Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: ad.adserverplus.. erscheint ständig ;Windows7 ; avira meldet nichts

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 11.09.2013, 20:28   #1
ks18
 
ad.adserverplus.. erscheint ständig ;Windows7 ; avira meldet nichts - Frage

ad.adserverplus.. erscheint ständig ;Windows7 ; avira meldet nichts



beim öffnen von Internetseiten erscheint ad.adserverplus... in der steht das im system eine spyware entdeckt wurde. Avira zeigt mir aber keinen Virus oder gefahren an . Die Konfiguration habe ich richtig eingestellt.
Mein Laptop hängt sich manchmal auch auf, sodass ich nicht mal den taskmanager öffnen kann.
Betriebssystem: Windows 7

Ich bitte um schnelle Hilfe, da ich ihn zum arbeiten brauche



Alt 12.09.2013, 05:17   #2
schrauber
/// the machine
/// TB-Ausbilder
 

ad.adserverplus.. erscheint ständig ;Windows7 ; avira meldet nichts - Standard

ad.adserverplus.. erscheint ständig ;Windows7 ; avira meldet nichts



hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 14.09.2013, 23:48   #3
ks18
 
ad.adserverplus.. erscheint ständig ;Windows7 ; avira meldet nichts - Standard

ad.adserverplus.. erscheint ständig ;Windows7 ; avira meldet nichts



[CODE
FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-09-2013 04
Ran by Kathy (administrator) on KATHY-PC on 15-09-2013 00:09:48
Running from C:\Users\Kathy\Documents\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Adobe Systems Incorporated) c:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Bandoo Media Inc.) C:\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrCoordinator.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe
(Bandoo Media Inc.) C:\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrUI.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Acer Incorporated) C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe
(Intel Corporation) C:\Windows\system32\igfxext.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.EXE
(Prolific Technology Inc.) C:\Windows\SysWOW64\IoctlSvc.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(SweetIM Technologies Ltd.) C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Acer) C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
(APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerEvent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
(Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\SeaPort.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1815848 2009-06-04] (Synaptics Incorporated)
HKLM\...\Run: [Acer ePower Management] - C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe [828960 2009-08-06] (Acer Incorporated)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7833120 2009-05-22] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] - C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-05-22] (Realtek Semiconductor Corp.)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [Global Registration] - C:\Program Files (x86)\Packard Bell\Registration\GREG.exe [2844704 2009-07-31] (Acer Incorporated)
HKCU\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] - C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [152872 2008-01-22] (Nero AG)
HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-01-28] (Google Inc.)
HKCU\...\Run: [Steam] - C:\Program Files (x86)\Valve\Steam\Steam.exe [1597864 2013-02-19] (Valve Corporation)
HKCU\...\Run: [SSync] - C:\Users\Kathy\AppData\Roaming\SSync\SSync.exe [36864 2013-04-10] ()
HKCU\...\Run: [DataMgr] - C:\Users\Kathy\AppData\Roaming\DataMgr\DataMgr.exe [168824 2013-07-21] (HTTO Group, Ltd.)
HKCU\...\Run: [SCheck] - C:\Users\Kathy\AppData\Roaming\SCheck\SCheck.exe [36864 2013-04-10] ()
HKCU\...\Run: [Snoozer] - C:\Users\Kathy\AppData\Roaming\Snz\Snz.exe [1137764 2013-08-28] ()
HKCU\...\Run: [Intermediate] - C:\Users\Kathy\AppData\Roaming\Intermediate\Intermediate.exe [36864 2013-04-10] ()
HKCU\...\Run: [OMESupervisor] - C:\Users\Kathy\AppData\Local\omesuperv.exe [2218359 2013-08-28] ()
HKCU\...\Policies\system: [LogonHoursAction] 2
HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
MountPoints2: {1d9ce0cd-6a91-11e1-b34c-00269e6ce75b} - E:\Startme.exe
MountPoints2: {83d8c54a-fe03-11de-857e-00269e6ce75b} - E:\pushinst.exe
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-28] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [825864 2009-08-31] (Dritek System Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [248040 2010-02-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [SweetIM] - C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe [111928 2010-06-07] (SweetIM Technologies Ltd.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] -  [x]
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-11] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [ApnTBMon] - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1558480 2013-07-26] (APN)
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Packard Bell\Screensaver\run_Packard Bell.exe [162336 2009-07-22] ()
AppInit_DLLs: C:\PROGRA~3\Wincert\WIN64C~1.DLL C:\PROGRA~2\MOVIES~1\Datamngr\x64\mgrldr.dll  [21504 2013-07-24] ()
AppInit_DLLs-x32: C:\PROGRA~3\Wincert\WIN32C~1.DLL C:\PROGRA~2\MOVIES~1\Datamngr\mgrldr.dll  [17408 2013-07-24] ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_mh36&r=273612095016l0353z175f48018350
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_mh36&r=273612095016l0353z175f48018350
HKCU\Software\Microsoft\Internet Explorer\Main,ICQ Search = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.
URLSearchHook: (No Name) - {EEE6C35D-6118-11DC-9C72-001320C79847} -  No File
URLSearchHook: (No Name) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} -  No File
URLSearchHook: (No Name) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} -  No File
URLSearchHook: (No Name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -  No File
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=542&systemid=406&v=n8483-66&apn_uid=8342170431554758&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=542&systemid=406&v=n8483-66&apn_uid=8342170431554758&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
SearchScopes: HKLM-x32 - {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}
SearchScopes: HKCU - Plasmoo URL = hxxp://plasmoo.com/index.htm?SearchMashine=true&q={searchTerms}
SearchScopes: HKCU - {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=542&systemid=406&v=n8483-66&apn_uid=8342170431554758&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
SearchScopes: HKCU - {b41306c6-96d0-442a-bcc4-b0f621e82ce9} URL = hxxp://www.fissa.com/de/results/?s=b&c=1005274777&suid=Eh5USxRx8&d=3&q={searchTerms}
SearchScopes: HKCU - {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll No File
BHO-x32: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Avira SearchFree Toolbar plus Web Protection - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
BHO-x32: PiccShare BHO - {553318DA-D010-469E-84B1-496563CAE1C0} - C:\Users\Kathy\AppData\Local\ext_piccshare\ext_piccshare.dll (HTTO Group, Ltd)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: softonic-de3 Toolbar - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll (Conduit Ltd.)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Movies Toolbar (Dist. by Bandoo Media, Inc.) - {ec2bae47-25af-4ce9-9e78-10627a49c9ea} - C:\Program Files (x86)\Movies Toolbar\Datamngr\SRTOOL~1\IE\searchresultsDx.dll ()
BHO-x32: SweetIM Toolbar Helper - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
Toolbar: HKLM-x32 - softonic-de3 Toolbar - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Movies Toolbar (Dist. by Bandoo Media, Inc.) - {ec2bae47-25af-4ce9-9e78-10627a49c9ea} - C:\Program Files (x86)\Movies Toolbar\Datamngr\SRTOOL~1\IE\searchresultsDx.dll ()
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - Avira SearchFree Toolbar plus Web Protection - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU -  No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} -  No File
Toolbar: HKCU -  No Name - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} -  No File
Toolbar: HKCU -  No Name - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} -  No File
DPF: HKLM-x32 {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8064.0206 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

Chrome: 
=======
CHR DefaultSearchURL: (Search the web) - hxxp://search.fbdownloader.com/search.php?channel=sfde203fbdgy21&q={searchTerms}
CHR DefaultSuggestURL: (Search the web) -       "suggest_url": ""
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.200.2) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U20) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Windows Live\u00AE Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
CHR Extension: (Movies Toolbar) - C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\21.56092_0
CHR Extension: (Avira SearchFree Toolbar plus Web Protection) - C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaacalgebmfelllfiaoknifldpngjh\20.53263_0
CHR Extension: (PiccShare) - C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\docfnddcclkgokdfpnmngpiliiachclb\2.0_0
CHR Extension: (OfferMosquito) - C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbmdkmlcnbapgegninelmjbfibaghdmk\0.6.6_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0
CHR HKLM-x32\...\Chrome\Extension: [aaaaabcbmongicmdegkmmfgdickgnnob] - C:\Users\Kathy\AppData\Local\ilividmoviestoolbardla\GC\toolbar.crx
CHR HKLM-x32\...\Chrome\Extension: [aaaaacalgebmfelllfiaoknifldpngjh] - C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7\CRX\ToolbarCR.crx

==================== Services (Whitelisted) =================

R2 AntiVirFirewallService; C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe [655928 2013-09-11] (Avira Operations GmbH & Co. KG)
R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe [622648 2013-09-11] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-09-11] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-11] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [815160 2013-09-11] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [168400 2013-07-26] (APN LLC.)
R2 DatamngrCoordinator; C:\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrCoordinator.exe [3179520 2013-07-24] (Bandoo Media Inc.)
R2 ePowerSvc; C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [844320 2009-08-06] (Acer Incorporated)
R2 Greg_Service; C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe [1150496 2009-06-04] (Acer Incorporated)
R3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [275752 2008-01-22] (Nero AG)
R2 PLFlash DeviceIoControl Service; C:\Windows\SysWOW64\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.)
R2 Updater Service; C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [240160 2009-07-04] (Acer)
S3 Nero BackItUp Scheduler 4.0; C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe [x]

==================== Drivers (Whitelisted) ====================

R3 avfwim; C:\Windows\System32\DRIVERS\avfwim.sys [114608 2013-09-11] (Avira GmbH)
R1 avfwot; C:\Windows\System32\DRIVERS\avfwot.sys [141376 2013-09-11] (Avira GmbH)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105344 2013-09-02] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132088 2013-09-02] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-09-02] (Avira Operations GmbH & Co. KG)
S3 int15.sys; C:\Windows\System32\OEM\Factory\int15.sys [17952 2008-03-28] (Acer, Inc.)
S3 int15.sys; C:\Windows\System32\OEM\Factory\int15.sys [17952 2008-03-28] (Acer, Inc.)
S3 s916bus; C:\Windows\System32\DRIVERS\s916bus.sys [108072 2007-11-02] (MCCI Corporation)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-02-22] (Anchorfree Inc.)
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [x]
S3 TFsExDisk; \??\C:\Windows\System32\Drivers\TFsExDisk.sys [x]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-14 23:52 - 2013-09-14 23:52 - 00000000 ____D C:\FRST
2013-09-11 21:15 - 2013-09-11 20:58 - 00141376 _____ (Avira GmbH) C:\Windows\system32\Drivers\avfwot.sys
2013-09-11 21:15 - 2013-09-11 20:58 - 00114608 _____ (Avira GmbH) C:\Windows\system32\Drivers\avfwim.sys
2013-09-11 20:49 - 2013-09-11 20:49 - 02092776 _____ C:\Users\Kathy\Documents\avira_internet_security.exe
2013-09-10 16:15 - 2013-09-14 23:32 - 00000280 _____ C:\Windows\setupact.log
2013-09-10 16:15 - 2013-09-10 16:15 - 00000000 _____ C:\Windows\setuperr.log
2013-09-10 16:14 - 2013-09-11 21:36 - 00117692 _____ C:\Windows\PFRO.log
2013-09-02 14:38 - 2013-09-02 14:37 - 00081112 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-09-02 12:32 - 2013-09-02 12:32 - 00000000 ____D C:\Users\Kathy\AppData\Roaming\Avira
2013-09-02 12:24 - 2013-09-02 12:24 - 00000000 ____D C:\ProgramData\AskPartnerNetwork
2013-09-02 12:24 - 2013-09-02 12:24 - 00000000 ____D C:\Program Files (x86)\AskPartnerNetwork
2013-09-02 12:23 - 2013-09-02 12:23 - 00000000 ____D C:\ProgramData\APN
2013-09-02 12:22 - 2013-09-11 21:15 - 00002082 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-09-02 12:21 - 2013-09-11 21:16 - 00000000 ____D C:\ProgramData\Avira
2013-09-02 12:21 - 2013-09-02 14:37 - 00132088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-09-02 12:21 - 2013-09-02 14:37 - 00105344 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-09-02 12:21 - 2013-09-02 12:21 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-09-02 12:21 - 2013-09-02 12:21 - 00000000 ____D C:\Program Files (x86)\Avira
2013-09-02 11:27 - 2013-09-02 11:27 - 00003304 ____N C:\bootsqm.dat
2013-09-02 02:21 - 2013-09-02 02:21 - 00004026 _____ C:\Windows\System32\Tasks\LaunchApp
2013-09-02 02:20 - 2013-09-02 02:20 - 00000000 ____D C:\Users\Kathy\SyncFolder
2013-09-02 01:47 - 2013-09-02 15:17 - 00000000 ____D C:\Program Files (x86)\MyPC Backup
2013-09-02 01:44 - 2013-09-02 15:26 - 00000000 ____D C:\Users\Kathy\AppData\Roaming\Systweak
2013-09-02 01:44 - 2013-08-22 18:36 - 00020312 _____ (Systweak Inc., (www.systweak.com)) C:\Windows\system32\roboot64.exe
2013-09-02 01:19 - 2013-09-02 01:20 - 00000000 ____D C:\Users\Kathy\Documents\Neuer Ordner
2013-09-01 22:39 - 2013-09-01 22:39 - 00000000 ____D C:\Users\Kathy\AppData\Roaming\Snz
2013-08-28 20:47 - 2013-08-28 20:47 - 02218359 _____ C:\Users\Kathy\AppData\Local\omesuperv.exe
2013-08-25 02:26 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-25 02:26 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-25 02:26 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-25 02:26 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-25 02:26 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-25 02:26 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-25 02:26 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-25 02:26 - 2013-07-26 07:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-25 02:26 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-25 02:26 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-25 02:26 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-25 02:26 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-25 02:26 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-25 02:26 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-25 02:26 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-25 02:26 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-25 02:26 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-25 02:26 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-25 02:26 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-25 02:26 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-25 02:26 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-25 02:26 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-25 02:26 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-25 02:26 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-25 02:26 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-25 02:26 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-25 02:26 - 2013-07-26 04:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-25 02:26 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-25 02:25 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-25 02:25 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-25 02:25 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-25 02:11 - 2013-08-25 02:16 - 00000000 ____D C:\Windows\system32\MRT
2013-08-16 23:09 - 2013-08-16 23:50 - 00000000 ____D C:\Users\Kathy\Desktop\schatz mukke
2013-08-16 18:44 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-08-16 18:43 - 2013-07-09 08:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-16 18:43 - 2013-07-09 07:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-16 18:43 - 2013-07-09 07:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-08-16 18:43 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-08-16 18:43 - 2013-07-09 06:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-08-16 18:43 - 2013-07-09 06:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-08-16 18:43 - 2013-07-09 04:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-08-16 18:43 - 2013-07-09 04:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-08-16 18:43 - 2013-07-09 04:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-08-16 18:43 - 2013-07-09 04:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-08-16 18:12 - 2013-08-16 23:25 - 00000000 ____D C:\Users\Kathy\Desktop\mp3
2013-08-16 17:41 - 2013-08-16 17:41 - 00000000 ____D C:\Users\Kathy\Desktop\Weiße Zähne  Hausmittel für ein strahlendes Lächeln!   frauen blog_files
2013-08-16 17:09 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-16 17:09 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-16 17:08 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-16 17:08 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-16 17:08 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-16 17:08 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-16 17:08 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-16 17:08 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-16 17:08 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-16 17:08 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-16 17:08 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-16 17:08 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-16 17:06 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-16 17:06 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-16 17:06 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-16 17:06 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys

==================== One Month Modified Files and Folders =======

2013-09-15 00:13 - 2013-08-06 15:08 - 00000000 ____D C:\ProgramData\Datamngr
2013-09-15 00:12 - 2009-10-23 15:33 - 01654597 _____ C:\Windows\WindowsUpdate.log
2013-09-15 00:09 - 2010-02-09 17:14 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-14 23:52 - 2013-09-14 23:52 - 00000000 ____D C:\FRST
2013-09-14 23:52 - 2009-07-14 06:45 - 00009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-14 23:52 - 2009-07-14 06:45 - 00009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-14 23:33 - 2013-08-07 00:44 - 00000000 ____D C:\Users\Kathy\AppData\Local\Sidebar7
2013-09-14 23:32 - 2013-09-10 16:15 - 00000280 _____ C:\Windows\setupact.log
2013-09-14 23:32 - 2010-02-09 17:14 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-14 23:32 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-11 21:36 - 2013-09-10 16:14 - 00117692 _____ C:\Windows\PFRO.log
2013-09-11 21:16 - 2013-09-02 12:21 - 00000000 ____D C:\ProgramData\Avira
2013-09-11 21:15 - 2013-09-02 12:22 - 00002082 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-09-11 20:58 - 2013-09-11 21:15 - 00141376 _____ (Avira GmbH) C:\Windows\system32\Drivers\avfwot.sys
2013-09-11 20:58 - 2013-09-11 21:15 - 00114608 _____ (Avira GmbH) C:\Windows\system32\Drivers\avfwim.sys
2013-09-11 20:49 - 2013-09-11 20:49 - 02092776 _____ C:\Users\Kathy\Documents\avira_internet_security.exe
2013-09-11 20:07 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-09-10 16:16 - 2010-01-01 16:52 - 02431488 ___SH C:\Users\Kathy\Desktop\Thumbs.db
2013-09-10 16:15 - 2013-09-10 16:15 - 00000000 _____ C:\Windows\setuperr.log
2013-09-02 15:31 - 2007-07-12 03:49 - 00000000 ____D C:\Windows\Panther
2013-09-02 15:26 - 2013-09-02 01:44 - 00000000 ____D C:\Users\Kathy\AppData\Roaming\Systweak
2013-09-02 15:20 - 2009-12-23 13:39 - 00001437 _____ C:\Users\Kathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-09-02 15:17 - 2013-09-02 01:47 - 00000000 ____D C:\Program Files (x86)\MyPC Backup
2013-09-02 15:12 - 2009-12-23 13:39 - 00000000 ___RD C:\Users\Kathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-02 15:10 - 2009-08-18 09:58 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-09-02 14:37 - 2013-09-02 14:38 - 00081112 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-09-02 14:37 - 2013-09-02 12:21 - 00132088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-09-02 14:37 - 2013-09-02 12:21 - 00105344 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-09-02 12:32 - 2013-09-02 12:32 - 00000000 ____D C:\Users\Kathy\AppData\Roaming\Avira
2013-09-02 12:24 - 2013-09-02 12:24 - 00000000 ____D C:\ProgramData\AskPartnerNetwork
2013-09-02 12:24 - 2013-09-02 12:24 - 00000000 ____D C:\Program Files (x86)\AskPartnerNetwork
2013-09-02 12:23 - 2013-09-02 12:23 - 00000000 ____D C:\ProgramData\APN
2013-09-02 12:21 - 2013-09-02 12:21 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-09-02 12:21 - 2013-09-02 12:21 - 00000000 ____D C:\Program Files (x86)\Avira
2013-09-02 11:43 - 2010-05-27 17:31 - 00000000 ____D C:\Users\Kathy\AppData\Roaming\OfferBox
2013-09-02 11:27 - 2013-09-02 11:27 - 00003304 ____N C:\bootsqm.dat
2013-09-02 04:27 - 2010-12-27 16:03 - 00000000 ____D C:\Users\Kathy\AppData\Roaming\Samsung
2013-09-02 04:27 - 2010-12-27 16:02 - 00000000 ____D C:\Program Files (x86)\Samsung
2013-09-02 04:26 - 2010-12-27 16:03 - 00000000 ____D C:\Program Files (x86)\PC Connectivity Solution
2013-09-02 02:21 - 2013-09-02 02:21 - 00004026 _____ C:\Windows\System32\Tasks\LaunchApp
2013-09-02 02:20 - 2013-09-02 02:20 - 00000000 ____D C:\Users\Kathy\SyncFolder
2013-09-02 02:20 - 2009-12-23 13:37 - 00000000 ____D C:\Users\Kathy
2013-09-02 01:20 - 2013-09-02 01:19 - 00000000 ____D C:\Users\Kathy\Documents\Neuer Ordner
2013-09-01 22:39 - 2013-09-01 22:39 - 00000000 ____D C:\Users\Kathy\AppData\Roaming\Snz
2013-09-01 22:39 - 2013-08-07 00:44 - 00000000 ____D C:\Users\Kathy\AppData\Roaming\Intermediate
2013-08-28 20:47 - 2013-08-28 20:47 - 02218359 _____ C:\Users\Kathy\AppData\Local\omesuperv.exe
2013-08-25 02:21 - 2009-10-24 01:25 - 00654400 _____ C:\Windows\system32\perfh007.dat
2013-08-25 02:21 - 2009-10-24 01:25 - 00130240 _____ C:\Windows\system32\perfc007.dat
2013-08-25 02:21 - 2009-07-14 07:13 - 01520734 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-25 02:16 - 2013-08-25 02:11 - 00000000 ____D C:\Windows\system32\MRT
2013-08-25 02:10 - 2009-12-23 14:32 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-25 02:01 - 2013-04-28 10:51 - 00000000 ____D C:\Users\Kathy\Documents\Ausbildung
2013-08-25 01:20 - 2013-03-16 16:47 - 00000000 ____D C:\Users\Kathy\AppData\Roaming\HpUpdate
2013-08-22 18:36 - 2013-09-02 01:44 - 00020312 _____ (Systweak Inc., (www.systweak.com)) C:\Windows\system32\roboot64.exe
2013-08-16 23:50 - 2013-08-16 23:09 - 00000000 ____D C:\Users\Kathy\Desktop\schatz mukke
2013-08-16 23:25 - 2013-08-16 18:12 - 00000000 ____D C:\Users\Kathy\Desktop\mp3
2013-08-16 17:41 - 2013-08-16 17:41 - 00000000 ____D C:\Users\Kathy\Desktop\Weiße Zähne  Hausmittel für ein strahlendes Lächeln!   frauen blog_files

Some content of TEMP:
====================
C:\Users\Kathy\AppData\Local\Temp\BackupSetup.exe
C:\Users\Kathy\AppData\Local\Temp\vcredist_x64.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-12 23:58

==================== End Of Log ============================
         
--- --- ---

--- --- ---
][/CODE]

[CODEAdditional scan result of Farbar Recovery Scan Tool (x64) Version: 13-09-2013 04
Ran by Kathy at 2013-09-15 00:15:40
Running from C:\Users\Kathy\Documents\Downloads
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

Acrobat.com (x32 Version: 1.6.65)
Adobe AIR (x32 Version: 1.5.0.7220)
Adobe Flash Player 11 ActiveX 64-bit (Version: 11.0.1.152)
Adobe Photoshop Elements 7.0 (x32 Version: 7.0.1)
Adobe Reader 9.1 MUI (x32 Version: 9.1.0)
Apple Application Support (x32 Version: 2.1.7)
Apple Mobile Device Support (Version: 5.1.1.4)
Apple Software Update (x32 Version: 2.1.3.127)
Avira Internet Security (x32 Version: 13.0.0.4052)
Avira SearchFree Toolbar plus Web Protection (x32 Version: 12.2.2.663)
Bing Bar (x32 Version: 7.1.355.0)
Bonjour (Version: 3.0.0.10)
CCleaner (Version: 3.12)
Choice Guard (x32 Version: 1.2.87.0)
Compatibility Pack für 2007 Office System (x32 Version: 12.0.6612.1000)
Drop (x32)
DVDVideoSoftTB Toolbar (x32 Version: )
eBay Worldwide (x32 Version: 2.1.0703)
Electronic Arts Product Registration (x32 Version: 1.01.0000)
Fissa (x32 Version: 1.0)
Five21s (x32)
Free YouTube to MP3 Converter version 3.9.38.517 (x32)
Google Chrome (x32 Version: 29.0.1547.66)
Google Earth (x32 Version: 7.1.1.1888)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0)
Google Toolbar for Internet Explorer (x32 Version: 7.5.4413.1752)
Google Update Helper (x32 Version: 1.3.21.153)
HP Officejet 4620 series - Grundlegende Software für das Gerät (Version: 28.0.1315.0)
HP Officejet 4620 series Hilfe (x32 Version: 6.0.0)
HP Update (x32 Version: 5.003.003.001)
I.R.I.S. OCR (x32 Version: 12.3.4.0)
Identity Card (x32 Version: 1.00.3001)
ImagXpress (x32 Version: 7.0.74.0)
Intel(R) Graphics Media Accelerator Driver
Java Auto Updater (x32 Version: 2.0.2.1)
Java(TM) 6 Update 20 (x32 Version: 6.0.200)
Junk Mail filter update (x32 Version: 14.0.8064.206)
Just Aces (x32)
Krazy 8's (x32)
Launch Manager (x32 Version: 3.0.00)
MAGIX Screenshare (x32 Version: 4.3.6.1987)
Max 11 (x32)
Merriam Websters Spell Jam (x32)
Metaboli (x32 Version: 1.00.0006)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office XP Professional mit FrontPage (x32 Version: 10.0.6626.0)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Moovida (x32 Version: 1.00.0000)
Moovida (x32 Version: 2.0.9)
Movies Toolbar for Chrome (Dist. by Bandoo Media, Inc.) (x32 Version: 1.5.0.0)
Movies Toolbar for Internet Explorer (Dist. by Bandoo Media, Inc.) (x32 Version: 1.5.0.0)
MSVCRT (x32 Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
MVP Word Search (x32)
Nero 7 Premium (x32 Version: 7.03.1151)
neroxml (x32 Version: 1.0.0)
Next 2 (x32)
Packard Bell GameZone Console (x32 Version: 5.1.2.3)
Packard Bell InfoCentre (x32 Version: 3.02.3000)
Packard Bell Power Management (x32 Version: 4.05.3002)
Packard Bell Recovery Management (x32 Version: 4.05.3003)
Packard Bell Registration (x32 Version: 1.02.3004)
Packard Bell ScreenSaver (x32 Version: 1.1.0730)
Packard Bell Updater (x32 Version: 1.01.3014)
Paint.NET v3.5.8 (Version: 3.58.0)
PC Connectivity Solution (x32 Version: 8.15.0.0)
PhotoScape (x32)
PiccShare (HKCU Version: 2.0)
Realtek 8136 8168 8169 Ethernet Driver (x32 Version: 1.00.0005)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.5859)
Realtek USB 2.0 Card Reader (x32 Version: 6.1.7100.30094)
SAMSUNG Mobile Composite Device Software
Samsung Mobile Modem Device Software
SAMSUNG Mobile Modem Driver Set
Samsung Mobile phone USB driver Drive Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung New PC Studio USB Driver Installer (x32 Version: 1.00.0000)
SAMSUNG USB Mobile Device Software
SamsungConnectivityCableDriver (x32 Version: 6.83.6.2.1)
Sliding Coins (x32)
softonic-de3 Toolbar (x32 Version: 5.7.1.1)
Star Defender 4 (x32)
Steam(TM) (x32 Version: 1.0.0.0)
Studie zur Verbesserung von HP Officejet 4620 series Produkten (Version: 28.0.1315.0)
SweetIM for Messenger 3.2 (x32 Version: 3.2.0004)
SweetIM Toolbar for Internet Explorer 3.9 (x32 Version: 3.9.0007)
Synaptics Pointing Device Driver (Version: 13.1.3.0)
Tai Match (x32)
Tri Peaks (x32)
Tri Rummy (x32)
Uninstall 1.0.0.1 (x32)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Virtual DJ - Atomix Productions (x32)
Welcome Center (x32 Version: 1.00.3005)
Windows Live Anmelde-Assistent (x32 Version: 5.000.818.5)
Windows Live Call (x32 Version: 14.0.8064.0206)
Windows Live Communications Platform (x32 Version: 14.0.8064.206)
Windows Live Essentials (x32 Version: 14.0.8064.0206)
Windows Live Essentials (x32 Version: 14.0.8064.206)
Windows Live Fotogalerie (x32 Version: 14.0.8064.206)
Windows Live Mail (x32 Version: 14.0.8064.0206)
Windows Live Messenger (x32 Version: 14.0.8064.0206)
Windows Live Sync (x32 Version: 14.0.8064.206)
Windows Live Writer (x32 Version: 14.0.8064.0206)
Windows Live-Uploadtool (x32 Version: 14.0.8014.1029)
Windows Media Player Firefox Plugin (x32 Version: 1.0.0.8)
Windows-Treiberpaket - Nokia pccsmcfd (10/12/2007 6.85.4.0) (Version: 10/12/2007 6.85.4.0)
Yahoo! Toolbar (x32)

==================== Restore Points =========================

16-08-2013 22:15:48 Windows-Sicherung
24-08-2013 23:21:08 Windows Update
25-08-2013 00:02:44 Windows-Sicherung
01-09-2013 20:48:31 Windows-Sicherung
01-09-2013 21:35:20 Windows Update
01-09-2013 23:58:05 RegClean Pro Mo, Sep 02, 13 01:57
02-09-2013 02:24:25 Entfernt Samsung New PC Studio
02-09-2013 13:03:44 Konfiguriert PowerDVD
10-09-2013 14:25:24 Windows-Sicherung
11-09-2013 18:06:23 Windows Update
11-09-2013 18:55:28 Windows-Sicherung
11-09-2013 21:14:34 Windows-Sicherung
14-09-2013 22:06:56 Windows Update

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {044A6734-E90E-4F8F-B357-B2DC8AB3B5EC} - System32\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime => Sc.exe start w32time task_started
Task: {0B6102D7-AB94-4F15-8456-16D2D619AA63} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {1025F5A2-1F1A-4C76-8398-AEDD10380FEC} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => C:\Windows\System32\sdengin2.dll [2010-11-20] (Microsoft Corporation)
Task: {261F53D0-11F2-494B-8710-B098356C9231} - System32\Tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor => C:\Windows\system32\sdclt.exe [2010-11-20] (Microsoft Corporation)
Task: {2727E306-3A7D-4F3A-8EFF-33DB4627D2B1} - System32\Tasks\HPCustParticipation HP Officejet 4620 series => C:\Program Files\HP\HP Officejet 4620 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {52383D58-B31D-4727-A6B3-C0A909C1056F} - System32\Tasks\LaunchApp => C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe
Task: {7D886A13-D43A-49F2-A446-15681EC38493} - System32\Tasks\Recovery Management\Burn Notification => C:\Program Files\Packard Bell\Packard Bell Recovery Management\NotificationCenter\Notification.exe [2009-07-09] (Acer)
Task: {AC20D6C7-8427-44C0-A38D-7410F9380CDC} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe [2010-11-20] (Microsoft Corporation)
Task: {B2045DC7-0327-4C11-BA05-6549E5DB2507} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-02-09] (Google Inc.)
Task: {B667B9B4-D5CB-4B53-A50F-D32F110ACC4C} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-23] (Microsoft Corporation)
Task: {B811FC6B-8E02-48C7-AF06-6923FB8377FE} - System32\Tasks\Microsoft\Windows Defender\MpIdleTask => c:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation)
Task: {BBD2C93A-BA92-4130-ACA1-A014D3373E4A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-02-09] (Google Inc.)
Task: {DD02AED1-E887-4601-B736-658559068691} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation)
Task: {FFB8AD4B-BCD3-4D8D-B1C3-5D24366397F9} - System32\Tasks\{30917DA7-3E0B-4936-B253-AFD204E479E9} => Chrome.exe hxxp://ui.skype.com/ui/0/6.5.0.158/de/abandoninstall?source=lightinstaller&page=tsMain
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-01-20 22:59 - 2012-11-23 05:13 - 00068608 _____ (Microsoft Corporation) C:\Windows\system32\taskhost.exe
2009-07-14 01:37 - 2009-07-14 03:39 - 00120320 _____ (Microsoft Corporation) C:\Windows\system32\Dwm.exe
2011-05-21 23:24 - 2011-02-25 08:19 - 02871808 _____ (Microsoft Corporation) C:\Windows\Explorer.EXE
2013-08-06 15:08 - 2013-07-24 13:48 - 00644096 _____ () C:\Program Files (x86)\Movies Toolbar\Datamngr\x64\apcrtldr.dll
2009-08-18 10:49 - 2009-06-04 12:43 - 01815848 _____ (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
2009-08-18 10:49 - 2009-06-04 12:43 - 00395048 _____ (Synaptics Incorporated) C:\Windows\system32\SynCOM.dll
2009-08-18 10:49 - 2009-06-04 12:43 - 00202536 _____ (Synaptics Incorporated) C:\Windows\system32\SynTPAPI.dll
2009-08-18 10:03 - 2009-05-22 18:20 - 07833120 _____ (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
2009-08-18 10:03 - 2009-05-22 18:21 - 00149536 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2009-08-19 08:13 - 2009-08-18 13:52 - 00165912 _____ (Intel Corporation) C:\Windows\System32\igfxtray.exe
2009-08-19 08:13 - 2009-07-28 09:09 - 00305664 _____ (Intel Corporation) C:\Windows\system32\igfxrDEU.lrc
2009-08-19 08:13 - 2009-08-18 13:51 - 00387608 _____ (Intel Corporation) C:\Windows\System32\hkcmd.exe
2009-08-18 10:49 - 2009-06-04 12:43 - 00119592 _____ (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
2009-08-19 08:13 - 2009-08-18 13:52 - 00491032 _____ (Intel Corporation) C:\Windows\system32\igfxsrvc.exe
2009-08-19 08:13 - 2009-08-18 13:52 - 00365592 _____ (Intel Corporation) C:\Windows\System32\igfxpers.exe
2008-01-22 12:13 - 2008-01-22 12:13 - 00152872 _____ (Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
2009-08-19 08:13 - 2009-08-18 13:52 - 00215576 _____ (Intel Corporation) C:\Windows\system32\igfxext.exe
2013-08-20 18:01 - 2013-08-20 18:01 - 00407552 _____ (Helmut Buhler) C:\Users\Kathy\AppData\Local\Microsoft\Windows Sidebar\Gadgets\Sidebar7.gadget\Release\Sidebar7.64.dll
2011-10-27 19:55 - 2010-11-20 15:26 - 01668608 _____ (Microsoft Corporation) C:\Windows\eHome\EhUIHlp.dll
2009-07-14 02:24 - 2009-07-14 03:26 - 00002048 _____ (Microsoft Corporation) C:\Windows\eHome\ehSidebarRes.dll
2010-06-07 15:32 - 2010-06-07 15:32 - 00111928 ____R (SweetIM Technologies Ltd.) C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
2013-07-26 22:30 - 2013-07-26 22:30 - 01558480 _____ (APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
2009-07-14 01:47 - 2009-07-14 03:39 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe
2008-01-22 12:13 - 2008-01-22 12:13 - 01201448 _____ (Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
2009-07-14 02:25 - 2009-07-14 03:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
2009-07-14 02:24 - 2009-07-14 03:40 - 00125440 _____ (Microsoft Corporation) C:\Windows\eHome\ehProxy.dll
2013-09-14 23:48 - 2013-09-14 23:48 - 01950312 _____ (Farbar) C:\Users\Kathy\Documents\Downloads\FRST64.exe
2011-10-26 23:30 - 2011-05-04 07:19 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2008-05-14 10:34 - 2008-05-14 10:34 - 03077416 _____ (Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\AdvrCntr2.dll
2008-01-22 12:13 - 2008-01-22 12:13 - 00059176 _____ (Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingServicePS.dll
2008-01-22 12:13 - 2008-01-22 12:13 - 00020264 _____ (Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvrPS.dll
2008-01-22 12:13 - 2008-01-22 12:13 - 02721064 _____ (Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMDataServices.dll
2010-06-07 15:31 - 2010-06-07 15:31 - 00023864 ____R (SweetIM Technologies Ltd.) C:\Program Files (x86)\SweetIM\Messenger\mgAdaptersProxy.dll
2009-08-18 10:49 - 2009-06-04 12:43 - 00395048 _____ (Synaptics Incorporated) C:\Windows\system32\Syncom.dll
2013-08-06 15:08 - 2013-07-24 13:48 - 00474624 _____ () C:\Program Files (x86)\Movies Toolbar\Datamngr\apcrtldr.dll
2010-06-07 15:32 - 2010-06-07 15:32 - 00263480 ____R (SweetIM Technologies Ltd.) C:\Program Files (x86)\SweetIM\Messenger\mgUpdateSupport.dll
2010-06-07 15:31 - 2010-06-07 15:31 - 00033592 ____R (SweetIM Technologies Ltd.) C:\Program Files (x86)\SweetIM\Messenger\mgcommunication.dll
2010-06-07 15:32 - 2010-06-07 15:32 - 00018744 ____R (SweetIM Technologies Ltd.) C:\Program Files (x86)\SweetIM\Messenger\mgIEPlayer.dll
2010-06-07 15:31 - 2010-06-07 15:31 - 00189752 ____R (SweetIM Technologies Ltd.) C:\Program Files (x86)\SweetIM\Messenger\mgcommon.dll
2010-06-07 15:32 - 2010-06-07 15:32 - 00165176 ____R (SweetIM Technologies Ltd.) C:\Program Files (x86)\SweetIM\Messenger\mghooking.dll
2010-06-07 15:32 - 2010-06-07 15:32 - 00070968 ____R (SweetIM Technologies Ltd.) C:\Program Files (x86)\SweetIM\Messenger\mgxml_wrapper.dll
2010-06-07 15:32 - 2010-06-07 15:32 - 00062776 ____R (SweetIM Technologies Ltd.) C:\Program Files (x86)\SweetIM\Messenger\mgconfig.dll
2013-04-09 18:01 - 2013-04-09 18:01 - 00007168 _____ () C:\ProgramData\Wincert\win32cert.dll
2013-04-09 18:01 - 2013-04-09 18:01 - 00078336 _____ () C:\ProgramData\Wincert\win32prop.dll
2008-01-22 12:14 - 2008-01-22 12:14 - 00320808 _____ (Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMSQLDB.dll
2008-01-22 12:13 - 2008-01-22 12:13 - 00054056 _____ (Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMLogCxx.dll
2008-01-22 12:12 - 2008-01-22 12:12 - 00742696 _____ (Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\log4cxx.dll
2008-01-22 12:13 - 2008-01-22 12:13 - 00541992 _____ (Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMCoFoundation.dll
2008-01-22 12:13 - 2008-01-22 12:13 - 00107816 _____ (Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMPluginBase.dll
2008-01-22 12:13 - 2008-01-22 12:13 - 00181544 _____ (Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMFullTextExtraction.dll
2008-01-22 12:13 - 2008-01-22 12:13 - 00181544 _____ (Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMSearchPluginSimilarImages.dll
2013-08-06 15:08 - 2013-07-24 13:48 - 00017408 _____ () C:\Program Files (x86)\Movies Toolbar\Datamngr\mgrldr.dll
2013-08-06 15:08 - 2013-07-24 13:48 - 02034688 _____ (Bandoo Media Inc.) C:\Program Files (x86)\Movies Toolbar\Datamngr\Datamngr.dll
2013-09-11 20:53 - 2013-09-02 22:35 - 00709584 _____ () C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\libglesv2.dll
2013-09-11 20:53 - 2013-09-02 22:35 - 00099792 _____ () C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\libegl.dll
2013-09-11 20:53 - 2013-09-02 22:35 - 04053456 _____ () C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\pdf.dll
2013-09-11 20:53 - 2013-09-02 22:35 - 00410576 _____ () C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll
2013-09-11 20:53 - 2013-09-02 22:35 - 01604560 _____ () C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) ==========

AlternateDataStreams: C:\ProgramData\Temp:0B9176C0
AlternateDataStreams: C:\ProgramData\Temp:1D32EC29
AlternateDataStreams: C:\ProgramData\Temp:4CF61E54
AlternateDataStreams: C:\ProgramData\Temp:4D066AD2
AlternateDataStreams: C:\ProgramData\Temp:5D7E5A8F
AlternateDataStreams: C:\ProgramData\Temp:93DE1838
AlternateDataStreams: C:\ProgramData\Temp:AB689DEA
AlternateDataStreams: C:\ProgramData\Temp:ABE89FFE
AlternateDataStreams: C:\ProgramData\Temp:E1F04E8D
AlternateDataStreams: C:\ProgramData\Temp:E3C56885


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/15/2013 00:11:06 AM) (Source: Application Hang) (User: )
Description: Programm FRST64.exe, Version 3.3.8.1 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: b1c

Startzeit: 01ceb1946edd7e84

Endzeit: 53

Anwendungspfad: C:\Users\Kathy\Documents\Downloads\FRST64.exe

Berichts-ID: 6b6929eb-1d8a-11e3-bbaa-00269e6ce75b

Error: (09/14/2013 11:32:48 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: Steam.exe, Version: 1.66.83.42, Zeitstempel: 0x511af576
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x31504247
ID des fehlerhaften Prozesses: 0x940
Startzeit der fehlerhaften Anwendung: 0xSteam.exe0
Pfad der fehlerhaften Anwendung: Steam.exe1
Pfad des fehlerhaften Moduls: Steam.exe2
Berichtskennung: Steam.exe3

Error: (09/12/2013 01:31:48 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: Steam.exe, Version: 1.66.83.42, Zeitstempel: 0x511af576
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x31504247
ID des fehlerhaften Prozesses: 0x1d0
Startzeit der fehlerhaften Anwendung: 0xSteam.exe0
Pfad der fehlerhaften Anwendung: Steam.exe1
Pfad des fehlerhaften Moduls: Steam.exe2
Berichtskennung: Steam.exe3

Error: (09/11/2013 09:37:59 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: Steam.exe, Version: 1.66.83.42, Zeitstempel: 0x511af576
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x31504247
ID des fehlerhaften Prozesses: 0x6a4
Startzeit der fehlerhaften Anwendung: 0xSteam.exe0
Pfad der fehlerhaften Anwendung: Steam.exe1
Pfad des fehlerhaften Moduls: Steam.exe2
Berichtskennung: Steam.exe3

Error: (09/11/2013 08:34:17 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 260802

Error: (09/11/2013 08:34:17 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 260802

Error: (09/11/2013 08:34:17 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/11/2013 08:34:15 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 258025

Error: (09/11/2013 08:34:14 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 258025

Error: (09/11/2013 08:34:14 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (09/14/2013 11:59:34 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows-Fehlerberichterstattungsdienst erreicht.

Error: (09/14/2013 11:34:33 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Avira Echtzeit-Scanner" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.

Error: (09/14/2013 11:34:33 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Avira Email-Schutz" ist vom Dienst "Avira Echtzeit-Scanner" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%0

Error: (09/14/2013 11:34:33 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Avira Browser-Schutz" ist vom Dienst "Avira Echtzeit-Scanner" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%0

Error: (09/14/2013 11:34:33 PM) (Source: Service Control Manager) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen:
%%5

Error: (09/14/2013 11:34:20 PM) (Source: Service Control Manager) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen:
%%5

Error: (09/14/2013 11:31:59 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ‎12.‎09.‎2013 um 01:43:24 unerwartet heruntergefahren.

Error: (09/12/2013 01:32:28 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Avira Echtzeit-Scanner" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.

Error: (09/12/2013 01:32:28 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Avira Email-Schutz" ist vom Dienst "Avira Echtzeit-Scanner" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%0

Error: (09/12/2013 01:32:28 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Avira Browser-Schutz" ist vom Dienst "Avira Echtzeit-Scanner" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%0


Microsoft Office Sessions:
=========================
Error: (09/15/2013 00:11:06 AM) (Source: Application Hang)(User: )
Description: FRST64.exe3.3.8.1b1c01ceb1946edd7e8453C:\Users\Kathy\Documents\Downloads\FRST64.exe6b6929eb-1d8a-11e3-bbaa-00269e6ce75b

Error: (09/14/2013 11:32:48 PM) (Source: Application Error)(User: )
Description: Steam.exe1.66.83.42511af576unknown0.0.0.000000000c00000053150424794001ceb191eab3b469C:\Program Files (x86)\Valve\Steam\Steam.exeunknown33036583-1d85-11e3-bbaa-00269e6ce75b

Error: (09/12/2013 01:31:48 AM) (Source: Application Error)(User: )
Description: Steam.exe1.66.83.42511af576unknown0.0.0.000000000c0000005315042471d001ceaf46f547796fC:\Program Files (x86)\Valve\Steam\Steam.exeunknown5366dadf-1b3a-11e3-a3ea-00269e6ce75b

Error: (09/11/2013 09:37:59 PM) (Source: Application Error)(User: )
Description: Steam.exe1.66.83.42511af576unknown0.0.0.000000000c0000005315042476a401ceaf265e818a08C:\Program Files (x86)\Valve\Steam\Steam.exeunknowna9cb418c-1b19-11e3-9f90-00269e6ce75b

Error: (09/11/2013 08:34:17 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 260802

Error: (09/11/2013 08:34:17 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 260802

Error: (09/11/2013 08:34:17 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/11/2013 08:34:15 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 258025

Error: (09/11/2013 08:34:14 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 258025

Error: (09/11/2013 08:34:14 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second


==================== Memory info ===========================

Percentage of memory in use: 97%
Total physical RAM: 3000.9 MB
Available physical RAM: 61.83 MB
Total Pagefile: 5999.99 MB
Available Pagefile: 1195.79 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (Packard Bell) (Fixed) (Total:220.79 GB) (Free:129.12 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: 5A802DAC)
Partition 1: (Not Active) - (Size=12 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=221 GB) - (Type=07 NTFS)

==================== End Of Log ============================][/CODE]
__________________

Alt 15.09.2013, 15:30   #4
schrauber
/// the machine
/// TB-Ausbilder
 

ad.adserverplus.. erscheint ständig ;Windows7 ; avira meldet nichts - Standard

ad.adserverplus.. erscheint ständig ;Windows7 ; avira meldet nichts



Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!
Downloade dir bitte Combofix vom folgenden Downloadspiegel

Link 1


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu ad.adserverplus.. erscheint ständig ;Windows7 ; avira meldet nichts
arbeiten, avira, entdeck, entdeckt, erscheint, gefahren, hängt, interne, internetseite, internetseiten, konfiguration, laptop, laptop hängt, melde, meldet, nichts, richtig, schnelle, seite, seiten, spyware, system, taskmanager, virus, windows, öffnen



Ähnliche Themen: ad.adserverplus.. erscheint ständig ;Windows7 ; avira meldet nichts


  1. Nur Avira meldet TR/Patched.Ren.Gen (2) ESET,ADWcleaner, mbar.exe finden nichts
    Plagegeister aller Art und deren Bekämpfung - 21.09.2015 (11)
  2. Avira meldet ständig Fund: ADWARE/CrossRider.VU
    Log-Analyse und Auswertung - 06.09.2015 (19)
  3. Windows7: Avira meldet am 6.3.2015 ebenfalls PUA/DownloadSponsor.Gen
    Log-Analyse und Auswertung - 10.03.2015 (9)
  4. Windows7: Avira meldet Trojaner TR/CRYPT.XPACK.32885
    Log-Analyse und Auswertung - 05.04.2014 (14)
  5. Adware?! Firefox stürzt ständig ab-Avira findet nichts!
    Plagegeister aller Art und deren Bekämpfung - 05.01.2014 (10)
  6. Avira meldet Trojaner, Malwarebytes findet nichts
    Log-Analyse und Auswertung - 24.01.2013 (11)
  7. ad.adserverplus erscheint immer wieder
    Log-Analyse und Auswertung - 15.11.2012 (28)
  8. http://ad.adserverplus.com/ erscheint beim Besuchen diverser Webseits!
    Log-Analyse und Auswertung - 26.10.2012 (6)
  9. Avira meldet ständig Befall mit Tr/atraps.gen2
    Plagegeister aller Art und deren Bekämpfung - 13.10.2012 (13)
  10. AVIRA Echtzeit-Scanner meldet ständig einen TR/ATRAPS.Gen2 Virus
    Log-Analyse und Auswertung - 14.09.2012 (1)
  11. ad.adserverplus.com - Fenster erscheint auf diversen Seiten
    Log-Analyse und Auswertung - 23.07.2012 (41)
  12. http://ad.adserverplus.com/ erscheint beim Besuchen diverser Webseits!
    Log-Analyse und Auswertung - 05.07.2012 (7)
  13. Avira meldet ständig Viren!
    Plagegeister aller Art und deren Bekämpfung - 24.03.2012 (31)
  14. Malwarebytes meldet ständig, dass es eine unsichere ip blockt, aber findet nichts
    Log-Analyse und Auswertung - 10.02.2012 (11)
  15. Avira schlägt ständig Alarm, ich kann aber nichts finden (html/drop.agent.ab)
    Plagegeister aller Art und deren Bekämpfung - 07.04.2011 (4)
  16. Avira schlägt ständig Alarm, ich kann aber nichts finden (html/drop.agent.ab)
    Plagegeister aller Art und deren Bekämpfung - 01.04.2011 (1)
  17. HTML/Infected.Webpage.Gen2 meldet mir Avira ständig
    Plagegeister aller Art und deren Bekämpfung - 03.10.2010 (1)

Zum Thema ad.adserverplus.. erscheint ständig ;Windows7 ; avira meldet nichts - beim öffnen von Internetseiten erscheint ad.adserverplus... in der steht das im system eine spyware entdeckt wurde. Avira zeigt mir aber keinen Virus oder gefahren an . Die Konfiguration habe ich - ad.adserverplus.. erscheint ständig ;Windows7 ; avira meldet nichts...
Archiv
Du betrachtest: ad.adserverplus.. erscheint ständig ;Windows7 ; avira meldet nichts auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.