Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: BKA Trojaner aktuelle Infizierung

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 18.03.2014, 09:20   #1
berufspyroma
 
BKA Trojaner aktuelle Infizierung - Standard

BKA Trojaner aktuelle Infizierung



Ich habe mir gerade den BKA Trojaner eingefangen, Browser ist noch offen , Computer noch aktiv:

URL des Trojaners

hxxp://alert.security130000000173.com/70F69732B73579D444B62CBB50E8F5F1

derzeit laufen Scans mit Avira und Malwarebytes anti Malware

Alt 18.03.2014, 09:28   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
BKA Trojaner aktuelle Infizierung - Standard

BKA Trojaner aktuelle Infizierung



Hallo und

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten!
Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht!




Zudem bitte auch ein Log mit Farbars Tool machen:

Scan mit Farbar's Recovery Scan Tool (FRST)

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)



Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 18.03.2014, 10:33   #3
berufspyroma
 
BKA Trojaner aktuelle Infizierung - Standard

BKA Trojaner aktuelle Infizierung



Letzter Suchlauf war vor 3 Tagen, Malwarebytes hatte einen gefunden, schicke dir die Logs mit zu Dateiname war Popupotional

Farbar Scan ist beendet

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by Gerrit Lamade at 2014-03-18 09:36:41
Running from C:\Users\Gerrit Lamade\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

1und1 Internet Explorer Add-On (x32 Version: 1.0 - 1&1 Internet AG) Hidden
Acer Backup Manager (HKLM-x32\...\InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 2.0.0.68 - NewTech Infosystems)
Acer Crystal Eye webcam Ver:1.1.194.1021 (HKLM-x32\...\{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}) (Version: 1.1.194.1021 - Chicony Electronics Co.,Ltd.)
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 5.00.3005 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3013 - Acer Incorporated)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.03.3003 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.1124.2010 - Acer Incorporated)
Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3001 - Acer Incorporated)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.0.7220 - Adobe Systems Inc.) Hidden
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 9.0.124.0 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.6.636 - Adobe Systems, Inc.)
Alcor Micro USB Card Reader (HKLM-x32\...\InstallShield_{DD89CE29-BC88-40C6-A845-E2548682C5D6}) (Version: 1.9.17.06019 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.9.17.06019 - Alcor Micro Corp.) Hidden
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.105.2015.1107 - Alps Electric)
AMD Accelerated Video Transcoding (Version: 12.10.100.30328 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{79E9FC36-6AC7-73DA-B9D4-B4389F135833}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.80328.2204 - Advanced Micro Devices, Inc.) Hidden
Apple Application Support (HKLM-x32\...\{21FC2093-6E43-460B-B9B0-5F5AA35BBB0F}) (Version: 3.0 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{FE86CB0C-FCB3-4358-B4B0-B0A41E33B3DD}) (Version: 7.1.0.32 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avira Internet Security (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
Backup Manager Basic (x32 Version: 2.0.0.68 - NewTech Infosystems) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom Gigabit NetLink Controller (HKLM\...\{A84DB02B-9C2B-4272-9D2D-A80E00A56513}) (Version: 14.2.4.2 - Broadcom Corporation)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center (x32 Version: 2013.0328.2218.38225 - Ihr Firmenname) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
CorelDRAW Graphics Suite X5 - BR (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Capture (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Common (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Connect (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Custom Data (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - CZ (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - DE (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Draw (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - EN (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - ES (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Filters (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - FontNav (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - FR (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - IPM HSE (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - IT (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - NL (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - PHOTO-PAINT (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Photozoom Plugin (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - PL (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Redist (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - RU (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Setup Files (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - VideoBrowser (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - WT (x32 Version: 15.3 -  Corel Corporation) Hidden
CorelDRAW Home & Student Suite X5 - Extra Content (HKLM-x32\...\_{D0291D38-D7AE-47B6-AD64-4FAB908FDB9F}) (Version:  - Corel Corporation)
CorelDRAW Home & Student Suite X5 - Extra Content (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Home & Student Suite X5 (x32 Version: 15.1 - Corel Corporation) Hidden
CorelDRAW(R) Home & Student Suite X5 (HKLM-x32\...\_{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}) (Version: 15.2.0.686 - Corel Corporation)
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version:  - )
CyberLink PowerDVD 9 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.3216.50 - CyberLink Corp.)
CyberLink PowerDVD 9 (x32 Version: 9.0.3216.50 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Die Sims™ 3 "Erstelle eine Welt"-Tool - Beta (HKLM-x32\...\{65761BAE-11E8-48FE-B30F-1F01011AB906}) (Version: 1.19.6 - Electronic Arts)
Die Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.67.2 - Electronic Arts)
Die Sims™ 3 Design-Garten-Accessoires (HKLM-x32\...\{117B6BF6-82C3-420C-B284-9247C8568E53}) (Version: 7.0.55 - Electronic Arts)
Die Sims™ 3 Einfach tierisch (HKLM-x32\...\{C12631C6-804D-4B32-B0DD-8A496462F106}) (Version: 10.0.96 - Electronic Arts)
Die Sims™ 3 Gib Gas-Accessoires (HKLM-x32\...\{ED436EA8-4145-4703-AE5D-4D09DD24AF5A}) (Version: 5.0.44 - Electronic Arts)
Die Sims™ 3 Inselparadies (HKLM-x32\...\{DB21639E-FE55-432C-BCA2-0C5249E3F79E}) (Version: 19.0.101 - Electronic Arts)
Die Sims™ 3 Into the Future (HKLM-x32\...\{A0BBD6C7-B546-4048-B33A-F21F5C9F5B09}) (Version: 21.0.150 - Electronic Arts)
Die Sims™ 3 Jahreszeiten (HKLM-x32\...\{3DE92282-CB49-434F-81BF-94E5B380E889}) (Version: 16.0.136 - Electronic Arts)
Die Sims™ 3 Late Night (HKLM-x32\...\{45057FCE-5784-48BE-8176-D9D00AF56C3C}) (Version: 6.0.81 - Electronic Arts)
Die Sims™ 3 Lebensfreude (HKLM-x32\...\{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}) (Version: 8.0.152 - Electronic Arts)
Die Sims™ 3 Reiseabenteuer (HKLM-x32\...\{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}) (Version: 2.0.86 - Electronic Arts)
Die Sims™ 3 Showtime (HKLM-x32\...\{3BBFD444-5FAB-49F6-98B1-A1954E831399}) (Version: 12.0.273 - Electronic Arts)
Die Sims™ 3 Stadt-Accessoires (HKLM-x32\...\{7B11296A-F894-449C-8DF6-6AAAA7D4D118}) (Version: 9.0.73 - Electronic Arts)
Die Sims™ 3 Supernatural (HKLM-x32\...\{B37DAFA5-717D-41F8-BDFB-3A4B68C0B3A1}) (Version: 15.0.135 - Electronic Arts)
Die Sims™ 3 Traumkarrieren (HKLM-x32\...\{910F4A29-1134-49E0-AD8B-56E4A3152BD1}) (Version: 4.0.87 - Electronic Arts)
Die Sims™ 3 Traumsuite-Accessoires (HKLM-x32\...\{08A25478-C5DD-4EA7-B168-3D687CA987FF}) (Version: 11.0.84 - Electronic Arts)
Die Sims™ 3 Wildes Studentenleben (HKLM-x32\...\{F26DE8EF-F2CF-40DC-8CDA-CC0D82D11B36}) (Version: 18.0.126 - Electronic Arts)
Firestorm-Beta (remove only) (HKLM-x32\...\Firestorm-Beta) (Version: 4.5.1.38838 - The Phoenix Firestorm Project, Inc.)
FRITZ!Box starter (HKLM-x32\...\{4E9F7AD8-E3EC-4636-BD25-A5AD97E73C64}) (Version: 2.04.02 - AVM Berlin)
GIMP 2.8.4 (HKLM\...\GIMP-2_is1) (Version: 2.8.4 - The GIMP Team)
Google Chrome (HKCU\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation)
Intel(R) Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.00.01.1002 - Intel Corporation)
iTunes (HKLM\...\{96B53CA8-5ABB-49D8-96F1-F6C0D73A76C6}) (Version: 11.1.4.62 - Apple Inc.)
Java Auto Updater (x32 Version: 2.0.7.2 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 37 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216035FF}) (Version: 6.0.370 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 4.0.14 - Acer Inc.)
Lexmark  (HKLM-x32\...\{D2C5E510-BE6D-42CC-9F61-E4F939078474}) (Version: 1.0.0.0 - )
Malwarebytes Anti-Malware Version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
MobileMe Control Panel (HKLM\...\{AF5020D9-116A-46AC-A922-087592F37EC9}) (Version: 3.1.8.0 - Apple Inc.)
Mozilla Firefox 17.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 17.0.1 (x86 de)) (Version: 17.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 17.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MyHeritage Family Tree Builder (HKLM-x32\...\Family Tree Builder) (Version: 5.1.0.5365 - MyHeritage.com)
MyWinLocker (x32 Version: 3.1.212.0 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}) (Version: 3.1.212.0 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 3.1.212.0 - Egis Technology Inc.) Hidden
NTI Backup Now 5 (HKLM-x32\...\InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}) (Version: 5.1.2.630 - NewTech Infosystems)
NTI Backup Now Standard (x32 Version: 5.1.2.630 - NewTech Infosystems) Hidden
NVIDIA PhysX (HKLM-x32\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA Corporation)
OpenOffice.org 3.4.1 (HKLM-x32\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.1.12.73 - Electronic Arts, Inc.)
ProtectDisc Driver, Version 11 (HKLM-x32\...\ProtectDisc Driver 11) (Version: 11.0.0.14 - ProtectDisc Software GmbH)
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6167 - Realtek Semiconductor Corp.)
Revo Uninstaller Pro 3.0.5 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.0.5 - VS Revo Group, Ltd.)
Safari (HKLM-x32\...\{FA4C2D53-205F-4245-9717-F3761154824D}) (Version: 5.34.57.2 - Apple Inc.)
SecondLifeViewer (remove only) (HKLM-x32\...\SecondLifeViewer) (Version:  - )
Shredder (Version: 2.0.8.3 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.3 - Egis Technology Inc.) Hidden
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Special Uninstaller version 2.0 (HKLM-x32\...\{46744C87-EE41-4BA3-A444-C2DECC145FC0}_is1) (Version: 2.0 - hxxp://www.specialuninstaller.com/)
Stellarium 0.10.6.1 (HKLM-x32\...\Stellarium_is1) (Version:  - )
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TuneUp Utilities Language Pack (de-DE) (x32 Version: 12.0.2150.38 - TuneUp Software) Hidden
Two Worlds (HKLM-x32\...\Two Worlds) (Version: 1.7.0 - )
Überwachungstool für die Intel® Turbo-Boost-Technik (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.186.6 - Intel)
V-bates 2.0.0.437 (HKLM\...\{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}_is1) (Version: 2.0.0.437 - Southstarco) <==== ATTENTION
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3007 - Acer Incorporated)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR 5.01 (32-Bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
World of Tanks (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812EU}_is1) (Version:  - Wargaming.net)

==================== Restore Points  =========================

04-03-2014 19:46:09 Windows Update
11-03-2014 23:03:46 Windows Update
13-03-2014 23:31:16 Windows Update

==================== Hosts content: ==========================

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {164683AD-2FE4-471A-92A4-04DC7BEB9095} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2012-09-17] (Sun Microsystems, Inc.)
Task: {2EB69C82-7495-4E58-89F7-3480F3A068FA} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {30BA6EE9-4085-4F10-B432-755736BCE78A} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {33FA35C0-CAC5-4CFD-A861-940C667E7AA6} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2013-11-20] (Apple Inc.)
Task: {3EBD61EC-5E50-4D29-AF49-5F55366EAFF8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-17] (Google Inc.)
Task: {5D411304-F25A-40C1-8C9F-251B27BC5577} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {6689D1FB-B536-4853-873D-657F79BCC95B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3766026839-3968851945-2601719143-1001Core => C:\Users\Gerrit Lamade\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-08] (Google Inc.)
Task: {7A22BD6C-A424-4F14-93BA-BFFC266D1BBD} - System32\Tasks\Google Updater and Installer => C:\Users\Gerrit Lamade\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-08] (Google Inc.)
Task: {8B1F0054-C423-4A1D-9D62-A77C6A06FF72} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21] (Adobe Systems Incorporated)
Task: {8B5F4C5C-1525-470B-96A0-CC18862D9774} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\TuneUp Utilities 2013\OneClick.exe
Task: {9AF88E3D-C04C-4F02-899D-52E4916E5C50} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe
Task: {B927DF22-858B-4441-99E0-75D3321C026E} - System32\Tasks\Installation App Launcher => C:\Program Files (x86)\Lexmark 4900 Series\lxdramon.exe
Task: {D2F0C7B5-22A3-424B-A187-F013AD86BCB7} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3766026839-3968851945-2601719143-1001UA => C:\Users\Gerrit Lamade\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-08] (Google Inc.)
Task: {EA03E232-72E7-40BE-B11D-B11F5359EFB8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-17] (Google Inc.)
Task: {FF0E51D3-D916-4C42-A4ED-84071384B6BF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-11] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3766026839-3968851945-2601719143-1001Core.job => C:\Users\Gerrit Lamade\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3766026839-3968851945-2601719143-1001UA.job => C:\Users\Gerrit Lamade\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-08-17 13:40 - 2012-07-31 10:31 - 00087152 _____ () C:\Windows\System32\cpwmon64.dll
2012-10-02 05:15 - 2008-05-16 16:12 - 00147456 _____ () C:\Windows\system32\spool\PRTPROCS\x64\lxdrdrpp.dll
2011-06-16 20:11 - 2011-06-16 20:11 - 01053848 _____ () C:\Windows\SysWOW64\ieconfig_1und1_svc.exe
2012-10-05 15:28 - 2012-10-05 15:16 - 00397088 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2014-02-06 00:52 - 2014-02-06 00:52 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-06 00:52 - 2014-02-06 00:52 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2010-06-29 00:20 - 2010-06-29 00:20 - 00465576 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
2010-06-29 00:12 - 2010-06-29 00:12 - 01081600 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\ACE.dll
2013-09-14 00:51 - 2013-09-14 00:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 00:50 - 2013-09-14 00:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
2012-10-05 15:28 - 2012-06-22 13:52 - 00447848 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\libxml2.dll
2012-10-05 15:28 - 2012-06-22 13:51 - 00060264 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\cares.dll
2014-03-17 17:56 - 2014-03-15 01:50 - 00051016 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\chrome_elf.dll
2014-03-17 17:56 - 2014-03-15 01:50 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libglesv2.dll
2014-03-17 17:56 - 2014-03-15 01:50 - 00100168 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libegl.dll
2014-03-17 17:56 - 2014-03-15 01:50 - 04061000 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll
2014-03-17 17:56 - 2014-03-15 01:50 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ffmpegsumo.dll
2014-03-17 17:56 - 2014-03-15 01:50 - 00394568 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll
2014-03-17 17:56 - 2014-03-15 01:50 - 13637448 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\Temp:4D066AD2
AlternateDataStreams: C:\ProgramData\Temp:5D7E5A8F
AlternateDataStreams: C:\ProgramData\Temp:798A3728
AlternateDataStreams: C:\ProgramData\Temp:93EB7685
AlternateDataStreams: C:\ProgramData\Temp:E1F04E8D
AlternateDataStreams: C:\ProgramData\Temp:E3C56885

==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============

MSCONFIG\Services: clr_optimization_v4.0.30319_32 => 2
MSCONFIG\Services: clr_optimization_v4.0.30319_64 => 2
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"                                                                                                                                                                                                         
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: Apoint => C:\Program Files\Apoint2K\Apoint.exe
MSCONFIG\startupreg: AppleSyncNotifier => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe                                                                                                                                                                                    
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"                                                                                                                                                                                      
MSCONFIG\startupreg: BackupManagerTray => "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
MSCONFIG\startupreg: DIMUpdate wird heruntergeladen...1300677038425 => "c:\Program Files (x86)\Corel\CorelDRAW Graphics Suite X5\PHOTO-PAINT\DIM.exe" "c:\programdata\corel\downloads\540215253_907002\1300677038425\dim_params.xml" -Launch=3 -uibase="c:\users\gerrit lamade\appdata\roaming\corel\messages\540215253_907002\de\messagecache2\workflow"
MSCONFIG\startupreg: EADM => "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart                                                                                                                                                                                                                    
MSCONFIG\startupreg: EgisTecPMMUpdate => "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
MSCONFIG\startupreg: EgisUpdate => "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
MSCONFIG\startupreg: Family Tree Builder Update => C:\Program Files (x86)\MyHeritage\Bin\FTBCheckUpdates.exe                                                                                                                                                                                                                
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: LManager => C:\Program Files (x86)\Launch Manager\LManager.exe                                                                                                                                                                                                                       
MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
MSCONFIG\startupreg: mwlDaemon => C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
MSCONFIG\startupreg: Norton Online Backup => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
MSCONFIG\startupreg: SuiteTray => "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
MSCONFIG\startupreg: SweetIM => C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe                                                                                                                                                                                                                     

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/16/2014 07:00:12 PM) (Source: Windows Backup) (User: )
Description: Die Sicherung wurde aufgrund eines Fehlers beim Schreiben am Sicherungsspeicherort "F:\" nicht abgeschlossen. Fehler: "Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)"

Error: (03/14/2014 08:17:44 PM) (Source: Application Hang) (User: )
Description: Programm mbam.exe, Version 1.75.0.1 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 3e4

Startzeit: 01cf3fb9ce9526d2

Endzeit: 0

Anwendungspfad: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

Berichts-ID: 4ab812b9-abad-11e3-9ec3-206a8a2a6533

Error: (03/14/2014 08:13:29 PM) (Source: Application Hang) (User: )
Description: Programm Firestorm-Beta.exe, Version 4.5.1.38838 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1700

Startzeit: 01cf3fb8a256e0b0

Endzeit: 430

Anwendungspfad: C:\Program Files (x86)\Firestorm-Beta\Firestorm-Beta.exe

Berichts-ID: b74c74f1-abac-11e3-9ec3-206a8a2a6533

Error: (03/14/2014 08:13:20 PM) (Source: Chrome) (User: GerritLamade-PC)
Description: Chrome has encountered a fatal error.
ver=33.0.1750.146;lang=;id=;is_machine=0;oop=1;upload=1;minidump=C:\Users\Gerrit Lamade\AppData\Local\Google\CrashReports\9dcd9080-9368-48eb-bcb0-448c263e100f.dmp

Error: (03/14/2014 07:59:00 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (03/14/2014 00:30:49 AM) (Source: Chrome) (User: GerritLamade-PC)
Description: Chrome has encountered a fatal error.
ver=33.0.1750.146;lang=;id=;is_machine=0;oop=1;upload=1;minidump=C:\Users\Gerrit Lamade\AppData\Local\Google\CrashReports\236aabde-15d2-4c6a-b9f7-8732aa55c21c.dmp

Error: (03/13/2014 10:29:20 PM) (Source: Application Hang) (User: )
Description: Programm Firestorm-Beta.exe, Version 4.5.1.38838 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1488

Startzeit: 01cf3eec0c6125d3

Endzeit: 310

Anwendungspfad: C:\Program Files (x86)\Firestorm-Beta\Firestorm-Beta.exe

Berichts-ID: 8516e107-aaf6-11e3-8da1-206a8a2a6533

Error: (03/13/2014 10:27:39 PM) (Source: Chrome) (User: GerritLamade-PC)
Description: Chrome has encountered a fatal error.
ver=33.0.1750.146;lang=;id=;is_machine=0;oop=1;upload=1;minidump=C:\Users\Gerrit Lamade\AppData\Local\Google\CrashReports\a39449dd-21ce-4d49-a2cc-d2c4470fd624.dmp

Error: (03/11/2014 07:31:05 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (03/10/2014 09:07:47 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.


System errors:
=============
Error: (03/16/2014 08:28:20 AM) (Source: bowser) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{C5A43996-6F64-4FED-AF68-A42D71AC0434}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (03/15/2014 03:31:10 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Microsoft .NET Framework NGEN v4.0.30319_X86 erreicht.

Error: (03/13/2014 10:34:49 PM) (Source: bowser) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{C5A43996-6F64-4FED-AF68-A42D71AC0434}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (03/11/2014 07:01:57 AM) (Source: bowser) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{C5A43996-6F64-4FED-AF68-A42D71AC0434}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (03/08/2014 07:00:51 AM) (Source: bowser) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{C5A43996-6F64-4FED-AF68-A42D71AC0434}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (03/07/2014 07:13:46 AM) (Source: bowser) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{C5A43996-6F64-4FED-AF68-A42D71AC0434}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (03/06/2014 07:13:18 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Microsoft .NET Framework NGEN v4.0.30319_X86 erreicht.

Error: (03/06/2014 07:14:36 AM) (Source: bowser) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{C5A43996-6F64-4FED-AF68-A42D71AC0434}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (03/05/2014 06:27:23 AM) (Source: bowser) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{C5A43996-6F64-4FED-AF68-A42D71AC0434}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (03/04/2014 07:46:19 AM) (Source: bowser) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{C5A43996-6F64-4FED-AF68-A42D71AC0434}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.


Microsoft Office Sessions:
=========================
Error: (03/16/2014 07:00:12 PM) (Source: Windows Backup)(User: )
Description: F:\Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)

Error: (03/14/2014 08:17:44 PM) (Source: Application Hang)(User: )
Description: mbam.exe1.75.0.13e401cf3fb9ce9526d20C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe4ab812b9-abad-11e3-9ec3-206a8a2a6533

Error: (03/14/2014 08:13:29 PM) (Source: Application Hang)(User: )
Description: Firestorm-Beta.exe4.5.1.38838170001cf3fb8a256e0b0430C:\Program Files (x86)\Firestorm-Beta\Firestorm-Beta.exeb74c74f1-abac-11e3-9ec3-206a8a2a6533

Error: (03/14/2014 08:13:20 PM) (Source: Chrome)(User: GerritLamade-PC)
Description: Chrome has encountered a fatal error.
ver=33.0.1750.146;lang=;id=;is_machine=0;oop=1;upload=1;minidump=C:\Users\Gerrit Lamade\AppData\Local\Google\CrashReports\9dcd9080-9368-48eb-bcb0-448c263e100f.dmp

Error: (03/14/2014 07:59:00 PM) (Source: SideBySide)(User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (03/14/2014 00:30:49 AM) (Source: Chrome)(User: GerritLamade-PC)
Description: Chrome has encountered a fatal error.
ver=33.0.1750.146;lang=;id=;is_machine=0;oop=1;upload=1;minidump=C:\Users\Gerrit Lamade\AppData\Local\Google\CrashReports\236aabde-15d2-4c6a-b9f7-8732aa55c21c.dmp

Error: (03/13/2014 10:29:20 PM) (Source: Application Hang)(User: )
Description: Firestorm-Beta.exe4.5.1.38838148801cf3eec0c6125d3310C:\Program Files (x86)\Firestorm-Beta\Firestorm-Beta.exe8516e107-aaf6-11e3-8da1-206a8a2a6533

Error: (03/13/2014 10:27:39 PM) (Source: Chrome)(User: GerritLamade-PC)
Description: Chrome has encountered a fatal error.
ver=33.0.1750.146;lang=;id=;is_machine=0;oop=1;upload=1;minidump=C:\Users\Gerrit Lamade\AppData\Local\Google\CrashReports\a39449dd-21ce-4d49-a2cc-d2c4470fd624.dmp

Error: (03/11/2014 07:31:05 AM) (Source: SideBySide)(User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (03/10/2014 09:07:47 PM) (Source: SideBySide)(User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3


==================== Memory info =========================== 

Percentage of memory in use: 63%
Total physical RAM: 3956.5 MB
Available physical RAM: 1463.17 MB
Total Pagefile: 7911.17 MB
Available Pagefile: 5016.88 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:451.01 GB) (Free:200.8 GB) NTFS
Drive d: (EasyBox 803 Handbuch) (CDROM) (Total:0.01 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 466 GB) (Disk ID: D988D988)

Partition: GPT Partition Type.

==================== End Of Log ============================
         
Logdatei Malwarebytes vom 18.03.2014:

Code:
ATTFilter
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2014.03.14.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Gerrit Lamade :: GERRITLAMADE-PC [Administrator]

18.03.2014 07:53:07
mbam-log-2014-03-18 (07-53-07).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 492899
Laufzeit: 2 Stunde(n), 38 Minute(n), 47 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
logdatei Malwarebytes vom 15.03.2014

Code:
ATTFilter
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2014.03.14.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Gerrit Lamade :: GERRITLAMADE-PC [Administrator]

15.03.2014 07:03:53
mbam-log-2014-03-15 (07-03-53).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 490794
Laufzeit: 3 Stunde(n), 9 Minute(n), 3 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
__________________

Alt 18.03.2014, 10:56   #4
berufspyroma
 
BKA Trojaner aktuelle Infizierung - Standard

BKA Trojaner aktuelle Infizierung



FRST
FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Gerrit Lamade (administrator) on GERRITLAMADE-PC on 18-03-2014 09:34:37
Running from C:\Users\Gerrit Lamade\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(AVM Berlin) C:\Program Files (x86)\1&1\IGDCTRL.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
( ) C:\Windows\system32\lxdrcoms.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(NTI, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(Protexis Inc.) c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
() C:\Windows\SysWOW64\ieconfig_1und1_svc.exe
(Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Google Inc.) C:\Users\Gerrit Lamade\AppData\Local\Google\Update\1.3.22.5\GoogleCrashHandler.exe
(Google Inc.) C:\Users\Gerrit Lamade\AppData\Local\Google\Update\1.3.22.5\GoogleCrashHandler64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Avira Operations GmbH & Co. KG) C:\program files (x86)\avira\antivir desktop\avcenter.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11101800 2010-07-29] (Realtek Semiconductor)
HKLM\...\Run: [Acer ePower Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [861216 2010-06-11] (Acer Incorporated)
HKLM\...\Run: [AmIcoSinglun64] - C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [324608 2010-06-10] (Alcor Micro Corp.)
HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\System32\LogiLDA.dll [1832760 2012-09-20] (Logitech, Inc.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-03-11] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-06] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-06] (Apple Inc.)
HKU\S-1-5-19\...\Run: [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-3766026839-3968851945-2601719143-1001\...\Run: [Google Update] - C:\Users\Gerrit Lamade\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2012-09-08] (Google Inc.)
HKU\S-1-5-21-3766026839-3968851945-2601719143-1001\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-3766026839-3968851945-2601719143-1001\...\Run: [ApplePhotoStreams] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-3766026839-3968851945-2601719143-1001\...\Policies\Explorer: [DisallowRun] 1
AppInit_DLLs-x32: c:\progra~3\browse~1\251005~1.80\{c16c1~1\browse~1.dll => "c:\progra~3\browse~1\251005~1.80\{c16c1~1\browse~1.dll" File Not Found

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.giga.de/
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.myheritage.com
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=horus
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=horus
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://search.babylon.com/?q={searchTerms}&affID=112670&tt=5112_3&babsrc=SP_sst&mntrId=f89a7ba90000000000002a7c8f55afac
SearchScopes: HKCU - {A899DAE3-52DB-4A99-A663-6787560641B9} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ARS&o=15084&src=crm&q={searchTerms}&locale=&apn_ptnrs=AG&apn_dtid=YYYYYYYYDE&apn_uid=0A45FA5A-3A01-45BD-A801-01D5D15C7239&apn_sauid=7E274702-7552-4A85-BE8D-B2DC7F15F23B
BHO: V-bates - {21EAF666-26B3-4a3c-ABD0-CA2F5A326744} - C:\Program Files\V-bates\Extension64.dll No File
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Lexmark  - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()
BHO-x32: 1&&1 Internet AG Browser Configuration by mquadr.at - {D48FF4B4-E68F-47D1-8E25-81A0F0EEB341} - C:\Windows\SysWow64\ieconfig_1und1.dll (mquadr.at software engineering und consulting GmbH)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
DPF: HKLM-x32 {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} hxxp://www.myheritage.de/Genoogle/Components/ActiveX/SearchEngineQuery.dll
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 10 C:\Program Files (x86)\1&1\\sarah.dll [24880] (AVM Berlin)
Winsock: Catalog9 02 C:\Program Files (x86)\1&1\\sarah.dll [24880] (AVM Berlin)
Winsock: Catalog9 03 C:\Program Files (x86)\1&1\\sarah.dll [24880] (AVM Berlin)
Winsock: Catalog9 04 C:\Program Files (x86)\1&1\\sarah.dll [24880] (AVM Berlin)
Winsock: Catalog9 23 C:\Program Files (x86)\1&1\\sarah.dll [24880] (AVM Berlin)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Gerrit Lamade\AppData\Roaming\Mozilla\Firefox\Profiles\qxttwuha.default
FF Homepage: hxxp://search.babylon.com/?affID=112670&tt=5112_3&babsrc=HP_sst&mntrId=f89a7ba90000000000002a7c8f55afac|hxxp://www.giga.de/
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_37 - C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Gerrit Lamade\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Gerrit Lamade\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Users\Gerrit Lamade\AppData\Roaming\Mozilla\Firefox\Profiles\qxttwuha.default\searchplugins\askcom.xml
FF SearchPlugin: C:\Users\Gerrit Lamade\AppData\Roaming\Mozilla\Firefox\Profiles\qxttwuha.default\searchplugins\babylon1.xml
FF SearchPlugin: C:\Users\Gerrit Lamade\AppData\Roaming\Mozilla\Firefox\Profiles\qxttwuha.default\searchplugins\sweetim.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
FF Extension: General Crawler - C:\Users\Gerrit Lamade\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com [2012-05-22]
FF Extension: Amazon-Icon - C:\Users\Gerrit Lamade\AppData\Roaming\Mozilla\Firefox\Profiles\qxttwuha.default\Extensions\amazon-icon@giga.de [2013-12-13]
FF Extension: Ant Video Downloader - C:\Users\Gerrit Lamade\AppData\Roaming\Mozilla\Firefox\Profiles\qxttwuha.default\Extensions\anttoolbar@ant.com [2014-01-11]
FF Extension: pricealarm - C:\Users\Gerrit Lamade\AppData\Roaming\Mozilla\Firefox\Profiles\qxttwuha.default\Extensions\EFGLQA@78ETGYN-0W7FN789T87.COM [2014-01-11]
FF Extension: 1Click Downloader - C:\Users\Gerrit Lamade\AppData\Roaming\Mozilla\Firefox\Profiles\qxttwuha.default\Extensions\OneClickDownloader@OneClickDownloader.com.xpi [2012-05-22]
FF Extension: Yontoo - C:\Users\Gerrit Lamade\AppData\Roaming\Mozilla\Firefox\Profiles\qxttwuha.default\Extensions\plugin@yontoo.com.xpi [2013-06-04]
FF Extension: Adblock Plus - C:\Users\Gerrit Lamade\AppData\Roaming\Mozilla\Firefox\Profiles\qxttwuha.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-09-07]
FF Extension: SweetPacks Toolbar for Firefox - C:\Users\Gerrit Lamade\AppData\Roaming\Mozilla\Firefox\Profiles\qxttwuha.default\Extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi [2012-05-22]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012-09-10]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2012-10-18]
FF HKLM\...\Firefox\Extensions: [{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}] - C:\Program Files\V-bates\Firefox

Chrome: 
=======
CHR DefaultSearchURL: https://www.google.com/search?q={searchTerms}&ie=utf-8&oe=utf-8&aq=t&q={searchTerms}&ie=utf-8&oe=utf-8&aq=t&channel=fflb&q={searchTerms}&ie=utf-8&oe=utf-8&aq=t&channel=rcs
CHR DefaultNewTabURL: 
CHR Extension: (Google Docs) - C:\Users\Gerrit Lamade\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-17]
CHR Extension: (Google Drive) - C:\Users\Gerrit Lamade\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-17]
CHR Extension: (YouTube) - C:\Users\Gerrit Lamade\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-17]
CHR Extension: (Google-Suche) - C:\Users\Gerrit Lamade\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-17]
CHR Extension: (General Crawler) - C:\Users\Gerrit Lamade\AppData\Local\Google\Chrome\User Data\Default\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel [2012-09-08]
CHR Extension: (Amazon-Icon) - C:\Users\Gerrit Lamade\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkcedibhemacmilmkpndpkoidlnmgngg [2013-12-13]
CHR Extension: (Google Wallet) - C:\Users\Gerrit Lamade\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Google Mail) - C:\Users\Gerrit Lamade\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-17]
CHR HKLM-x32\...\Chrome\Extension: [dednnpigldgdbpgcdpfppmlcnnbjciel] - C:\Users\Gerrit Lamade\AppData\Roaming\Media Finder\Extensions\gencrawler_gc.crx [2012-05-22]
CHR HKLM-x32\...\Chrome\Extension: [jplinpmadfkdgipabgcdchbdikologlh] - C:\Program Files (x86)\1ClickDownload\1click12.crx [2012-05-22]
CHR HKLM-x32\...\Chrome\Extension: [lpmkgpnbiojfaoklbkpfneikocaobfai] - C:\Users\Gerrit Lamade\AppData\Roaming\Media Finder\Extensions\mf_plugin_gc.crx [2012-05-22]
CHR HKLM-x32\...\Chrome\Extension: [mkcedibhemacmilmkpndpkoidlnmgngg] - C:\Users\Gerrit Lamade\ChromeExtensions\mkcedibhemacmilmkpndpkoidlnmgngg\amazon.crx [2013-12-13]

==================== Services (Whitelisted) =================

R2 AntiVirFirewallService; C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe [1012280 2013-12-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe [896592 2014-03-11] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-03-11] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-03-11] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1017424 2014-03-11] (Avira Operations GmbH & Co. KG)
R2 IGDCTRL; C:\Program Files (x86)\1&1\IGDCTRL.EXE [87344 2007-10-25] (AVM Berlin)
R2 lxdr_device; C:\Windows\system32\lxdrcoms.exe [1040552 2008-05-16] ( )
S4 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-05-27] (Egis Technology Inc.)
R2 NTISchedulerSvc; C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [144640 2010-04-17] (NTI, Inc.)
R2 serviceIEConfig; C:\Windows\SysWOW64\ieconfig_1und1_svc.exe [1053848 2011-06-16] ()

==================== Drivers (Whitelisted) ====================

R3 avfwim; C:\Windows\System32\DRIVERS\avfwim.sys [114608 2013-02-12] (Avira GmbH)
R1 avfwot; C:\Windows\System32\DRIVERS\avfwot.sys [141376 2013-02-12] (Avira GmbH)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] ()
S3 AmUStor; \SystemRoot\system32\drivers\AmUStor.SYS [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-18 09:34 - 2014-03-18 09:36 - 00020045 _____ () C:\Users\Gerrit Lamade\Downloads\FRST.txt
2014-03-18 09:33 - 2014-03-18 09:34 - 00000000 ____D () C:\FRST
2014-03-18 09:32 - 2014-03-18 09:33 - 02157056 _____ (Farbar) C:\Users\Gerrit Lamade\Downloads\FRST64.exe
2014-03-17 17:56 - 2014-03-17 17:56 - 00002255 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-17 17:55 - 2014-03-18 09:00 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-17 17:55 - 2014-03-18 05:31 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-17 17:55 - 2014-03-17 17:55 - 00004120 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-17 17:55 - 2014-03-17 17:55 - 00003868 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-17 17:54 - 2014-03-17 17:56 - 00000000 ____D () C:\Program Files (x86)\Google
2014-03-17 17:54 - 2014-03-17 17:54 - 00847848 _____ (Google Inc.) C:\Users\Gerrit Lamade\Downloads\ChromeSetup.exe
2014-03-13 21:31 - 2014-02-07 02:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-13 21:31 - 2014-02-04 03:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-13 21:31 - 2014-02-04 03:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-13 21:31 - 2014-02-04 03:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-13 21:31 - 2014-02-04 03:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-13 21:31 - 2014-01-29 03:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-13 21:31 - 2014-01-29 03:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-13 21:31 - 2014-01-28 03:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-04 20:46 - 2014-03-04 20:46 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-01 11:34 - 2014-03-18 05:31 - 00002464 _____ () C:\Windows\setupact.log
2014-03-01 11:34 - 2014-03-01 11:34 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-20 22:44 - 2014-02-20 22:44 - 00001787 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-02-20 22:42 - 2014-02-20 22:43 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-02-20 22:42 - 2014-02-20 22:42 - 00000000 ____D () C:\Program Files\iPod
2014-02-16 15:16 - 2014-02-16 15:16 - 00016192 _____ () C:\Users\Gerrit Lamade\AppData\Local\recently-used.xbel

==================== One Month Modified Files and Folders =======

2014-03-18 09:36 - 2014-03-18 09:34 - 00020045 _____ () C:\Users\Gerrit Lamade\Downloads\FRST.txt
2014-03-18 09:34 - 2014-03-18 09:33 - 00000000 ____D () C:\FRST
2014-03-18 09:33 - 2014-03-18 09:32 - 02157056 _____ (Farbar) C:\Users\Gerrit Lamade\Downloads\FRST64.exe
2014-03-18 09:16 - 2011-01-08 16:29 - 01989377 _____ () C:\Windows\WindowsUpdate.log
2014-03-18 09:08 - 2012-09-08 20:22 - 00001152 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3766026839-3968851945-2601719143-1001UA.job
2014-03-18 09:00 - 2014-03-17 17:55 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-18 08:53 - 2012-09-08 20:02 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-18 08:44 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\tracing
2014-03-18 05:40 - 2009-07-14 05:45 - 00017376 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-18 05:40 - 2009-07-14 05:45 - 00017376 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-18 05:31 - 2014-03-17 17:55 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-18 05:31 - 2014-03-01 11:34 - 00002464 _____ () C:\Windows\setupact.log
2014-03-18 05:31 - 2013-06-02 07:57 - 00177758 _____ () C:\Windows\PFRO.log
2014-03-18 05:31 - 2012-09-08 20:23 - 00002255 _____ () C:\Users\Gerrit Lamade\Desktop\Google Chrome.lnk
2014-03-18 05:31 - 2011-06-13 14:21 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2014-03-18 05:31 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-17 22:06 - 2013-05-07 17:26 - 00000000 ____D () C:\Users\Gerrit Lamade\AppData\Local\Firestorm
2014-03-17 17:56 - 2014-03-17 17:56 - 00002255 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-17 17:56 - 2014-03-17 17:54 - 00000000 ____D () C:\Program Files (x86)\Google
2014-03-17 17:55 - 2014-03-17 17:55 - 00004120 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-17 17:55 - 2014-03-17 17:55 - 00003868 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-17 17:54 - 2014-03-17 17:54 - 00847848 _____ (Google Inc.) C:\Users\Gerrit Lamade\Downloads\ChromeSetup.exe
2014-03-16 13:08 - 2012-09-08 20:22 - 00001100 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3766026839-3968851945-2601719143-1001Core.job
2014-03-14 15:43 - 2011-01-09 01:21 - 00652000 _____ () C:\Windows\system32\perfh007.dat
2014-03-14 15:43 - 2011-01-09 01:21 - 00136924 _____ () C:\Windows\system32\perfc007.dat
2014-03-14 15:43 - 2009-07-14 06:13 - 01494422 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-14 05:33 - 2013-06-02 07:57 - 00375168 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-14 05:32 - 2012-05-10 07:12 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-14 05:32 - 2010-11-19 04:46 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-11 18:53 - 2012-09-08 20:02 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-11 18:53 - 2012-09-08 20:02 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-11 18:53 - 2012-09-08 20:02 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-10 07:33 - 2011-05-10 21:34 - 00000000 ____D () C:\Bilder
2014-03-05 05:31 - 2009-07-14 06:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-03-04 20:46 - 2014-03-04 20:46 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-04 20:46 - 2011-05-09 17:58 - 00000000 ____D () C:\ProgramData\Skype
2014-03-01 11:34 - 2014-03-01 11:34 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-28 23:18 - 2011-05-09 17:36 - 01468702 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-20 22:44 - 2014-02-20 22:44 - 00001787 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-02-20 22:43 - 2014-02-20 22:42 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-02-20 22:43 - 2011-09-20 10:06 - 00000000 ____D () C:\Program Files\iTunes
2014-02-20 22:43 - 2011-08-14 22:01 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-02-20 22:42 - 2014-02-20 22:42 - 00000000 ____D () C:\Program Files\iPod
2014-02-20 22:31 - 2011-05-19 21:53 - 00000000 ____D () C:\ProgramData\Apple
2014-02-19 09:15 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-02-16 22:48 - 2013-07-28 21:17 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-16 22:46 - 2011-06-05 16:34 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-16 15:16 - 2014-02-16 15:16 - 00016192 _____ () C:\Users\Gerrit Lamade\AppData\Local\recently-used.xbel
2014-02-16 15:16 - 2012-07-19 19:49 - 00000000 ____D () C:\Users\Gerrit Lamade\.gimp-2.8
2014-02-16 13:03 - 2012-09-08 20:22 - 00004138 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3766026839-3968851945-2601719143-1001UA
2014-02-16 13:03 - 2012-09-08 20:22 - 00003742 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3766026839-3968851945-2601719143-1001Core

Some content of TEMP:
====================
C:\Users\Gerrit Lamade\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-10 21:05

==================== End Of Log ============================
         
--- --- ---


FRST Scan:


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Gerrit Lamade (administrator) on GERRITLAMADE-PC on 18-03-2014 09:34:37
Running from C:\Users\Gerrit Lamade\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(AVM Berlin) C:\Program Files (x86)\1&1\IGDCTRL.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
( ) C:\Windows\system32\lxdrcoms.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(NTI, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(Protexis Inc.) c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
() C:\Windows\SysWOW64\ieconfig_1und1_svc.exe
(Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Google Inc.) C:\Users\Gerrit Lamade\AppData\Local\Google\Update\1.3.22.5\GoogleCrashHandler.exe
(Google Inc.) C:\Users\Gerrit Lamade\AppData\Local\Google\Update\1.3.22.5\GoogleCrashHandler64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Avira Operations GmbH & Co. KG) C:\program files (x86)\avira\antivir desktop\avcenter.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11101800 2010-07-29] (Realtek Semiconductor)
HKLM\...\Run: [Acer ePower Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [861216 2010-06-11] (Acer Incorporated)
HKLM\...\Run: [AmIcoSinglun64] - C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [324608 2010-06-10] (Alcor Micro Corp.)
HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\System32\LogiLDA.dll [1832760 2012-09-20] (Logitech, Inc.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-03-11] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-06] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-06] (Apple Inc.)
HKU\S-1-5-19\...\Run: [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-3766026839-3968851945-2601719143-1001\...\Run: [Google Update] - C:\Users\Gerrit Lamade\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2012-09-08] (Google Inc.)
HKU\S-1-5-21-3766026839-3968851945-2601719143-1001\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-3766026839-3968851945-2601719143-1001\...\Run: [ApplePhotoStreams] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-3766026839-3968851945-2601719143-1001\...\Policies\Explorer: [DisallowRun] 1
AppInit_DLLs-x32: c:\progra~3\browse~1\251005~1.80\{c16c1~1\browse~1.dll => "c:\progra~3\browse~1\251005~1.80\{c16c1~1\browse~1.dll" File Not Found

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.giga.de/
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.myheritage.com
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=horus
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=horus
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://search.babylon.com/?q={searchTerms}&affID=112670&tt=5112_3&babsrc=SP_sst&mntrId=f89a7ba90000000000002a7c8f55afac
SearchScopes: HKCU - {A899DAE3-52DB-4A99-A663-6787560641B9} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ARS&o=15084&src=crm&q={searchTerms}&locale=&apn_ptnrs=AG&apn_dtid=YYYYYYYYDE&apn_uid=0A45FA5A-3A01-45BD-A801-01D5D15C7239&apn_sauid=7E274702-7552-4A85-BE8D-B2DC7F15F23B
BHO: V-bates - {21EAF666-26B3-4a3c-ABD0-CA2F5A326744} - C:\Program Files\V-bates\Extension64.dll No File
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Lexmark  - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()
BHO-x32: 1&&1 Internet AG Browser Configuration by mquadr.at - {D48FF4B4-E68F-47D1-8E25-81A0F0EEB341} - C:\Windows\SysWow64\ieconfig_1und1.dll (mquadr.at software engineering und consulting GmbH)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
DPF: HKLM-x32 {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} hxxp://www.myheritage.de/Genoogle/Components/ActiveX/SearchEngineQuery.dll
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 10 C:\Program Files (x86)\1&1\\sarah.dll [24880] (AVM Berlin)
Winsock: Catalog9 02 C:\Program Files (x86)\1&1\\sarah.dll [24880] (AVM Berlin)
Winsock: Catalog9 03 C:\Program Files (x86)\1&1\\sarah.dll [24880] (AVM Berlin)
Winsock: Catalog9 04 C:\Program Files (x86)\1&1\\sarah.dll [24880] (AVM Berlin)
Winsock: Catalog9 23 C:\Program Files (x86)\1&1\\sarah.dll [24880] (AVM Berlin)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Gerrit Lamade\AppData\Roaming\Mozilla\Firefox\Profiles\qxttwuha.default
FF Homepage: hxxp://search.babylon.com/?affID=112670&tt=5112_3&babsrc=HP_sst&mntrId=f89a7ba90000000000002a7c8f55afac|hxxp://www.giga.de/
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_37 - C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Gerrit Lamade\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Gerrit Lamade\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Users\Gerrit Lamade\AppData\Roaming\Mozilla\Firefox\Profiles\qxttwuha.default\searchplugins\askcom.xml
FF SearchPlugin: C:\Users\Gerrit Lamade\AppData\Roaming\Mozilla\Firefox\Profiles\qxttwuha.default\searchplugins\babylon1.xml
FF SearchPlugin: C:\Users\Gerrit Lamade\AppData\Roaming\Mozilla\Firefox\Profiles\qxttwuha.default\searchplugins\sweetim.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
FF Extension: General Crawler - C:\Users\Gerrit Lamade\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com [2012-05-22]
FF Extension: Amazon-Icon - C:\Users\Gerrit Lamade\AppData\Roaming\Mozilla\Firefox\Profiles\qxttwuha.default\Extensions\amazon-icon@giga.de [2013-12-13]
FF Extension: Ant Video Downloader - C:\Users\Gerrit Lamade\AppData\Roaming\Mozilla\Firefox\Profiles\qxttwuha.default\Extensions\anttoolbar@ant.com [2014-01-11]
FF Extension: pricealarm - C:\Users\Gerrit Lamade\AppData\Roaming\Mozilla\Firefox\Profiles\qxttwuha.default\Extensions\EFGLQA@78ETGYN-0W7FN789T87.COM [2014-01-11]
FF Extension: 1Click Downloader - C:\Users\Gerrit Lamade\AppData\Roaming\Mozilla\Firefox\Profiles\qxttwuha.default\Extensions\OneClickDownloader@OneClickDownloader.com.xpi [2012-05-22]
FF Extension: Yontoo - C:\Users\Gerrit Lamade\AppData\Roaming\Mozilla\Firefox\Profiles\qxttwuha.default\Extensions\plugin@yontoo.com.xpi [2013-06-04]
FF Extension: Adblock Plus - C:\Users\Gerrit Lamade\AppData\Roaming\Mozilla\Firefox\Profiles\qxttwuha.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-09-07]
FF Extension: SweetPacks Toolbar for Firefox - C:\Users\Gerrit Lamade\AppData\Roaming\Mozilla\Firefox\Profiles\qxttwuha.default\Extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi [2012-05-22]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012-09-10]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2012-10-18]
FF HKLM\...\Firefox\Extensions: [{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}] - C:\Program Files\V-bates\Firefox

Chrome: 
=======
CHR DefaultSearchURL: https://www.google.com/search?q={searchTerms}&ie=utf-8&oe=utf-8&aq=t&q={searchTerms}&ie=utf-8&oe=utf-8&aq=t&channel=fflb&q={searchTerms}&ie=utf-8&oe=utf-8&aq=t&channel=rcs
CHR DefaultNewTabURL: 
CHR Extension: (Google Docs) - C:\Users\Gerrit Lamade\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-17]
CHR Extension: (Google Drive) - C:\Users\Gerrit Lamade\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-17]
CHR Extension: (YouTube) - C:\Users\Gerrit Lamade\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-17]
CHR Extension: (Google-Suche) - C:\Users\Gerrit Lamade\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-17]
CHR Extension: (General Crawler) - C:\Users\Gerrit Lamade\AppData\Local\Google\Chrome\User Data\Default\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel [2012-09-08]
CHR Extension: (Amazon-Icon) - C:\Users\Gerrit Lamade\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkcedibhemacmilmkpndpkoidlnmgngg [2013-12-13]
CHR Extension: (Google Wallet) - C:\Users\Gerrit Lamade\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Google Mail) - C:\Users\Gerrit Lamade\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-17]
CHR HKLM-x32\...\Chrome\Extension: [dednnpigldgdbpgcdpfppmlcnnbjciel] - C:\Users\Gerrit Lamade\AppData\Roaming\Media Finder\Extensions\gencrawler_gc.crx [2012-05-22]
CHR HKLM-x32\...\Chrome\Extension: [jplinpmadfkdgipabgcdchbdikologlh] - C:\Program Files (x86)\1ClickDownload\1click12.crx [2012-05-22]
CHR HKLM-x32\...\Chrome\Extension: [lpmkgpnbiojfaoklbkpfneikocaobfai] - C:\Users\Gerrit Lamade\AppData\Roaming\Media Finder\Extensions\mf_plugin_gc.crx [2012-05-22]
CHR HKLM-x32\...\Chrome\Extension: [mkcedibhemacmilmkpndpkoidlnmgngg] - C:\Users\Gerrit Lamade\ChromeExtensions\mkcedibhemacmilmkpndpkoidlnmgngg\amazon.crx [2013-12-13]

==================== Services (Whitelisted) =================

R2 AntiVirFirewallService; C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe [1012280 2013-12-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe [896592 2014-03-11] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-03-11] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-03-11] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1017424 2014-03-11] (Avira Operations GmbH & Co. KG)
R2 IGDCTRL; C:\Program Files (x86)\1&1\IGDCTRL.EXE [87344 2007-10-25] (AVM Berlin)
R2 lxdr_device; C:\Windows\system32\lxdrcoms.exe [1040552 2008-05-16] ( )
S4 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-05-27] (Egis Technology Inc.)
R2 NTISchedulerSvc; C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [144640 2010-04-17] (NTI, Inc.)
R2 serviceIEConfig; C:\Windows\SysWOW64\ieconfig_1und1_svc.exe [1053848 2011-06-16] ()

==================== Drivers (Whitelisted) ====================

R3 avfwim; C:\Windows\System32\DRIVERS\avfwim.sys [114608 2013-02-12] (Avira GmbH)
R1 avfwot; C:\Windows\System32\DRIVERS\avfwot.sys [141376 2013-02-12] (Avira GmbH)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] ()
S3 AmUStor; \SystemRoot\system32\drivers\AmUStor.SYS [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-18 09:34 - 2014-03-18 09:36 - 00020045 _____ () C:\Users\Gerrit Lamade\Downloads\FRST.txt
2014-03-18 09:33 - 2014-03-18 09:34 - 00000000 ____D () C:\FRST
2014-03-18 09:32 - 2014-03-18 09:33 - 02157056 _____ (Farbar) C:\Users\Gerrit Lamade\Downloads\FRST64.exe
2014-03-17 17:56 - 2014-03-17 17:56 - 00002255 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-17 17:55 - 2014-03-18 09:00 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-17 17:55 - 2014-03-18 05:31 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-17 17:55 - 2014-03-17 17:55 - 00004120 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-17 17:55 - 2014-03-17 17:55 - 00003868 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-17 17:54 - 2014-03-17 17:56 - 00000000 ____D () C:\Program Files (x86)\Google
2014-03-17 17:54 - 2014-03-17 17:54 - 00847848 _____ (Google Inc.) C:\Users\Gerrit Lamade\Downloads\ChromeSetup.exe
2014-03-13 21:31 - 2014-02-07 02:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-13 21:31 - 2014-02-04 03:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-13 21:31 - 2014-02-04 03:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-13 21:31 - 2014-02-04 03:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-13 21:31 - 2014-02-04 03:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-13 21:31 - 2014-01-29 03:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-13 21:31 - 2014-01-29 03:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-13 21:31 - 2014-01-28 03:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-04 20:46 - 2014-03-04 20:46 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-01 11:34 - 2014-03-18 05:31 - 00002464 _____ () C:\Windows\setupact.log
2014-03-01 11:34 - 2014-03-01 11:34 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-20 22:44 - 2014-02-20 22:44 - 00001787 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-02-20 22:42 - 2014-02-20 22:43 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-02-20 22:42 - 2014-02-20 22:42 - 00000000 ____D () C:\Program Files\iPod
2014-02-16 15:16 - 2014-02-16 15:16 - 00016192 _____ () C:\Users\Gerrit Lamade\AppData\Local\recently-used.xbel

==================== One Month Modified Files and Folders =======

2014-03-18 09:36 - 2014-03-18 09:34 - 00020045 _____ () C:\Users\Gerrit Lamade\Downloads\FRST.txt
2014-03-18 09:34 - 2014-03-18 09:33 - 00000000 ____D () C:\FRST
2014-03-18 09:33 - 2014-03-18 09:32 - 02157056 _____ (Farbar) C:\Users\Gerrit Lamade\Downloads\FRST64.exe
2014-03-18 09:16 - 2011-01-08 16:29 - 01989377 _____ () C:\Windows\WindowsUpdate.log
2014-03-18 09:08 - 2012-09-08 20:22 - 00001152 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3766026839-3968851945-2601719143-1001UA.job
2014-03-18 09:00 - 2014-03-17 17:55 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-18 08:53 - 2012-09-08 20:02 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-18 08:44 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\tracing
2014-03-18 05:40 - 2009-07-14 05:45 - 00017376 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-18 05:40 - 2009-07-14 05:45 - 00017376 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-18 05:31 - 2014-03-17 17:55 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-18 05:31 - 2014-03-01 11:34 - 00002464 _____ () C:\Windows\setupact.log
2014-03-18 05:31 - 2013-06-02 07:57 - 00177758 _____ () C:\Windows\PFRO.log
2014-03-18 05:31 - 2012-09-08 20:23 - 00002255 _____ () C:\Users\Gerrit Lamade\Desktop\Google Chrome.lnk
2014-03-18 05:31 - 2011-06-13 14:21 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2014-03-18 05:31 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-17 22:06 - 2013-05-07 17:26 - 00000000 ____D () C:\Users\Gerrit Lamade\AppData\Local\Firestorm
2014-03-17 17:56 - 2014-03-17 17:56 - 00002255 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-17 17:56 - 2014-03-17 17:54 - 00000000 ____D () C:\Program Files (x86)\Google
2014-03-17 17:55 - 2014-03-17 17:55 - 00004120 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-17 17:55 - 2014-03-17 17:55 - 00003868 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-17 17:54 - 2014-03-17 17:54 - 00847848 _____ (Google Inc.) C:\Users\Gerrit Lamade\Downloads\ChromeSetup.exe
2014-03-16 13:08 - 2012-09-08 20:22 - 00001100 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3766026839-3968851945-2601719143-1001Core.job
2014-03-14 15:43 - 2011-01-09 01:21 - 00652000 _____ () C:\Windows\system32\perfh007.dat
2014-03-14 15:43 - 2011-01-09 01:21 - 00136924 _____ () C:\Windows\system32\perfc007.dat
2014-03-14 15:43 - 2009-07-14 06:13 - 01494422 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-14 05:33 - 2013-06-02 07:57 - 00375168 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-14 05:32 - 2012-05-10 07:12 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-14 05:32 - 2010-11-19 04:46 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-11 18:53 - 2012-09-08 20:02 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-11 18:53 - 2012-09-08 20:02 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-11 18:53 - 2012-09-08 20:02 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-10 07:33 - 2011-05-10 21:34 - 00000000 ____D () C:\Bilder
2014-03-05 05:31 - 2009-07-14 06:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-03-04 20:46 - 2014-03-04 20:46 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-04 20:46 - 2011-05-09 17:58 - 00000000 ____D () C:\ProgramData\Skype
2014-03-01 11:34 - 2014-03-01 11:34 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-28 23:18 - 2011-05-09 17:36 - 01468702 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-20 22:44 - 2014-02-20 22:44 - 00001787 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-02-20 22:43 - 2014-02-20 22:42 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-02-20 22:43 - 2011-09-20 10:06 - 00000000 ____D () C:\Program Files\iTunes
2014-02-20 22:43 - 2011-08-14 22:01 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-02-20 22:42 - 2014-02-20 22:42 - 00000000 ____D () C:\Program Files\iPod
2014-02-20 22:31 - 2011-05-19 21:53 - 00000000 ____D () C:\ProgramData\Apple
2014-02-19 09:15 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-02-16 22:48 - 2013-07-28 21:17 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-16 22:46 - 2011-06-05 16:34 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-16 15:16 - 2014-02-16 15:16 - 00016192 _____ () C:\Users\Gerrit Lamade\AppData\Local\recently-used.xbel
2014-02-16 15:16 - 2012-07-19 19:49 - 00000000 ____D () C:\Users\Gerrit Lamade\.gimp-2.8
2014-02-16 13:03 - 2012-09-08 20:22 - 00004138 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3766026839-3968851945-2601719143-1001UA
2014-02-16 13:03 - 2012-09-08 20:22 - 00003742 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3766026839-3968851945-2601719143-1001Core

Some content of TEMP:
====================
C:\Users\Gerrit Lamade\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-10 21:05

==================== End Of Log ============================
         
--- --- ---


FRST addition

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by Gerrit Lamade at 2014-03-18 09:36:41
Running from C:\Users\Gerrit Lamade\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

1und1 Internet Explorer Add-On (x32 Version: 1.0 - 1&1 Internet AG) Hidden
Acer Backup Manager (HKLM-x32\...\InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 2.0.0.68 - NewTech Infosystems)
Acer Crystal Eye webcam Ver:1.1.194.1021 (HKLM-x32\...\{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}) (Version: 1.1.194.1021 - Chicony Electronics Co.,Ltd.)
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 5.00.3005 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3013 - Acer Incorporated)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.03.3003 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.1124.2010 - Acer Incorporated)
Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3001 - Acer Incorporated)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.0.7220 - Adobe Systems Inc.) Hidden
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 9.0.124.0 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.6.636 - Adobe Systems, Inc.)
Alcor Micro USB Card Reader (HKLM-x32\...\InstallShield_{DD89CE29-BC88-40C6-A845-E2548682C5D6}) (Version: 1.9.17.06019 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.9.17.06019 - Alcor Micro Corp.) Hidden
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.105.2015.1107 - Alps Electric)
AMD Accelerated Video Transcoding (Version: 12.10.100.30328 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{79E9FC36-6AC7-73DA-B9D4-B4389F135833}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.80328.2204 - Advanced Micro Devices, Inc.) Hidden
Apple Application Support (HKLM-x32\...\{21FC2093-6E43-460B-B9B0-5F5AA35BBB0F}) (Version: 3.0 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{FE86CB0C-FCB3-4358-B4B0-B0A41E33B3DD}) (Version: 7.1.0.32 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avira Internet Security (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
Backup Manager Basic (x32 Version: 2.0.0.68 - NewTech Infosystems) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom Gigabit NetLink Controller (HKLM\...\{A84DB02B-9C2B-4272-9D2D-A80E00A56513}) (Version: 14.2.4.2 - Broadcom Corporation)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center (x32 Version: 2013.0328.2218.38225 - Ihr Firmenname) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
CorelDRAW Graphics Suite X5 - BR (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Capture (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Common (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Connect (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Custom Data (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - CZ (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - DE (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Draw (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - EN (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - ES (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Filters (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - FontNav (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - FR (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - IPM HSE (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - IT (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - NL (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - PHOTO-PAINT (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Photozoom Plugin (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - PL (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Redist (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - RU (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Setup Files (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - VideoBrowser (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - WT (x32 Version: 15.3 -  Corel Corporation) Hidden
CorelDRAW Home & Student Suite X5 - Extra Content (HKLM-x32\...\_{D0291D38-D7AE-47B6-AD64-4FAB908FDB9F}) (Version:  - Corel Corporation)
CorelDRAW Home & Student Suite X5 - Extra Content (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Home & Student Suite X5 (x32 Version: 15.1 - Corel Corporation) Hidden
CorelDRAW(R) Home & Student Suite X5 (HKLM-x32\...\_{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}) (Version: 15.2.0.686 - Corel Corporation)
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version:  - )
CyberLink PowerDVD 9 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.3216.50 - CyberLink Corp.)
CyberLink PowerDVD 9 (x32 Version: 9.0.3216.50 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Die Sims™ 3 "Erstelle eine Welt"-Tool - Beta (HKLM-x32\...\{65761BAE-11E8-48FE-B30F-1F01011AB906}) (Version: 1.19.6 - Electronic Arts)
Die Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.67.2 - Electronic Arts)
Die Sims™ 3 Design-Garten-Accessoires (HKLM-x32\...\{117B6BF6-82C3-420C-B284-9247C8568E53}) (Version: 7.0.55 - Electronic Arts)
Die Sims™ 3 Einfach tierisch (HKLM-x32\...\{C12631C6-804D-4B32-B0DD-8A496462F106}) (Version: 10.0.96 - Electronic Arts)
Die Sims™ 3 Gib Gas-Accessoires (HKLM-x32\...\{ED436EA8-4145-4703-AE5D-4D09DD24AF5A}) (Version: 5.0.44 - Electronic Arts)
Die Sims™ 3 Inselparadies (HKLM-x32\...\{DB21639E-FE55-432C-BCA2-0C5249E3F79E}) (Version: 19.0.101 - Electronic Arts)
Die Sims™ 3 Into the Future (HKLM-x32\...\{A0BBD6C7-B546-4048-B33A-F21F5C9F5B09}) (Version: 21.0.150 - Electronic Arts)
Die Sims™ 3 Jahreszeiten (HKLM-x32\...\{3DE92282-CB49-434F-81BF-94E5B380E889}) (Version: 16.0.136 - Electronic Arts)
Die Sims™ 3 Late Night (HKLM-x32\...\{45057FCE-5784-48BE-8176-D9D00AF56C3C}) (Version: 6.0.81 - Electronic Arts)
Die Sims™ 3 Lebensfreude (HKLM-x32\...\{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}) (Version: 8.0.152 - Electronic Arts)
Die Sims™ 3 Reiseabenteuer (HKLM-x32\...\{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}) (Version: 2.0.86 - Electronic Arts)
Die Sims™ 3 Showtime (HKLM-x32\...\{3BBFD444-5FAB-49F6-98B1-A1954E831399}) (Version: 12.0.273 - Electronic Arts)
Die Sims™ 3 Stadt-Accessoires (HKLM-x32\...\{7B11296A-F894-449C-8DF6-6AAAA7D4D118}) (Version: 9.0.73 - Electronic Arts)
Die Sims™ 3 Supernatural (HKLM-x32\...\{B37DAFA5-717D-41F8-BDFB-3A4B68C0B3A1}) (Version: 15.0.135 - Electronic Arts)
Die Sims™ 3 Traumkarrieren (HKLM-x32\...\{910F4A29-1134-49E0-AD8B-56E4A3152BD1}) (Version: 4.0.87 - Electronic Arts)
Die Sims™ 3 Traumsuite-Accessoires (HKLM-x32\...\{08A25478-C5DD-4EA7-B168-3D687CA987FF}) (Version: 11.0.84 - Electronic Arts)
Die Sims™ 3 Wildes Studentenleben (HKLM-x32\...\{F26DE8EF-F2CF-40DC-8CDA-CC0D82D11B36}) (Version: 18.0.126 - Electronic Arts)
Firestorm-Beta (remove only) (HKLM-x32\...\Firestorm-Beta) (Version: 4.5.1.38838 - The Phoenix Firestorm Project, Inc.)
FRITZ!Box starter (HKLM-x32\...\{4E9F7AD8-E3EC-4636-BD25-A5AD97E73C64}) (Version: 2.04.02 - AVM Berlin)
GIMP 2.8.4 (HKLM\...\GIMP-2_is1) (Version: 2.8.4 - The GIMP Team)
Google Chrome (HKCU\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation)
Intel(R) Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.00.01.1002 - Intel Corporation)
iTunes (HKLM\...\{96B53CA8-5ABB-49D8-96F1-F6C0D73A76C6}) (Version: 11.1.4.62 - Apple Inc.)
Java Auto Updater (x32 Version: 2.0.7.2 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 37 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216035FF}) (Version: 6.0.370 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 4.0.14 - Acer Inc.)
Lexmark  (HKLM-x32\...\{D2C5E510-BE6D-42CC-9F61-E4F939078474}) (Version: 1.0.0.0 - )
Malwarebytes Anti-Malware Version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
MobileMe Control Panel (HKLM\...\{AF5020D9-116A-46AC-A922-087592F37EC9}) (Version: 3.1.8.0 - Apple Inc.)
Mozilla Firefox 17.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 17.0.1 (x86 de)) (Version: 17.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 17.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MyHeritage Family Tree Builder (HKLM-x32\...\Family Tree Builder) (Version: 5.1.0.5365 - MyHeritage.com)
MyWinLocker (x32 Version: 3.1.212.0 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}) (Version: 3.1.212.0 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 3.1.212.0 - Egis Technology Inc.) Hidden
NTI Backup Now 5 (HKLM-x32\...\InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}) (Version: 5.1.2.630 - NewTech Infosystems)
NTI Backup Now Standard (x32 Version: 5.1.2.630 - NewTech Infosystems) Hidden
NVIDIA PhysX (HKLM-x32\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA Corporation)
OpenOffice.org 3.4.1 (HKLM-x32\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.1.12.73 - Electronic Arts, Inc.)
ProtectDisc Driver, Version 11 (HKLM-x32\...\ProtectDisc Driver 11) (Version: 11.0.0.14 - ProtectDisc Software GmbH)
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6167 - Realtek Semiconductor Corp.)
Revo Uninstaller Pro 3.0.5 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.0.5 - VS Revo Group, Ltd.)
Safari (HKLM-x32\...\{FA4C2D53-205F-4245-9717-F3761154824D}) (Version: 5.34.57.2 - Apple Inc.)
SecondLifeViewer (remove only) (HKLM-x32\...\SecondLifeViewer) (Version:  - )
Shredder (Version: 2.0.8.3 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.3 - Egis Technology Inc.) Hidden
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Special Uninstaller version 2.0 (HKLM-x32\...\{46744C87-EE41-4BA3-A444-C2DECC145FC0}_is1) (Version: 2.0 - hxxp://www.specialuninstaller.com/)
Stellarium 0.10.6.1 (HKLM-x32\...\Stellarium_is1) (Version:  - )
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TuneUp Utilities Language Pack (de-DE) (x32 Version: 12.0.2150.38 - TuneUp Software) Hidden
Two Worlds (HKLM-x32\...\Two Worlds) (Version: 1.7.0 - )
Überwachungstool für die Intel® Turbo-Boost-Technik (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.186.6 - Intel)
V-bates 2.0.0.437 (HKLM\...\{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}_is1) (Version: 2.0.0.437 - Southstarco) <==== ATTENTION
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3007 - Acer Incorporated)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR 5.01 (32-Bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
World of Tanks (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812EU}_is1) (Version:  - Wargaming.net)

==================== Restore Points  =========================

04-03-2014 19:46:09 Windows Update
11-03-2014 23:03:46 Windows Update
13-03-2014 23:31:16 Windows Update

==================== Hosts content: ==========================

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {164683AD-2FE4-471A-92A4-04DC7BEB9095} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2012-09-17] (Sun Microsystems, Inc.)
Task: {2EB69C82-7495-4E58-89F7-3480F3A068FA} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {30BA6EE9-4085-4F10-B432-755736BCE78A} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {33FA35C0-CAC5-4CFD-A861-940C667E7AA6} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2013-11-20] (Apple Inc.)
Task: {3EBD61EC-5E50-4D29-AF49-5F55366EAFF8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-17] (Google Inc.)
Task: {5D411304-F25A-40C1-8C9F-251B27BC5577} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {6689D1FB-B536-4853-873D-657F79BCC95B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3766026839-3968851945-2601719143-1001Core => C:\Users\Gerrit Lamade\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-08] (Google Inc.)
Task: {7A22BD6C-A424-4F14-93BA-BFFC266D1BBD} - System32\Tasks\Google Updater and Installer => C:\Users\Gerrit Lamade\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-08] (Google Inc.)
Task: {8B1F0054-C423-4A1D-9D62-A77C6A06FF72} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21] (Adobe Systems Incorporated)
Task: {8B5F4C5C-1525-470B-96A0-CC18862D9774} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\TuneUp Utilities 2013\OneClick.exe
Task: {9AF88E3D-C04C-4F02-899D-52E4916E5C50} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe
Task: {B927DF22-858B-4441-99E0-75D3321C026E} - System32\Tasks\Installation App Launcher => C:\Program Files (x86)\Lexmark 4900 Series\lxdramon.exe
Task: {D2F0C7B5-22A3-424B-A187-F013AD86BCB7} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3766026839-3968851945-2601719143-1001UA => C:\Users\Gerrit Lamade\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-08] (Google Inc.)
Task: {EA03E232-72E7-40BE-B11D-B11F5359EFB8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-17] (Google Inc.)
Task: {FF0E51D3-D916-4C42-A4ED-84071384B6BF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-11] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3766026839-3968851945-2601719143-1001Core.job => C:\Users\Gerrit Lamade\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3766026839-3968851945-2601719143-1001UA.job => C:\Users\Gerrit Lamade\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-08-17 13:40 - 2012-07-31 10:31 - 00087152 _____ () C:\Windows\System32\cpwmon64.dll
2012-10-02 05:15 - 2008-05-16 16:12 - 00147456 _____ () C:\Windows\system32\spool\PRTPROCS\x64\lxdrdrpp.dll
2011-06-16 20:11 - 2011-06-16 20:11 - 01053848 _____ () C:\Windows\SysWOW64\ieconfig_1und1_svc.exe
2012-10-05 15:28 - 2012-10-05 15:16 - 00397088 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2014-02-06 00:52 - 2014-02-06 00:52 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-06 00:52 - 2014-02-06 00:52 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2010-06-29 00:20 - 2010-06-29 00:20 - 00465576 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
2010-06-29 00:12 - 2010-06-29 00:12 - 01081600 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\ACE.dll
2013-09-14 00:51 - 2013-09-14 00:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 00:50 - 2013-09-14 00:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
2012-10-05 15:28 - 2012-06-22 13:52 - 00447848 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\libxml2.dll
2012-10-05 15:28 - 2012-06-22 13:51 - 00060264 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\cares.dll
2014-03-17 17:56 - 2014-03-15 01:50 - 00051016 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\chrome_elf.dll
2014-03-17 17:56 - 2014-03-15 01:50 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libglesv2.dll
2014-03-17 17:56 - 2014-03-15 01:50 - 00100168 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libegl.dll
2014-03-17 17:56 - 2014-03-15 01:50 - 04061000 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll
2014-03-17 17:56 - 2014-03-15 01:50 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ffmpegsumo.dll
2014-03-17 17:56 - 2014-03-15 01:50 - 00394568 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll
2014-03-17 17:56 - 2014-03-15 01:50 - 13637448 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\Temp:4D066AD2
AlternateDataStreams: C:\ProgramData\Temp:5D7E5A8F
AlternateDataStreams: C:\ProgramData\Temp:798A3728
AlternateDataStreams: C:\ProgramData\Temp:93EB7685
AlternateDataStreams: C:\ProgramData\Temp:E1F04E8D
AlternateDataStreams: C:\ProgramData\Temp:E3C56885

==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============

MSCONFIG\Services: clr_optimization_v4.0.30319_32 => 2
MSCONFIG\Services: clr_optimization_v4.0.30319_64 => 2
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"                                                                                                                                                                                                         
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: Apoint => C:\Program Files\Apoint2K\Apoint.exe
MSCONFIG\startupreg: AppleSyncNotifier => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe                                                                                                                                                                                    
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"                                                                                                                                                                                      
MSCONFIG\startupreg: BackupManagerTray => "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
MSCONFIG\startupreg: DIMUpdate wird heruntergeladen...1300677038425 => "c:\Program Files (x86)\Corel\CorelDRAW Graphics Suite X5\PHOTO-PAINT\DIM.exe" "c:\programdata\corel\downloads\540215253_907002\1300677038425\dim_params.xml" -Launch=3 -uibase="c:\users\gerrit lamade\appdata\roaming\corel\messages\540215253_907002\de\messagecache2\workflow"
MSCONFIG\startupreg: EADM => "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart                                                                                                                                                                                                                    
MSCONFIG\startupreg: EgisTecPMMUpdate => "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
MSCONFIG\startupreg: EgisUpdate => "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
MSCONFIG\startupreg: Family Tree Builder Update => C:\Program Files (x86)\MyHeritage\Bin\FTBCheckUpdates.exe                                                                                                                                                                                                                
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: LManager => C:\Program Files (x86)\Launch Manager\LManager.exe                                                                                                                                                                                                                       
MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
MSCONFIG\startupreg: mwlDaemon => C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
MSCONFIG\startupreg: Norton Online Backup => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
MSCONFIG\startupreg: SuiteTray => "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
MSCONFIG\startupreg: SweetIM => C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe                                                                                                                                                                                                                     

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/16/2014 07:00:12 PM) (Source: Windows Backup) (User: )
Description: Die Sicherung wurde aufgrund eines Fehlers beim Schreiben am Sicherungsspeicherort "F:\" nicht abgeschlossen. Fehler: "Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)"

Error: (03/14/2014 08:17:44 PM) (Source: Application Hang) (User: )
Description: Programm mbam.exe, Version 1.75.0.1 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 3e4

Startzeit: 01cf3fb9ce9526d2

Endzeit: 0

Anwendungspfad: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

Berichts-ID: 4ab812b9-abad-11e3-9ec3-206a8a2a6533

Error: (03/14/2014 08:13:29 PM) (Source: Application Hang) (User: )
Description: Programm Firestorm-Beta.exe, Version 4.5.1.38838 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1700

Startzeit: 01cf3fb8a256e0b0

Endzeit: 430

Anwendungspfad: C:\Program Files (x86)\Firestorm-Beta\Firestorm-Beta.exe

Berichts-ID: b74c74f1-abac-11e3-9ec3-206a8a2a6533

Error: (03/14/2014 08:13:20 PM) (Source: Chrome) (User: GerritLamade-PC)
Description: Chrome has encountered a fatal error.
ver=33.0.1750.146;lang=;id=;is_machine=0;oop=1;upload=1;minidump=C:\Users\Gerrit Lamade\AppData\Local\Google\CrashReports\9dcd9080-9368-48eb-bcb0-448c263e100f.dmp

Error: (03/14/2014 07:59:00 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (03/14/2014 00:30:49 AM) (Source: Chrome) (User: GerritLamade-PC)
Description: Chrome has encountered a fatal error.
ver=33.0.1750.146;lang=;id=;is_machine=0;oop=1;upload=1;minidump=C:\Users\Gerrit Lamade\AppData\Local\Google\CrashReports\236aabde-15d2-4c6a-b9f7-8732aa55c21c.dmp

Error: (03/13/2014 10:29:20 PM) (Source: Application Hang) (User: )
Description: Programm Firestorm-Beta.exe, Version 4.5.1.38838 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1488

Startzeit: 01cf3eec0c6125d3

Endzeit: 310

Anwendungspfad: C:\Program Files (x86)\Firestorm-Beta\Firestorm-Beta.exe

Berichts-ID: 8516e107-aaf6-11e3-8da1-206a8a2a6533

Error: (03/13/2014 10:27:39 PM) (Source: Chrome) (User: GerritLamade-PC)
Description: Chrome has encountered a fatal error.
ver=33.0.1750.146;lang=;id=;is_machine=0;oop=1;upload=1;minidump=C:\Users\Gerrit Lamade\AppData\Local\Google\CrashReports\a39449dd-21ce-4d49-a2cc-d2c4470fd624.dmp

Error: (03/11/2014 07:31:05 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (03/10/2014 09:07:47 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.


System errors:
=============
Error: (03/16/2014 08:28:20 AM) (Source: bowser) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{C5A43996-6F64-4FED-AF68-A42D71AC0434}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (03/15/2014 03:31:10 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Microsoft .NET Framework NGEN v4.0.30319_X86 erreicht.

Error: (03/13/2014 10:34:49 PM) (Source: bowser) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{C5A43996-6F64-4FED-AF68-A42D71AC0434}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (03/11/2014 07:01:57 AM) (Source: bowser) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{C5A43996-6F64-4FED-AF68-A42D71AC0434}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (03/08/2014 07:00:51 AM) (Source: bowser) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{C5A43996-6F64-4FED-AF68-A42D71AC0434}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (03/07/2014 07:13:46 AM) (Source: bowser) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{C5A43996-6F64-4FED-AF68-A42D71AC0434}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (03/06/2014 07:13:18 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Microsoft .NET Framework NGEN v4.0.30319_X86 erreicht.

Error: (03/06/2014 07:14:36 AM) (Source: bowser) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{C5A43996-6F64-4FED-AF68-A42D71AC0434}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (03/05/2014 06:27:23 AM) (Source: bowser) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{C5A43996-6F64-4FED-AF68-A42D71AC0434}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (03/04/2014 07:46:19 AM) (Source: bowser) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{C5A43996-6F64-4FED-AF68-A42D71AC0434}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.


Microsoft Office Sessions:
=========================
Error: (03/16/2014 07:00:12 PM) (Source: Windows Backup)(User: )
Description: F:\Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)

Error: (03/14/2014 08:17:44 PM) (Source: Application Hang)(User: )
Description: mbam.exe1.75.0.13e401cf3fb9ce9526d20C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe4ab812b9-abad-11e3-9ec3-206a8a2a6533

Error: (03/14/2014 08:13:29 PM) (Source: Application Hang)(User: )
Description: Firestorm-Beta.exe4.5.1.38838170001cf3fb8a256e0b0430C:\Program Files (x86)\Firestorm-Beta\Firestorm-Beta.exeb74c74f1-abac-11e3-9ec3-206a8a2a6533

Error: (03/14/2014 08:13:20 PM) (Source: Chrome)(User: GerritLamade-PC)
Description: Chrome has encountered a fatal error.
ver=33.0.1750.146;lang=;id=;is_machine=0;oop=1;upload=1;minidump=C:\Users\Gerrit Lamade\AppData\Local\Google\CrashReports\9dcd9080-9368-48eb-bcb0-448c263e100f.dmp

Error: (03/14/2014 07:59:00 PM) (Source: SideBySide)(User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (03/14/2014 00:30:49 AM) (Source: Chrome)(User: GerritLamade-PC)
Description: Chrome has encountered a fatal error.
ver=33.0.1750.146;lang=;id=;is_machine=0;oop=1;upload=1;minidump=C:\Users\Gerrit Lamade\AppData\Local\Google\CrashReports\236aabde-15d2-4c6a-b9f7-8732aa55c21c.dmp

Error: (03/13/2014 10:29:20 PM) (Source: Application Hang)(User: )
Description: Firestorm-Beta.exe4.5.1.38838148801cf3eec0c6125d3310C:\Program Files (x86)\Firestorm-Beta\Firestorm-Beta.exe8516e107-aaf6-11e3-8da1-206a8a2a6533

Error: (03/13/2014 10:27:39 PM) (Source: Chrome)(User: GerritLamade-PC)
Description: Chrome has encountered a fatal error.
ver=33.0.1750.146;lang=;id=;is_machine=0;oop=1;upload=1;minidump=C:\Users\Gerrit Lamade\AppData\Local\Google\CrashReports\a39449dd-21ce-4d49-a2cc-d2c4470fd624.dmp

Error: (03/11/2014 07:31:05 AM) (Source: SideBySide)(User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (03/10/2014 09:07:47 PM) (Source: SideBySide)(User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3


==================== Memory info =========================== 

Percentage of memory in use: 63%
Total physical RAM: 3956.5 MB
Available physical RAM: 1463.17 MB
Total Pagefile: 7911.17 MB
Available Pagefile: 5016.88 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:451.01 GB) (Free:200.8 GB) NTFS
Drive d: (EasyBox 803 Handbuch) (CDROM) (Total:0.01 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 466 GB) (Disk ID: D988D988)

Partition: GPT Partition Type.

==================== End Of Log ============================
         

Alt 18.03.2014, 11:43   #5
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
BKA Trojaner aktuelle Infizierung - Standard

BKA Trojaner aktuelle Infizierung



Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 18.03.2014, 12:07   #6
berufspyroma
 
BKA Trojaner aktuelle Infizierung - Standard

BKA Trojaner aktuelle Infizierung



Das Rootkit meldet kein Cleanup erforderlich.

Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.07.0.1009
www.malwarebytes.org

Database version: v2014.03.18.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Gerrit Lamade :: GERRITLAMADE-PC [administrator]

18.03.2014 11:50:23
mbar-log-2014-03-18 (11-50-23).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 245685
Time elapsed: 14 minute(s), 45 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
         

Alt 18.03.2014, 12:15   #7
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
BKA Trojaner aktuelle Infizierung - Standard

BKA Trojaner aktuelle Infizierung



Adware/Junkware/Toolbars entfernen


1. Schritt: adwCleaner

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).




2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




3. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 18.03.2014, 12:40   #8
berufspyroma
 
BKA Trojaner aktuelle Infizierung - Standard

BKA Trojaner aktuelle Infizierung



Avira meldet mir /Adware/Installcore.gen als virus beim download

Hier erst mal der log zu adwcleaner :

Code:
ATTFilter
# AdwCleaner v3.022 - Bericht erstellt am 18/03/2014 um 12:26:58
# Aktualisiert 13/03/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Gerrit Lamade - GERRITLAMADE-PC
# Gestartet von : C:\Users\Gerrit Lamade\Downloads\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\open it!
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Speed Maximizer
Ordner Gelöscht : C:\Program Files (x86)\openit
Ordner Gelöscht : C:\Program Files (x86)\PC Speed Maximizer
Ordner Gelöscht : C:\Users\Gerrit Lamade\AppData\Roaming\DigitalSites
Ordner Gelöscht : C:\Users\Gerrit Lamade\AppData\Roaming\Media Finder
Ordner Gelöscht : C:\Users\Gerrit Lamade\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com
Ordner Gelöscht : C:\Users\Gerrit Lamade\AppData\Roaming\PC Speed Maximizer
Ordner Gelöscht : C:\Users\Gerrit Lamade\Documents\PC Speed Maximizer
Ordner Gelöscht : C:\Users\Gerrit Lamade\AppData\Roaming\Mozilla\Firefox\Profiles\qxttwuha.default\SweetPacksToolbarData
Ordner Gelöscht : C:\Users\Gerrit Lamade\AppData\Roaming\Mozilla\Firefox\Profiles\qxttwuha.default\Extensions\anttoolbar@ant.com
Ordner Gelöscht : C:\Users\Gerrit Lamade\AppData\Roaming\Mozilla\Firefox\Profiles\qxttwuha.default\Extensions\EFGLQA@78ETGYN-0W7FN789T87.COM
Ordner Gelöscht : C:\Users\Gerrit Lamade\AppData\Local\Google\Chrome\User Data\Default\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel
Datei Gelöscht : C:\Users\Gerrit Lamade\AppData\Roaming\Mozilla\Firefox\Profiles\qxttwuha.default\Extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
Datei Gelöscht : C:\Users\Gerrit Lamade\AppData\Roaming\Mozilla\Firefox\Profiles\qxttwuha.default\Extensions\plugin@yontoo.com.xpi
Datei Gelöscht : C:\Users\Public\Desktop\Open It!.lnk
Datei Gelöscht : C:\Users\Gerrit Lamade\AppData\Roaming\Mozilla\Firefox\Profiles\qxttwuha.default\searchplugins\Askcom.xml
Datei Gelöscht : C:\Users\Gerrit Lamade\AppData\Roaming\Mozilla\Firefox\Profiles\qxttwuha.default\searchplugins\babylon1.xml
Datei Gelöscht : C:\Users\Gerrit Lamade\AppData\Roaming\Mozilla\Firefox\Profiles\qxttwuha.default\searchplugins\SweetIm.xml
Datei Gelöscht : C:\Users\Gerrit Lamade\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.babylon.com_0.localstorage
Datei Gelöscht : C:\Users\Gerrit Lamade\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.babylon.com_0.localstorage-journal
Datei Gelöscht : C:\Windows\Tasks\Digital Sites.job
Datei Gelöscht : C:\Windows\System32\Tasks\Digital Sites

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Wert Gelöscht : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}]
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\jplinpmadfkdgipabgcdchbdikologlh
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\lpmkgpnbiojfaoklbkpfneikocaobfai
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Download with &Media Finder
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [PC Speed Maximizer]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MF
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\sweetpacksupdatemanager_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
Schlüssel Gelöscht : HKCU\Software\ded788b36ebd48
Schlüssel Gelöscht : HKLM\SOFTWARE\ded788b36ebd48
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_gimp_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_gimp_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Schlüssel Gelöscht : HKCU\Software\dsiteproducts
Schlüssel Gelöscht : HKCU\Software\IM
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\MediaFinder
Schlüssel Gelöscht : HKCU\Software\pc speed maximizer
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Digital Sites
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\openit open it!
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Tarma Installer

***** [ Browser ] *****

-\\ Internet Explorer v0.0.0.0


-\\ Mozilla Firefox v17.0.1 (de)

[ Datei : C:\Users\Gerrit Lamade\AppData\Roaming\Mozilla\Firefox\Profiles\qxttwuha.default\prefs.js ]

Zeile gelöscht : user_pref("avg.install.userHPSettings", "hxxp://search.babylon.com/?affID=112670&tt=5112_3&babsrc=HP_sst&mntrId=f89a7ba90000000000002a7c8f55afac");
Zeile gelöscht : user_pref("avg.install.userSPSettings", "Search the web (Babylon)");
Zeile gelöscht : user_pref("browser.startup.homepage", "hxxp://search.babylon.com/?affID=112670&tt=5112_3&babsrc=HP_sst&mntrId=f89a7ba90000000000002a7c8f55afac|hxxp://www.giga.de/");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.admin", false);
Zeile gelöscht : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.autoRvrt", "false");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.bbDpng", "3");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.cntry", "DE");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.dpkLst", "");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.excTlbr", false);
Zeile gelöscht : user_pref("extensions.BabylonToolbar.hdrMd5", "BCE4E5FDB0BCB417A09E90930707B431");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.id", "f89a7ba90000000000002a7c8f55afac");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.instlDay", "15696");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.8.7.210:20:02");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.pnu_base", "{\"newVrsn\":\"62\",\"lastVrsn\":\"62\",\"vrsnLoad\":\"\",\"showMsg\":\"false\",\"showSilent\":\"true\",\"msgTs\":0,\"lstMsgTs\":\"0\"}");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.rvrt", "false");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.sg", "azb");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.smplGrp", "azb");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.tlbrId", "base");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=f89a7ba90000000000002a7c8f55afac&q=");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.vrsn", "1.8.7.2");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.vrsni", "1.8.7.2");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.babExt", "");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=112670&tt=5112_3");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.excTlbr", false);
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.newTab", false);
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.srcExt", "sst");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.7.210:20:04");
Zeile gelöscht : user_pref("extentions.y2layers.installId", "DB2AC404-E88C-4EA2-FF19-EDCCCEAF4C92");
Zeile gelöscht : user_pref("extentions.y2layers.installId_backup", "DB2AC404-E88C-4EA2-FF19-EDCCCEAF4C92");
Zeile gelöscht : user_pref("sweetim.toolbar.RevertDialog.enable", "false");
Zeile gelöscht : user_pref("sweetim.toolbar.UserSelectedSaveSettings", "true");
Zeile gelöscht : user_pref("sweetim.toolbar.Visibility.VisibilityGuardLastUnHide", "0");
Zeile gelöscht : user_pref("sweetim.toolbar.Visibility.enable", "true");
Zeile gelöscht : user_pref("sweetim.toolbar.Visibility.intervaldays", "7");
Zeile gelöscht : user_pref("sweetim.toolbar.cda.DisableOveride.enable", "true");
Zeile gelöscht : user_pref("sweetim.toolbar.cda.HideOveride.enable", "true");
Zeile gelöscht : user_pref("sweetim.toolbar.cda.RemoveOveride.enable", "true");
Zeile gelöscht : user_pref("sweetim.toolbar.cda.returnValue", "hide");
Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.0.enable", "true");
Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.0.handler", "chrome://sim_toolbar_package/content/optionsdialog-handler.js");
Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.0.height", "335");
Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.0.id", "id_options_dialog");
Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.0.title", "$string.config.label;");
Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.0.url", "hxxp://www.sweetim.com/simffbar/options_remote_ff.asp?lang=$locale_id;&toolbar_version=$ITEM_VERSION;&crg=$cargo;");
Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.0.width", "761");
Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.1.enable", "true");
Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.1.handler", "chrome://sim_toolbar_package/content/exampledialog-handler.js");
Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.1.height", "300");
Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.1.id", "id_example_dialog");
Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.1.title", "Example (unit-test) dialog");
Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.1.url", "chrome://sim_toolbar_package/content/exampledialog.html");
Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.1.width", "500");
Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.2.enable", "true");
Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.2.handler", "chrome://sim_toolbar_package/content/cdadialog-handler.js");
Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.2.height", "150");
Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.2.id", "id_dialog_hide_disable_remove");
Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.2.title", "Option Dialog");
Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.2.url", "hxxp://www.sweetim.com/simffbar/simcdadialog.asp");
Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.2.width", "530");
Zeile gelöscht : user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");
Zeile gelöscht : user_pref("sweetim.toolbar.keywordUrlGuard.enable", "false");
Zeile gelöscht : user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");
Zeile gelöscht : user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");
Zeile gelöscht : user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");
Zeile gelöscht : user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");
Zeile gelöscht : user_pref("sweetim.toolbar.mode.debug", "false");
Zeile gelöscht : user_pref("sweetim.toolbar.newtab.created", "true");
Zeile gelöscht : user_pref("sweetim.toolbar.newtab.enable", "true");
Zeile gelöscht : user_pref("sweetim.toolbar.prad.initialized_by_rc", "true");
Zeile gelöscht : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
Zeile gelöscht : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "hxxp://www.ask.com?o=10148&l=dis&tb=ARS");
Zeile gelöscht : user_pref("sweetim.toolbar.previous.keyword.URL", "");
Zeile gelöscht : user_pref("sweetim.toolbar.rc.url", "hxxp://www.sweetim.com/simffbar/rc.html?toolbar_version=$ITEM_VERSION;&crg=$cargo;");
Zeile gelöscht : user_pref("sweetim.toolbar.scripts.0.addcontextdiv", "true");
Zeile gelöscht : user_pref("sweetim.toolbar.scripts.0.callback", "simVerification");
Zeile gelöscht : user_pref("sweetim.toolbar.scripts.0.domain-blacklist", "");
Zeile gelöscht : user_pref("sweetim.toolbar.scripts.0.domain-whitelist", "hxxp://(www.|apps.)?facebook\\.com.*");
Zeile gelöscht : user_pref("sweetim.toolbar.scripts.0.elementid", "id_script_sim_fb");
Zeile gelöscht : user_pref("sweetim.toolbar.scripts.0.enable", "false");
Zeile gelöscht : user_pref("sweetim.toolbar.scripts.0.id", "id_script_fb");
Zeile gelöscht : user_pref("sweetim.toolbar.scripts.0.url", "hxxp://sc.sweetim.com/apps/in/fb/infb.js");
Zeile gelöscht : user_pref("sweetim.toolbar.scripts.1.addcontextdiv", "false");
Zeile gelöscht : user_pref("sweetim.toolbar.scripts.1.callback", "");
Zeile gelöscht : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", ".*.google..*|.*.bing..*|.*.live..*|.*.msn..*|.*.yahoo..*|.*.youtube.com.*|.*ask.com.*|.*.sweetim.com.*");
Zeile gelöscht : user_pref("sweetim.toolbar.scripts.1.domain-whitelist", "");
Zeile gelöscht : user_pref("sweetim.toolbar.scripts.1.elementid", "id_predict_include_script");
Zeile gelöscht : user_pref("sweetim.toolbar.scripts.1.enable", "false");
Zeile gelöscht : user_pref("sweetim.toolbar.scripts.1.id", "id_script_prad");
Zeile gelöscht : user_pref("sweetim.toolbar.scripts.1.url", "hxxp://cdn1.certified-apps.com/scripts/shared/enable.js?si=3104&tid=chff1");
Zeile gelöscht : user_pref("sweetim.toolbar.scripts.2.addcontextdiv", "true");
Zeile gelöscht : user_pref("sweetim.toolbar.scripts.2.callback", "simVerification");
Zeile gelöscht : user_pref("sweetim.toolbar.scripts.2.domain-blacklist", "");
Zeile gelöscht : user_pref("sweetim.toolbar.scripts.2.domain-whitelist", "hxxps://(www.|apps.)?facebook\\.com.*");
Zeile gelöscht : user_pref("sweetim.toolbar.scripts.2.elementid", "id_script_sim_fb");
Zeile gelöscht : user_pref("sweetim.toolbar.scripts.2.enable", "false");
Zeile gelöscht : user_pref("sweetim.toolbar.scripts.2.id", "id_script_fb_hxxpS");
Zeile gelöscht : user_pref("sweetim.toolbar.scripts.2.url", "hxxps://sc.sweetim.com/apps/in/fb/infb.js");
Zeile gelöscht : user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engine=\"hxxp://*google.*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"hxxp://search.yahoo.com/*\" param=\"[...]
Zeile gelöscht : user_pref("sweetim.toolbar.search.history", "niky%20bondageforte");
Zeile gelöscht : user_pref("sweetim.toolbar.search.history.capacity", "10");
Zeile gelöscht : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "0");
Zeile gelöscht : user_pref("sweetim.toolbar.searchguard.enable", "false");
Zeile gelöscht : user_pref("sweetim.toolbar.searchguard.initialized_by_rc", "true");
Zeile gelöscht : user_pref("sweetim.toolbar.simapp_id", "{6E3AD03D-A437-11E1-A18C-206A8A2A6533}");
Zeile gelöscht : user_pref("sweetim.toolbar.urls.homepage", "hxxp://home.sweetim.com/?crg=3.1010000.10011&barid={6E3AD03D-A437-11E1-A18C-206A8A2A6533}");
Zeile gelöscht : user_pref("sweetim.toolbar.version", "1.9.0.0");

-\\ Google Chrome v33.0.1750.154

[ Datei : C:\Users\Gerrit Lamade\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [17994 octets] - [18/03/2014 12:20:04]
AdwCleaner[R1].txt - [18199 octets] - [18/03/2014 12:25:47]
AdwCleaner[S0].txt - [17688 octets] - [18/03/2014 12:26:58]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [17749 octets] ##########
         
JRT log:

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 7 Home Premium x64
Ran by Gerrit Lamade on 18.03.2014 at 12:31:59,27
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-3766026839-3968851945-2601719143-1001\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\AboutURLs\\Tabs



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3766026839-3968851945-2601719143-1001\Software\sweetim
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{A899DAE3-52DB-4A99-A663-6787560641B9}



~~~ Files



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\Gerrit Lamade\appdata\local\{10B0A3B7-F676-4B17-90C3-99155A7E6150}
Successfully deleted: [Empty Folder] C:\Users\Gerrit Lamade\appdata\local\{114F5E76-0B41-4F7C-B3AE-F238A545009D}
Successfully deleted: [Empty Folder] C:\Users\Gerrit Lamade\appdata\local\{1194412D-EBCD-40AD-99DE-9C557B5EB23F}
Successfully deleted: [Empty Folder] C:\Users\Gerrit Lamade\appdata\local\{21BCBC58-1FD1-4663-A2B8-F7E0E09C7563}
Successfully deleted: [Empty Folder] C:\Users\Gerrit Lamade\appdata\local\{22AA1C08-4F6F-42FF-827C-370D76D716CD}
Successfully deleted: [Empty Folder] C:\Users\Gerrit Lamade\appdata\local\{22BCAEC3-9428-4EEE-B852-B6E3413946A8}
Successfully deleted: [Empty Folder] C:\Users\Gerrit Lamade\appdata\local\{24D4B53D-B951-471B-B501-2BACE3E7879C}
Successfully deleted: [Empty Folder] C:\Users\Gerrit Lamade\appdata\local\{296297B6-E9FE-4ACF-8860-82DE46FC62FF}
Successfully deleted: [Empty Folder] C:\Users\Gerrit Lamade\appdata\local\{2982BD22-F77E-47AC-9063-1E5143BB0878}
Successfully deleted: [Empty Folder] C:\Users\Gerrit Lamade\appdata\local\{2C1055AD-6B68-42DB-B27D-8DBCA876B791}
Successfully deleted: [Empty Folder] C:\Users\Gerrit Lamade\appdata\local\{309A9E11-4601-469C-8C4E-36EC3D9A6DA5}
Successfully deleted: [Empty Folder] C:\Users\Gerrit Lamade\appdata\local\{30A6FC53-C427-46EF-A87D-FA4F8C0F3D5E}
Successfully deleted: [Empty Folder] C:\Users\Gerrit Lamade\appdata\local\{30E30265-47AB-44B8-9DA6-C0BB5946F01B}
Successfully deleted: [Empty Folder] C:\Users\Gerrit Lamade\appdata\local\{31CDE0A7-C93F-4F3C-9114-62F13B7A2F59}
Successfully deleted: [Empty Folder] C:\Users\Gerrit Lamade\appdata\local\{3B7F10CA-746B-4FAC-923A-EF9D471A1FCC}
Successfully deleted: [Empty Folder] C:\Users\Gerrit Lamade\appdata\local\{3C70C5A6-19E5-4434-B4FF-AF74348BE377}
Successfully deleted: [Empty Folder] C:\Users\Gerrit Lamade\appdata\local\{3E2F7863-C86B-46E2-AB27-9260279C8397}
Successfully deleted: [Empty Folder] C:\Users\Gerrit Lamade\appdata\local\{3E3EEBB0-2ED5-4C62-96A8-3A1239CEDE4D}
Successfully deleted: [Empty Folder] C:\Users\Gerrit Lamade\appdata\local\{4199814F-D05A-4601-896F-D1AACA3FF542}
Successfully deleted: [Empty Folder] C:\Users\Gerrit Lamade\appdata\local\{4444120C-82D5-4D73-A1C5-A66AEA3B17C8}
Successfully deleted: [Empty Folder] C:\Users\Gerrit Lamade\appdata\local\{4BA19534-D930-4CD4-A19D-EE7E948A17F5}
Successfully deleted: [Empty Folder] C:\Users\Gerrit Lamade\appdata\local\{4CEAB331-944D-47C2-9FDA-A7088F8D57A7}
Successfully deleted: [Empty Folder] C:\Users\Gerrit Lamade\appdata\local\{51457B08-F583-4673-ABFC-0EE824F46A0A}
Successfully deleted: [Empty Folder] C:\Users\Gerrit Lamade\appdata\local\{518E506D-12C8-4B81-813F-BE83978AB8BF}
Successfully deleted: [Empty Folder] C:\Users\Gerrit Lamade\appdata\local\{53FC1D8D-6BB5-4DBF-A564-55ABB9D9BB17}
Successfully deleted: [Empty Folder] C:\Users\Gerrit Lamade\appdata\local\{5544C6D8-6394-4DB7-B254-0C0E59B1FBB6}
Successfully deleted: [Empty Folder] C:\Users\Gerrit Lamade\appdata\local\{5B21C405-999C-4FCC-9847-DF491F820AC0}
Successfully deleted: [Empty Folder] C:\Users\Gerrit Lamade\appdata\local\{5CB3A3B1-76EE-47B5-8245-409CCD516B33}
Successfully deleted: [Empty Folder] C:\Users\Gerrit Lamade\appdata\local\{60E34792-2D3B-4CE7-8095-25F7E6B18FAB}
Successfully deleted: [Empty Folder] C:\Users\Gerrit Lamade\appdata\local\{61446E74-23DB-4612-B94F-2F28CDAA76FB}
Successfully deleted: [Empty Folder] C:\Users\Gerrit Lamade\appdata\local\{6D3D7A4F-0289-4E08-A4D9-5D195A6EDF03}
Successfully deleted: [Empty Folder] C:\Users\Gerrit Lamade\appdata\local\{6FE2F8B5-7375-42EF-94F0-A31BE37D2A16}
Successfully deleted: [Empty Folder] C:\Users\Gerrit Lamade\appdata\local\{73B081B7-4475-44C0-980C-F6A177E25EF8}
Successfully deleted: [Empty Folder] C:\Users\Gerrit Lamade\appdata\local\{788FC708-11F8-42EB-8663-E74C1DCB2087}
Successfully deleted: [Empty Folder] C:\Users\Gerrit Lamade\appdata\local\{797CD386-1B7B-40E6-82DC-9D735006B4DA}
Successfully deleted: [Empty Folder] C:\Users\Gerrit Lamade\appdata\local\{79967808-4450-470E-8C55-CC1510571AA6}
Successfully deleted: [Empty Folder] C:\Users\Gerrit Lamade\appdata\local\{79C27B6A-532F-4D3A-B723-9CD00E0208D8}
Successfully deleted: [Empty Folder] C:\Users\Gerrit Lamade\appdata\local\{7ED5937E-9D9E-431C-B399-040175AE0DAA}
Successfully deleted: [Empty Folder] C:\Users\Gerrit Lamade\appdata\local\{849E9EED-353C-48E6-8F0E-E27E585A5BD2}
Successfully deleted: [Empty Folder] C:\Users\Gerrit Lamade\appdata\local\{895F1046-2BEE-451A-969A-BEE684322AFD}
Successfully deleted: [Empty Folder] C:\Users\Gerrit Lamade\appdata\local\{8AE76171-A38E-4D8A-A663-C2F4957DCB9F}
Successfully deleted: [Empty Folder] C:\Users\Gerrit Lamade\appdata\local\{8B9C02CC-ECA3-4218-B0D2-1C038DF1AE0C}
Successfully deleted: [Empty Folder] C:\Users\Gerrit Lamade\appdata\local\{8DE8444C-6CA4-4D44-B5FD-969CC9621469}
Successfully deleted: [Empty Folder] C:\Users\Gerrit Lamade\appdata\local\{9071EC5A-1306-451E-A8F8-0D049A447385}
Successfully deleted: [Empty Folder] C:\Users\Gerrit Lamade\appdata\local\{91CD6B17-DD0D-4B4C-8249-97A0B93C3B2E}
Successfully deleted: [Empty Folder] C:\Users\Gerrit Lamade\appdata\local\{9E90A3AE-C739-47E0-B90F-B142D6609F18}
Successfully deleted: [Empty Folder] C:\Users\Gerrit Lamade\appdata\local\{A8F56588-9CF8-4477-9FFB-26A9D9AB284F}
Successfully deleted: [Empty Folder] C:\Users\Gerrit Lamade\appdata\local\{AA5719D1-5E37-49BF-ACE3-364AD465B2A3}
Successfully deleted: [Empty Folder] C:\Users\Gerrit Lamade\appdata\local\{AD33541B-301D-468E-972D-B3E83A6AED6F}
Successfully deleted: [Empty Folder] C:\Users\Gerrit Lamade\appdata\local\{AD36A682-1E68-46D8-ABC5-7FB55ACAEB4A}
Successfully deleted: [Empty Folder] C:\Users\Gerrit Lamade\appdata\local\{B1746F1E-4B5B-483A-9815-82B79685D051}
Successfully deleted: [Empty Folder] C:\Users\Gerrit Lamade\appdata\local\{B25754F7-D20F-4EBA-8E7C-0FA44CFCE526}
Successfully deleted: [Empty Folder] C:\Users\Gerrit Lamade\appdata\local\{B328A4B6-8F96-4EEB-8ED7-D3C6FA8135E0}
Successfully deleted: [Empty Folder] C:\Users\Gerrit Lamade\appdata\local\{B4344920-6934-4767-BDA6-FB3DD6EF81F4}
Successfully deleted: [Empty Folder] C:\Users\Gerrit Lamade\appdata\local\{B5273F53-73B6-46C1-BEC2-329CB1AB6713}
Successfully deleted: [Empty Folder] C:\Users\Gerrit Lamade\appdata\local\{B7D63159-975A-4EAD-BDE0-ECE041507990}
Successfully deleted: [Empty Folder] C:\Users\Gerrit Lamade\appdata\local\{B8D8543F-1FB6-4101-8E16-640720FEF63F}
Successfully deleted: [Empty Folder] C:\Users\Gerrit Lamade\appdata\local\{BE6ED236-5279-4AF6-A8A7-6371C4486A53}
Successfully deleted: [Empty Folder] C:\Users\Gerrit Lamade\appdata\local\{C25BBEAB-5142-4818-904D-6F18A5C83268}
Successfully deleted: [Empty Folder] C:\Users\Gerrit Lamade\appdata\local\{C263E0C8-6F05-42C7-87F9-46D21B1CBF80}
Successfully deleted: [Empty Folder] C:\Users\Gerrit Lamade\appdata\local\{C729B94D-8A43-4122-8265-27D155F0661D}
Successfully deleted: [Empty Folder] C:\Users\Gerrit Lamade\appdata\local\{C9851C6C-1B91-44EC-B5E3-A6775FA90DA7}
Successfully deleted: [Empty Folder] C:\Users\Gerrit Lamade\appdata\local\{CA0BBA8B-B9AE-4845-90F9-E2F87AF4298A}
Successfully deleted: [Empty Folder] C:\Users\Gerrit Lamade\appdata\local\{CB8D4333-64D6-4F58-8CA7-A139E95F7C15}
Successfully deleted: [Empty Folder] C:\Users\Gerrit Lamade\appdata\local\{D1C5E35C-D16B-47A1-848F-245FFEE0E58D}
Successfully deleted: [Empty Folder] C:\Users\Gerrit Lamade\appdata\local\{D9607F8F-D286-49FC-A556-7A0B20F95EEE}
Successfully deleted: [Empty Folder] C:\Users\Gerrit Lamade\appdata\local\{DABAD26F-C501-4049-B7B9-DCEC9412E7F3}
Successfully deleted: [Empty Folder] C:\Users\Gerrit Lamade\appdata\local\{DB3702EB-E0EE-41DB-B84E-C8F0286E37EE}
Successfully deleted: [Empty Folder] C:\Users\Gerrit Lamade\appdata\local\{DF5688EF-EB19-456A-8774-A17954B82D4B}
Successfully deleted: [Empty Folder] C:\Users\Gerrit Lamade\appdata\local\{E63C1D54-CF0E-427B-BA62-1955F351DCCB}
Successfully deleted: [Empty Folder] C:\Users\Gerrit Lamade\appdata\local\{E819AB9A-3ACF-4FA4-BCDA-DEF10CE2EA98}
Successfully deleted: [Empty Folder] C:\Users\Gerrit Lamade\appdata\local\{EA33A20F-F27C-4E5F-9ECC-66CD91541291}
Successfully deleted: [Empty Folder] C:\Users\Gerrit Lamade\appdata\local\{F4446CA5-26AC-4BEA-BA65-CA65CA5FBE82}
Successfully deleted: [Empty Folder] C:\Users\Gerrit Lamade\appdata\local\{FC2FBBFA-828E-43F9-B090-D352A0D21103}
Successfully deleted: [Empty Folder] C:\Users\Gerrit Lamade\appdata\local\{FD67FD8B-FA9C-4206-B0A2-E17F24B2762E}



~~~ FireFox

Successfully deleted: [File] C:\Users\Gerrit Lamade\AppData\Roaming\mozilla\firefox\profiles\qxttwuha.default\extensions\oneclickdownloader@oneclickdownloader.com.xpi
Emptied folder: C:\Users\Gerrit Lamade\AppData\Roaming\mozilla\firefox\profiles\qxttwuha.default\minidumps [4 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 18.03.2014 at 12:37:21,81
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
FRST log:


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Gerrit Lamade (administrator) on GERRITLAMADE-PC on 18-03-2014 12:39:15
Running from C:\Users\Gerrit Lamade\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(AVM Berlin) C:\Program Files (x86)\1&1\IGDCTRL.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
( ) C:\Windows\system32\lxdrcoms.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(NTI, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(Protexis Inc.) c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
() C:\Windows\SysWOW64\ieconfig_1und1_svc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Google Inc.) C:\Users\Gerrit Lamade\AppData\Local\Google\Update\1.3.22.5\GoogleCrashHandler.exe
(Google Inc.) C:\Users\Gerrit Lamade\AppData\Local\Google\Update\1.3.22.5\GoogleCrashHandler64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11101800 2010-07-29] (Realtek Semiconductor)
HKLM\...\Run: [Acer ePower Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [861216 2010-06-11] (Acer Incorporated)
HKLM\...\Run: [AmIcoSinglun64] - C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [324608 2010-06-10] (Alcor Micro Corp.)
HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\System32\LogiLDA.dll [1832760 2012-09-20] (Logitech, Inc.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-03-11] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-06] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-06] (Apple Inc.)
HKU\S-1-5-19\...\Run: [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-3766026839-3968851945-2601719143-1001\...\Run: [Google Update] - C:\Users\Gerrit Lamade\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2012-09-08] (Google Inc.)
HKU\S-1-5-21-3766026839-3968851945-2601719143-1001\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-3766026839-3968851945-2601719143-1001\...\Run: [ApplePhotoStreams] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-3766026839-3968851945-2601719143-1001\...\Policies\Explorer: [DisallowRun] 1

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.giga.de/
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.myheritage.com
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=horus
BHO: V-bates - {21EAF666-26B3-4a3c-ABD0-CA2F5A326744} - C:\Program Files\V-bates\Extension64.dll No File
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Lexmark  - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()
BHO-x32: 1&&1 Internet AG Browser Configuration by mquadr.at - {D48FF4B4-E68F-47D1-8E25-81A0F0EEB341} - C:\Windows\SysWow64\ieconfig_1und1.dll (mquadr.at software engineering und consulting GmbH)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
DPF: HKLM-x32 {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} hxxp://www.myheritage.de/Genoogle/Components/ActiveX/SearchEngineQuery.dll
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 10 C:\Program Files (x86)\1&1\\sarah.dll [24880] (AVM Berlin)
Winsock: Catalog9 02 C:\Program Files (x86)\1&1\\sarah.dll [24880] (AVM Berlin)
Winsock: Catalog9 03 C:\Program Files (x86)\1&1\\sarah.dll [24880] (AVM Berlin)
Winsock: Catalog9 04 C:\Program Files (x86)\1&1\\sarah.dll [24880] (AVM Berlin)
Winsock: Catalog9 23 C:\Program Files (x86)\1&1\\sarah.dll [24880] (AVM Berlin)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Gerrit Lamade\AppData\Roaming\Mozilla\Firefox\Profiles\qxttwuha.default
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_37 - C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Gerrit Lamade\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Gerrit Lamade\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
FF Extension: Amazon-Icon - C:\Users\Gerrit Lamade\AppData\Roaming\Mozilla\Firefox\Profiles\qxttwuha.default\Extensions\amazon-icon@giga.de [2013-12-13]
FF Extension: Adblock Plus - C:\Users\Gerrit Lamade\AppData\Roaming\Mozilla\Firefox\Profiles\qxttwuha.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-09-07]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012-09-10]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2012-10-18]

Chrome: 
=======
CHR DefaultSearchURL: https://www.google.com/search?q={searchTerms}&ie=utf-8&oe=utf-8&aq=t&q={searchTerms}&ie=utf-8&oe=utf-8&aq=t&channel=fflb&q={searchTerms}&ie=utf-8&oe=utf-8&aq=t&channel=rcs
CHR DefaultNewTabURL: 
CHR Extension: (Google Docs) - C:\Users\Gerrit Lamade\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-17]
CHR Extension: (Google Drive) - C:\Users\Gerrit Lamade\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-17]
CHR Extension: (YouTube) - C:\Users\Gerrit Lamade\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-17]
CHR Extension: (Google-Suche) - C:\Users\Gerrit Lamade\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-17]
CHR Extension: (Amazon-Icon) - C:\Users\Gerrit Lamade\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkcedibhemacmilmkpndpkoidlnmgngg [2013-12-13]
CHR Extension: (Google Wallet) - C:\Users\Gerrit Lamade\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Google Mail) - C:\Users\Gerrit Lamade\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-17]
CHR HKLM-x32\...\Chrome\Extension: [mkcedibhemacmilmkpndpkoidlnmgngg] - C:\Users\Gerrit Lamade\ChromeExtensions\mkcedibhemacmilmkpndpkoidlnmgngg\amazon.crx [2013-12-13]

==================== Services (Whitelisted) =================

R2 AntiVirFirewallService; C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe [1012280 2013-12-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe [896592 2014-03-11] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-03-11] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-03-11] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1017424 2014-03-11] (Avira Operations GmbH & Co. KG)
R2 IGDCTRL; C:\Program Files (x86)\1&1\IGDCTRL.EXE [87344 2007-10-25] (AVM Berlin)
R2 lxdr_device; C:\Windows\system32\lxdrcoms.exe [1040552 2008-05-16] ( )
S4 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-05-27] (Egis Technology Inc.)
R2 NTISchedulerSvc; C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [144640 2010-04-17] (NTI, Inc.)
R2 serviceIEConfig; C:\Windows\SysWOW64\ieconfig_1und1_svc.exe [1053848 2011-06-16] ()

==================== Drivers (Whitelisted) ====================

R3 avfwim; C:\Windows\System32\DRIVERS\avfwim.sys [114608 2013-02-12] (Avira GmbH)
R1 avfwot; C:\Windows\System32\DRIVERS\avfwot.sys [141376 2013-02-12] (Avira GmbH)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] ()
S3 AmUStor; \SystemRoot\system32\drivers\AmUStor.SYS [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-18 12:37 - 2014-03-18 12:37 - 00010800 _____ () C:\Users\Gerrit Lamade\Desktop\JRT.txt
2014-03-18 12:31 - 2014-03-18 12:31 - 00000000 ____D () C:\Windows\ERUNT
2014-03-18 12:20 - 2014-03-18 12:27 - 00000000 ____D () C:\AdwCleaner
2014-03-18 12:18 - 2014-03-18 12:18 - 01950720 _____ () C:\Users\Gerrit Lamade\Downloads\adwcleaner.exe
2014-03-18 12:18 - 2014-03-18 12:18 - 01037734 _____ (Thisisu) C:\Users\Gerrit Lamade\Downloads\JRT.exe
2014-03-18 12:18 - 2014-03-18 12:18 - 00001125 _____ () C:\Users\Gerrit Lamade\Desktop\PC Speed Maximizer.lnk
2014-03-18 12:16 - 2014-03-18 12:16 - 00685456 _____ () C:\Users\Gerrit Lamade\Downloads\ZipExtractorSetup.exe
2014-03-18 11:50 - 2014-03-18 12:06 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-03-18 11:50 - 2014-03-18 11:50 - 00119000 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-18 11:49 - 2014-03-18 12:06 - 00000000 ____D () C:\Users\Gerrit Lamade\Desktop\mbar
2014-03-18 11:49 - 2014-03-18 11:49 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-18 11:48 - 2014-03-18 11:49 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Gerrit Lamade\Downloads\mbar-1.07.0.1009.exe
2014-03-18 09:40 - 2014-03-18 09:40 - 00028800 _____ () C:\Users\Gerrit Lamade\Downloads\FRSTscan 18.03.2014.txt
2014-03-18 09:36 - 2014-03-18 09:39 - 00043146 _____ () C:\Users\Gerrit Lamade\Downloads\Addition.txt
2014-03-18 09:34 - 2014-03-18 12:39 - 00016055 _____ () C:\Users\Gerrit Lamade\Downloads\FRST.txt
2014-03-18 09:33 - 2014-03-18 12:39 - 00000000 ____D () C:\FRST
2014-03-18 09:32 - 2014-03-18 09:33 - 02157056 _____ (Farbar) C:\Users\Gerrit Lamade\Downloads\FRST64.exe
2014-03-17 17:56 - 2014-03-17 17:56 - 00002255 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-17 17:55 - 2014-03-18 12:28 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-17 17:55 - 2014-03-18 12:00 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-17 17:55 - 2014-03-17 17:55 - 00004120 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-17 17:55 - 2014-03-17 17:55 - 00003868 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-17 17:54 - 2014-03-17 17:56 - 00000000 ____D () C:\Program Files (x86)\Google
2014-03-17 17:54 - 2014-03-17 17:54 - 00847848 _____ (Google Inc.) C:\Users\Gerrit Lamade\Downloads\ChromeSetup.exe
2014-03-13 21:31 - 2014-02-07 02:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-13 21:31 - 2014-02-04 03:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-13 21:31 - 2014-02-04 03:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-13 21:31 - 2014-02-04 03:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-13 21:31 - 2014-02-04 03:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-13 21:31 - 2014-01-29 03:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-13 21:31 - 2014-01-29 03:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-13 21:31 - 2014-01-28 03:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-04 20:46 - 2014-03-04 20:46 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-01 11:34 - 2014-03-18 12:28 - 00002520 _____ () C:\Windows\setupact.log
2014-03-01 11:34 - 2014-03-01 11:34 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-20 22:44 - 2014-02-20 22:44 - 00001787 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-02-20 22:42 - 2014-02-20 22:43 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-02-20 22:42 - 2014-02-20 22:42 - 00000000 ____D () C:\Program Files\iPod
2014-02-16 15:16 - 2014-02-16 15:16 - 00016192 _____ () C:\Users\Gerrit Lamade\AppData\Local\recently-used.xbel

==================== One Month Modified Files and Folders =======

2014-03-18 12:39 - 2014-03-18 09:34 - 00016055 _____ () C:\Users\Gerrit Lamade\Downloads\FRST.txt
2014-03-18 12:39 - 2014-03-18 09:33 - 00000000 ____D () C:\FRST
2014-03-18 12:37 - 2014-03-18 12:37 - 00010800 _____ () C:\Users\Gerrit Lamade\Desktop\JRT.txt
2014-03-18 12:36 - 2009-07-14 05:45 - 00017376 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-18 12:36 - 2009-07-14 05:45 - 00017376 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-18 12:31 - 2014-03-18 12:31 - 00000000 ____D () C:\Windows\ERUNT
2014-03-18 12:28 - 2014-03-17 17:55 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-18 12:28 - 2014-03-01 11:34 - 00002520 _____ () C:\Windows\setupact.log
2014-03-18 12:28 - 2011-06-13 14:21 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2014-03-18 12:28 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-18 12:27 - 2014-03-18 12:20 - 00000000 ____D () C:\AdwCleaner
2014-03-18 12:27 - 2011-01-08 16:29 - 01998582 _____ () C:\Windows\WindowsUpdate.log
2014-03-18 12:19 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\tracing
2014-03-18 12:18 - 2014-03-18 12:18 - 01950720 _____ () C:\Users\Gerrit Lamade\Downloads\adwcleaner.exe
2014-03-18 12:18 - 2014-03-18 12:18 - 01037734 _____ (Thisisu) C:\Users\Gerrit Lamade\Downloads\JRT.exe
2014-03-18 12:18 - 2014-03-18 12:18 - 00001125 _____ () C:\Users\Gerrit Lamade\Desktop\PC Speed Maximizer.lnk
2014-03-18 12:16 - 2014-03-18 12:16 - 00685456 _____ () C:\Users\Gerrit Lamade\Downloads\ZipExtractorSetup.exe
2014-03-18 12:08 - 2012-09-08 20:22 - 00001152 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3766026839-3968851945-2601719143-1001UA.job
2014-03-18 12:06 - 2014-03-18 11:50 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-03-18 12:06 - 2014-03-18 11:49 - 00000000 ____D () C:\Users\Gerrit Lamade\Desktop\mbar
2014-03-18 12:00 - 2014-03-17 17:55 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-18 11:53 - 2012-09-08 20:02 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-18 11:50 - 2014-03-18 11:50 - 00119000 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-18 11:49 - 2014-03-18 11:49 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-18 11:49 - 2014-03-18 11:48 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Gerrit Lamade\Downloads\mbar-1.07.0.1009.exe
2014-03-18 09:40 - 2014-03-18 09:40 - 00028800 _____ () C:\Users\Gerrit Lamade\Downloads\FRSTscan 18.03.2014.txt
2014-03-18 09:39 - 2014-03-18 09:36 - 00043146 _____ () C:\Users\Gerrit Lamade\Downloads\Addition.txt
2014-03-18 09:33 - 2014-03-18 09:32 - 02157056 _____ (Farbar) C:\Users\Gerrit Lamade\Downloads\FRST64.exe
2014-03-18 05:31 - 2013-06-02 07:57 - 00177758 _____ () C:\Windows\PFRO.log
2014-03-18 05:31 - 2012-09-08 20:23 - 00002255 _____ () C:\Users\Gerrit Lamade\Desktop\Google Chrome.lnk
2014-03-17 22:06 - 2013-05-07 17:26 - 00000000 ____D () C:\Users\Gerrit Lamade\AppData\Local\Firestorm
2014-03-17 17:56 - 2014-03-17 17:56 - 00002255 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-17 17:56 - 2014-03-17 17:54 - 00000000 ____D () C:\Program Files (x86)\Google
2014-03-17 17:55 - 2014-03-17 17:55 - 00004120 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-17 17:55 - 2014-03-17 17:55 - 00003868 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-17 17:54 - 2014-03-17 17:54 - 00847848 _____ (Google Inc.) C:\Users\Gerrit Lamade\Downloads\ChromeSetup.exe
2014-03-16 13:08 - 2012-09-08 20:22 - 00001100 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3766026839-3968851945-2601719143-1001Core.job
2014-03-14 15:43 - 2011-01-09 01:21 - 00652000 _____ () C:\Windows\system32\perfh007.dat
2014-03-14 15:43 - 2011-01-09 01:21 - 00136924 _____ () C:\Windows\system32\perfc007.dat
2014-03-14 15:43 - 2009-07-14 06:13 - 01494422 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-14 05:33 - 2013-06-02 07:57 - 00375168 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-14 05:32 - 2012-05-10 07:12 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-14 05:32 - 2010-11-19 04:46 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-11 18:53 - 2012-09-08 20:02 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-11 18:53 - 2012-09-08 20:02 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-11 18:53 - 2012-09-08 20:02 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-10 07:33 - 2011-05-10 21:34 - 00000000 ____D () C:\Bilder
2014-03-05 05:31 - 2009-07-14 06:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-03-04 20:46 - 2014-03-04 20:46 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-04 20:46 - 2011-05-09 17:58 - 00000000 ____D () C:\ProgramData\Skype
2014-03-01 11:34 - 2014-03-01 11:34 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-28 23:18 - 2011-05-09 17:36 - 01468702 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-20 22:44 - 2014-02-20 22:44 - 00001787 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-02-20 22:43 - 2014-02-20 22:42 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-02-20 22:43 - 2011-09-20 10:06 - 00000000 ____D () C:\Program Files\iTunes
2014-02-20 22:43 - 2011-08-14 22:01 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-02-20 22:42 - 2014-02-20 22:42 - 00000000 ____D () C:\Program Files\iPod
2014-02-20 22:31 - 2011-05-19 21:53 - 00000000 ____D () C:\ProgramData\Apple
2014-02-19 09:15 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-02-16 22:48 - 2013-07-28 21:17 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-16 22:46 - 2011-06-05 16:34 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-16 15:16 - 2014-02-16 15:16 - 00016192 _____ () C:\Users\Gerrit Lamade\AppData\Local\recently-used.xbel
2014-02-16 15:16 - 2012-07-19 19:49 - 00000000 ____D () C:\Users\Gerrit Lamade\.gimp-2.8
2014-02-16 13:03 - 2012-09-08 20:22 - 00004138 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3766026839-3968851945-2601719143-1001UA
2014-02-16 13:03 - 2012-09-08 20:22 - 00003742 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3766026839-3968851945-2601719143-1001Core

Some content of TEMP:
====================
C:\Users\Gerrit Lamade\AppData\Local\Temp\avgnt.exe
C:\Users\Gerrit Lamade\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-10 21:05

==================== End Of Log ============================
         
--- --- ---

--- --- ---

Alt 18.03.2014, 13:22   #9
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
BKA Trojaner aktuelle Infizierung - Standard

BKA Trojaner aktuelle Infizierung



Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes Anti-Malware (MBAM)

Hinweis: Denk bitte vorher daran, Malwarebytes Anti-Malware über den Updatebutton zu aktualisieren!

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 18.03.2014, 13:35   #10
berufspyroma
 
BKA Trojaner aktuelle Infizierung - Standard

BKA Trojaner aktuelle Infizierung



Doch noch nicht durch:

logfile
Code:
ATTFilter
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2014.03.18.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Gerrit Lamade :: GERRITLAMADE-PC [Administrator]

18.03.2014 13:29:21
MBAM-log-2014-03-18 (13-34-26).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 218494
Laufzeit: 4 Minute(n), 44 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Users\Gerrit Lamade\AppData\Local\Temp\is1590112554\24408497_stp\BuenoSearchTB.exe (PUP.Optional.ToolBarInstaller.A) -> Keine Aktion durchgeführt.
C:\Users\Gerrit Lamade\AppData\Local\Temp\is1590112554\24408671_stp\MegaBrowseSetup.exe (PUP.Optional.MegaBrowse.A) -> Keine Aktion durchgeführt.

(Ende)
         

Alt 18.03.2014, 13:37   #11
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
BKA Trojaner aktuelle Infizierung - Standard

BKA Trojaner aktuelle Infizierung



Das sind doch nur Reste in Temp. Mach bitte mit ESET weiter
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu BKA Trojaner aktuelle Infizierung
aktiv, aktuelle, anti, anti malware, avira, bka 1.18, bka trojaner, browser, compu, computer, eingefangen, gefangen, gen, infizierung, laufe, laufen, malwarebytes, offen, scans, troja, trojaner, trojaner eingefangen



Ähnliche Themen: BKA Trojaner aktuelle Infizierung


  1. Windows 7/Verdacht auf Infizierung mit BKA-Trojaner u.a.
    Log-Analyse und Auswertung - 23.12.2013 (2)
  2. GVU Trojaner Infizierung
    Plagegeister aller Art und deren Bekämpfung - 18.03.2013 (14)
  3. Infizierung durch Matsnu Trojaner von Groupon
    Plagegeister aller Art und deren Bekämpfung - 17.03.2013 (11)
  4. Bundespolizei Trojaner-Infizierung und Löschung.?
    Plagegeister aller Art und deren Bekämpfung - 29.10.2012 (26)
  5. GVU Trojaner / Infizierung / Logfiles
    Log-Analyse und Auswertung - 26.10.2012 (18)
  6. Infizierung mit einem Trojaner
    Plagegeister aller Art und deren Bekämpfung - 05.09.2012 (12)
  7. Bundespolizei Trojaner-Infizierung und Löschung.?
    Log-Analyse und Auswertung - 22.07.2012 (2)
  8. OTL-Logfile-Auswertung nach GVU-Trojaner-Infizierung
    Log-Analyse und Auswertung - 09.07.2012 (2)
  9. Infizierung mit locked-Trojaner
    Log-Analyse und Auswertung - 12.06.2012 (31)
  10. Infizierung durch Trojaner?
    Log-Analyse und Auswertung - 21.01.2011 (46)
  11. Falsches AV bzw. Defender meldete sich, aktuelle Infizierung?
    Plagegeister aller Art und deren Bekämpfung - 22.12.2010 (7)
  12. Malware oder Trojaner infizierung
    Log-Analyse und Auswertung - 19.08.2010 (6)
  13. Umfrage: Aktuelle (!) Trojaner
    Plagegeister aller Art und deren Bekämpfung - 29.09.2006 (9)
  14. Was tun gegen Trojaner-Infizierung?
    Plagegeister aller Art und deren Bekämpfung - 25.06.2006 (3)
  15. Übersicht über aktuelle Trojaner
    Plagegeister aller Art und deren Bekämpfung - 27.02.2005 (2)
  16. Die aktuelle Trojaner-Lage - bin hilflos
    Plagegeister aller Art und deren Bekämpfung - 17.05.2004 (6)

Zum Thema BKA Trojaner aktuelle Infizierung - Ich habe mir gerade den BKA Trojaner eingefangen, Browser ist noch offen , Computer noch aktiv: URL des Trojaners hxxp://alert.security130000000173.com/70F69732B73579D444B62CBB50E8F5F1 derzeit laufen Scans mit Avira und Malwarebytes anti Malware - BKA Trojaner aktuelle Infizierung...
Archiv
Du betrachtest: BKA Trojaner aktuelle Infizierung auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.