154

Error: (06/09/2014 05:49:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ACMonitor_X83.exe, Version: 1.0.0.1, Zeitstempel: 0x3bc77083
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000
ID des fehlerhaften Prozesses: 0x948
Startzeit der fehlerhaften Anwendung: 0xACMonitor_X83.exe0
Pfad der fehlerhaften Anwendung: ACMonitor_X83.exe1
Pfad des fehlerhaften Moduls: ACMonitor_X83.exe2
Berichtskennung: ACMonitor_X83.exe3

Error: (06/09/2014 05:43:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ACMonitor_X83.exe, Version: 1.0.0.1, Zeitstempel: 0x3bc77083
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000
ID des fehlerhaften Prozesses: 0xd584
Startzeit der fehlerhaften Anwendung: 0xACMonitor_X83.exe0
Pfad der fehlerhaften Anwendung: ACMonitor_X83.exe1
Pfad des fehlerhaften Moduls: ACMonitor_X83.exe2
Berichtskennung: ACMonitor_X83.exe3

Error: (06/09/2014 05:42:34 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: NeoAnderson-PC)
Description: Das lokale Benutzerprofil wurde nicht gefunden. Sie werden mit einem temporären Benutzerprofil angemeldet. Änderungen, die Sie am Benutzerprofil vornehmen, gehen bei der Abmeldung verloren.

Error: (06/09/2014 05:42:34 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1515) (User: NeoAnderson-PC)
Description: Dieses Benutzerprofil wurde gesichert. Bei der nächsten Anmeldung dieses Benutzers wird automatisch versucht, dieses gesicherte Profil zu verwenden.

Error: (06/09/2014 05:42:34 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1502) (User: NeoAnderson-PC)
Description: Das lokal gespeicherte Profil kann nicht geladen werden. Mögliche Fehlerursachen sind nicht ausreichende Sicherheitsrechte oder ein beschädigtes lokales Profil.

 Details - Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.


System errors:
=============
Error: (06/09/2014 05:48:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Avira Browser-Schutz" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (06/09/2014 05:48:55 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Avira Browser-Schutz erreicht.

Error: (06/09/2014 05:48:20 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Intel(R) Rapid Storage Technology" wurde nicht richtig gestartet.

Error: (06/09/2014 05:48:09 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Avira Echtzeit-Scanner" wurde nicht richtig gestartet.

Error: (06/09/2014 05:45:57 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.

Modulpfad: C:\Windows\system32\athExt.dll
Fehlercode: 126


Microsoft Office Sessions:
=========================
Error: (06/09/2014 08:25:54 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (06/09/2014 08:19:39 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: C:\Program Files\WinZip\adxloader.dll.ManifestC:\Program Files\WinZip\adxloader.dll.Manifest2

Error: (06/09/2014 08:00:03 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: E:\Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)

Error: (06/09/2014 06:11:19 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: C:\Program Files\WinZip\adxloader.dll.ManifestC:\Program Files\WinZip\adxloader.dll.Manifest2

Error: (06/09/2014 05:56:05 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418154

Error: (06/09/2014 05:49:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: ACMonitor_X83.exe1.0.0.13bc77083unknown0.0.0.000000000c00000050000000094801cf83fa4d66be3aC:\Program Files (x86)\LexmarkX83\ACMonitor_X83.exeunknown989abb49-efed-11e3-b2a0-00262dab4361

Error: (06/09/2014 05:43:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: ACMonitor_X83.exe1.0.0.13bc77083unknown0.0.0.000000000c000000500000000d58401cf83f99adb3ee2C:\Program Files (x86)\LexmarkX83\ACMonitor_X83.exeunknownde6a90d0-efec-11e3-9b26-2a7c8f011892

Error: (06/09/2014 05:42:34 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: NeoAnderson-PC)
Description:

Error: (06/09/2014 05:42:34 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1515) (User: NeoAnderson-PC)
Description:

Error: (06/09/2014 05:42:34 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1502) (User: NeoAnderson-PC)
Description: Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.


==================== Memory info ===========================

Percentage of memory in use: 48%
Total physical RAM: 3956.5 MB
Available physical RAM: 2021.55 MB
Total Pagefile: 7911.18 MB
Available Pagefile: 5535.64 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:284.81 GB) (Free:116.68 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298 GB) (Disk ID: A634A634)
Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=285 GB) - (Type=07 NTFS)

==================== End Of Log ============================

schrauber 10.06.2014 18:28
Adware & Co. deinstallieren

Solltest Du ein Programm nicht finden oder nicht deinstallieren können, mache bitte mit dem nächsten Schritt weiter:



http://www.filepony.de/icon/panda_usb_vaccine.png Panda USB Vaccine

Bitte lade Dir von hier Panda USB Vaccine herunter.


Sticks anklemmen und nicht mehr abklemmen:


Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

NeoAnderson 10.06.2014 22:04
Danke schon mal für die schnelle Hilfe ;)
Adware wurde von mir deinstalliert, war nur eine Datei bzw. position (Ask Toolbar)
Reste gabs keine zum löschen!
Habe auch Panda USB Vaccine installiert und wie gewünsch meinen laptop geimpft.
Danach die USB-Sticks angeklemmt und mit combofix gescant...
Code:
ComboFix 14-06-10.01 - NeoAnderson 10.06.2014  22:34:03.1.4 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.3956.2047 [GMT 2:00]
ausgeführt von:: c:\users\NeoAnderson\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((  Dateien erstellt von 2014-05-10 bis 2014-06-10  ))))))))))))))))))))))))))))))
.
.
2014-06-10 20:42 . 2014-06-10 20:42        --------        d-----w-        c:\users\Gäste Konto\AppData\Local\temp
2014-06-10 20:42 . 2014-06-10 20:42        --------        d-----w-        c:\users\Default\AppData\Local\temp
2014-06-10 20:17 . 2014-06-10 20:17        --------        d-----w-        c:\programdata\Panda Security
2014-06-10 20:17 . 2014-06-10 20:17        --------        d-----w-        c:\program files (x86)\Panda USB Vaccine
2014-06-10 19:22 . 2014-06-10 19:22        --------        d-----w-        c:\program files (x86)\VS Revo Group
2014-06-10 13:02 . 2014-04-30 23:20        10702536        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{E141E1C9-7B19-4C95-BAC4-C73DEA01731B}\mpengine.dll
2014-06-09 19:28 . 2014-06-09 19:33        --------        d-----w-        C:\FRST
2014-06-03 17:54 . 2014-06-10 18:15        122584        ----a-w-        c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-06-03 17:54 . 2014-06-03 17:54        --------        d-----w-        c:\program files (x86)\Malwarebytes Anti-Malware
2014-06-03 17:54 . 2014-05-12 05:26        63704        ----a-w-        c:\windows\system32\drivers\mwac.sys
2014-06-03 17:54 . 2014-05-12 05:26        91352        ----a-w-        c:\windows\system32\drivers\mbamchameleon.sys
2014-06-03 17:54 . 2014-05-12 05:25        25816        ----a-w-        c:\windows\system32\drivers\mbam.sys
2014-05-30 13:21 . 2014-06-03 21:37        --------        d-----w-        C:\temp
2014-05-30 13:20 . 2014-06-03 21:41        --------        d-----w-        c:\program files\003
2014-05-30 12:47 . 2014-05-30 12:47        --------        d-----w-        c:\users\Gäste Konto\AppData\Roaming\rightbackup
2014-05-30 12:47 . 2014-05-30 13:28        --------        d-----w-        c:\users\Gäste Konto\AppData\Roaming\systweak
2014-05-30 12:47 . 2014-05-30 13:05        --------        d-----w-        c:\program files (x86)\RegClean Pro
2014-05-30 12:44 . 2014-05-30 12:44        --------        d-----w-        c:\users\Gäste Konto\AppData\Local\Programs
2014-05-27 14:50 . 2014-05-27 14:50        --------        d-----w-        c:\programdata\Malwarebytes
2014-05-27 14:50 . 2014-05-27 14:50        --------        d-----w-        c:\users\NeoAnderson\AppData\Local\Programs
2014-05-21 17:17 . 2014-05-21 17:17        --------        d-----w-        c:\program files\Microsoft.NET
2014-05-15 16:38 . 2013-09-03 17:17        459672        --sha-w-        c:\users\NeoAnderson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sdfczjzvgu.vbs
2014-05-15 15:51 . 2014-05-06 04:40        23544320        ----a-w-        c:\windows\system32\mshtml.dll
2014-05-15 15:51 . 2014-05-06 03:00        84992        ----a-w-        c:\windows\system32\mshtmled.dll
2014-05-15 15:51 . 2014-05-06 04:17        2724864        ----a-w-        c:\windows\system32\mshtml.tlb
2014-05-15 15:51 . 2014-05-06 03:07        2724864        ----a-w-        c:\windows\SysWow64\mshtml.tlb
2014-05-15 15:36 . 2014-03-25 02:43        14175744        ----a-w-        c:\windows\system32\shell32.dll
2014-05-15 15:35 . 2014-05-09 06:14        477184        ----a-w-        c:\windows\system32\aepdu.dll
2014-05-15 15:35 . 2014-05-09 06:11        424448        ----a-w-        c:\windows\system32\aeinv.dll
2014-05-15 00:02 . 2014-05-15 00:02        --------        d-sh--w-        c:\users\Gäste Konto\AppData\Local\EmieUserList
2014-05-15 00:02 . 2014-05-15 00:02        --------        d-sh--w-        c:\users\Gäste Konto\AppData\Local\EmieSiteList
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-27 12:14 . 2013-03-28 00:08        130584        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2014-05-27 12:14 . 2013-03-28 00:08        112080        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2014-05-15 23:16 . 2012-04-03 16:52        692400        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2014-05-15 23:16 . 2011-08-17 09:44        70832        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-15 15:43 . 2011-10-19 20:21        93223848        ----a-w-        c:\windows\system32\MRT.exe
2014-03-31 07:35 . 2011-08-22 17:05        270496        ------w-        c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-04-08 12:22        1728216        ----a-w-        c:\progra~2\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-04-08 12:22        1728216        ----a-w-        c:\progra~2\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-04-08 12:22        1728216        ----a-w-        c:\progra~2\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"sdfczjzvgu"="wscript.exe" [2013-10-12 141824]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2009-12-24 284696]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-07-24 588648]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-01-22 98304]
"Lexmark X83 Button Monitor"="c:\progra~2\LEXMAR~1\ACMonitor_X83.exe" [2001-10-12 40960]
"Lexmark X83 Button Manager"="c:\progra~2\LEXMAR~1\AcBtnMgr_X83.exe" [2001-06-10 53248]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-02-05 43848]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-05-27 737872]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2014-01-17 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-02-21 152392]
.
c:\users\NeoAnderson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
sdfczjzvgu.vbs [2013-9-3 459672]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 CLKMSVC10_9EC60124;CyberLink Product - 2012/11/30 16:39;c:\program files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe;c:\program files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2010/05/31 13:00];c:\program files (x86)\CyberLink\PowerDVD9\000.fcl;c:\program files (x86)\CyberLink\PowerDVD9\000.fcl [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x]
S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe;c:\program files (x86)\Acer\Registration\GregHSRW.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - MBAMSWISSARMY
*Deregistered* - CLKMDRV10_9EC60124
*Deregistered* - MBAMWebAccessControl
.
Inhalt des "geplante Tasks" Ordners
.
2014-06-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 23:16]
.
2014-06-10 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2651761445-4232749871-4208900344-1000Core.job
- c:\users\NeoAnderson\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-03-13 23:49]
.
2014-06-10 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2651761445-4232749871-4208900344-1000UA.job
- c:\users\NeoAnderson\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-03-13 23:49]
.
2014-06-10 c:\windows\Tasks\HP Photo Creations Communicator.job
- c:\programdata\HP Photo Creations\MessageCheck.exe [2012-05-27 16:03]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-04-08 12:18        2333400        ----a-w-        c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-04-08 12:18        2333400        ----a-w-        c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-04-08 12:18        2333400        ----a-w-        c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-09-22 323584]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-11 9643552]
"PLFSetI"="c:\windows\PLFSetI.exe" [2010-01-13 206208]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-10-22 325120]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2010-02-05 860192]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office15\ONBttnIE.dll/105
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\users\NeoAnderson\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office15\EXCEL.EXE/3000
IE: {{07BA1DA9-F501-4796-8728-74D1B91A6CD5} - c:\program files (x86)\PokerStars.EU\PokerStarsUpdate.exe
TCP: DhcpNameServer = 192.168.178.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
FF - ProfilePath - c:\users\NeoAnderson\AppData\Roaming\Mozilla\Firefox\Profiles\dg0s8sd6.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.de/
FF - prefs.js: network.proxy.ftp - 195.103.219.106
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.http - 195.103.219.106
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - 195.103.219.106
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - 195.103.219.106
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 0
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - f666a52a0000000000002a7c8f011892
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15854
FF - user.js: extensions.delta.vrsn - 1.8.21.5
FF - user.js: extensions.delta.vrsni - 1.8.21.5
FF - user.js: extensions.delta.vrsnTs - 1.8.21.521:45
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta_i.babTrack - affID=119357&tt=gc_
FF - user.js: extensions.delta_i.babExt -
FF - user.js: extensions.delta_i.srcExt - ss
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{872b5b88-9db5-4310-bdd0-ac189557e5f5} - (no file)
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-swg - c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
WebBrowser-{872B5B88-9DB5-4310-BDD0-AC189557E5F5} - (no file)
HKLM-Run-mwlDaemon - c:\program files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
AddRemove-Free Audio CD Burner_is1 - c:\program files (x86)\DVDVideoSoft\Free Audio CD Burner\unins000.exe
AddRemove-PokerStars.eu - c:\program files (x86)\PokerStars.EU\PokerStarsUninstall.exe
AddRemove-Uninstall_is1 - c:\program files (x86)\Common Files\DVDVideoSoft\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD9\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.13"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
  00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-06-10  22:49:04
ComboFix-quarantined-files.txt  2014-06-10 20:49
.
Vor Suchlauf: 14 Verzeichnis(se), 124.927.799.296 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 127.244.906.496 Bytes frei
.
- - End Of File - - C3C17A503FDA466ACB9C2AE2F55A3B57
Ein Problem hab ich aber noch:

Habe meine 3 Sticks angeklemmt (habe auch nur 3 eingänge)
Ausserdem habe ich aber noch eine externe Festplatte die ich seit längerem nicht mehr angeschlossen habe. Jetzt weiss ich nicht ob diese auch befallen ist (hab mich nicht getraut diese an zu stecken)
Und selbst wenn hab ich ja nur 3 slots zum anstecken^^

schrauber 11.06.2014 20:12
Die scannen wir am Schluss :)


Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

NeoAnderson 12.06.2014 16:19
Malewarebytes:
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 12.06.2014
Suchlauf-Zeit: 16:15:44
Logdatei: Malwarebytes.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.06.12.06
Rootkit Datenbank: v2014.06.02.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: NeoAnderson

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 319883
Verstrichene Zeit: 15 Min, 17 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 0
(No malicious items detected)

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 23
PUP.Optional.Delta.A, C:\Users\NeoAnderson\AppData\Roaming\Mozilla\Firefox\Profiles\dg0s8sd6.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.admin", false);), ,[02941760631802341bd1b1f0a16348b8]
PUP.Optional.Delta.A, C:\Users\NeoAnderson\AppData\Roaming\Mozilla\Firefox\Profiles\dg0s8sd6.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.aflt", "babsst");), ,[e5b12453cab18ea834b81e8356ae56aa]
PUP.Optional.Delta.A, C:\Users\NeoAnderson\AppData\Roaming\Mozilla\Firefox\Profiles\dg0s8sd6.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");), ,[bed82d4a700b8aace705851cad572ad6]
PUP.Optional.Delta.A, C:\Users\NeoAnderson\AppData\Roaming\Mozilla\Firefox\Profiles\dg0s8sd6.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.autoRvrt", "false");), ,[3e58afc8106ba393c329831e6d97cb35]
PUP.Optional.Delta.A, C:\Users\NeoAnderson\AppData\Roaming\Mozilla\Firefox\Profiles\dg0s8sd6.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.dfltLng", "en");), ,[9df9195e86f57cbaffed039e2cd8738d]
PUP.Optional.Delta.A, C:\Users\NeoAnderson\AppData\Roaming\Mozilla\Firefox\Profiles\dg0s8sd6.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.excTlbr", false);), ,[8016581f7b00112527c52d742fd557a9]
PUP.Optional.Delta.A, C:\Users\NeoAnderson\AppData\Roaming\Mozilla\Firefox\Profiles\dg0s8sd6.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.ffxUnstlRst", true);), ,[eda9e097e497d66004e8920f53b15ea2]
PUP.Optional.Delta.A, C:\Users\NeoAnderson\AppData\Roaming\Mozilla\Firefox\Profiles\dg0s8sd6.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.id", "f666a52a0000000000002a7c8f011892");), ,[3066e493c8b3a591b9330c954cb8fc04]
PUP.Optional.Delta.A, C:\Users\NeoAnderson\AppData\Roaming\Mozilla\Firefox\Profiles\dg0s8sd6.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.instlDay", "15854");), ,[6e281e59d1aaf5410be1871a9b69926e]
PUP.Optional.Delta.A, C:\Users\NeoAnderson\AppData\Roaming\Mozilla\Firefox\Profiles\dg0s8sd6.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.instlRef", "sst");), ,[742225521665af87ec008b1654b0a858]
PUP.Optional.Delta.A, C:\Users\NeoAnderson\AppData\Roaming\Mozilla\Firefox\Profiles\dg0s8sd6.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.newTab", false);), ,[593d9ed9710a999db7354d5454b0b749]
PUP.Optional.Delta.A, C:\Users\NeoAnderson\AppData\Roaming\Mozilla\Firefox\Profiles\dg0s8sd6.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.prdct", "delta");), ,[f6a03146c0bbc076fbf1eeb364a0a45c]
PUP.Optional.Delta.A, C:\Users\NeoAnderson\AppData\Roaming\Mozilla\Firefox\Profiles\dg0s8sd6.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.prtnrId", "delta");), ,[6d29492e760547efb735a9f8b54fa45c]
PUP.Optional.Delta.A, C:\Users\NeoAnderson\AppData\Roaming\Mozilla\Firefox\Profiles\dg0s8sd6.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.rvrt", "false");), ,[395dbeb92754fb3bbb314d548a7a6898]
PUP.Optional.Delta.A, C:\Users\NeoAnderson\AppData\Roaming\Mozilla\Firefox\Profiles\dg0s8sd6.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.smplGrp", "none");), ,[e3b3f87f5d1ed264c329d2cf9d67c937]
PUP.Optional.Delta.A, C:\Users\NeoAnderson\AppData\Roaming\Mozilla\Firefox\Profiles\dg0s8sd6.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.tlbrId", "base");), ,[3f573740d0ab69cdfcf0aef33ec603fd]
PUP.Optional.Delta.A, C:\Users\NeoAnderson\AppData\Roaming\Mozilla\Firefox\Profiles\dg0s8sd6.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.tlbrSrchUrl", "");), ,[bfd76512c6b582b4ffed356cef155ca4]
PUP.Optional.Delta.A, C:\Users\NeoAnderson\AppData\Roaming\Mozilla\Firefox\Profiles\dg0s8sd6.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.vrsn", "1.8.21.5");), ,[583ec8af413a2313529a356c937158a8]
PUP.Optional.Delta.A, C:\Users\NeoAnderson\AppData\Roaming\Mozilla\Firefox\Profiles\dg0s8sd6.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.vrsnTs", "1.8.21.521:45:58");), ,[f2a4591e611ac96d24c8d8c9a85c966a]
PUP.Optional.Delta.A, C:\Users\NeoAnderson\AppData\Roaming\Mozilla\Firefox\Profiles\dg0s8sd6.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.vrsni", "1.8.21.5");), ,[7c1a82f5a7d4e65083699c057c8832ce]
PUP.Optional.Delta.A, C:\Users\NeoAnderson\AppData\Roaming\Mozilla\Firefox\Profiles\dg0s8sd6.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta_i.babExt", "");), ,[9df9b7c03e3d9d996a82e2bfa36144bc]
PUP.Optional.Delta.A, C:\Users\NeoAnderson\AppData\Roaming\Mozilla\Firefox\Profiles\dg0s8sd6.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta_i.babTrack", "affID=119357&tt=gc_");), ,[9600492e186371c59953049dfe06f20e]
PUP.Optional.Delta.A, C:\Users\NeoAnderson\AppData\Roaming\Mozilla\Firefox\Profiles\dg0s8sd6.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta_i.srcExt", "ss");), ,[6531cea9a3d8b086ffed0d9473911ae6]

Physische Sektoren: 0
(No malicious items detected)


(end)
AdwCleaner:
Code:
# AdwCleaner v3.212 - Bericht erstellt am 12/06/2014 um 16:42:12
# Aktualisiert 05/06/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : NeoAnderson - NEOANDERSON-PC
# Gestartet von : C:\Users\NeoAnderson\Desktop\adwcleaner_3.212.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\Program Files (x86)\Conduit
Ordner Gelöscht : C:\Program Files (x86)\RegClean Pro
Ordner Gelöscht : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
Ordner Gelöscht : C:\Program Files\003
Ordner Gelöscht : C:\Users\Gäste Konto\AppData\Local\AskToolbar
Ordner Gelöscht : C:\Users\Gäste Konto\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Users\Gäste Konto\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Gäste Konto\AppData\LocalLow\Delta
Ordner Gelöscht : C:\Users\Gäste Konto\AppData\LocalLow\PriceGong
Ordner Gelöscht : C:\Users\Gäste Konto\AppData\LocalLow\Search Settings
Ordner Gelöscht : C:\Users\Gäste Konto\AppData\Roaming\Systweak
Ordner Gelöscht : C:\Users\NeoAnderson\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\NeoAnderson\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\NeoAnderson\AppData\LocalLow\ConduitEngine
Ordner Gelöscht : C:\Users\NeoAnderson\AppData\LocalLow\DVDVideoSoftTB
Ordner Gelöscht : C:\Users\NeoAnderson\AppData\LocalLow\PriceGong
Ordner Gelöscht : C:\Users\NeoAnderson\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\NeoAnderson\AppData\Roaming\DSite
Ordner Gelöscht : C:\Users\NeoAnderson\AppData\Roaming\dvdvideosoftiehelpers
Datei Gelöscht : C:\Users\NeoAnderson\AppData\Roaming\Mozilla\Firefox\Profiles\dg0s8sd6.default\invalidprefs.js
Datei Gelöscht : C:\Users\Gäste Konto\AppData\Roaming\Mozilla\Firefox\Profiles\wudqzseg.default\user.js
Datei Gelöscht : C:\Users\NeoAnderson\AppData\Roaming\Mozilla\Firefox\Profiles\dg0s8sd6.default\user.js
Datei Gelöscht : C:\Windows\System32\Tasks\Dealply
Datei Gelöscht : C:\Windows\System32\Tasks\DSite
Datei Gelöscht : C:\Windows\System32\Tasks\QtraxPlayer

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\bpegkgagfojjbcpkihigfmkojdmmimdf
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Conduit.Engine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\DVDVideoSoftTBAutoUpdateHelper_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\DVDVideoSoftTBAutoUpdateHelper_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\DVDVideoSoftTBToolbarHelper_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\DVDVideoSoftTBToolbarHelper_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\d0d8dfe539ee10
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2269050
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0AFD55C8-ADF8-4A33-A6E1-DEDB7A36AEB4}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{C424171E-592A-415A-9EB1-DFD6D95D3530}]
Schlüssel Gelöscht : HKCU\Software\dsiteproducts
Schlüssel Gelöscht : HKCU\Software\qtrax
Schlüssel Gelöscht : HKCU\Software\StartSearch
Schlüssel Gelöscht : HKCU\Software\vShare.tv
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\conduitEngine
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\DVDVideoSoftTB
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Search Settings
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\systweak
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\LevelQualityWatcher

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17041


-\\ Mozilla Firefox v29.0.1 (de)

[ Datei : C:\Users\Gäste Konto\AppData\Roaming\Mozilla\Firefox\Profiles\wudqzseg.default\prefs.js ]

Zeile gelöscht : user_pref("browser.search.order.1", "Delta Search");

[ Datei : C:\Users\NeoAnderson\AppData\Roaming\Mozilla\Firefox\Profiles\dg0s8sd6.default\prefs.js ]

Zeile gelöscht : user_pref("extensions.delta.admin", false);
Zeile gelöscht : user_pref("extensions.delta.aflt", "babsst");
Zeile gelöscht : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Zeile gelöscht : user_pref("extensions.delta.autoRvrt", "false");
Zeile gelöscht : user_pref("extensions.delta.dfltLng", "en");
Zeile gelöscht : user_pref("extensions.delta.excTlbr", false);
Zeile gelöscht : user_pref("extensions.delta.ffxUnstlRst", true);
Zeile gelöscht : user_pref("extensions.delta.id", "f666a52a0000000000002a7c8f011892");
Zeile gelöscht : user_pref("extensions.delta.instlDay", "15854");
Zeile gelöscht : user_pref("extensions.delta.instlRef", "sst");
Zeile gelöscht : user_pref("extensions.delta.newTab", false);
Zeile gelöscht : user_pref("extensions.delta.prdct", "delta");
Zeile gelöscht : user_pref("extensions.delta.prtnrId", "delta");
Zeile gelöscht : user_pref("extensions.delta.rvrt", "false");
Zeile gelöscht : user_pref("extensions.delta.smplGrp", "none");
Zeile gelöscht : user_pref("extensions.delta.tlbrId", "base");
Zeile gelöscht : user_pref("extensions.delta.tlbrSrchUrl", "");
Zeile gelöscht : user_pref("extensions.delta.vrsn", "1.8.21.5");
Zeile gelöscht : user_pref("extensions.delta.vrsnTs", "1.8.21.521:45:58");
Zeile gelöscht : user_pref("extensions.delta.vrsni", "1.8.21.5");
Zeile gelöscht : user_pref("extensions.delta_i.babExt", "");
Zeile gelöscht : user_pref("extensions.delta_i.babTrack", "affID=119357&tt=gc_");
Zeile gelöscht : user_pref("extensions.delta_i.srcExt", "ss");

-\\ Google Chrome v

*************************

AdwCleaner[R0].txt - [8803 octets] - [12/06/2014 16:37:39]
AdwCleaner[S0].txt - [8266 octets] - [12/06/2014 16:42:12]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8326 octets] ##########
JRT:
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by NeoAnderson on 12.06.2014 at 16:51:41,38
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2651761445-4232749871-4208900344-1000\Software\sweetim
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}



~~~ Files

Successfully deleted: [File] "C:\Users\NeoAnderson\appdata\locallow\microsoft\silverlight\outofbrowser\index\portal.qtrax.com"



~~~ Folders

Successfully deleted: [Folder] "C:\Users\NeoAnderson\music\qtrax media library"



~~~ FireFox

Emptied folder: C:\Users\NeoAnderson\AppData\Roaming\mozilla\firefox\profiles\dg0s8sd6.default\minidumps [84 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 12.06.2014 at 17:00:22,16
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-06-2014 01
Ran by NeoAnderson (administrator) on NEOANDERSON-PC on 12-06-2014 17:08:32
Running from C:\Users\NeoAnderson\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Panda Security) C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Windows\PLFSetI.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
() C:\Program Files (x86)\LexmarkX83\AcBtnMgr_X83.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [323584 2009-09-23] (Alcor Micro Corp.)
HKLM\...\Run: [mwlDaemon] => C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9643552 2009-12-11] (Realtek Semiconductor)
HKLM\...\Run: [PLFSetI] => C:\Windows\PLFSetI.exe [206208 2010-01-13] ()
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [325120 2009-10-22] (Alps Electric Co., Ltd.)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [860192 2010-02-05] (Acer Incorporated)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2009-12-24] (Intel Corporation)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] => C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe [588648 2009-07-25] (Symantec Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-01-22] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Lexmark X83 Button Monitor] => C:\Program Files (x86)\LexmarkX83\ACMonitor_X83.exe [40960 2001-10-12] (Jetsoft Development Company)
HKLM-x32\...\Run: [Lexmark X83 Button Manager] => C:\Program Files (x86)\LexmarkX83\AcBtnMgr_X83.exe [53248 2001-06-10] ()
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-03-12] (Hewlett-Packard)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-06] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [737872 2014-05-27] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKU\S-1-5-21-2651761445-4232749871-4208900344-1000\...\Run: [sdfczjzvgu] => wscript.exe //B "C:\Users\NEOAND~1\AppData\Local\Temp\sdfczjzvgu.vbs" <===== ATTENTION
Startup: C:\Users\NeoAnderson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sdfczjzvgu.vbs ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKLM-x32 - {F5F8E4F7-23A1-4430-99E6-9C6CDD2A8E67} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKCU - {1E6927AA-AC2D-4B51-9EF3-2B50538423EB} URL = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {C7E8BFF5-1185-4C90-BA78-674FBFF66493} URL = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie
SearchScopes: HKCU - {CA4FE4C1-426C-4B1C-B33D-07E84A0CCDEA} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=244506&p={searchTerms}
SearchScopes: HKCU - {E1A3DDAF-BCEC-474A-8717-B13FBCEF83DF} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {E1C6CAEC-781F-4593-B449-BDC9173291B4} URL = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {F5F8E4F7-23A1-4430-99E6-9C6CDD2A8E67} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE400DE401
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\NeoAnderson\AppData\Roaming\Mozilla\Firefox\Profiles\dg0s8sd6.default
FF Homepage: https://www.google.de/
FF NetworkProxy: "ftp", "195.103.219.106"
FF NetworkProxy: "ftp_port", 8080
FF NetworkProxy: "http", "195.103.219.106"
FF NetworkProxy: "http_port", 8080
FF NetworkProxy: "no_proxies_on", "*.local, stealthy.co"
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "195.103.219.106"
FF NetworkProxy: "socks_port", 8080
FF NetworkProxy: "ssl", "195.103.219.106"
FF NetworkProxy: "ssl_port", 8080
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\NeoAnderson\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Stealthy - C:\Users\NeoAnderson\AppData\Roaming\Mozilla\Firefox\Profiles\dg0s8sd6.default\Extensions\stealthyextension@gmail.com.xpi [2012-06-22]
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\NeoAnderson\AppData\Roaming\Mozilla\Firefox\Profiles\dg0s8sd6.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2012-11-22]
FF HKLM-x32\...\Firefox\Extensions: [fmdownloader@gmail.com] - C:\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\
FF Extension: Freemake Video Downloader Plugin - C:\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ []

Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-05-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-05-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1039440 2014-05-27] (Avira Operations GmbH & Co. KG)
S2 CLKMSVC10_9EC60124; c:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [240112 2011-02-11] (CyberLink)

==================== Drivers (Whitelisted) ====================

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [112080 2014-05-27] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-05-27] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-07] (Avira Operations GmbH & Co. KG)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-06-12] (Malwarebytes Corporation)
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl64.sys [22528 2011-05-10] (Apple Inc.) [File not signed]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD}; c:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl [146928 2010-01-22] (CyberLink Corp.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2099-04-01 18:22 - 2010-11-20 22:28 - 00000193 _____ () C:\Windows\X83_DS.ini
2099-02-24 15:15 - 2001-04-02 17:30 - 00000821 _____ () C:\Windows\Lexmark_ICM.ini
2099-02-16 17:09 - 2001-02-16 16:37 - 00000062 _____ () C:\Windows\SysWOW64\LXASUSCI.INI
2014-06-12 17:08 - 2014-06-12 17:08 - 00015496 _____ () C:\Users\NeoAnderson\Desktop\FRST.txt
2014-06-12 17:07 - 2014-06-12 17:07 - 00000000 ____D () C:\Users\NeoAnderson\Desktop\FRST-OlderVersion
2014-06-12 17:00 - 2014-06-12 17:00 - 00001463 _____ () C:\Users\NeoAnderson\Desktop\JRT.txt
2014-06-12 16:51 - 2014-06-12 16:51 - 00000000 ____D () C:\Windows\ERUNT
2014-06-12 16:46 - 2014-06-12 16:46 - 00008410 _____ () C:\Users\NeoAnderson\Desktop\AdwCleaner[S0].txt
2014-06-12 16:38 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-06-12 16:37 - 2014-06-12 16:42 - 00000000 ____D () C:\AdwCleaner
2014-06-12 16:33 - 2014-06-12 16:33 - 00006211 _____ () C:\Users\NeoAnderson\Desktop\Malwarebytes.txt
2014-06-12 16:18 - 2014-06-12 16:18 - 01016261 _____ (Thisisu) C:\Users\NeoAnderson\Desktop\JRT.exe
2014-06-12 16:16 - 2014-06-12 16:16 - 01333465 _____ () C:\Users\NeoAnderson\Desktop\adwcleaner_3.212.exe
2014-06-10 22:49 - 2014-06-10 22:49 - 00022282 _____ () C:\ComboFix.txt
2014-06-10 22:49 - 2014-06-10 22:49 - 00000000 ____D () C:\Users\Public\AppData\Local\temp
2014-06-10 22:49 - 2014-06-10 22:49 - 00000000 ____D () C:\Users\Gäste Konto\AppData\Local\temp
2014-06-10 22:49 - 2014-06-10 22:49 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-06-10 22:49 - 2014-06-10 22:49 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-06-10 22:23 - 2014-06-10 22:49 - 00000000 ____D () C:\Qoobox
2014-06-10 22:23 - 2014-06-10 22:45 - 00000000 ____D () C:\Windows\erdnt
2014-06-10 22:23 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-06-10 22:23 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-06-10 22:23 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-06-10 22:23 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-06-10 22:23 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-06-10 22:23 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-06-10 22:23 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-06-10 22:23 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-06-10 22:19 - 2014-06-10 22:20 - 05205915 ____R (Swearware) C:\Users\NeoAnderson\Desktop\ComboFix.exe
2014-06-10 22:17 - 2014-06-10 22:17 - 00003108 _____ () C:\Windows\System32\Tasks\PandaUSBVaccine
2014-06-10 22:17 - 2014-06-10 22:17 - 00000000 ____D () C:\ProgramData\Panda Security
2014-06-10 22:17 - 2014-06-10 22:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
2014-06-10 22:17 - 2014-06-10 22:17 - 00000000 ____D () C:\Program Files (x86)\Panda USB Vaccine
2014-06-10 22:15 - 2014-06-10 22:15 - 00848856 _____ (Panda Security ) C:\Users\NeoAnderson\Downloads\USBVaccineSetup.exe
2014-06-10 21:22 - 2014-06-10 21:22 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\NeoAnderson\Downloads\revosetup95.exe
2014-06-10 21:22 - 2014-06-10 21:22 - 00001272 _____ () C:\Users\NeoAnderson\Desktop\Revo Uninstaller.lnk
2014-06-10 21:22 - 2014-06-10 21:22 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-06-09 21:29 - 2014-06-09 21:33 - 00038411 _____ () C:\Users\NeoAnderson\Downloads\Addition.txt
2014-06-09 21:28 - 2014-06-12 17:08 - 00000000 ____D () C:\FRST
2014-06-09 21:28 - 2014-06-09 21:33 - 00037407 _____ () C:\Users\NeoAnderson\Downloads\FRST.txt
2014-06-09 21:27 - 2014-06-12 17:07 - 02081792 _____ (Farbar) C:\Users\NeoAnderson\Desktop\FRST64.exe
2014-06-03 19:54 - 2014-06-12 16:14 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-03 19:54 - 2014-06-03 19:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-03 19:54 - 2014-06-03 19:54 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-03 19:54 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-03 19:54 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-03 19:54 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-30 15:21 - 2014-06-03 23:37 - 00000000 ____D () C:\temp
2014-05-30 14:47 - 2014-05-30 14:47 - 00000000 ____D () C:\Users\Gäste Konto\AppData\Roaming\rightbackup
2014-05-30 14:44 - 2014-05-30 14:44 - 05071792 _____ (Systweak Inc ) C:\Users\Gäste Konto\Downloads\rcp_dcomnew_sec_300.exe
2014-05-27 16:50 - 2014-05-27 16:50 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-27 16:49 - 2014-05-27 16:50 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\NeoAnderson\Downloads\mbam-setup-2.0.2.1012.exe
2014-05-15 17:51 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-15 17:51 - 2014-05-06 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-15 17:51 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-15 17:51 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-15 17:51 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-15 17:51 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-15 17:36 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-15 17:36 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-15 17:35 - 2014-05-09 08:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-15 17:35 - 2014-05-09 08:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-15 17:29 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-15 17:29 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-15 17:29 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-15 17:29 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-15 17:29 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-15 17:29 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-15 17:29 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-15 17:29 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-15 17:29 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-15 17:29 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-15 17:29 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-15 17:29 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-15 17:29 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-15 17:29 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-15 17:29 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-15 17:29 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-15 17:29 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-15 17:29 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-15 17:29 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-15 17:29 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-15 17:29 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-15 17:29 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-15 17:29 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-15 17:29 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-15 17:29 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-15 17:29 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-15 17:29 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-15 17:29 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-15 17:29 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-15 17:29 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-15 17:29 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-15 17:29 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-15 17:29 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-15 17:29 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-15 17:29 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-15 17:29 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-15 17:29 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-15 17:29 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-15 17:29 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-15 17:29 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-15 17:29 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-15 02:02 - 2014-05-15 02:02 - 00000000 __SHD () C:\Users\Gäste Konto\AppData\Local\EmieUserList
2014-05-15 02:02 - 2014-05-15 02:02 - 00000000 __SHD () C:\Users\Gäste Konto\AppData\Local\EmieSiteList

==================== One Month Modified Files and Folders =======

2014-06-12 17:09 - 2014-06-12 17:08 - 00015496 _____ () C:\Users\NeoAnderson\Desktop\FRST.txt
2014-06-12 17:09 - 2010-10-09 18:33 - 00000000 ____D () C:\Users\NeoAnderson\AppData\Local\Temp
2014-06-12 17:08 - 2014-06-09 21:28 - 00000000 ____D () C:\FRST
2014-06-12 17:07 - 2014-06-12 17:07 - 00000000 ____D () C:\Users\NeoAnderson\Desktop\FRST-OlderVersion
2014-06-12 17:07 - 2014-06-09 21:27 - 02081792 _____ (Farbar) C:\Users\NeoAnderson\Desktop\FRST64.exe
2014-06-12 17:05 - 2011-11-12 20:08 - 00000336 _____ () C:\Windows\Tasks\HP Photo Creations Communicator.job
2014-06-12 17:00 - 2014-06-12 17:00 - 00001463 _____ () C:\Users\NeoAnderson\Desktop\JRT.txt
2014-06-12 16:53 - 2009-07-14 06:45 - 00017376 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-12 16:53 - 2009-07-14 06:45 - 00017376 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-12 16:51 - 2014-06-12 16:51 - 00000000 ____D () C:\Windows\ERUNT
2014-06-12 16:46 - 2014-06-12 16:46 - 00008410 _____ () C:\Users\NeoAnderson\Desktop\AdwCleaner[S0].txt
2014-06-12 16:45 - 2010-11-20 20:57 - 00000020 _____ () C:\Windows\ACMonitor_X83.ini
2014-06-12 16:44 - 2010-03-25 06:39 - 00264020 _____ () C:\Windows\PFRO.log
2014-06-12 16:44 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-12 16:44 - 2009-07-14 06:51 - 00159876 _____ () C:\Windows\setupact.log
2014-06-12 16:43 - 2010-05-31 12:56 - 01914291 _____ () C:\Windows\WindowsUpdate.log
2014-06-12 16:42 - 2014-06-12 16:37 - 00000000 ____D () C:\AdwCleaner
2014-06-12 16:33 - 2014-06-12 16:33 - 00006211 _____ () C:\Users\NeoAnderson\Desktop\Malwarebytes.txt
2014-06-12 16:18 - 2014-06-12 16:18 - 01016261 _____ (Thisisu) C:\Users\NeoAnderson\Desktop\JRT.exe
2014-06-12 16:16 - 2014-06-12 16:16 - 01333465 _____ () C:\Users\NeoAnderson\Desktop\adwcleaner_3.212.exe
2014-06-12 16:16 - 2012-04-03 18:52 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-12 16:14 - 2014-06-03 19:54 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-12 15:54 - 2013-03-14 01:49 - 00000952 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2651761445-4232749871-4208900344-1000UA.job
2014-06-11 18:42 - 2013-03-14 01:49 - 00000930 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2651761445-4232749871-4208900344-1000Core.job
2014-06-10 22:49 - 2014-06-10 22:49 - 00022282 _____ () C:\ComboFix.txt
2014-06-10 22:49 - 2014-06-10 22:49 - 00000000 ____D () C:\Users\Public\AppData\Local\temp
2014-06-10 22:49 - 2014-06-10 22:49 - 00000000 ____D () C:\Users\Gäste Konto\AppData\Local\temp
2014-06-10 22:49 - 2014-06-10 22:49 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-06-10 22:49 - 2014-06-10 22:49 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-06-10 22:49 - 2014-06-10 22:23 - 00000000 ____D () C:\Qoobox
2014-06-10 22:49 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-06-10 22:45 - 2014-06-10 22:23 - 00000000 ____D () C:\Windows\erdnt
2014-06-10 22:44 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-06-10 22:20 - 2014-06-10 22:19 - 05205915 ____R (Swearware) C:\Users\NeoAnderson\Desktop\ComboFix.exe
2014-06-10 22:17 - 2014-06-10 22:17 - 00003108 _____ () C:\Windows\System32\Tasks\PandaUSBVaccine
2014-06-10 22:17 - 2014-06-10 22:17 - 00000000 ____D () C:\ProgramData\Panda Security
2014-06-10 22:17 - 2014-06-10 22:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
2014-06-10 22:17 - 2014-06-10 22:17 - 00000000 ____D () C:\Program Files (x86)\Panda USB Vaccine
2014-06-10 22:15 - 2014-06-10 22:15 - 00848856 _____ (Panda Security ) C:\Users\NeoAnderson\Downloads\USBVaccineSetup.exe
2014-06-10 21:22 - 2014-06-10 21:22 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\NeoAnderson\Downloads\revosetup95.exe
2014-06-10 21:22 - 2014-06-10 21:22 - 00001272 _____ () C:\Users\NeoAnderson\Desktop\Revo Uninstaller.lnk
2014-06-10 21:22 - 2014-06-10 21:22 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-06-10 02:18 - 2009-07-14 07:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-06-09 21:33 - 2014-06-09 21:29 - 00038411 _____ () C:\Users\NeoAnderson\Downloads\Addition.txt
2014-06-09 21:33 - 2014-06-09 21:28 - 00037407 _____ () C:\Users\NeoAnderson\Downloads\FRST.txt
2014-06-04 19:56 - 2011-04-17 19:00 - 00000000 ____D () C:\Users\NeoAnderson\Desktop\Eigene Dateien
2014-06-03 23:41 - 2010-03-25 06:29 - 00000000 ____D () C:\Windows\oem
2014-06-03 23:37 - 2014-05-30 15:21 - 00000000 ____D () C:\temp
2014-06-03 19:54 - 2014-06-03 19:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-03 19:54 - 2014-06-03 19:54 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-31 17:12 - 2012-11-18 23:43 - 00000000 ____D () C:\Users\Gäste Konto\AppData\Local\Facebook
2014-05-30 15:29 - 2012-10-27 00:34 - 00000000 ____D () C:\Program Files (x86)\PokerStars.EU
2014-05-30 14:47 - 2014-05-30 14:47 - 00000000 ____D () C:\Users\Gäste Konto\AppData\Roaming\rightbackup
2014-05-30 14:44 - 2014-05-30 14:44 - 05071792 _____ (Systweak Inc ) C:\Users\Gäste Konto\Downloads\rcp_dcomnew_sec_300.exe
2014-05-27 17:45 - 2010-05-31 22:42 - 00699682 _____ () C:\Windows\system32\perfh007.dat
2014-05-27 17:45 - 2010-05-31 22:42 - 00149790 _____ () C:\Windows\system32\perfc007.dat
2014-05-27 17:45 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-27 16:50 - 2014-05-27 16:50 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-27 16:50 - 2014-05-27 16:49 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\NeoAnderson\Downloads\mbam-setup-2.0.2.1012.exe
2014-05-27 14:14 - 2013-03-28 02:08 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-05-27 14:14 - 2013-03-28 02:08 - 00112080 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-05-26 17:59 - 2012-10-27 00:34 - 00000000 ____D () C:\Users\NeoAnderson\AppData\Local\PokerStars.EU
2014-05-26 17:53 - 2012-02-18 22:28 - 00000000 ____D () C:\Users\NeoAnderson\AppData\Roaming\vlc
2014-05-26 16:48 - 2011-09-01 23:11 - 00000000 ____D () C:\Users\NeoAnderson\AppData\Local\Apple Computer
2014-05-26 15:05 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-05-23 16:24 - 2010-10-09 18:33 - 00113512 _____ () C:\Users\NeoAnderson\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-22 15:41 - 2011-09-04 17:16 - 00113512 _____ () C:\Users\Gäste Konto\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-22 15:40 - 2009-07-14 06:45 - 00447248 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-05-21 19:27 - 2010-03-25 06:31 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-21 19:26 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\System
2014-05-21 19:26 - 2009-07-14 04:34 - 00000478 _____ () C:\Windows\win.ini
2014-05-21 19:17 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-05-18 20:22 - 2013-02-18 16:47 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-05-18 20:11 - 2011-09-04 17:16 - 00000000 ___RD () C:\Users\Gäste Konto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-18 20:11 - 2011-09-04 17:16 - 00000000 ___RD () C:\Users\Gäste Konto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-17 18:33 - 2010-10-09 18:33 - 00000000 ___RD () C:\Users\NeoAnderson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-17 18:33 - 2010-10-09 18:33 - 00000000 ___RD () C:\Users\NeoAnderson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-17 18:20 - 2014-05-08 03:01 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-17 18:18 - 2013-02-27 19:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-05-16 01:16 - 2012-04-03 18:52 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-16 01:16 - 2012-04-03 18:52 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-16 01:16 - 2011-08-17 11:44 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-15 18:58 - 2012-05-05 18:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-15 17:46 - 2013-08-15 03:06 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-15 17:43 - 2011-10-19 22:21 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-15 02:02 - 2014-05-15 02:02 - 00000000 __SHD () C:\Users\Gäste Konto\AppData\Local\EmieUserList
2014-05-15 02:02 - 2014-05-15 02:02 - 00000000 __SHD () C:\Users\Gäste Konto\AppData\Local\EmieSiteList
2014-05-13 15:36 - 2011-09-20 20:51 - 00000000 ____D () C:\Program Files (x86)\ElsterFormular
2014-05-13 15:32 - 2010-10-09 18:33 - 00000000 ____D () C:\Users\NeoAnderson

Some content of TEMP:
====================
C:\Users\NeoAnderson\AppData\Local\Temp\avgnt.exe
C:\Users\NeoAnderson\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-09 18:10

==================== End Of Log ============================
--- --- ---

Die Sticks währenddessen angeklemmt lassen oder?
Malewarebytes hatte ich mir schon davor runter geladen...bevor ich mich an euch gewendet hab ;) Somit hab ich davor schon mal ungewünschte maleware in die Quarantäne geschoben und danach gelöscht. Nur zur info :)

schrauber 13.06.2014 12:11

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

NeoAnderson 13.06.2014 15:46
Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7587
# api_version=3.0.2
# EOSSerial=951b29c9e60452468583019bb6c614f8
# engine=18702
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-06-13 12:17:30
# local_time=2014-06-13 02:17:30 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 100 1450 147214028 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 256478 154291700 0 0
# scanned=552
# found=7
# cleaned=0
# scan_time=81
sh=8992F72873D09212597E582A16F8D9BC60E6A22A ft=1 fh=e21391a34e842ffc vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\DVDVideoSoft\TB\ConduitInstaller.exe.vir"
sh=664270A860DDB3D6F23F617D0615070330A71A30 ft=1 fh=192f7aaecaa32147 vn="Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert.dll.vir"
sh=664270A860DDB3D6F23F617D0615070330A71A30 ft=1 fh=192f7aaecaa32147 vn="Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert0.dll.vir"
sh=57CD8DEAF43DF3A2F4703E5219A69935B119D0DB ft=1 fh=311781f1ea21501f vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\NeoAnderson\AppData\LocalLow\ConduitEngine\ConduitEngine.dll.vir"
sh=A1280B1F085B8284DC157EC359BD1ADA091CFE7E ft=1 fh=d8aa3384d1249a40 vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\NeoAnderson\AppData\LocalLow\DVDVideoSoftTB\ldrtbDVD0.dll.vir"
sh=57CD8DEAF43DF3A2F4703E5219A69935B119D0DB ft=1 fh=311781f1ea21501f vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\NeoAnderson\AppData\LocalLow\DVDVideoSoftTB\tbDVDV.dll.vir"
sh=2E1B7C43065B37D868D13C78AFC08B6955BE63AD ft=1 fh=d8370df7613a73e4 vn="Variante von Win32/PriceGong.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\NeoAnderson\AppData\LocalLow\DVDVideoSoftTB\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.5.0\bin\PriceGongIE.dll.vir"
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7587
# api_version=3.0.2
# EOSSerial=951b29c9e60452468583019bb6c614f8
# engine=18702
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-06-13 02:09:15
# local_time=2014-06-13 04:09:15 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 100 8155 147220733 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 6728 154298405 0 0
# scanned=223028
# found=19
# cleaned=0
# scan_time=6564
sh=8992F72873D09212597E582A16F8D9BC60E6A22A ft=1 fh=e21391a34e842ffc vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\DVDVideoSoft\TB\ConduitInstaller.exe.vir"
sh=664270A860DDB3D6F23F617D0615070330A71A30 ft=1 fh=192f7aaecaa32147 vn="Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert.dll.vir"
sh=664270A860DDB3D6F23F617D0615070330A71A30 ft=1 fh=192f7aaecaa32147 vn="Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert0.dll.vir"
sh=57CD8DEAF43DF3A2F4703E5219A69935B119D0DB ft=1 fh=311781f1ea21501f vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\NeoAnderson\AppData\LocalLow\ConduitEngine\ConduitEngine.dll.vir"
sh=A1280B1F085B8284DC157EC359BD1ADA091CFE7E ft=1 fh=d8aa3384d1249a40 vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\NeoAnderson\AppData\LocalLow\DVDVideoSoftTB\ldrtbDVD0.dll.vir"
sh=57CD8DEAF43DF3A2F4703E5219A69935B119D0DB ft=1 fh=311781f1ea21501f vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\NeoAnderson\AppData\LocalLow\DVDVideoSoftTB\tbDVDV.dll.vir"
sh=2E1B7C43065B37D868D13C78AFC08B6955BE63AD ft=1 fh=d8370df7613a73e4 vn="Variante von Win32/PriceGong.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\NeoAnderson\AppData\LocalLow\DVDVideoSoftTB\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.5.0\bin\PriceGongIE.dll.vir"
sh=71435DDB11E00D0243380C4902324853FE4ECE8F ft=1 fh=12b0cd2dde452d65 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Program Files (x86)\Avira\AntiVir Desktop\apnic.dll"
sh=1A3F14C0A66F9AF050D1F34FBACBAADC31751A07 ft=1 fh=2704a03a0f47b728 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Program Files (x86)\Avira\AntiVir Desktop\apntoolbarinstaller.exe"
sh=4B553651EF610C0614F8393D6C25ABA0A8F09ECA ft=1 fh=92ef1bb072edf568 vn="Variante von Win32/Bundled.Toolbar.Ask.D potenziell unsichere Anwendung" ac=I fn="C:\Program Files (x86)\Avira\AntiVir Desktop\Offercast_AVIRAV7_.exe"
sh=6F3A3B433459E6773C9FBE8CFB154DB6534EFA86 ft=1 fh=60bff0ff01dbe663 vn="Variante von Win32/InstallCore.A evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\VideoConverter\VideoConverter.exe"
sh=D8803441D6E7E4B9E9D45F3D18704C7146D0F7D0 ft=1 fh=1ad7eb70998b70d6 vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="C:\Users\NeoAnderson\Downloads\FreeAudioCDToMP3Converter.exe"
sh=596D78A7F03D1DAEE86BCCE8DD7713AA60E8F9E4 ft=1 fh=8eaf1d336ac02ccc vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Users\NeoAnderson\Downloads\FreeYouTubetoMP3Converter(1).exe"
sh=AA190194CD322F27B81B57B66F0E48B16DDF09FC ft=1 fh=7a1e2a1eaadddca3 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Users\NeoAnderson\Downloads\FreeYouTubeToMP3Converter(2).exe"
sh=BEB2872C5EE9890C656B293C5EFBAD0220B4E538 ft=1 fh=3852d8d68dbe73c3 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Users\NeoAnderson\Downloads\FreeYouTubeToMP3Converter.exe"
sh=E32AA2E78D2C8F0E9316080E71A714BEFE851E6C ft=1 fh=374915f71a49693e vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\ApnIC[1].0"
sh=40E49124AD0B55A25F947333CA88E9D0BC30A7E3 ft=1 fh=e26ad988592b2af9 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\ApnIC[2].0"
sh=E32AA2E78D2C8F0E9316080E71A714BEFE851E6C ft=1 fh=374915f71a49693e vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\ApnIC[1].0"
sh=40E49124AD0B55A25F947333CA88E9D0BC30A7E3 ft=1 fh=e26ad988592b2af9 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\ApnIC[2].0"
Security Check hat nicht funktioniert. Hab folgende Fehlermeldung erhalten:
UNSUPPORTED OPERATING SYSTEM! ABORTED!

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-06-2014 01
Ran by NeoAnderson (administrator) on NEOANDERSON-PC on 13-06-2014 16:36:00
Running from C:\Users\NeoAnderson\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Panda Security) C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Windows\PLFSetI.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
() C:\Program Files (x86)\LexmarkX83\AcBtnMgr_X83.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [323584 2009-09-23] (Alcor Micro Corp.)
HKLM\...\Run: [mwlDaemon] => C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9643552 2009-12-11] (Realtek Semiconductor)
HKLM\...\Run: [PLFSetI] => C:\Windows\PLFSetI.exe [206208 2010-01-13] ()
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [325120 2009-10-22] (Alps Electric Co., Ltd.)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [860192 2010-02-05] (Acer Incorporated)
HKLM\...\Run: [MRT] => C:\Windows\system32\MRT.exe [95414520 2014-06-13] (Microsoft Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2009-12-24] (Intel Corporation)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] => C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe [588648 2009-07-25] (Symantec Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-01-22] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Lexmark X83 Button Monitor] => C:\Program Files (x86)\LexmarkX83\ACMonitor_X83.exe [40960 2001-10-12] (Jetsoft Development Company)
HKLM-x32\...\Run: [Lexmark X83 Button Manager] => C:\Program Files (x86)\LexmarkX83\AcBtnMgr_X83.exe [53248 2001-06-10] ()
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-03-12] (Hewlett-Packard)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-06] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [737872 2014-05-27] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKU\S-1-5-21-2651761445-4232749871-4208900344-1000\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_13_0_0_214_Plugin.exe [847536 2014-05-16] (Adobe Systems Incorporated)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKLM-x32 - {F5F8E4F7-23A1-4430-99E6-9C6CDD2A8E67} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKCU - {1E6927AA-AC2D-4B51-9EF3-2B50538423EB} URL = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {C7E8BFF5-1185-4C90-BA78-674FBFF66493} URL = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie
SearchScopes: HKCU - {CA4FE4C1-426C-4B1C-B33D-07E84A0CCDEA} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=244506&p={searchTerms}
SearchScopes: HKCU - {E1A3DDAF-BCEC-474A-8717-B13FBCEF83DF} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {E1C6CAEC-781F-4593-B449-BDC9173291B4} URL = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {F5F8E4F7-23A1-4430-99E6-9C6CDD2A8E67} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE400DE401
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\NeoAnderson\AppData\Roaming\Mozilla\Firefox\Profiles\dg0s8sd6.default
FF Homepage: https://www.google.de/
FF NetworkProxy: "ftp", "195.103.219.106"
FF NetworkProxy: "ftp_port", 8080
FF NetworkProxy: "http", "195.103.219.106"
FF NetworkProxy: "http_port", 8080
FF NetworkProxy: "no_proxies_on", "*.local, stealthy.co"
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "195.103.219.106"
FF NetworkProxy: "socks_port", 8080
FF NetworkProxy: "ssl", "195.103.219.106"
FF NetworkProxy: "ssl_port", 8080
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\NeoAnderson\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Stealthy - C:\Users\NeoAnderson\AppData\Roaming\Mozilla\Firefox\Profiles\dg0s8sd6.default\Extensions\stealthyextension@gmail.com.xpi [2012-06-22]
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\NeoAnderson\AppData\Roaming\Mozilla\Firefox\Profiles\dg0s8sd6.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2012-11-22]
FF HKLM-x32\...\Firefox\Extensions: [fmdownloader@gmail.com] - C:\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\
FF Extension: Freemake Video Downloader Plugin - C:\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ []

Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-05-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-05-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1039440 2014-05-27] (Avira Operations GmbH & Co. KG)
S2 CLKMSVC10_9EC60124; c:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [240112 2011-02-11] (CyberLink)

==================== Drivers (Whitelisted) ====================

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [112080 2014-05-27] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-05-27] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-07] (Avira Operations GmbH & Co. KG)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-06-12] (Malwarebytes Corporation)
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl64.sys [22528 2011-05-10] (Apple Inc.) [File not signed]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD}; c:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl [146928 2010-01-22] (CyberLink Corp.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2099-04-01 18:22 - 2010-11-20 22:28 - 00000193 _____ () C:\Windows\X83_DS.ini
2099-02-24 15:15 - 2001-04-02 17:30 - 00000821 _____ () C:\Windows\Lexmark_ICM.ini
2099-02-16 17:09 - 2001-02-16 16:37 - 00000062 _____ () C:\Windows\SysWOW64\LXASUSCI.INI
2014-06-13 16:23 - 2014-06-13 16:23 - 00854367 _____ () C:\Users\NeoAnderson\Downloads\SecurityCheck.exe
2014-06-13 14:06 - 2014-06-13 14:06 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-06-13 13:58 - 2014-06-13 13:59 - 02347384 _____ (ESET) C:\Users\NeoAnderson\Desktop\esetsmartinstaller_deu.exe
2014-06-12 17:11 - 2014-06-12 17:11 - 00036922 _____ () C:\Users\NeoAnderson\Desktop\FRST1.txt
2014-06-12 17:08 - 2014-06-13 16:36 - 00015375 _____ () C:\Users\NeoAnderson\Desktop\FRST.txt
2014-06-12 17:07 - 2014-06-12 17:07 - 00000000 ____D () C:\Users\NeoAnderson\Desktop\FRST-OlderVersion
2014-06-12 17:00 - 2014-06-12 17:00 - 00001463 _____ () C:\Users\NeoAnderson\Desktop\JRT.txt
2014-06-12 16:51 - 2014-06-12 16:51 - 00000000 ____D () C:\Windows\ERUNT
2014-06-12 16:46 - 2014-06-12 16:46 - 00008410 _____ () C:\Users\NeoAnderson\Desktop\AdwCleaner[S0].txt
2014-06-12 16:38 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-06-12 16:37 - 2014-06-12 16:42 - 00000000 ____D () C:\AdwCleaner
2014-06-12 16:33 - 2014-06-12 16:33 - 00006211 _____ () C:\Users\NeoAnderson\Desktop\Malwarebytes.txt
2014-06-12 16:18 - 2014-06-12 16:18 - 01016261 _____ (Thisisu) C:\Users\NeoAnderson\Desktop\JRT.exe
2014-06-12 16:16 - 2014-06-12 16:16 - 01333465 _____ () C:\Users\NeoAnderson\Desktop\adwcleaner_3.212.exe
2014-06-10 22:49 - 2014-06-10 22:49 - 00022282 _____ () C:\ComboFix.txt
2014-06-10 22:49 - 2014-06-10 22:49 - 00000000 ____D () C:\Users\Public\AppData\Local\temp
2014-06-10 22:49 - 2014-06-10 22:49 - 00000000 ____D () C:\Users\Gäste Konto\AppData\Local\temp
2014-06-10 22:49 - 2014-06-10 22:49 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-06-10 22:49 - 2014-06-10 22:49 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-06-10 22:23 - 2014-06-10 22:49 - 00000000 ____D () C:\Qoobox
2014-06-10 22:23 - 2014-06-10 22:45 - 00000000 ____D () C:\Windows\erdnt
2014-06-10 22:23 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-06-10 22:23 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-06-10 22:23 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-06-10 22:23 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-06-10 22:23 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-06-10 22:23 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-06-10 22:23 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-06-10 22:23 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-06-10 22:19 - 2014-06-10 22:20 - 05205915 ____R (Swearware) C:\Users\NeoAnderson\Desktop\ComboFix.exe
2014-06-10 22:17 - 2014-06-10 22:17 - 00003108 _____ () C:\Windows\System32\Tasks\PandaUSBVaccine
2014-06-10 22:17 - 2014-06-10 22:17 - 00000000 ____D () C:\ProgramData\Panda Security
2014-06-10 22:17 - 2014-06-10 22:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
2014-06-10 22:17 - 2014-06-10 22:17 - 00000000 ____D () C:\Program Files (x86)\Panda USB Vaccine
2014-06-10 22:15 - 2014-06-10 22:15 - 00848856 _____ (Panda Security ) C:\Users\NeoAnderson\Downloads\USBVaccineSetup.exe
2014-06-10 21:22 - 2014-06-10 21:22 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\NeoAnderson\Downloads\revosetup95.exe
2014-06-10 21:22 - 2014-06-10 21:22 - 00001272 _____ () C:\Users\NeoAnderson\Desktop\Revo Uninstaller.lnk
2014-06-10 21:22 - 2014-06-10 21:22 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-06-09 21:29 - 2014-06-09 21:33 - 00038411 _____ () C:\Users\NeoAnderson\Downloads\Addition.txt
2014-06-09 21:28 - 2014-06-13 16:36 - 00000000 ____D () C:\FRST
2014-06-09 21:28 - 2014-06-09 21:33 - 00037407 _____ () C:\Users\NeoAnderson\Downloads\FRST.txt
2014-06-09 21:27 - 2014-06-12 17:07 - 02081792 _____ (Farbar) C:\Users\NeoAnderson\Desktop\FRST64.exe
2014-06-03 19:54 - 2014-06-12 16:14 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-03 19:54 - 2014-06-03 19:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-03 19:54 - 2014-06-03 19:54 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-03 19:54 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-03 19:54 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-03 19:54 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-30 15:21 - 2014-06-03 23:37 - 00000000 ____D () C:\temp
2014-05-30 14:47 - 2014-05-30 14:47 - 00000000 ____D () C:\Users\Gäste Konto\AppData\Roaming\rightbackup
2014-05-30 14:44 - 2014-05-30 14:44 - 05071792 _____ (Systweak Inc ) C:\Users\Gäste Konto\Downloads\rcp_dcomnew_sec_300.exe
2014-05-27 16:50 - 2014-05-27 16:50 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-27 16:49 - 2014-05-27 16:50 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\NeoAnderson\Downloads\mbam-setup-2.0.2.1012.exe
2014-05-15 17:51 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-15 17:51 - 2014-05-06 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-15 17:51 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-15 17:51 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-15 17:51 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-15 17:51 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-15 17:36 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-15 17:36 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-15 17:35 - 2014-05-09 08:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-15 17:35 - 2014-05-09 08:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-15 17:29 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-15 17:29 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-15 17:29 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-15 17:29 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-15 17:29 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-15 17:29 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-15 17:29 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-15 17:29 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-15 17:29 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-15 17:29 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-15 17:29 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-15 17:29 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-15 17:29 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-15 17:29 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-15 17:29 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-15 17:29 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-15 17:29 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-15 17:29 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-15 17:29 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-15 17:29 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-15 17:29 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-15 17:29 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-15 17:29 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-15 17:29 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-15 17:29 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-15 17:29 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-15 17:29 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-15 17:29 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-15 17:29 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-15 17:29 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-15 17:29 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-15 17:29 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-15 17:29 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-15 17:29 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-15 17:29 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-15 17:29 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-15 17:29 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-15 17:29 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-15 17:29 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-15 17:29 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-15 17:29 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-15 02:02 - 2014-05-15 02:02 - 00000000 __SHD () C:\Users\Gäste Konto\AppData\Local\EmieUserList
2014-05-15 02:02 - 2014-05-15 02:02 - 00000000 __SHD () C:\Users\Gäste Konto\AppData\Local\EmieSiteList

==================== One Month Modified Files and Folders =======

2014-06-13 16:36 - 2014-06-12 17:08 - 00015375 _____ () C:\Users\NeoAnderson\Desktop\FRST.txt
2014-06-13 16:36 - 2014-06-09 21:28 - 00000000 ____D () C:\FRST
2014-06-13 16:36 - 2010-10-09 18:33 - 00000000 ____D () C:\Users\NeoAnderson\AppData\Local\Temp
2014-06-13 16:23 - 2014-06-13 16:23 - 00854367 _____ () C:\Users\NeoAnderson\Downloads\SecurityCheck.exe
2014-06-13 16:16 - 2012-04-03 18:52 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-13 16:05 - 2011-11-12 20:08 - 00000336 _____ () C:\Windows\Tasks\HP Photo Creations Communicator.job
2014-06-13 15:57 - 2013-03-14 01:49 - 00000952 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2651761445-4232749871-4208900344-1000UA.job
2014-06-13 15:38 - 2010-05-31 12:56 - 01087851 _____ () C:\Windows\WindowsUpdate.log
2014-06-13 14:16 - 2010-10-09 18:33 - 00000000 ___RD () C:\Users\NeoAnderson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-06-13 14:10 - 2013-08-15 03:06 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-13 14:10 - 2011-10-19 22:21 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-13 14:09 - 2013-02-27 19:51 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-06-13 14:09 - 2010-03-25 06:31 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-06-13 14:06 - 2014-06-13 14:06 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-06-13 13:59 - 2014-06-13 13:58 - 02347384 _____ (ESET) C:\Users\NeoAnderson\Desktop\esetsmartinstaller_deu.exe
2014-06-13 13:51 - 2013-03-14 01:49 - 00000930 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2651761445-4232749871-4208900344-1000Core.job
2014-06-12 17:11 - 2014-06-12 17:11 - 00036922 _____ () C:\Users\NeoAnderson\Desktop\FRST1.txt
2014-06-12 17:07 - 2014-06-12 17:07 - 00000000 ____D () C:\Users\NeoAnderson\Desktop\FRST-OlderVersion
2014-06-12 17:07 - 2014-06-09 21:27 - 02081792 _____ (Farbar) C:\Users\NeoAnderson\Desktop\FRST64.exe
2014-06-12 17:00 - 2014-06-12 17:00 - 00001463 _____ () C:\Users\NeoAnderson\Desktop\JRT.txt
2014-06-12 16:53 - 2009-07-14 06:45 - 00017376 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-12 16:53 - 2009-07-14 06:45 - 00017376 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-12 16:51 - 2014-06-12 16:51 - 00000000 ____D () C:\Windows\ERUNT
2014-06-12 16:46 - 2014-06-12 16:46 - 00008410 _____ () C:\Users\NeoAnderson\Desktop\AdwCleaner[S0].txt
2014-06-12 16:45 - 2010-11-20 20:57 - 00000020 _____ () C:\Windows\ACMonitor_X83.ini
2014-06-12 16:44 - 2010-03-25 06:39 - 00264020 _____ () C:\Windows\PFRO.log
2014-06-12 16:44 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-12 16:44 - 2009-07-14 06:51 - 00159876 _____ () C:\Windows\setupact.log
2014-06-12 16:42 - 2014-06-12 16:37 - 00000000 ____D () C:\AdwCleaner
2014-06-12 16:33 - 2014-06-12 16:33 - 00006211 _____ () C:\Users\NeoAnderson\Desktop\Malwarebytes.txt
2014-06-12 16:18 - 2014-06-12 16:18 - 01016261 _____ (Thisisu) C:\Users\NeoAnderson\Desktop\JRT.exe
2014-06-12 16:16 - 2014-06-12 16:16 - 01333465 _____ () C:\Users\NeoAnderson\Desktop\adwcleaner_3.212.exe
2014-06-12 16:14 - 2014-06-03 19:54 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-10 22:49 - 2014-06-10 22:49 - 00022282 _____ () C:\ComboFix.txt
2014-06-10 22:49 - 2014-06-10 22:49 - 00000000 ____D () C:\Users\Public\AppData\Local\temp
2014-06-10 22:49 - 2014-06-10 22:49 - 00000000 ____D () C:\Users\Gäste Konto\AppData\Local\temp
2014-06-10 22:49 - 2014-06-10 22:49 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-06-10 22:49 - 2014-06-10 22:49 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-06-10 22:49 - 2014-06-10 22:23 - 00000000 ____D () C:\Qoobox
2014-06-10 22:49 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-06-10 22:45 - 2014-06-10 22:23 - 00000000 ____D () C:\Windows\erdnt
2014-06-10 22:44 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-06-10 22:20 - 2014-06-10 22:19 - 05205915 ____R (Swearware) C:\Users\NeoAnderson\Desktop\ComboFix.exe
2014-06-10 22:17 - 2014-06-10 22:17 - 00003108 _____ () C:\Windows\System32\Tasks\PandaUSBVaccine
2014-06-10 22:17 - 2014-06-10 22:17 - 00000000 ____D () C:\ProgramData\Panda Security
2014-06-10 22:17 - 2014-06-10 22:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
2014-06-10 22:17 - 2014-06-10 22:17 - 00000000 ____D () C:\Program Files (x86)\Panda USB Vaccine
2014-06-10 22:15 - 2014-06-10 22:15 - 00848856 _____ (Panda Security ) C:\Users\NeoAnderson\Downloads\USBVaccineSetup.exe
2014-06-10 21:22 - 2014-06-10 21:22 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\NeoAnderson\Downloads\revosetup95.exe
2014-06-10 21:22 - 2014-06-10 21:22 - 00001272 _____ () C:\Users\NeoAnderson\Desktop\Revo Uninstaller.lnk
2014-06-10 21:22 - 2014-06-10 21:22 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-06-10 02:18 - 2009-07-14 07:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-06-09 21:33 - 2014-06-09 21:29 - 00038411 _____ () C:\Users\NeoAnderson\Downloads\Addition.txt
2014-06-09 21:33 - 2014-06-09 21:28 - 00037407 _____ () C:\Users\NeoAnderson\Downloads\FRST.txt
2014-06-04 19:56 - 2011-04-17 19:00 - 00000000 ____D () C:\Users\NeoAnderson\Desktop\Eigene Dateien
2014-06-03 23:41 - 2010-03-25 06:29 - 00000000 ____D () C:\Windows\oem
2014-06-03 23:37 - 2014-05-30 15:21 - 00000000 ____D () C:\temp
2014-06-03 19:54 - 2014-06-03 19:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-03 19:54 - 2014-06-03 19:54 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-31 17:12 - 2012-11-18 23:43 - 00000000 ____D () C:\Users\Gäste Konto\AppData\Local\Facebook
2014-05-30 15:29 - 2012-10-27 00:34 - 00000000 ____D () C:\Program Files (x86)\PokerStars.EU
2014-05-30 14:47 - 2014-05-30 14:47 - 00000000 ____D () C:\Users\Gäste Konto\AppData\Roaming\rightbackup
2014-05-30 14:44 - 2014-05-30 14:44 - 05071792 _____ (Systweak Inc ) C:\Users\Gäste Konto\Downloads\rcp_dcomnew_sec_300.exe
2014-05-27 17:45 - 2010-05-31 22:42 - 00699682 _____ () C:\Windows\system32\perfh007.dat
2014-05-27 17:45 - 2010-05-31 22:42 - 00149790 _____ () C:\Windows\system32\perfc007.dat
2014-05-27 17:45 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-27 16:50 - 2014-05-27 16:50 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-27 16:50 - 2014-05-27 16:49 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\NeoAnderson\Downloads\mbam-setup-2.0.2.1012.exe
2014-05-27 14:14 - 2013-03-28 02:08 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-05-27 14:14 - 2013-03-28 02:08 - 00112080 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-05-26 17:59 - 2012-10-27 00:34 - 00000000 ____D () C:\Users\NeoAnderson\AppData\Local\PokerStars.EU
2014-05-26 17:53 - 2012-02-18 22:28 - 00000000 ____D () C:\Users\NeoAnderson\AppData\Roaming\vlc
2014-05-26 16:48 - 2011-09-01 23:11 - 00000000 ____D () C:\Users\NeoAnderson\AppData\Local\Apple Computer
2014-05-26 15:05 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-05-23 16:24 - 2010-10-09 18:33 - 00113512 _____ () C:\Users\NeoAnderson\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-22 15:41 - 2011-09-04 17:16 - 00113512 _____ () C:\Users\Gäste Konto\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-22 15:40 - 2009-07-14 06:45 - 00447248 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-05-21 19:26 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\System
2014-05-21 19:26 - 2009-07-14 04:34 - 00000478 _____ () C:\Windows\win.ini
2014-05-21 19:17 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-05-18 20:22 - 2013-02-18 16:47 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-05-18 20:11 - 2011-09-04 17:16 - 00000000 ___RD () C:\Users\Gäste Konto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-18 20:11 - 2011-09-04 17:16 - 00000000 ___RD () C:\Users\Gäste Konto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-17 18:33 - 2010-10-09 18:33 - 00000000 ___RD () C:\Users\NeoAnderson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-17 18:20 - 2014-05-08 03:01 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-16 01:16 - 2012-04-03 18:52 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-16 01:16 - 2012-04-03 18:52 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-16 01:16 - 2011-08-17 11:44 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-15 18:58 - 2012-05-05 18:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-15 02:02 - 2014-05-15 02:02 - 00000000 __SHD () C:\Users\Gäste Konto\AppData\Local\EmieUserList
2014-05-15 02:02 - 2014-05-15 02:02 - 00000000 __SHD () C:\Users\Gäste Konto\AppData\Local\EmieSiteList

Some content of TEMP:
====================
C:\Users\NeoAnderson\AppData\Local\Temp\avgnt.exe
C:\Users\NeoAnderson\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-09 18:10

==================== End Of Log ============================
--- --- ---

Keine Probleme mehr mit den USB-Sticks. Vielen Dank für die schnelle Hilfe!!! :)
Was mach ich jetzt mit den installierten Programmen, wie zb. Panda USB Vaccine?! Welche kann ich löschen, und welche sind weiterhin nützlich? ;)

Und was mach ich jetzt mit meiner externen festplatte? Weiss ja nicht ob die auch befallen war bzw. ist! Mit welchem programm soll ich diese scannen?

schrauber 14.06.2014 15:12
Panda behalten, Externe mit MBAM scannen.


Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop.
Schließe nun alle offenen Programme und trenne Dich von dem Internet.
Doppelklick auf die TFC.exe und drücke auf Start.
Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen.



Fertig :)

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun :)

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

NeoAnderson 14.06.2014 17:25
Habe Externe mit MBAM gescannt und nix gefunden. Dateien werden auch ordnungsgemäß angezeigt :daumenhoc
Revo Uninstaller und Eset Online Scanner sind übrig geblieben. Denke beides löschen oder ;)

Ansonsten vielen herzlichen dank für die schnelle, kompetente und leicht verständliche Hilfe :)
Den Thread kannst du löschen, habe ansonsten keine Fragen mehr :dankeschoen:

schrauber 15.06.2014 06:21
Ja kanste löschen.


Gern Geschehen :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 18:38 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19