Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: PUP Crossrider von Malwarebytes entdeckt

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 07.07.2014, 21:06   #1
eddie_88
 
PUP Crossrider von Malwarebytes entdeckt - Standard

PUP Crossrider von Malwarebytes entdeckt



Hallo,

ich habe mir bereits einmal von euch helfen lassen. Vielen Dank nochmal dafür.

Eben hat mein Malwarebytes einen PUP gefunden. Mit Malwarebytes kriege ich den nicht komplett weg. Ich würde mich sehr über Hilfestellungen freuen! Hier die log-file:

Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 07.07.2014
Suchlauf-Zeit: 20:57:19
Logdatei: pup.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.07.07.08
Rootkit Datenbank: v2014.07.03.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x86
Dateisystem: NTFS
Benutzer: Christian

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 302779
Verstrichene Zeit: 28 Min, 7 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Warnen
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 0
(No malicious items detected)

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 1
PUP.Optional.CrossRider.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\uh5auo9h.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.crossrider.bic", "146f7c28c047f9732b121e817c27515e"), Ersetzt,[793b5745ed8e3cfaa6b518ad25df51af]

Physische Sektoren: 0
(No malicious items detected)


(end)

Alt 08.07.2014, 05:56   #2
schrauber
/// the machine
/// TB-Ausbilder
 

PUP Crossrider von Malwarebytes entdeckt - Standard

PUP Crossrider von Malwarebytes entdeckt



hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 08.07.2014, 07:38   #3
eddie_88
 
PUP Crossrider von Malwarebytes entdeckt - Standard

PUP Crossrider von Malwarebytes entdeckt



Danke, hier die Log-files:


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:05-07-2014 01
Ran by Christian (administrator) on CHRISTIAN-PC on 08-07-2014 08:31:46
Running from C:\Users\Christian\Downloads
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(Lenovo) C:\Windows\System32\ibmpmsvc.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Lenovo) C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Lenovo) C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Lenovo) C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(National Instruments Corporation) C:\Windows\System32\nipalsm.exe
(National Instruments Corporation) C:\Windows\System32\nipalsm.exe
(Lenovo) C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Lenovo) C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\System Update\SUService.exe
(Lenovo.) C:\Windows\System32\TPHDEXLG.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_14_0_0_125.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_14_0_0_125.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [cssauth] => C:\Program Files\Lenovo\Client Security Solution\cssauth.exe [3093816 2009-03-04] (Lenovo Group Limited)
HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [181536 2009-02-02] (Lenovo.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [750160 2014-06-26] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [AMD AVT] => C:\Program Files\AMD AVT\bin\kdbsync.exe [20992 2012-03-19] ()
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [187984 2014-06-30] (Avira Operations GmbH & Co. KG)
HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [280576 2013-05-01] (Microsoft Corporation)
HKU\S-1-5-21-3407049698-559278020-2232788308-1003\...\MountPoints2: {7c1322fb-ffae-11e3-a33b-00247e6ea802} - D:\Startme.exe
Lsa: [Notification Packages] scecli ACGina
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com/search?q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://www.bing.com/search?q={searchTerms}
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = 
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
BHO: IePasswordManagerHelper Class - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: DVDVideoSoft IE Extension - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
Toolbar: HKLM - Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\uh5auo9h.default
FF NewTab: chrome://quick_start/content/index.html
FF DefaultSearchEngine: www.google.de
FF SearchEngineOrder.1: www.google.de
FF SearchEngineOrder.2: www.google.de
FF SelectedSearchEngine: www.google.de
FF Homepage: hxxp://www.tagesschau.de/
FF Keyword.URL: www.google.de
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_125.dll ()
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll No File
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Avira Browser Safety - C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\uh5auo9h.default\Extensions\abs@avira.com [2014-07-02]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-09-29]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff
FF Extension: Download videos and MP3s from YouTube - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff [2012-12-28]

Chrome: 
=======
CHR HomePage: hxxp://www.tagesschau.de/
CHR RestoreOnStartup: "hxxp://www.google.com"
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Christian\AppData\Local\Google\Chrome\Application\30.0.1599.69\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Christian\AppData\Local\Google\Chrome\Application\30.0.1599.69\pdf.dll No File
CHR Plugin: (Shockwave Flash) - C:\Users\Christian\AppData\Local\Google\Chrome\Application\30.0.1599.69\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.140.8) - C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U14) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll No File
CHR Plugin: (DivX Plus Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Musicnotes) - C:\Program Files\Musicnotes\npmusicn.dll No File
CHR Plugin: (ScorchPlugin) - C:\Program Files\Musicnotes\npsibelius.dll No File
CHR Plugin: (MetaStream 3 Plugin) - C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (YouTube) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-01-14]
CHR Extension: (Google-Suche) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-01-14]
CHR Extension: (New Tab) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnpmlnedpdikbgdghljdepnljfpkhccn [2013-03-04]
CHR Extension: (AdBlock) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-09-15]
CHR Extension: (DVDVideoSoft Browser Extension) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp [2013-01-06]
CHR Extension: (Chrome In-App Payments service) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-14]
CHR Extension: (Google Mail) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-01-14]
CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [2012-12-28]

========================== Services (Whitelisted) =================

S3 ADMonitor; C:\Windows\system32\ADMonitor.exe [106496 2008-10-26] () [File not signed]
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [430160 2014-06-26] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [430160 2014-06-26] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe [1039952 2014-05-27] (Avira Operations GmbH & Co. KG)
S4 ApRunSvc; C:\Program Files\Apoint2K\ApRunSvc.exe [36864 2007-07-23] ()
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [138832 2014-06-30] (Avira Operations GmbH & Co. KG)
S4 dtsvc; C:\Windows\system32\DTS.exe [98304 2008-10-26] () [File not signed]
R2 EvtEng; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [864256 2009-02-11] (Intel(R) Corporation) [File not signed]
S4 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S4 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [103808 2008-01-22] ()
R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [270336 2001-02-23] (Microsoft Corporation) [File not signed]
S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [45272 2005-10-14] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [204800 2009-02-11] () [File not signed]
R2 nidevldu; C:\Windows\System32\nipalsm.exe [5730 2003-11-14] (National Instruments Corporation) [File not signed]
S4 NILM License manager; C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe [609280 2004-02-25] (Macrovision Corporation) [File not signed]
R2 nipxirmu; C:\Windows\System32\nipalsm.exe [5730 2003-11-14] (National Instruments Corporation) [File not signed]
S4 niSvcLoc; C:\Windows\system32\niSvcLoc.exe [49152 2003-04-30] (National Instruments) [File not signed]
S4 OpcEnum; C:\Windows\system32\OpcEnum.exe [60416 1998-10-02] () [File not signed]
S2 OpenSSHd; C:\Program Files\OpenSSH\bin\cygrunsrv.exe [36864 2004-04-18] () [File not signed]
R2 RegSrvc; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [466944 2009-02-11] (Intel(R) Corporation) [File not signed]
S4 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software)
R2 SUService; C:\Program Files\Lenovo\System Update\SUService.exe [15872 2009-09-24] (Lenovo Group Limited) [File not signed]
R2 TSSCoreService; C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe [779576 2009-03-04] (Lenovo)
S4 TVT Backup Protection Service; C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe [520192 2008-05-24] () [File not signed]
S2 TVT Backup Service; C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe [950272 2008-05-24] (Lenovo Group Limited) [File not signed]
S2 TVT Scheduler; c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe [1155072 2008-05-24] (Lenovo Group Limited) [File not signed]
S4 TVT_UpdateMonitor; C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe [360448 2008-10-09] (Lenovo Group Limited) [File not signed]
R2 vpnagent; C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [558480 2013-10-10] (Cisco Systems, Inc.)
S2 vToolbarUpdater17.0.12; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe [X]

==================== Drivers (Whitelisted) ====================

S3 acsock; C:\Windows\System32\DRIVERS\acsock.sys [92528 2013-10-10] (Cisco Systems, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [97648 2014-06-26] (Avira Operations GmbH & Co. KG)
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [37664 2013-10-13] (AVG Technologies)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-05-27] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-09-30] (Avira Operations GmbH & Co. KG)
R2 cvintdrv; C:\Windows\system32\Drivers\cvintdrv.sys [7140 2003-07-29] () [File not signed]
S3 FTD2XX; C:\Windows\System32\Drivers\FTD2XX.sys [19458 2001-10-02] (FTDI Ltd.) [File not signed]
S3 gpibclsb; C:\Windows\System32\Drivers\gpibclsb.sys [56904 2002-07-17] () [File not signed]
S3 gpibclsd; C:\Windows\System32\Drivers\gpibclsd.sys [34664 2002-07-17] () [File not signed]
R2 lvalarmk; C:\Windows\System32\drivers\lvalarmk.dll [10829 2004-04-01] (National Instruments) [File not signed]
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-07-08] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation)
R2 niarbk; C:\Windows\System32\drivers\niarbk.dll [37376 2004-04-08] (National Instruments Corporation) [File not signed]
R2 nibffrk; C:\Windows\System32\drivers\nibffrk.dll [21504 2004-04-08] (National Instruments Corporation) [File not signed]
R3 nicdrk; C:\Windows\System32\drivers\nicdrk.dll [128112 2004-03-30] (National Instruments Corporation) [File not signed]
R2 Nidaq32k; C:\Windows\system32\Drivers\Nidaq32k.sys [674304 2004-04-08] (National Instruments Corporation) [File not signed]
R2 nidimk; C:\Windows\System32\drivers\nidimk.dll [108124 2004-03-26] (National Instruments Corporation) [File not signed]
R2 nidmmk; C:\Windows\System32\drivers\nidmmk.dll [50688 2004-04-08] (National Instruments Corporation) [File not signed]
R2 nidmxfk; C:\Windows\System32\drivers\nidmxfk.dll [128117 2004-03-30] (National Instruments Corporation) [File not signed]
S3 nidsark; C:\Windows\System32\drivers\nidsark.dll [636522 2004-03-30] (National Instruments Corporation) [File not signed]
S3 niesrk; C:\Windows\System32\drivers\niesrk.dll [508523 2004-04-05] (National Instruments Corporation) [File not signed]
R2 nilvaik; C:\Windows\System32\drivers\nilvaik.dll [18037 2004-04-01] (National Instruments Corporation) [File not signed]
R3 nimdbgk; C:\Windows\System32\drivers\nimdbgk.dll [133227 2004-03-26] (National Instruments Corporation) [File not signed]
R2 nimdsk; C:\Windows\System32\drivers\nimdsk.dll [30208 2004-04-08] (National Instruments Corporation) [File not signed]
R3 nimru2k; C:\Windows\System32\drivers\nimru2k.dll [130141 2004-03-26] (National Instruments Corporation) [File not signed]
S3 nimsdrk; C:\Windows\System32\drivers\nimsdrk.dll [73346 2004-04-05] (National Instruments Corporation) [File not signed]
S3 nimslk; C:\Windows\System32\drivers\nimslk.dll [14464 2004-04-05] (National Instruments Corporation) [File not signed]
S3 nimsrlk; C:\Windows\System32\drivers\nimsrlk.dll [151683 2004-04-05] (National Instruments Corporation) [File not signed]
R3 nimstsk; C:\Windows\System32\drivers\nimstsk.dll [44149 2004-04-05] (National Instruments Corporation) [File not signed]
R3 nimxdfk; C:\Windows\System32\drivers\nimxdfk.dll [172639 2004-03-26] (National Instruments Corporation) [File not signed]
R2 nimxpk; C:\Windows\System32\drivers\nimxpk.dll [19570 2004-03-29] (National Instruments Corporation) [File not signed]
R3 niorbk; C:\Windows\System32\drivers\niorbk.dll [35420 2004-03-31] (National Instruments Corporation) [File not signed]
R0 NIPALK; C:\Windows\system32\Drivers\NIPALK.sys [373853 2004-03-26] (National Instruments Corporation) [File not signed]
R2 nipxirmk; C:\Windows\System32\drivers\nipxirmk.dll [41071 2004-03-15] (National Instruments Corporation) [File not signed]
R3 niscdk; C:\Windows\System32\drivers\niscdk.dll [385642 2004-03-30] (National Instruments Corporation) [File not signed]
S3 nisdigk; C:\Windows\System32\drivers\nisdigk.dll [203893 2004-04-04] (National Instruments Corporation) [File not signed]
S3 nispdk; C:\Windows\System32\drivers\nispdk.dll [67178 2004-03-30] () [File not signed]
S3 nissrk; C:\Windows\System32\drivers\nissrk.dll [393323 2004-04-05] (National Instruments Corporation) [File not signed]
S3 nistc2k; C:\Windows\System32\drivers\nistc2k.dll [121461 2004-03-30] (National Instruments Corporation) [File not signed]
R2 nistck; C:\Windows\System32\drivers\nistck.dll [111616 2004-04-08] (National Instruments Corporation) [File not signed]
S3 nistcrk; C:\Windows\System32\drivers\nistcrk.dll [81529 2004-04-04] (National Instruments Corporation) [File not signed]
R2 niswdk; C:\Windows\System32\drivers\niswdk.dll [341101 2004-03-31] (National Instruments Corporation) [File not signed]
S3 nitiork; C:\Windows\System32\drivers\nitiork.dll [1193593 2004-04-05] (National Instruments Corporation) [File not signed]
S3 NiViPxiK; C:\Windows\system32\Drivers\NiViPxiK.sys [24064 2004-03-30] (National Instruments) [File not signed]
S3 niwfrk; C:\Windows\System32\drivers\niwfrk.dll [285803 2004-04-05] (National Instruments Corporation) [File not signed]
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1754368 2008-11-25] ()
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-09-30] (Avira GmbH)
R2 tvtfilter; C:\Windows\System32\DRIVERS\tvtfilter.sys [33536 2009-08-04] (Lenovo) [File not signed]
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva-6.sys [43376 2013-10-10] (Cisco Systems, Inc.)
S2 eamonm; system32\DRIVERS\eamonm.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 PCDSRVC{C4B36920-79E24793-06000000}_0; \??\c:\progra~1\pc-doc~1\pcdsrvc.pkms [X]
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-08 08:31 - 2014-07-08 08:33 - 00025135 _____ () C:\Users\Christian\Downloads\FRST.txt
2014-07-08 08:31 - 2014-07-08 08:31 - 01074688 _____ (Farbar) C:\Users\Christian\Downloads\FRST.exe
2014-07-08 08:31 - 2014-07-08 08:31 - 00000000 ____D () C:\FRST
2014-07-07 22:04 - 2014-07-07 22:04 - 00001381 _____ () C:\Users\Christian\Desktop\pup.txt
2014-07-04 09:15 - 2014-07-04 09:15 - 00067868 _____ () C:\Users\Public\Documents\AccConnAdvanced.dat
2014-07-04 09:15 - 2014-07-04 09:15 - 00061950 _____ () C:\Users\Public\Documents\ACGinaWinlogon.dat
2014-07-03 13:08 - 2014-07-03 13:08 - 00001168 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-07-03 13:08 - 2014-07-03 13:08 - 00001156 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-07-03 13:08 - 2014-07-03 13:08 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-07-02 23:07 - 2014-07-02 23:07 - 00001146 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-07-02 23:07 - 2014-07-02 23:07 - 00000000 ____D () C:\ProgramData\Package Cache
2014-07-02 23:03 - 2014-07-02 23:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-07-02 22:37 - 2014-07-02 22:37 - 00000000 __SHD () C:\Users\Christian\AppData\Local\EmieUserList
2014-07-02 22:37 - 2014-07-02 22:37 - 00000000 __SHD () C:\Users\Christian\AppData\Local\EmieSiteList
2014-07-02 22:08 - 2014-07-08 08:26 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-02 22:06 - 2014-07-02 22:06 - 00001111 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-07-02 22:06 - 2014-07-02 22:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-07-02 22:06 - 2014-07-02 22:06 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-07-02 22:06 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-02 22:06 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-02 18:20 - 2014-07-02 18:20 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-07-02 18:19 - 2014-07-02 22:37 - 00000000 ____D () C:\Windows\AF54923662584AC6A0435B5B89C6EB61.TMP
2014-07-02 18:19 - 2014-07-02 18:19 - 00000000 ____D () C:\Program Files\Common Files\Wise Installation Wizard
2014-07-02 17:47 - 2014-07-02 17:47 - 00000000 ____D () C:\Program Files\003
2014-07-02 17:46 - 2014-07-06 23:51 - 00000000 ____D () C:\Program Files\globalUpdate
2014-07-02 17:46 - 2014-07-02 17:46 - 00000000 ____D () C:\Users\Christian\AppData\Local\globalUpdate
2014-06-29 19:32 - 2014-06-29 19:32 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_ggsemc_01009.Wdf
2014-06-29 19:32 - 2014-06-29 19:32 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_ggflt_01009.Wdf
2014-06-29 19:21 - 2014-06-29 19:21 - 01461992 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01009.dll
2014-06-29 19:21 - 2014-06-29 19:21 - 00025200 _____ (Sony Ericsson Mobile Communications) C:\Windows\system32\Drivers\ggsemc.sys
2014-06-29 19:21 - 2014-06-29 19:21 - 00012400 _____ (Sony Ericsson Mobile Communications) C:\Windows\system32\Drivers\ggflt.sys
2014-06-29 19:20 - 2014-06-29 19:20 - 00000000 ____D () C:\ProgramData\Sony Mobile
2014-06-29 19:20 - 2014-06-29 19:20 - 00000000 ____D () C:\Program Files\Sony Mobile
2014-06-29 19:18 - 2014-06-29 19:18 - 00000000 ____D () C:\ProgramData\Sony
2014-06-29 19:18 - 2014-06-29 19:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2014-06-29 19:18 - 2014-06-29 19:18 - 00000000 ____D () C:\Program Files\Sony
2014-06-23 11:04 - 2014-06-23 11:05 - 00000000 ____D () C:\Users\Christian\Desktop\Numerics
2014-06-20 10:49 - 2014-06-20 10:50 - 00006517 _____ () C:\Users\Christian\prozessliste.txt
2014-06-18 10:52 - 2014-07-03 13:08 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-06-16 12:14 - 2014-06-16 12:14 - 00000000 ____D () C:\Users\Christian\AppData\Local\Adobe
2014-06-11 10:57 - 2014-06-08 10:48 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-11 10:57 - 2014-06-08 10:43 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-11 10:57 - 2014-05-30 11:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-11 10:57 - 2014-05-30 11:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-11 10:57 - 2014-05-30 11:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-11 10:57 - 2014-05-30 10:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-11 10:57 - 2014-05-30 10:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-11 10:57 - 2014-05-30 10:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-11 10:57 - 2014-05-30 10:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-11 10:57 - 2014-05-30 10:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-11 10:57 - 2014-05-30 10:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-11 10:57 - 2014-05-30 10:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-11 10:57 - 2014-05-30 10:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-11 10:57 - 2014-05-30 10:28 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-11 10:57 - 2014-05-30 10:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-11 10:57 - 2014-05-30 10:21 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-11 10:57 - 2014-05-30 10:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-11 10:57 - 2014-05-30 10:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-11 10:57 - 2014-05-30 10:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-11 10:57 - 2014-05-30 10:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-11 10:57 - 2014-05-30 10:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-11 10:57 - 2014-05-30 09:57 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-11 10:57 - 2014-05-30 09:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-11 10:57 - 2014-05-30 09:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-11 10:57 - 2014-05-30 09:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-11 10:57 - 2014-05-30 09:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-11 10:57 - 2014-05-30 09:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-11 10:57 - 2014-05-30 09:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-11 10:57 - 2014-05-30 09:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-11 10:57 - 2014-05-30 09:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-11 10:57 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-11 10:57 - 2014-04-05 04:25 - 01294272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-11 10:57 - 2014-04-05 04:24 - 00187840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-11 10:57 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-11 10:57 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-11 10:57 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-11 10:57 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll

==================== One Month Modified Files and Folders =======

2014-07-08 08:33 - 2014-07-08 08:31 - 00025135 _____ () C:\Users\Christian\Downloads\FRST.txt
2014-07-08 08:31 - 2014-07-08 08:31 - 01074688 _____ (Farbar) C:\Users\Christian\Downloads\FRST.exe
2014-07-08 08:31 - 2014-07-08 08:31 - 00000000 ____D () C:\FRST
2014-07-08 08:27 - 2010-03-20 14:26 - 01394379 _____ () C:\Windows\WindowsUpdate.log
2014-07-08 08:26 - 2014-07-02 22:08 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-08 08:24 - 2010-03-20 13:47 - 00000000 ____D () C:\Users\Christian
2014-07-08 08:21 - 2009-11-02 23:10 - 00001100 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-08 08:21 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-08 08:21 - 2009-07-14 06:39 - 14624261 _____ () C:\Windows\setupact.log
2014-07-08 00:04 - 2009-11-02 23:10 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-08 00:03 - 2013-10-14 22:12 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-07 23:48 - 2009-09-28 00:22 - 00000262 _____ () C:\Windows\Tasks\Auf Updates für Windows Live Toolbar prüfen.job
2014-07-07 22:45 - 2009-08-04 20:03 - 02018752 _____ () C:\Windows\system32\TPAPSLOG.LOG
2014-07-07 22:04 - 2014-07-07 22:04 - 00001381 _____ () C:\Users\Christian\Desktop\pup.txt
2014-07-07 20:47 - 2010-03-20 13:46 - 00022640 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-07 20:47 - 2010-03-20 13:46 - 00022640 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-06 23:51 - 2014-07-02 17:46 - 00000000 ____D () C:\Program Files\globalUpdate
2014-07-06 14:53 - 2010-03-20 14:11 - 00396938 _____ () C:\Windows\PFRO.log
2014-07-04 09:15 - 2014-07-04 09:15 - 00067868 _____ () C:\Users\Public\Documents\AccConnAdvanced.dat
2014-07-04 09:15 - 2014-07-04 09:15 - 00061950 _____ () C:\Users\Public\Documents\ACGinaWinlogon.dat
2014-07-04 09:15 - 2014-04-10 21:05 - 00005344 _____ () C:\Users\Public\Documents\AcIpConfig.dat
2014-07-04 09:15 - 2009-12-12 19:48 - 00067941 _____ () C:\Users\Public\Documents\AcSvc.dmp
2014-07-03 13:08 - 2014-07-03 13:08 - 00001168 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-07-03 13:08 - 2014-07-03 13:08 - 00001156 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-07-03 13:08 - 2014-07-03 13:08 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-07-03 13:08 - 2014-06-18 10:52 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-07-02 23:07 - 2014-07-02 23:07 - 00001146 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-07-02 23:07 - 2014-07-02 23:07 - 00000000 ____D () C:\ProgramData\Package Cache
2014-07-02 23:07 - 2014-07-02 23:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-07-02 23:07 - 2013-10-15 15:43 - 00000000 ____D () C:\Program Files\Avira
2014-07-02 23:07 - 2012-12-23 18:30 - 00000000 ____D () C:\ProgramData\Avira
2014-07-02 22:37 - 2014-07-02 22:37 - 00000000 __SHD () C:\Users\Christian\AppData\Local\EmieUserList
2014-07-02 22:37 - 2014-07-02 22:37 - 00000000 __SHD () C:\Users\Christian\AppData\Local\EmieSiteList
2014-07-02 22:37 - 2014-07-02 18:19 - 00000000 ____D () C:\Windows\AF54923662584AC6A0435B5B89C6EB61.TMP
2014-07-02 22:06 - 2014-07-02 22:06 - 00001111 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-07-02 22:06 - 2014-07-02 22:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-07-02 22:06 - 2014-07-02 22:06 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-07-02 22:06 - 2013-06-30 19:05 - 00000000 ____D () C:\Users\Christian\AppData\Roaming\Malwarebytes
2014-07-02 22:06 - 2013-06-30 19:05 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-02 22:06 - 2013-06-30 19:05 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-07-02 18:20 - 2014-07-02 18:20 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-07-02 18:19 - 2014-07-02 18:19 - 00000000 ____D () C:\Program Files\Common Files\Wise Installation Wizard
2014-07-02 17:48 - 2014-05-14 15:49 - 00002339 _____ () C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-07-02 17:48 - 2010-03-20 14:38 - 00001684 _____ () C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-07-02 17:47 - 2014-07-02 17:47 - 00000000 ____D () C:\Program Files\003
2014-07-02 17:46 - 2014-07-02 17:46 - 00000000 ____D () C:\Users\Christian\AppData\Local\globalUpdate
2014-07-01 14:55 - 2011-05-02 21:28 - 00000000 ___RD () C:\Users\Christian\Dropbox
2014-07-01 12:57 - 2011-05-02 21:26 - 00000000 ____D () C:\Users\Christian\AppData\Roaming\Dropbox
2014-07-01 12:56 - 2014-01-25 17:38 - 00000000 ____D () C:\Users\Christian\AppData\Roaming\DropboxMaster
2014-06-30 00:14 - 2009-08-04 19:47 - 00350054 _____ () C:\Windows\DPINST.LOG
2014-06-29 19:32 - 2014-06-29 19:32 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_ggsemc_01009.Wdf
2014-06-29 19:32 - 2014-06-29 19:32 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_ggflt_01009.Wdf
2014-06-29 19:21 - 2014-06-29 19:21 - 01461992 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01009.dll
2014-06-29 19:21 - 2014-06-29 19:21 - 00025200 _____ (Sony Ericsson Mobile Communications) C:\Windows\system32\Drivers\ggsemc.sys
2014-06-29 19:21 - 2014-06-29 19:21 - 00012400 _____ (Sony Ericsson Mobile Communications) C:\Windows\system32\Drivers\ggflt.sys
2014-06-29 19:20 - 2014-06-29 19:20 - 00000000 ____D () C:\ProgramData\Sony Mobile
2014-06-29 19:20 - 2014-06-29 19:20 - 00000000 ____D () C:\Program Files\Sony Mobile
2014-06-29 19:18 - 2014-06-29 19:18 - 00000000 ____D () C:\ProgramData\Sony
2014-06-29 19:18 - 2014-06-29 19:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2014-06-29 19:18 - 2014-06-29 19:18 - 00000000 ____D () C:\Program Files\Sony
2014-06-29 19:18 - 2009-08-04 19:55 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-06-26 12:19 - 2013-10-15 15:43 - 00097648 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-06-25 12:26 - 2010-03-20 14:36 - 01808244 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-23 11:05 - 2014-06-23 11:04 - 00000000 ____D () C:\Users\Christian\Desktop\Numerics
2014-06-22 20:53 - 2009-07-14 06:53 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-06-21 13:02 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-06-20 10:50 - 2014-06-20 10:49 - 00006517 _____ () C:\Users\Christian\prozessliste.txt
2014-06-20 10:37 - 2010-12-08 00:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo II
2014-06-20 10:37 - 2010-12-07 23:51 - 00000000 ____D () C:\Program Files\Diablo II
2014-06-20 10:36 - 2014-01-09 23:14 - 00000000 ____D () C:\Users\Christian\Documents\UNICONSULT
2014-06-16 12:14 - 2014-06-16 12:14 - 00000000 ____D () C:\Users\Christian\AppData\Local\Adobe
2014-06-16 12:13 - 2009-09-28 11:07 - 00000395 _____ () C:\Users\Public\Documents\BluetoothLog.html
2014-06-15 23:00 - 2013-03-11 20:35 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-06-15 23:00 - 2013-03-11 20:35 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-06-12 18:21 - 2014-05-07 08:08 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-06-11 23:46 - 2013-08-31 15:56 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-11 23:43 - 2010-09-25 15:36 - 92708840 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-11 14:12 - 2010-11-12 19:38 - 00000000 ____D () C:\Users\Christian\Documents\MATLAB
2014-06-08 10:48 - 2014-06-11 10:57 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-08 10:43 - 2014-06-11 10:57 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

Some content of TEMP:
====================
C:\Users\Christian\AppData\Local\Temp\AMDCleanupUtility.exe
C:\Users\Christian\AppData\Local\Temp\avgnt.exe
C:\Users\Christian\AppData\Local\Temp\BackupSetup.exe
C:\Users\Christian\AppData\Local\Temp\Cleanup.dll
C:\Users\Christian\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmphfa9hs.dll
C:\Users\Christian\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\Christian\AppData\Local\Temp\msvcm80.dll
C:\Users\Christian\AppData\Local\Temp\msvcp80.dll
C:\Users\Christian\AppData\Local\Temp\msvcr80.dll
C:\Users\Christian\AppData\Local\Temp\Quarantine.exe
C:\Users\Christian\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\Christian\AppData\Local\Temp\SHSetup.exe
C:\Users\Christian\AppData\Local\Temp\SpotifyUninstall.exe
C:\Users\Christian\AppData\Local\Temp\tmp5DD9.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-28 22:12

==================== End Of Log ============================
         
--- --- ---




Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version:05-07-2014 01
Ran by Christian at 2014-07-08 08:33:36
Running from C:\Users\Christian\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

2007 Microsoft Office Suite Service Pack 1 (SP1) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}) (Version:  - Microsoft)
2007 Microsoft Office Suite Service Pack 1 (SP1) (Version:  - Microsoft) Hidden
7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )
Access Help (HKLM\...\{C6FA39A7-26B1-480A-BC74-6D17531AC222}) (Version: 2.00 - )
Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.125 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Advanced Fix 2013 version 2.1.3.80 (HKLM\...\{0094D07C-1FFB-4450-8D10-AD7E05A318DF}_is1) (Version: 2.1.3.80 - Advanced Fix, Inc.)
AMD Accelerated Video Transcoding (Version: 12.5.100.20704 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.937.2 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{EAB74CB6-760C-2136-FC77-9549721FB84A}) (Version: 8.0.877.0 - Advanced Micro Devices, Inc.)
AMD Media Foundation Decoders (Version: 1.0.70704.0230 - Advanced Micro Devices, Inc.) Hidden
Asheron's Call 2 (HKLM\...\{EDBFD0BC-3717-4E63-84F0-B7D35AA2C2ED}) (Version: 1.0.0 - Turbine, Inc.)
Avira (HKLM\...\{89ef9b48-b56b-48d8-b5c1-4eb9a5ca50cb}) (Version: 1.1.16.30000 - Avira Operations GmbH & Co. KG)
Avira (Version: 1.1.16.30000 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.5.450 - Avira)
BurnAware Free 3.1.1 (HKLM\...\BurnAware Free_is1) (Version:  - Burnaware Technologies)
Business Contact Manager für Outlook 2007 SP1 (HKLM\...\Business Contact Manager) (Version: 3.0.7311.0 - Microsoft Corporation)
Business Contact Manager für Outlook 2007 SP1 (Version: 3.0.7311.0 - Microsoft Corporation) Hidden
Camera Center (HKLM\...\{668ACF05-E455-4932-A2D2-5822A8206FEB}) (Version: 1.0.30 - Lenovo)
Canon iP4900 series Printer Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4900_series) (Version:  - )
Canon MP Navigator EX 2.0 (HKLM\...\MP Navigator EX 2.0) (Version:  - )
Canon MP630 series Benutzerregistrierung (HKLM\...\Canon MP630 series Benutzerregistrierung) (Version:  - )
Canon MP630 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP630_series) (Version:  - )
Canon Utilities Easy-PhotoPrint EX (HKLM\...\Easy-PhotoPrint EX) (Version:  - )
Canon Utilities My Printer (HKLM\...\CanonMyPrinter) (Version:  - )
Catalyst Control Center - Branding (Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (Version: 2008.0623.2346.40662 - ATI Technologies, Inc.) Hidden
Catalyst Control Center InstallProxy (Version: 2012.0704.122.388 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CD-LabelPrint (HKLM\...\MediaNavigation.CDLabelPrint) (Version:  - )
Cisco AnyConnect Secure Mobility Client  (HKLM\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.04072 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (Version: 3.1.04072 - Cisco Systems, Inc.) Hidden
Client Security - Password Manager (HKLM\...\{44E9D4C2-946C-4378-9354-558803C47A68}) (Version: 8.21.0006.00 - Lenovo Group Limited)
Dropbox (HKCU\...\Dropbox) (Version: 2.8.2 - Dropbox, Inc.)
Free YouTube to MP3 Converter version 3.12.34.430 (HKLM\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.34.430 - DVDVideoSoft Ltd.)
FTDI FTD2XX USB Drivers (HKLM\...\FTD2XX) (Version:  - )
GIMP 2.8.0 (HKLM\...\GIMP-2_is1) (Version: 2.8.0 - The GIMP Team)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Inkjet Printer/Scanner Extended Survey Program (HKLM\...\CANONIJPLM100) (Version:  - )
Integrated Camera (HKLM\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 5.8.49003.0 - Sonix)
Intel PROSet Wireless (Version:  - ) Hidden
Intel(R) Management Engine Interface (HKLM\...\HECI) (Version:  - Intel Corporation)
Intel(R) PROSet/Wireless WiFi-Software (HKLM\...\{09A84D86-C709-4825-9548-ACF4838D478D}) (Version: 12.03.2000 - Intel(R) Corporation)
InterActual Player (HKLM\...\InterActual Player) (Version:  - )
InterVideo Register Manager (Version: 1.0.4.0 - InterVideo Inc.) Hidden
InterVideo WinDVD (HKLM\...\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}) (Version: 5.0-B11.1294 - InterVideo Inc.)
IrfanView (remove only) (HKLM\...\IrfanView) (Version:  - )
Java 7 Update 55 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java SE Development Kit 7 Update 55 (HKLM\...\{32A3A4F4-B792-11D6-A78A-00B0D0170550}) (Version: 1.7.0.550 - Oracle)
Java SE Development Kit 8 Update 5 (HKLM\...\{32A3A4F4-B792-11D6-A78A-00B0D0180050}) (Version: 8.0.50 - Oracle Corporation)
Lenovo Fingerprint Software (HKLM\...\{3D8994A3-02A8-45B5-B955-53E608BC69ED}) (Version: 3.2.0.275 - AuthenTec, Inc.)
Lenovo Registration (HKLM\...\Lenovo Registration) (Version:  - Lenovo - Leader Technologies)
Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.01 - )
Lenovo ThinkVantage Toolbox (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5387.14 - PC-Doctor, Inc.)
Lenovo Welcome (HKLM\...\Lenovo Welcome_is1) (Version: 1.0.109.0 - Lenovo)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Matlab OPeNDAP loaddap 3.6.2 (HKLM\...\Matlab OPeNDAP loaddap_is1) (Version:  - OPeNDAP)
MATLAB R2008b (HKLM\...\MatlabR2008b) (Version: 7.7 - The MathWorks, Inc.)
Message Center Plus (HKLM\...\{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}) (Version: 2.0.0012.00 - Lenovo Group Limited)
Microsoft .NET Framework 1.1 (HKLM\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office 2003 Web Components (HKLM\...\{90A40407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8003.0 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Access MUI (German) 2007 (Version: 12.0.6215.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6215.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (Version: 12.0.6215.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6215.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2007 (Version: 12.0.6215.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (Version: 12.0.6215.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6215.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.6215.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6215.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6213.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6213.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (Version: 12.0.6213.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6213.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2007 (Version: 12.0.6215.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6215.1000 - Microsoft Corporation) Hidden
Microsoft Office Small Business Connectivity Components (HKLM\...\{A939D341-5A04-4E0A-BB55-3E65B386432D}) (Version: 2.0.7024.0 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Office Word MUI (German) 2007 (Version: 12.0.6215.1000 - Microsoft Corporation) Hidden
Microsoft Office XP Professional mit FrontPage (HKLM\...\{90280407-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2701.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) (Version: 9.2.3042.00 - Microsoft Corporation) Hidden
Microsoft SQL Server Native Client (HKLM\...\{1D1D8ADC-BF08-4E61-9393-5FA305B16864}) (Version: 9.00.3042.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{5C759B74-34F4-43C6-A5D9-039CB754C5E9}) (Version: 9.00.3042.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mobile Broadband Connect (HKLM\...\{97BBF90F-A852-4AA0-872B-42D13AA22D94}) (Version: 3.4.0061 - Lenovo)
Mozilla Firefox 30.0 (x86 de) (HKLM\...\Mozilla Firefox 30.0 (x86 de)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyProxyLogon-ESG (HKCU\...\MyProxyLogon-ESG) (Version:  - NCSA (Modified by ANL for ESG))
National Instruments Software (HKLM\...\NI Uninstaller) (Version:  - )
NI Assistant Framework (Version: 2.0.03025 - National Instruments) Hidden
NI Assistant Framework LabVIEW Code Generator 61 (Version: 2.0.03025 - National Instruments) Hidden
NI Assistant Framework LabVIEW Code Generator 70 (Version: 2.0.03025 - National Instruments) Hidden
NI Assistant Framework LabVIEW Code Generator 71 (Version: 2.0.03025 - National Instruments) Hidden
NI Calibration Provider for MAX (Version: 1.1.03021 - National Instruments) Hidden
NI Common Digital 1.2.0 (Version: 1.20.49152 - <no manufacturer>) Hidden
NI DAQ Assistant 1.2.0 (Version: 1.20.49153 - National Instruments) Hidden
NI DDSP (Version: 7.0.0 - National Instruments) Hidden
NI Distribution Information - FDS English (Version: 7.1.147 - National Instruments) Hidden
NI DPPH (Version: 7.0.0 - National Instruments) Hidden
NI Example Finder 2.0 (Version: 7.1.148 - National Instruments) Hidden
NI GPIB Provider for MAX (Version: 2.1.1.1 - National Instruments) Hidden
NI Instrument IO Assistant for LabVIEW 7.1 (Version: 1.0.23004 - National Instruments) Hidden
NI Instrument-IO-Assistent (Version: 1.0.23004 - National Instruments) Hidden
NI LabVIEW 7.1 (Version: 7.1.160 - National Instruments) Hidden
NI LabVIEW 7.1 Core Essentials (Version: 7.1.156 - National Instruments) Hidden
NI LabVIEW Advanced Analysis 7.1 (Version: 7.1.156 - National Instruments) Hidden
NI LabVIEW Full 7.1 (Version: 7.1.153 - National Instruments) Hidden
NI LabVIEW Picture Control and CIN Tools 7.1 (Version: 7.1.147 - National Instruments) Hidden
NI LabVIEW Run-Time Engine 7.0 (Version: 7.0.1 - National Instruments) Hidden
NI LabVIEW Run-Time Engine 7.1 (Version: 7.1.157 - National Instruments) Hidden
NI LabVIEW Service Locator 1.0 (Version: 1.0.0 - National Instruments) Hidden
NI LabWindows/CVI 7.0 Code Generator (Version: 7.1.00194 - National Instruments) Hidden
NI LVBroker (Version: 6.1.03001 - National Instruments) Hidden
NI LVBrokerAux1071 (Version: 1.0.115 - National Instruments) Hidden
NI LVBrokerAux70 (Version: 1.0.03014 - National Instruments) Hidden
NI LVBrokerAux71 (Version: 1.0.112 - National Instruments) Hidden
NI Measurement & Automation Explorer 3.1 (Version: 3.1.03021 - National Instruments) Hidden
NI Measurement Studio Recipe Processor (Version: 7.0.10239 - National Instruments) Hidden
NI Measurements eXtensions for PAL 1.2.0 (Version: 1.20.49152 - National Instruments) Hidden
NI MIO Device Drivers 1.2.0 (Version: 1.20.49157 - National Instruments) Hidden
NI PXI Provider 1.3.0f1 for MAX (Version: 1.48.769 - National Instruments) Hidden
NI PXI Resource Manager 1.2.0 (Version: 1.20.49152 - National Instruments) Hidden
NI Remote Provider for MAX (Version: 3.1.03021 - National Instruments) Hidden
NI Remote PXI Provider for MAX (Version: 1.1.03021 - National Instruments) Hidden
NI SCXI 1.2.0 (Version: 1.20.49152 - National Instruments) Hidden
NI Software Provider for MAX (Version: 3.1.03021 - National Instruments) Hidden
NI Spy 2.1.0f0 (Version: 2.16.768 - National Instruments) Hidden
NI STC 1.2.0 (Version: 1.20.49152 - National Instruments) Hidden
NI Timing 1.2.0 (Version: 1.20.49155 - <no manufacturer>) Hidden
NI Uninstaller (Version: 1.20.9 - National Instruments) Hidden
NI-488.2 1.74 (Version: 1.74.0.0 - National Insturments) Hidden
NI-DAQ 7.0 Document Set 1.0.1 (Version: 1.03.49154 - National Instruments) Hidden
NI-DAQ 7.2, Traditional (Version: 7.20.3001 - National Instruments) Hidden
NI-DAQ C API 7.2 (Version: 1.20.49152 - National Instruments) Hidden
NI-DAQ INF Files 7.2.0 (Version: 17.20.3000 - National Instruments) Hidden
NI-DAQ Provider for MAX (Version: 7.20.3001 - National Instruments) Hidden
NI-DAQmx 7.2 (Version: 1.20.49154 - National Instruments) Hidden
NI-DAQmx Documentation 1.1.1 (Version: 1.11.49156 - National Instruments) Hidden
NI-DAQmx DSA Support 1.2.0 (Version: 1.20.49153 - National Instruments) Hidden
NI-DAQmx Expert Framework 1.2.0 (Version: 1.20.49153 - National Instruments) Hidden
NI-DAQmx MAX Support 1.2.0 (Version: 1.20.49155 - National Instruments) Hidden
NI-DAQmx support for LabVIEW (Version: 1.20.49154 - National Instruments) Hidden
NI-DAQmx Switch Core 1.2.0 (Version: 1.20.49153 - National Instruments) Hidden
NI-DIM 1.1.0f0 (Version: 1.10.49152 - National Instruments) Hidden
NI-MDBG 1.1.0f0 (Version: 1.10.49152 - National Instruments) Hidden
NI-MRU 2.2.0f0 (Version: 2.20.49152 - National Instruments) Hidden
NI-MXDF 1.2.0f0 (Version: 1.20.49152 - National Instruments) Hidden
NI-ORB 1.1.0f1 (Version: 1.10.49153 - National Instruments) Hidden
NI-PAL 1.8.0f0 (Version: 9.90.3000 - National Instruments) Hidden
NI-RPC 3.1.1f0 (Version: 3.11.49152 - National Instruments) Hidden
NI-RPC 3.1.1f0 for PharLap (Version: 3.11.49152 - National Instruments) Hidden
NI-VISA 3.1 (Version: 3.16.774 - National Instruments) Hidden
NI-VISA Provider 3.1 for MAX (Version: 3.16.775 - National Instruments) Hidden
NI-VISA Runtime 3.1 (Version: 3.16.774 - National Instruments) Hidden
NI-VISA Server 3.1 (Version: 3.16.774 - National Instruments) Hidden
NI-VXI Support for LabVIEW 1.2.1f0 (Version: 1.33.768 - National Instruments) Hidden
OpenSSH for Windows (remove only) (HKLM\...\OpenSSH) (Version:  - Michael Johnson)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.0.2 - Frank Heindörfer, Philip Chinery)
Product Recovery Disc Burning Utility (HKLM\...\{FA62B4C2-6CFD-462F-9B59-68A730001AB3}) (Version: 1.20.0039.00 - Lenovo Group Limited)
R for Windows 3.0.0 (HKLM\...\R for Windows 3.0.0_is1) (Version: 3.0.0 - R Core Team)
ReaConverter 6.5 Standard (HKLM\...\ReaConverter 6.5 Standard_is1) (Version:  - ReaSoft)
Registry patch of Changing Timing of IDLE IRP by Finger Print Driver for Windows Vista  (HKLM\...\FPIRPOn) (Version: 1.01 - )
Registry Patch of Enabling Device Initiated Power Management(DIPM) on SATA for Windows Vista (HKLM\...\Dipmon) (Version: 1.01 - )
Registry patch to improve USB device detection on resume from sleep for Windows Vista (HKLM\...\{4AB5764A-3894-49A2-BAA8-C4665F74CD4C}) (Version: 1.01.0000 - Lenovo Group Limited)
Rescue and Recovery (HKLM\...\{7E4C16B8-8F76-4940-8505-98E93C00BF19}) (Version: 4.21.0014.00 - Lenovo Group Limited)
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.02 (HKLM\...\{59F6A514-9813-47A3-948C-8A155460CC2A}) (Version: 3.54.02 - )
RICOH R5U230 Media Driver ver.2.02.02.01 (HKLM\...\{022CBB38-CEF0-42BA-906A-A49BEFAE0BEE}) (Version: 2.02.02.01 - RICOH)
Roxio Activation Module (Version: 1.0 - Roxio) Hidden
Roxio Central Audio (Version: 3.7.0 - Roxio) Hidden
Roxio Central Copy (Version: 3.7.0 - Roxio) Hidden
Roxio Central Core (Version: 3.7.0 - Roxio) Hidden
Roxio Central Data (Version: 3.7.0 - Roxio) Hidden
Roxio Central Tools (Version: 3.7.0 - Roxio) Hidden
Roxio Creator Business Edition (HKLM\...\{537BF16E-7412-448C-95D8-846E85A1D817}) (Version: 10.1 - Roxio)
Roxio Creator Business Edition (Version: 10.1.177 - Roxio) Hidden
Roxio Express Labeler 3 (Version: 3.2.1 - Roxio) Hidden
Samsung PC Studio (Version: 3.0.0.60203 - Samsung Electronics Co., Ltd.) Hidden
Skype™ 4.1 (HKLM\...\{D103C4BA-F905-437A-8049-DB24763BBE36}) (Version: 4.1.179 - Skype Technologies S.A.)
Sonic CinePlayer Decoder Pack (Version: 4.3.0 - Sonic Solutions) Hidden
Sonic Icons for Lenovo (HKLM\...\{B334D9AE-1393-423E-97C0-3BDC3360E692}) (Version: 2.0.0 - Lenovo)
Sony Mobile Update Engine (HKLM\...\Update Engine) (Version: 2.14.8.201405281228 - Sony Mobile Communications AB)
Sony PC Companion 2.10.211 (HKLM\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.211 - Sony)
System Update (HKLM\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 4.00.0009 - Lenovo)
ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{D239B547-8B20-4BDE-888D-C9CCA823FFD8}) (Version: 6.2.0.7900 - Lenovo)
ThinkPad Energie-Manager (HKLM\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 2.50 - )
ThinkPad FullScreen Magnifier (HKLM\...\ThinkPad FullScreen Magnifier) (Version: 2.06 - )
ThinkPad Mobility Center Customization (HKLM\...\{90FABD40-E741-446F-839D-CEAE905D63BE}) (Version: 1.50.0000 - Lenovo)
ThinkPad Modem Adapter (HKLM\...\CNXT_MODEM_HDA_HSF) (Version: 7.73.00 - Conexant Systems)
ThinkPad Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.53 - )
ThinkPad UltraNav Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.2.1616.102 - )
ThinkPad-Dienstprogramm 'EasyEject' (HKLM\...\{1297C681-92D7-40EF-93BF-03F66EC5105C}) (Version: 2.38 - )
ThinkVantage Access Connections (HKLM\...\{4BD295B9-0190-4C54-B08E-33A6ECA922DF}) (Version: 5.32 - Lenovo)
ThinkVantage Productivity Center (HKLM\...\{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}) (Version: 3.10 - Lenovo)
ThinkVantage Status Gadget (HKLM\...\{D22E6706-136E-4810-AF2E-359AE30A7323}) (Version: 1.1.0029 - Lenovo)
ThinkVantage System für aktiven Festplattenschutz (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.63 - Lenovo)
TPFanControl v0.62 (HKLM\...\{717F5741-5C2E-4469-BDA0-B5EC2243646F}_is1) (Version:  - troubadix)
Traditional NI-DAQ Documentation 1.0.3 (Version: 1.03.49154 - National Instruments) Hidden
TuneUp Utilities 2014 (de-DE) (Version: 14.0.1000.275 - TuneUp Software) Hidden
Uninstall 1.0.0.1 (HKLM\...\Uninstall_is1) (Version:  - )
Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) (HKLM\...\{07629207-FAA0-4F1A-8092-BF5085BE511F}) (Version: 9.00.3042.00 - Microsoft Corporation)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
VLC classic (HKLM\...\VLC classic) (Version: 1.14 - vlcplayerdownload.com)
Wallpapers (Version:  - ) Hidden
Windows Driver Package - Broadcom (b57nd60x) Net  (11/29/2007 10.62.1.2) (HKLM\...\E4ACAC6700911AAA3BC0CD6C581A68BFC6AB001E) (Version: 11/29/2007 10.62.1.2 - Broadcom)
Windows Driver Package - Intel (iaStor) hdc  (02/11/2009 8.8.0.1009) (HKLM\...\EC1E678D1EFB79A1D02C312390944027C715CD5C) (Version: 02/11/2009 8.8.0.1009 - Intel)
Windows Driver Package - Intel hdc  (02/20/2008 6.9.1.1001) (HKLM\...\0A7603E3091C168CDE422A2B3481A2F7D17D0954) (Version: 02/20/2008 6.9.1.1001 - Intel)
Windows Driver Package - Intel System  (01/30/2008 8.6.1.1001) (HKLM\...\5A4D4FF375E24E41AE5D2D907E67E0884BE2CAF4) (Version: 01/30/2008 8.6.1.1001 - Intel)
Windows Driver Package - Intel System  (02/20/2008 8.6.1.1002) (HKLM\...\432D918ED17EA51B73E8491A0369730C0076A292) (Version: 02/20/2008 8.6.1.1002 - Intel)
Windows Driver Package - Intel System  (02/20/2008 8.7.0.1007) (HKLM\...\513C7D1BF4530B30EC84716327E4D7E76810DCC5) (Version: 02/20/2008 8.7.0.1007 - Intel)
Windows Driver Package - Intel System  (09/15/2006 7.0.0.1011) (HKLM\...\E6CEFD9A59425A2A27E92572AB367B28C371D3D8) (Version: 09/15/2006 7.0.0.1011 - Intel)
Windows Driver Package - Intel USB  (02/05/2007 8.3.0.1011) (HKLM\...\464CE3922A214073AAEE00DEB23EA5C750AF8CE8) (Version: 02/05/2007 8.3.0.1011 - Intel)
Windows Driver Package - Lenovo 1.53 (03/19/2009 1.53) (HKLM\...\3EB6CB625B5778835F0A66A7529E69050E0EE033) (Version: 03/19/2009 1.53 - Lenovo)
Windows Driver Package - Ricoh Company MMC Host Controller (02/15/2008 6.00.03.05) (HKLM\...\1205965EF392C9B0D5A9BDB139035F058E76359E) (Version: 02/15/2008 6.00.03.05 - Ricoh Company)
Windows Driver Package - Ricoh Company MS Host Controller (07/30/2007 6.00.01.11) (HKLM\...\1A96FF9D9E5F19776E6749D8F6557FCC437EB294) (Version: 07/30/2007 6.00.01.11 - Ricoh Company)
Windows Driver Package - Ricoh Company xD Host Controller (07/30/2007 6.00.01.13) (HKLM\...\778DAA8FB0D52FC214BC306BBDC33E26ACAB6F44) (Version: 07/30/2007 6.00.01.13 - Ricoh Company)
Windows Live Toolbar (HKLM\...\Windows Live Toolbar) (Version: 03.01.0130 - Microsoft Corporation)
Windows Live Toolbar (Version: 03.01.0130 - Microsoft Corporation) Hidden
Windows-Treiberpaket - AuthenTec Inc. (ATSwpWDF) Biometric  (10/02/2008 8.1.2.37) (HKLM\...\A4680BD43717441189C52EBF2C4FD6B182EE1101) (Version: 10/02/2008 8.1.2.37 - AuthenTec Inc.)

==================== Restore Points  =========================

21-06-2014 11:01:15 Geplanter Prüfpunkt
29-06-2014 17:18:47 Sony PC Companion
29-06-2014 17:21:18 Installed Sony Mobile Drivers
29-06-2014 22:11:42 Sony PC Companion
02-07-2014 16:19:31 Installed SpyHunter
02-07-2014 20:36:39 Removed SpyHunter

==================== Hosts content: ==========================

2006-11-02 12:23 - 2006-09-18 23:41 - 00000761 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {155723BA-60E2-4354-93AF-84EAC8D3C2D8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs
Task: {160AFF4C-B23D-4AE5-865A-549060C80638} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2009-11-02] (Google Inc.)
Task: {30D861DF-3796-43D6-AB20-CE1F1E577680} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2009-11-02] (Google Inc.)
Task: {38C0E233-3F3C-4427-AE59-6EFCAB01511D} - System32\Tasks\{C17911CA-6824-4DBA-B4DE-0AACAD851930} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/abandoninstall?page=tsMain
Task: {3AE80AAA-EC68-4383-AF17-C08D81F5E9CD} - System32\Tasks\{CCF91477-AE37-4BC1-A33C-4D99804C7DFB} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/abandoninstall?page=tsMain
Task: {4BB46668-3F6B-409D-8DB3-94333546E251} - System32\Tasks\Microsoft\Windows\Wired\GatherWiredInfo => C:\Windows\system32\gatherWiredInfo.vbs
Task: {4D72741E-769C-45DB-8604-CB8EBDADAA29} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {53A65D34-C794-4612-9A42-F8BD346E6CE9} - System32\Tasks\{941B0210-0552-47BF-BCE7-21468EAB1B28} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/abandoninstall?page=tsMain
Task: {54E6B0C6-0946-4299-A0B2-E8306B6FA8D1} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\PC-Doctor\pcdr5cuiw32.exe [2009-08-26] (PC-Doctor, Inc.)
Task: {7EDF9242-58DD-48BC-82FB-F319D46DEB07} - System32\Tasks\{45B1EAEF-9D54-4644-BA8C-6BDC214B7084} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/abandoninstall?page=tsMain
Task: {8B4D4358-1BDB-4D8A-96BD-08CBFE915BC5} - System32\Tasks\{64D5CCEE-B290-44B8-BB14-DC5AA48DFC76} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/abandoninstall?page=tsMain
Task: {9B141615-3EFC-4AD3-A994-F774B16FCA89} - System32\Tasks\PMTask => C:\Program Files\ThinkPad\Utilities\PWMIDTSV.EXE [2009-04-15] (Lenovo Group Limited)
Task: {B97458EE-E2B5-4C02-9F8D-0CB57AA8732C} - System32\Tasks\{0DBEF8DD-2B4F-4C49-9611-A302F9639E2C} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/abandoninstall?page=tsMain
Task: {BFEFB0E8-8021-422C-81BA-9DAC5D01E978} - System32\Tasks\{C90058F9-4A3E-446E-9C4C-A589EB01788B} => C:\Users\Christian\Saved Games\AOE\EMPIRES2.EXE [2006-10-11] (Microsoft Corporation)
Task: {C72A6CAE-5B79-4BAC-B4E2-AB1464FB34EB} - System32\Tasks\Auf Updates für Windows Live Toolbar prüfen => C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-02-12] (Microsoft Corporation)
Task: {EC6BFF44-ECBB-46E2-80B4-E81ECD4C8FF8} - System32\Tasks\{D3D0735A-FAD5-4519-884E-E3A95DA460FF} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/abandoninstall?page=tsMain
Task: {F72CCB83-6785-4681-913D-30A19311C463} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-06-15] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Auf Updates für Windows Live Toolbar prüfen.job => C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\PC-Doctor\pcdr5cuiw32.exe

==================== Loaded Modules (whitelisted) =============

2013-10-10 18:48 - 2013-10-10 18:48 - 00063376 _____ () C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2009-02-11 12:27 - 2009-02-11 12:27 - 00200704 _____ () C:\Program Files\Intel\WiFi\bin\IWMSPROV.DLL
2010-11-19 17:13 - 2001-10-28 18:42 - 00116224 _____ () C:\Windows\System32\pdfcmnnt.dll
2011-11-09 12:47 - 2011-09-06 23:46 - 00761279 _____ () C:\Program Files\ReaConverter 6.5 Standard\context.dll
2014-06-30 12:08 - 2014-06-30 12:08 - 00137296 _____ () C:\Program Files\Avira\My Avira\Avira.OE.NativeCore.dll
2014-06-30 12:07 - 2014-06-30 12:07 - 00065616 _____ () C:\Program Files\Avira\My Avira\Avira.OE.AvConnectorNative.dll
2014-07-02 23:07 - 2014-06-30 12:08 - 00049744 _____ () C:\Users\Christian\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
2014-07-03 13:08 - 2014-06-06 06:38 - 03852912 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-06-15 23:00 - 2014-06-15 23:00 - 17024688 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_125.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========

MSCONFIG\Services: ApRunSvc => 2
MSCONFIG\Services: ATService => 2
MSCONFIG\Services: BcmSqlStartupSvc => 2
MSCONFIG\Services: dtsvc => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: IDriverT => 3
MSCONFIG\Services: IJPLMSVC => 2
MSCONFIG\Services: IviRegMgr => 2
MSCONFIG\Services: NILM License manager => 3
MSCONFIG\Services: niSvcLoc => 2
MSCONFIG\Services: OpcEnum => 3
MSCONFIG\Services: RoxMediaDB10 => 3
MSCONFIG\Services: Sony PC Companion => 3
MSCONFIG\Services: stllssvr => 3
MSCONFIG\Services: TabletInputService => 3
MSCONFIG\Services: TapiSrv => 3
MSCONFIG\Services: TVT Backup Protection Service => 2
MSCONFIG\startupreg: ACTray => C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
MSCONFIG\startupreg: ACWlIcon => C:\Program Files\ThinkPad\ConnectUtilities\ACWlIcon.exe
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: BLOG => rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BTVLogEx.DLL,StartBattLog
MSCONFIG\startupreg: CanonMyPrinter => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
MSCONFIG\startupreg: CanonSolutionMenu => C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
MSCONFIG\startupreg: Cisco AnyConnect Secure Mobility Agent for Windows => "C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
MSCONFIG\startupreg: CreateLMBCShortCut => "C:\Program Files\Lenovo\Mobile Broadband Connect\UserShortcutCreator.exe"
MSCONFIG\startupreg: CrossRiderPlugin => C:\Program Files\CrossriderWebApps\Crossrider.exe
MSCONFIG\startupreg: EZEJMNAP => C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
MSCONFIG\startupreg: FingerPrintSoftware => "C:\Program Files\Lenovo Fingerprint Software\fpapp.exe" \s
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: LPMailChecker => C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe
MSCONFIG\startupreg: LPManager => C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
MSCONFIG\startupreg: Message Center Plus => C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe /start
MSCONFIG\startupreg: PWMTRV => rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
MSCONFIG\startupreg: Sony PC Companion => "C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe" /Background
MSCONFIG\startupreg: TVT Scheduler Proxy => C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
MSCONFIG\startupreg: vProt => "C:\Program Files\AVG Secure Search\vprot.exe"

==================== Faulty Device Manager Devices =============

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/08/2014 08:21:58 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/07/2014 08:38:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/07/2014 10:54:59 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/07/2014 09:45:45 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (07/07/2014 09:45:11 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.

Error: (07/07/2014 09:42:05 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (07/07/2014 08:48:18 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/06/2014 08:54:28 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/06/2014 02:54:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/06/2014 02:40:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (07/08/2014 08:26:31 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "RAS-Verbindungsverwaltung" ist vom Dienst "Telefonie" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1058

Error: (07/08/2014 08:26:31 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "RAS-Verbindungsverwaltung" ist vom Dienst "Telefonie" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1058

Error: (07/08/2014 08:26:24 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst TVT Scheduler erreicht.

Error: (07/08/2014 08:26:23 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "TVT Backup Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (07/08/2014 08:26:23 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst TVT Backup Service erreicht.

Error: (07/08/2014 08:26:20 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst ThinkVantage Registry Monitor Service erreicht.

Error: (07/08/2014 08:26:05 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "RAS-Verbindungsverwaltung" ist vom Dienst "Telefonie" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1058

Error: (07/08/2014 08:26:03 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "RAS-Verbindungsverwaltung" ist vom Dienst "Telefonie" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1058

Error: (07/08/2014 08:24:09 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "OpenSSH Server" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (07/08/2014 08:24:09 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Avira Browser-Schutz" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053


Microsoft Office Sessions:
=========================
Error: (06/30/2014 03:04:03 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6214.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 690 seconds with 600 seconds of active time.  This session ended with a crash.

Error: (05/14/2014 03:49:00 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6214.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 6787 seconds with 780 seconds of active time.  This session ended with a crash.

Error: (05/04/2014 09:35:08 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6214.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 39 seconds with 0 seconds of active time.  This session ended with a crash.


==================== Memory info =========================== 

Percentage of memory in use: 71%
Total physical RAM: 2026.03 MB
Available physical RAM: 570.98 MB
Total Pagefile: 4052.06 MB
Available Pagefile: 2146.91 MB
Total Virtual: 2047.88 MB
Available Virtual: 1908.02 MB

==================== Drives ================================

Drive c: (SW_Preload) (Fixed) (Total:239.99 GB) (Free:31.44 GB) NTFS
Drive q: (Lenovo) (Fixed) (Total:9.77 GB) (Free:2.97 GB) NTFS
Drive s: (SERVICEV003) (Fixed) (Total:1.46 GB) (Free:0.68 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298 GB) (Disk ID: D0EDC3EB)
Partition 1: (Active) - (Size=1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=240 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=10 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=47 GB) - (Type=05)

==================== End Of Log ============================
         
__________________

Alt 08.07.2014, 19:11   #4
schrauber
/// the machine
/// TB-Ausbilder
 

PUP Crossrider von Malwarebytes entdeckt - Standard

PUP Crossrider von Malwarebytes entdeckt



Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 09.07.2014, 09:44   #5
eddie_88
 
PUP Crossrider von Malwarebytes entdeckt - Standard

PUP Crossrider von Malwarebytes entdeckt



AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v3.215 - Bericht erstellt am 09/07/2014 um 09:51:21
# Aktualisiert 09/07/2014 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits)
# Benutzername : Christian - CHRISTIAN-PC
# Gestartet von : C:\Users\Christian\Downloads\adwcleaner_3.215.exe
# Option : Löschen

***** [ Dienste ] *****

[#] Dienst Gelöscht : vToolbarUpdater17.0.12

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue
Ordner Gelöscht : C:\Program Files\003
Ordner Gelöscht : C:\Program Files\globalUpdate
Ordner Gelöscht : C:\Users\Christian\AppData\Local\globalUpdate
Ordner Gelöscht : C:\Users\CHRIST~1\AppData\Local\Temp\Uniblue
Ordner Gelöscht : C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnpmlnedpdikbgdghljdepnljfpkhccn
Ordner Gelöscht : C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp
Datei Gelöscht : C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_dnpmlnedpdikbgdghljdepnljfpkhccn_0

***** [ Verknüpfungen ] *****

Verknüpfung Desinfiziert : C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Verknüpfung Desinfiziert : C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
Verknüpfung Desinfiziert : C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Verknüpfung Desinfiziert : C:\Users\Christian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1EC9510D-A439-4950-9399-B6399EDF9EA7}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\ICQ\ICQToolBar
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\driverscanner
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\speedupmypc
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\LatestDLMgr_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\LatestDLMgr_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\speedupmypc_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\speedupmypc_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{0B79C149-3B19-40DE-92BF-1A3AD9C1DA9D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{229C56BB-A36A-4323-8C82-B136DF45697D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{33E2B3CB-322E-4CBE-89F2-C06F5A35DB46}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{51080E66-F357-4F2A-9BFC-2456695883B5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{537AD3CF-DE2B-4A1C-8279-C946B7E490D4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5BF7365D-25FF-40F3-8DEE-06ABEDF177CC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A10A1344-B533-4C9E-BE4E-4C5BC4953047}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{BA94BCE1-7E60-422D-9E7D-B853BC03FE78}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{BDCE611F-FDAA-4B10-A8E8-220A7897A69F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D0F1E414-1FAE-466C-B122-DE735B7BFF9D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E458510C-1DD5-4A05-8C4C-53BEF69C05E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4F7D1B07-6203-41F0-947B-A29CC9ECD9B0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Schlüssel Gelöscht : HKLM\Software\SupDp
Schlüssel Gelöscht : HKLM\Software\SupTab
Schlüssel Gelöscht : HKLM\Software\Uniblue
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17126


-\\ Mozilla Firefox v30.0 (de)

[ Datei : C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\uh5auo9h.default\prefs.js ]

Zeile gelöscht : user_pref("extensions.helperbar.DockingPositionDown", false);
Zeile gelöscht : user_pref("extensions.helperbar.SmartbarDisabled", false);
Zeile gelöscht : user_pref("extensions.helperbar.SmartbarStateMinimaized", false);
Zeile gelöscht : user_pref("extensions.helperbar.Visibility", false);
Zeile gelöscht : user_pref("extensions.helperbar.backPageCapacity", 3);
Zeile gelöscht : user_pref("extensions.helperbar.backPageCounter", 0);
Zeile gelöscht : user_pref("extensions.helperbar.backPageDay", 14);
Zeile gelöscht : user_pref("extensions.helperbar.backPageLastEvent", "1399902663284");
Zeile gelöscht : user_pref("extensions.helperbar.backPageMinInterval", 15);
Zeile gelöscht : user_pref("extensions.helperbar.barcodeid", "127028");
Zeile gelöscht : user_pref("extensions.helperbar.countryiso", "de");
Zeile gelöscht : user_pref("extensions.helperbar.downloadprovider", "snapdoocybch");
Zeile gelöscht : user_pref("extensions.helperbar.externalJsFiles", "{\"d\":\"[{\\\"ExcludeDomains\\\":[\\\"snap.do\\\",\\\"snapdo.com\\\",\\\"www.only-apartments.es\\\",\\\"www.only-apartments.de\\\",\\\"www.only-apar[...]
Zeile gelöscht : user_pref("extensions.helperbar.fromautoupdate", "false");
Zeile gelöscht : user_pref("extensions.helperbar.installationid", "f5e5cb44-2ed3-c958-bd28-d286b44f196b");
Zeile gelöscht : user_pref("extensions.helperbar.installdate", "14/05/2014");
Zeile gelöscht : user_pref("extensions.helperbar.keepAliveLastevent", "1400075463");
Zeile gelöscht : user_pref("extensions.helperbar.lastExternalJsUpdate", "1400076011479");
Zeile gelöscht : user_pref("extensions.helperbar.publisher", "snapdoocyb");

-\\ Google Chrome v

[ Datei : C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gelöscht [Extension] : dhdepfaagokllfmhfbcfmocaeigmoebo
Gelöscht [Extension] : dnpmlnedpdikbgdghljdepnljfpkhccn
Gelöscht [Extension] : fbmimoidopbghbcmdmpkjaffffmcbmbg
Gelöscht [Extension] : hphibigbodkkohoglgfkddblldpfohjl
Gelöscht [Extension] : jpnbdefcbnoefmmcpelplabbkfmfhlho
Gelöscht [Extension] : kdcnnmifdmlmjffdgeieikcokcogpbej
Gelöscht [Extension] : kincjchfokkeneeofpeefomkikfkiedl
Gelöscht [Extension] : kkkeikdkpjenmoiicggnnodbkebafgpc
Gelöscht [Extension] : nikpibnbobmbdbheedjfogjlikpgpnhp
Gelöscht [Extension] : pgmfkblbflahhponhjmkcnpjinenhlnc

*************************

AdwCleaner[R0].txt - [21750 octets] - [13/10/2013 19:20:16]
AdwCleaner[S0].txt - [21024 octets] - [13/10/2013 19:28:02]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [21085 octets] ##########
         
--- --- ---

[/CODE]

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Windows 7 Professional x86
Ran by Christian on 09.07.2014 at 10:06:14,17
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\apn"
Successfully deleted: [Folder] "C:\Users\Christian\AppData\Roaming\getrighttogo"



~~~ FireFox

Successfully deleted: [File] C:\user.js
Emptied folder: C:\Users\Christian\AppData\Roaming\mozilla\firefox\profiles\uh5auo9h.default\minidumps [125 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 09.07.2014 at 10:11:11,52
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:05-07-2014 01
Ran by Christian (administrator) on CHRISTIAN-PC on 09-07-2014 10:42:22
Running from C:\Users\Christian\Downloads
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(Lenovo) C:\Windows\System32\ibmpmsvc.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Lenovo) C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Lenovo) C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Lenovo) C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Lenovo) C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(National Instruments Corporation) C:\Windows\System32\nipalsm.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(National Instruments Corporation) C:\Windows\System32\nipalsm.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Lenovo) C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\System Update\SUService.exe
(Lenovo.) C:\Windows\System32\TPHDEXLG.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [cssauth] => C:\Program Files\Lenovo\Client Security Solution\cssauth.exe [3093816 2009-03-04] (Lenovo Group Limited)
HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [181536 2009-02-02] (Lenovo.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [750160 2014-06-26] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [AMD AVT] => C:\Program Files\AMD AVT\bin\kdbsync.exe [20992 2012-03-19] ()
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [187984 2014-06-30] (Avira Operations GmbH & Co. KG)
HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [280576 2013-05-01] (Microsoft Corporation)
HKU\S-1-5-21-3407049698-559278020-2232788308-1003\...\MountPoints2: {7c1322fb-ffae-11e3-a33b-00247e6ea802} - D:\Startme.exe
Lsa: [Notification Packages] scecli ACGina
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com/search?q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
BHO: IePasswordManagerHelper Class - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
Toolbar: HKCU - Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\uh5auo9h.default
FF NewTab: chrome://quick_start/content/index.html
FF DefaultSearchEngine: www.google.de
FF SearchEngineOrder.1: www.google.de
FF SearchEngineOrder.2: www.google.de
FF SelectedSearchEngine: www.google.de
FF Homepage: hxxp://www.tagesschau.de/
FF Keyword.URL: www.google.de
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_125.dll ()
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll No File
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Avira Browser Safety - C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\uh5auo9h.default\Extensions\abs@avira.com [2014-07-02]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-09-29]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff
FF Extension: Download videos and MP3s from YouTube - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff [2012-12-28]

Chrome: 
=======
CHR HomePage: hxxp://www.tagesschau.de/
CHR RestoreOnStartup: "hxxp://www.google.com"
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Christian\AppData\Local\Google\Chrome\Application\30.0.1599.69\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Christian\AppData\Local\Google\Chrome\Application\30.0.1599.69\pdf.dll No File
CHR Plugin: (Shockwave Flash) - C:\Users\Christian\AppData\Local\Google\Chrome\Application\30.0.1599.69\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.140.8) - C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U14) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll No File
CHR Plugin: (DivX Plus Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Musicnotes) - C:\Program Files\Musicnotes\npmusicn.dll No File
CHR Plugin: (ScorchPlugin) - C:\Program Files\Musicnotes\npsibelius.dll No File
CHR Plugin: (MetaStream 3 Plugin) - C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (YouTube) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-01-14]
CHR Extension: (Google-Suche) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-01-14]
CHR Extension: (AdBlock) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-09-15]
CHR Extension: (No Name) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp [2013-01-06]
CHR Extension: (Chrome In-App Payments service) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-14]
CHR Extension: (Google Mail) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-01-14]

========================== Services (Whitelisted) =================

S3 ADMonitor; C:\Windows\system32\ADMonitor.exe [106496 2008-10-26] () [File not signed]
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [430160 2014-06-26] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [430160 2014-06-26] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe [1039952 2014-05-27] (Avira Operations GmbH & Co. KG)
S4 ApRunSvc; C:\Program Files\Apoint2K\ApRunSvc.exe [36864 2007-07-23] ()
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [138832 2014-06-30] (Avira Operations GmbH & Co. KG)
S4 dtsvc; C:\Windows\system32\DTS.exe [98304 2008-10-26] () [File not signed]
R2 EvtEng; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [864256 2009-02-11] (Intel(R) Corporation) [File not signed]
S4 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S4 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [103808 2008-01-22] ()
R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [270336 2001-02-23] (Microsoft Corporation) [File not signed]
S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [45272 2005-10-14] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [204800 2009-02-11] () [File not signed]
R2 nidevldu; C:\Windows\System32\nipalsm.exe [5730 2003-11-14] (National Instruments Corporation) [File not signed]
S4 NILM License manager; C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe [609280 2004-02-25] (Macrovision Corporation) [File not signed]
R2 nipxirmu; C:\Windows\System32\nipalsm.exe [5730 2003-11-14] (National Instruments Corporation) [File not signed]
S4 niSvcLoc; C:\Windows\system32\niSvcLoc.exe [49152 2003-04-30] (National Instruments) [File not signed]
S4 OpcEnum; C:\Windows\system32\OpcEnum.exe [60416 1998-10-02] () [File not signed]
S2 OpenSSHd; C:\Program Files\OpenSSH\bin\cygrunsrv.exe [36864 2004-04-18] () [File not signed]
R2 RegSrvc; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [466944 2009-02-11] (Intel(R) Corporation) [File not signed]
S4 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software)
R2 SUService; C:\Program Files\Lenovo\System Update\SUService.exe [15872 2009-09-24] (Lenovo Group Limited) [File not signed]
R2 TSSCoreService; C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe [779576 2009-03-04] (Lenovo)
S4 TVT Backup Protection Service; C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe [520192 2008-05-24] () [File not signed]
S2 TVT Backup Service; C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe [950272 2008-05-24] (Lenovo Group Limited) [File not signed]
S2 TVT Scheduler; c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe [1155072 2008-05-24] (Lenovo Group Limited) [File not signed]
S4 TVT_UpdateMonitor; C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe [360448 2008-10-09] (Lenovo Group Limited) [File not signed]
R2 vpnagent; C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [558480 2013-10-10] (Cisco Systems, Inc.)

==================== Drivers (Whitelisted) ====================

S3 acsock; C:\Windows\System32\DRIVERS\acsock.sys [92528 2013-10-10] (Cisco Systems, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [97648 2014-06-26] (Avira Operations GmbH & Co. KG)
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [37664 2013-10-13] (AVG Technologies)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-05-27] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-09-30] (Avira Operations GmbH & Co. KG)
R2 cvintdrv; C:\Windows\system32\Drivers\cvintdrv.sys [7140 2003-07-29] () [File not signed]
S3 FTD2XX; C:\Windows\System32\Drivers\FTD2XX.sys [19458 2001-10-02] (FTDI Ltd.) [File not signed]
S3 gpibclsb; C:\Windows\System32\Drivers\gpibclsb.sys [56904 2002-07-17] () [File not signed]
S3 gpibclsd; C:\Windows\System32\Drivers\gpibclsd.sys [34664 2002-07-17] () [File not signed]
R2 lvalarmk; C:\Windows\System32\drivers\lvalarmk.dll [10829 2004-04-01] (National Instruments) [File not signed]
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-07-09] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation)
R2 niarbk; C:\Windows\System32\drivers\niarbk.dll [37376 2004-04-08] (National Instruments Corporation) [File not signed]
R2 nibffrk; C:\Windows\System32\drivers\nibffrk.dll [21504 2004-04-08] (National Instruments Corporation) [File not signed]
R3 nicdrk; C:\Windows\System32\drivers\nicdrk.dll [128112 2004-03-30] (National Instruments Corporation) [File not signed]
R2 Nidaq32k; C:\Windows\system32\Drivers\Nidaq32k.sys [674304 2004-04-08] (National Instruments Corporation) [File not signed]
R2 nidimk; C:\Windows\System32\drivers\nidimk.dll [108124 2004-03-26] (National Instruments Corporation) [File not signed]
R2 nidmmk; C:\Windows\System32\drivers\nidmmk.dll [50688 2004-04-08] (National Instruments Corporation) [File not signed]
R2 nidmxfk; C:\Windows\System32\drivers\nidmxfk.dll [128117 2004-03-30] (National Instruments Corporation) [File not signed]
S3 nidsark; C:\Windows\System32\drivers\nidsark.dll [636522 2004-03-30] (National Instruments Corporation) [File not signed]
S3 niesrk; C:\Windows\System32\drivers\niesrk.dll [508523 2004-04-05] (National Instruments Corporation) [File not signed]
R2 nilvaik; C:\Windows\System32\drivers\nilvaik.dll [18037 2004-04-01] (National Instruments Corporation) [File not signed]
R3 nimdbgk; C:\Windows\System32\drivers\nimdbgk.dll [133227 2004-03-26] (National Instruments Corporation) [File not signed]
R2 nimdsk; C:\Windows\System32\drivers\nimdsk.dll [30208 2004-04-08] (National Instruments Corporation) [File not signed]
R3 nimru2k; C:\Windows\System32\drivers\nimru2k.dll [130141 2004-03-26] (National Instruments Corporation) [File not signed]
S3 nimsdrk; C:\Windows\System32\drivers\nimsdrk.dll [73346 2004-04-05] (National Instruments Corporation) [File not signed]
S3 nimslk; C:\Windows\System32\drivers\nimslk.dll [14464 2004-04-05] (National Instruments Corporation) [File not signed]
S3 nimsrlk; C:\Windows\System32\drivers\nimsrlk.dll [151683 2004-04-05] (National Instruments Corporation) [File not signed]
R3 nimstsk; C:\Windows\System32\drivers\nimstsk.dll [44149 2004-04-05] (National Instruments Corporation) [File not signed]
R3 nimxdfk; C:\Windows\System32\drivers\nimxdfk.dll [172639 2004-03-26] (National Instruments Corporation) [File not signed]
R2 nimxpk; C:\Windows\System32\drivers\nimxpk.dll [19570 2004-03-29] (National Instruments Corporation) [File not signed]
R3 niorbk; C:\Windows\System32\drivers\niorbk.dll [35420 2004-03-31] (National Instruments Corporation) [File not signed]
R0 NIPALK; C:\Windows\system32\Drivers\NIPALK.sys [373853 2004-03-26] (National Instruments Corporation) [File not signed]
R2 nipxirmk; C:\Windows\System32\drivers\nipxirmk.dll [41071 2004-03-15] (National Instruments Corporation) [File not signed]
R3 niscdk; C:\Windows\System32\drivers\niscdk.dll [385642 2004-03-30] (National Instruments Corporation) [File not signed]
S3 nisdigk; C:\Windows\System32\drivers\nisdigk.dll [203893 2004-04-04] (National Instruments Corporation) [File not signed]
S3 nispdk; C:\Windows\System32\drivers\nispdk.dll [67178 2004-03-30] () [File not signed]
S3 nissrk; C:\Windows\System32\drivers\nissrk.dll [393323 2004-04-05] (National Instruments Corporation) [File not signed]
S3 nistc2k; C:\Windows\System32\drivers\nistc2k.dll [121461 2004-03-30] (National Instruments Corporation) [File not signed]
R2 nistck; C:\Windows\System32\drivers\nistck.dll [111616 2004-04-08] (National Instruments Corporation) [File not signed]
S3 nistcrk; C:\Windows\System32\drivers\nistcrk.dll [81529 2004-04-04] (National Instruments Corporation) [File not signed]
R2 niswdk; C:\Windows\System32\drivers\niswdk.dll [341101 2004-03-31] (National Instruments Corporation) [File not signed]
S3 nitiork; C:\Windows\System32\drivers\nitiork.dll [1193593 2004-04-05] (National Instruments Corporation) [File not signed]
S3 NiViPxiK; C:\Windows\system32\Drivers\NiViPxiK.sys [24064 2004-03-30] (National Instruments) [File not signed]
S3 niwfrk; C:\Windows\System32\drivers\niwfrk.dll [285803 2004-04-05] (National Instruments Corporation) [File not signed]
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1754368 2008-11-25] ()
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-09-30] (Avira GmbH)
R2 tvtfilter; C:\Windows\System32\DRIVERS\tvtfilter.sys [33536 2009-08-04] (Lenovo) [File not signed]
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva-6.sys [43376 2013-10-10] (Cisco Systems, Inc.)
S2 eamonm; system32\DRIVERS\eamonm.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 PCDSRVC{C4B36920-79E24793-06000000}_0; \??\c:\progra~1\pc-doc~1\pcdsrvc.pkms [X]
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-09 10:11 - 2014-07-09 10:11 - 00000967 _____ () C:\Users\Christian\Desktop\JRT.txt
2014-07-09 09:56 - 2014-07-09 09:57 - 01016261 _____ (Thisisu) C:\Users\Christian\Downloads\JRT.exe
2014-07-09 09:50 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-07-09 09:47 - 2014-07-09 09:47 - 01348263 _____ () C:\Users\Christian\Downloads\adwcleaner_3.215.exe
2014-07-08 08:33 - 2014-07-08 08:34 - 00041262 _____ () C:\Users\Christian\Downloads\Addition.txt
2014-07-08 08:31 - 2014-07-09 10:42 - 00023918 _____ () C:\Users\Christian\Downloads\FRST.txt
2014-07-08 08:31 - 2014-07-09 10:42 - 00000000 ____D () C:\FRST
2014-07-08 08:31 - 2014-07-08 08:31 - 01074688 _____ (Farbar) C:\Users\Christian\Downloads\FRST.exe
2014-07-07 22:04 - 2014-07-07 22:04 - 00001381 _____ () C:\Users\Christian\Desktop\pup.txt
2014-07-04 09:15 - 2014-07-04 09:15 - 00067868 _____ () C:\Users\Public\Documents\AccConnAdvanced.dat
2014-07-04 09:15 - 2014-07-04 09:15 - 00061950 _____ () C:\Users\Public\Documents\ACGinaWinlogon.dat
2014-07-03 13:08 - 2014-07-03 13:08 - 00001168 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-07-03 13:08 - 2014-07-03 13:08 - 00001156 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-07-03 13:08 - 2014-07-03 13:08 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-07-02 23:07 - 2014-07-02 23:07 - 00001146 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-07-02 23:07 - 2014-07-02 23:07 - 00000000 ____D () C:\ProgramData\Package Cache
2014-07-02 23:03 - 2014-07-02 23:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-07-02 22:37 - 2014-07-02 22:37 - 00000000 __SHD () C:\Users\Christian\AppData\Local\EmieUserList
2014-07-02 22:37 - 2014-07-02 22:37 - 00000000 __SHD () C:\Users\Christian\AppData\Local\EmieSiteList
2014-07-02 22:08 - 2014-07-09 10:37 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-02 22:06 - 2014-07-02 22:06 - 00001111 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-07-02 22:06 - 2014-07-02 22:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-07-02 22:06 - 2014-07-02 22:06 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-07-02 22:06 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-02 22:06 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-02 18:20 - 2014-07-02 18:20 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-07-02 18:19 - 2014-07-02 22:37 - 00000000 ____D () C:\Windows\AF54923662584AC6A0435B5B89C6EB61.TMP
2014-07-02 18:19 - 2014-07-02 18:19 - 00000000 ____D () C:\Program Files\Common Files\Wise Installation Wizard
2014-06-29 19:32 - 2014-06-29 19:32 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_ggsemc_01009.Wdf
2014-06-29 19:32 - 2014-06-29 19:32 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_ggflt_01009.Wdf
2014-06-29 19:21 - 2014-06-29 19:21 - 01461992 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01009.dll
2014-06-29 19:21 - 2014-06-29 19:21 - 00025200 _____ (Sony Ericsson Mobile Communications) C:\Windows\system32\Drivers\ggsemc.sys
2014-06-29 19:21 - 2014-06-29 19:21 - 00012400 _____ (Sony Ericsson Mobile Communications) C:\Windows\system32\Drivers\ggflt.sys
2014-06-29 19:20 - 2014-06-29 19:20 - 00000000 ____D () C:\ProgramData\Sony Mobile
2014-06-29 19:20 - 2014-06-29 19:20 - 00000000 ____D () C:\Program Files\Sony Mobile
2014-06-29 19:18 - 2014-06-29 19:18 - 00000000 ____D () C:\ProgramData\Sony
2014-06-29 19:18 - 2014-06-29 19:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2014-06-29 19:18 - 2014-06-29 19:18 - 00000000 ____D () C:\Program Files\Sony
2014-06-23 11:04 - 2014-06-23 11:05 - 00000000 ____D () C:\Users\Christian\Desktop\Numerics
2014-06-20 10:49 - 2014-06-20 10:50 - 00006517 _____ () C:\Users\Christian\prozessliste.txt
2014-06-18 10:52 - 2014-07-03 13:08 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-06-16 12:14 - 2014-06-16 12:14 - 00000000 ____D () C:\Users\Christian\AppData\Local\Adobe
2014-06-11 10:57 - 2014-06-08 10:48 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-11 10:57 - 2014-06-08 10:43 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-11 10:57 - 2014-05-30 11:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-11 10:57 - 2014-05-30 11:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-11 10:57 - 2014-05-30 11:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-11 10:57 - 2014-05-30 10:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-11 10:57 - 2014-05-30 10:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-11 10:57 - 2014-05-30 10:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-11 10:57 - 2014-05-30 10:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-11 10:57 - 2014-05-30 10:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-11 10:57 - 2014-05-30 10:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-11 10:57 - 2014-05-30 10:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-11 10:57 - 2014-05-30 10:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-11 10:57 - 2014-05-30 10:28 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-11 10:57 - 2014-05-30 10:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-11 10:57 - 2014-05-30 10:21 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-11 10:57 - 2014-05-30 10:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-11 10:57 - 2014-05-30 10:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-11 10:57 - 2014-05-30 10:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-11 10:57 - 2014-05-30 10:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-11 10:57 - 2014-05-30 10:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-11 10:57 - 2014-05-30 09:57 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-11 10:57 - 2014-05-30 09:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-11 10:57 - 2014-05-30 09:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-11 10:57 - 2014-05-30 09:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-11 10:57 - 2014-05-30 09:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-11 10:57 - 2014-05-30 09:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-11 10:57 - 2014-05-30 09:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-11 10:57 - 2014-05-30 09:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-11 10:57 - 2014-05-30 09:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-11 10:57 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-11 10:57 - 2014-04-05 04:25 - 01294272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-11 10:57 - 2014-04-05 04:24 - 00187840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-11 10:57 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-11 10:57 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-11 10:57 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-11 10:57 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll

==================== One Month Modified Files and Folders =======

2014-07-09 10:43 - 2014-07-08 08:31 - 00023918 _____ () C:\Users\Christian\Downloads\FRST.txt
2014-07-09 10:43 - 2010-03-20 13:46 - 00022640 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-09 10:43 - 2010-03-20 13:46 - 00022640 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-09 10:42 - 2014-07-08 08:31 - 00000000 ____D () C:\FRST
2014-07-09 10:37 - 2014-07-02 22:08 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-09 10:36 - 2010-03-20 13:47 - 00000000 ____D () C:\Users\Christian
2014-07-09 10:33 - 2013-10-14 22:12 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-09 10:33 - 2009-11-02 23:10 - 00001100 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-09 10:33 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-09 10:33 - 2009-07-14 06:39 - 14644613 _____ () C:\Windows\setupact.log
2014-07-09 10:23 - 2010-03-20 14:26 - 01537210 _____ () C:\Windows\WindowsUpdate.log
2014-07-09 10:11 - 2014-07-09 10:11 - 00000967 _____ () C:\Users\Christian\Desktop\JRT.txt
2014-07-09 10:06 - 2013-03-11 20:35 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-07-09 10:06 - 2013-03-11 20:35 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-07-09 10:04 - 2009-11-02 23:10 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-09 09:57 - 2014-07-09 09:56 - 01016261 _____ (Thisisu) C:\Users\Christian\Downloads\JRT.exe
2014-07-09 09:53 - 2010-03-20 14:11 - 00397244 _____ () C:\Windows\PFRO.log
2014-07-09 09:51 - 2014-05-14 15:49 - 00001088 _____ () C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-07-09 09:51 - 2013-10-13 19:20 - 00000000 ____D () C:\AdwCleaner
2014-07-09 09:51 - 2010-03-20 14:38 - 00001207 _____ () C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-07-09 09:48 - 2009-09-28 00:22 - 00000262 _____ () C:\Windows\Tasks\Auf Updates für Windows Live Toolbar prüfen.job
2014-07-09 09:47 - 2014-07-09 09:47 - 01348263 _____ () C:\Users\Christian\Downloads\adwcleaner_3.215.exe
2014-07-08 16:44 - 2009-08-04 20:03 - 02019072 _____ () C:\Windows\system32\TPAPSLOG.LOG
2014-07-08 08:34 - 2014-07-08 08:33 - 00041262 _____ () C:\Users\Christian\Downloads\Addition.txt
2014-07-08 08:31 - 2014-07-08 08:31 - 01074688 _____ (Farbar) C:\Users\Christian\Downloads\FRST.exe
2014-07-07 22:04 - 2014-07-07 22:04 - 00001381 _____ () C:\Users\Christian\Desktop\pup.txt
2014-07-04 09:15 - 2014-07-04 09:15 - 00067868 _____ () C:\Users\Public\Documents\AccConnAdvanced.dat
2014-07-04 09:15 - 2014-07-04 09:15 - 00061950 _____ () C:\Users\Public\Documents\ACGinaWinlogon.dat
2014-07-04 09:15 - 2014-04-10 21:05 - 00005344 _____ () C:\Users\Public\Documents\AcIpConfig.dat
2014-07-04 09:15 - 2009-12-12 19:48 - 00067941 _____ () C:\Users\Public\Documents\AcSvc.dmp
2014-07-03 13:08 - 2014-07-03 13:08 - 00001168 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-07-03 13:08 - 2014-07-03 13:08 - 00001156 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-07-03 13:08 - 2014-07-03 13:08 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-07-03 13:08 - 2014-06-18 10:52 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-07-02 23:07 - 2014-07-02 23:07 - 00001146 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-07-02 23:07 - 2014-07-02 23:07 - 00000000 ____D () C:\ProgramData\Package Cache
2014-07-02 23:07 - 2014-07-02 23:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-07-02 23:07 - 2013-10-15 15:43 - 00000000 ____D () C:\Program Files\Avira
2014-07-02 23:07 - 2012-12-23 18:30 - 00000000 ____D () C:\ProgramData\Avira
2014-07-02 22:37 - 2014-07-02 22:37 - 00000000 __SHD () C:\Users\Christian\AppData\Local\EmieUserList
2014-07-02 22:37 - 2014-07-02 22:37 - 00000000 __SHD () C:\Users\Christian\AppData\Local\EmieSiteList
2014-07-02 22:37 - 2014-07-02 18:19 - 00000000 ____D () C:\Windows\AF54923662584AC6A0435B5B89C6EB61.TMP
2014-07-02 22:06 - 2014-07-02 22:06 - 00001111 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-07-02 22:06 - 2014-07-02 22:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-07-02 22:06 - 2014-07-02 22:06 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-07-02 22:06 - 2013-06-30 19:05 - 00000000 ____D () C:\Users\Christian\AppData\Roaming\Malwarebytes
2014-07-02 22:06 - 2013-06-30 19:05 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-02 22:06 - 2013-06-30 19:05 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-07-02 18:20 - 2014-07-02 18:20 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-07-02 18:19 - 2014-07-02 18:19 - 00000000 ____D () C:\Program Files\Common Files\Wise Installation Wizard
2014-07-01 14:55 - 2011-05-02 21:28 - 00000000 ___RD () C:\Users\Christian\Dropbox
2014-07-01 12:57 - 2011-05-02 21:26 - 00000000 ____D () C:\Users\Christian\AppData\Roaming\Dropbox
2014-07-01 12:56 - 2014-01-25 17:38 - 00000000 ____D () C:\Users\Christian\AppData\Roaming\DropboxMaster
2014-06-30 00:14 - 2009-08-04 19:47 - 00350054 _____ () C:\Windows\DPINST.LOG
2014-06-29 19:32 - 2014-06-29 19:32 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_ggsemc_01009.Wdf
2014-06-29 19:32 - 2014-06-29 19:32 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_ggflt_01009.Wdf
2014-06-29 19:21 - 2014-06-29 19:21 - 01461992 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01009.dll
2014-06-29 19:21 - 2014-06-29 19:21 - 00025200 _____ (Sony Ericsson Mobile Communications) C:\Windows\system32\Drivers\ggsemc.sys
2014-06-29 19:21 - 2014-06-29 19:21 - 00012400 _____ (Sony Ericsson Mobile Communications) C:\Windows\system32\Drivers\ggflt.sys
2014-06-29 19:20 - 2014-06-29 19:20 - 00000000 ____D () C:\ProgramData\Sony Mobile
2014-06-29 19:20 - 2014-06-29 19:20 - 00000000 ____D () C:\Program Files\Sony Mobile
2014-06-29 19:18 - 2014-06-29 19:18 - 00000000 ____D () C:\ProgramData\Sony
2014-06-29 19:18 - 2014-06-29 19:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2014-06-29 19:18 - 2014-06-29 19:18 - 00000000 ____D () C:\Program Files\Sony
2014-06-29 19:18 - 2009-08-04 19:55 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-06-26 12:19 - 2013-10-15 15:43 - 00097648 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-06-25 12:26 - 2010-03-20 14:36 - 01808244 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-23 11:05 - 2014-06-23 11:04 - 00000000 ____D () C:\Users\Christian\Desktop\Numerics
2014-06-22 20:53 - 2009-07-14 06:53 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-06-21 13:02 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-06-20 10:50 - 2014-06-20 10:49 - 00006517 _____ () C:\Users\Christian\prozessliste.txt
2014-06-20 10:37 - 2010-12-08 00:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo II
2014-06-20 10:37 - 2010-12-07 23:51 - 00000000 ____D () C:\Program Files\Diablo II
2014-06-20 10:36 - 2014-01-09 23:14 - 00000000 ____D () C:\Users\Christian\Documents\UNICONSULT
2014-06-16 12:14 - 2014-06-16 12:14 - 00000000 ____D () C:\Users\Christian\AppData\Local\Adobe
2014-06-16 12:13 - 2009-09-28 11:07 - 00000395 _____ () C:\Users\Public\Documents\BluetoothLog.html
2014-06-12 18:21 - 2014-05-07 08:08 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-06-11 23:46 - 2013-08-31 15:56 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-11 23:43 - 2010-09-25 15:36 - 92708840 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-11 14:12 - 2010-11-12 19:38 - 00000000 ____D () C:\Users\Christian\Documents\MATLAB

Some content of TEMP:
====================
C:\Users\Christian\AppData\Local\Temp\AMDCleanupUtility.exe
C:\Users\Christian\AppData\Local\Temp\avgnt.exe
C:\Users\Christian\AppData\Local\Temp\BackupSetup.exe
C:\Users\Christian\AppData\Local\Temp\Cleanup.dll
C:\Users\Christian\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmphfa9hs.dll
C:\Users\Christian\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\Christian\AppData\Local\Temp\msvcm80.dll
C:\Users\Christian\AppData\Local\Temp\msvcp80.dll
C:\Users\Christian\AppData\Local\Temp\msvcr80.dll
C:\Users\Christian\AppData\Local\Temp\Quarantine.exe
C:\Users\Christian\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\Christian\AppData\Local\Temp\SHSetup.exe
C:\Users\Christian\AppData\Local\Temp\SpotifyUninstall.exe
C:\Users\Christian\AppData\Local\Temp\tmp5DD9.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-08 13:48

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---


Alt 10.07.2014, 11:06   #6
schrauber
/// the machine
/// TB-Ausbilder
 

PUP Crossrider von Malwarebytes entdeckt - Standard

PUP Crossrider von Malwarebytes entdeckt




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
--> PUP Crossrider von Malwarebytes entdeckt

Alt 10.07.2014, 15:31   #7
eddie_88
 
PUP Crossrider von Malwarebytes entdeckt - Standard

PUP Crossrider von Malwarebytes entdeckt



Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=5665a81b6fa205458bdb094e1dc6df09
# engine=19112
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-07-10 02:09:40
# local_time=2014-07-10 04:09:40 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 100 10485 24469708 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 23156706 156632571 0 0
# scanned=357768
# found=6
# cleaned=0
# scan_time=9954
sh=8F18725F30CEEE19ECF630C1F875F93027BA22AA ft=0 fh=0000000000000000 vn="OSX/ChatZum.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\ChatZum Toolbar\Chrome_softonic.zip.vir"
sh=8992F72873D09212597E582A16F8D9BC60E6A22A ft=1 fh=e21391a34e842ffc vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Common Files\DVDVideoSoft\TB\ConduitInstaller.exe.vir"
sh=63DFE6FCF5F73432F5E7754AA6B9BE4C8C4BC3FD ft=1 fh=4aff3285818ec058 vn="Variante von Win32/Toolbar.Babylon.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Christian\AppData\Local\Babylon\Setup\Setup.exe.vir"
sh=2E1EDC42A2DE4A8D2883BACDF1E537365FF5BD04 ft=1 fh=a75153a2879e5ce2 vn="möglicherweise Variante von Win32/RegistryNuke Anwendung" ac=I fn="C:\Program Files\Advanced Fix 2013\AdvancedFix.exe"
sh=B2141692BDF56352A137D83E9EC73D05C423D2E5 ft=1 fh=e9e99cb68f1bf246 vn="Win32/SpeedUpMyPC evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Christian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FB33MC26\SpeedUpMyPC-standalone-setup[1].exe"
sh=B2141692BDF56352A137D83E9EC73D05C423D2E5 ft=1 fh=e9e99cb68f1bf246 vn="Win32/SpeedUpMyPC evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Christian\AppData\Local\Temp\is-3EQFM.tmp\SpeedUpMyPC-standalone-setup.exe"
         
Code:
ATTFilter
 Results of screen317's Security Check version 0.99.85  
 Windows 7 Service Pack 1 x86 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Avira Desktop   
 Antivirus up to date!  (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 NI Spy 2.1.0f0   
 TuneUp Utilities 2014 (de-DE)  
 Java 7 Update 55  
 Java SE Development Kit 7 Update 55 
 Java SE Development Kit 8 Update 5 
 Java version out of Date! 
 Adobe Flash Player 	14.0.0.145  
 Adobe Reader XI  
 Mozilla Firefox (30.0) 
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
 Malwarebytes Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:05-07-2014 01
Ran by Christian (administrator) on CHRISTIAN-PC on 10-07-2014 16:27:40
Running from C:\Users\Christian\Downloads
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(Lenovo) C:\Windows\System32\ibmpmsvc.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Lenovo) C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Lenovo) C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Lenovo) C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(National Instruments Corporation) C:\Windows\System32\nipalsm.exe
(Lenovo) C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
(National Instruments Corporation) C:\Windows\System32\nipalsm.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Lenovo) C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\System Update\SUService.exe
(Lenovo.) C:\Windows\System32\TPHDEXLG.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(troubadix) C:\Program Files\TPFanControl\TPFanControl.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [cssauth] => C:\Program Files\Lenovo\Client Security Solution\cssauth.exe [3093816 2009-03-04] (Lenovo Group Limited)
HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [181536 2009-02-02] (Lenovo.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [750160 2014-06-26] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [AMD AVT] => C:\Program Files\AMD AVT\bin\kdbsync.exe [20992 2012-03-19] ()
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [187984 2014-06-30] (Avira Operations GmbH & Co. KG)
HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [280576 2013-05-01] (Microsoft Corporation)
HKU\S-1-5-21-3407049698-559278020-2232788308-1003\...\MountPoints2: {7c1322fb-ffae-11e3-a33b-00247e6ea802} - D:\Startme.exe
Lsa: [Notification Packages] scecli ACGina
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com/search?q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
BHO: IePasswordManagerHelper Class - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
Toolbar: HKCU - Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\uh5auo9h.default
FF NewTab: chrome://quick_start/content/index.html
FF DefaultSearchEngine: www.google.de
FF SearchEngineOrder.1: www.google.de
FF SearchEngineOrder.2: www.google.de
FF SelectedSearchEngine: www.google.de
FF Homepage: hxxp://www.tagesschau.de/
FF Keyword.URL: www.google.de
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll No File
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Avira Browser Safety - C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\uh5auo9h.default\Extensions\abs@avira.com [2014-07-02]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-09-29]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff
FF Extension: Download videos and MP3s from YouTube - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff [2012-12-28]

Chrome: 
=======
CHR HomePage: hxxp://www.tagesschau.de/
CHR RestoreOnStartup: "hxxp://www.google.com"
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Christian\AppData\Local\Google\Chrome\Application\30.0.1599.69\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Christian\AppData\Local\Google\Chrome\Application\30.0.1599.69\pdf.dll No File
CHR Plugin: (Shockwave Flash) - C:\Users\Christian\AppData\Local\Google\Chrome\Application\30.0.1599.69\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.140.8) - C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U14) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll No File
CHR Plugin: (DivX Plus Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Musicnotes) - C:\Program Files\Musicnotes\npmusicn.dll No File
CHR Plugin: (ScorchPlugin) - C:\Program Files\Musicnotes\npsibelius.dll No File
CHR Plugin: (MetaStream 3 Plugin) - C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (YouTube) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-01-14]
CHR Extension: (Google-Suche) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-01-14]
CHR Extension: (AdBlock) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-09-15]
CHR Extension: (No Name) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp [2013-01-06]
CHR Extension: (Chrome In-App Payments service) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-14]
CHR Extension: (Google Mail) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-01-14]

========================== Services (Whitelisted) =================

S3 ADMonitor; C:\Windows\system32\ADMonitor.exe [106496 2008-10-26] () [File not signed]
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [430160 2014-06-26] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [430160 2014-06-26] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe [1030224 2014-07-10] (Avira Operations GmbH & Co. KG)
S4 ApRunSvc; C:\Program Files\Apoint2K\ApRunSvc.exe [36864 2007-07-23] ()
S2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [138832 2014-06-30] (Avira Operations GmbH & Co. KG)
S4 dtsvc; C:\Windows\system32\DTS.exe [98304 2008-10-26] () [File not signed]
R2 EvtEng; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [864256 2009-02-11] (Intel(R) Corporation) [File not signed]
S4 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S4 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [103808 2008-01-22] ()
R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [270336 2001-02-23] (Microsoft Corporation) [File not signed]
S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [45272 2005-10-14] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [204800 2009-02-11] () [File not signed]
R2 nidevldu; C:\Windows\System32\nipalsm.exe [5730 2003-11-14] (National Instruments Corporation) [File not signed]
S4 NILM License manager; C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe [609280 2004-02-25] (Macrovision Corporation) [File not signed]
R2 nipxirmu; C:\Windows\System32\nipalsm.exe [5730 2003-11-14] (National Instruments Corporation) [File not signed]
S4 niSvcLoc; C:\Windows\system32\niSvcLoc.exe [49152 2003-04-30] (National Instruments) [File not signed]
S4 OpcEnum; C:\Windows\system32\OpcEnum.exe [60416 1998-10-02] () [File not signed]
S2 OpenSSHd; C:\Program Files\OpenSSH\bin\cygrunsrv.exe [36864 2004-04-18] () [File not signed]
R2 RegSrvc; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [466944 2009-02-11] (Intel(R) Corporation) [File not signed]
S4 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software)
R2 SUService; C:\Program Files\Lenovo\System Update\SUService.exe [15872 2009-09-24] (Lenovo Group Limited) [File not signed]
R2 TSSCoreService; C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe [779576 2009-03-04] (Lenovo)
S4 TVT Backup Protection Service; C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe [520192 2008-05-24] () [File not signed]
S2 TVT Backup Service; C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe [950272 2008-05-24] (Lenovo Group Limited) [File not signed]
S2 TVT Scheduler; c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe [1155072 2008-05-24] (Lenovo Group Limited) [File not signed]
S4 TVT_UpdateMonitor; C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe [360448 2008-10-09] (Lenovo Group Limited) [File not signed]
R2 vpnagent; C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [558480 2013-10-10] (Cisco Systems, Inc.)

==================== Drivers (Whitelisted) ====================

S3 acsock; C:\Windows\System32\DRIVERS\acsock.sys [92528 2013-10-10] (Cisco Systems, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [97648 2014-06-26] (Avira Operations GmbH & Co. KG)
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [37664 2013-10-13] (AVG Technologies)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-05-27] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-09-30] (Avira Operations GmbH & Co. KG)
R2 cvintdrv; C:\Windows\system32\Drivers\cvintdrv.sys [7140 2003-07-29] () [File not signed]
S3 FTD2XX; C:\Windows\System32\Drivers\FTD2XX.sys [19458 2001-10-02] (FTDI Ltd.) [File not signed]
S3 gpibclsb; C:\Windows\System32\Drivers\gpibclsb.sys [56904 2002-07-17] () [File not signed]
S3 gpibclsd; C:\Windows\System32\Drivers\gpibclsd.sys [34664 2002-07-17] () [File not signed]
R2 lvalarmk; C:\Windows\System32\drivers\lvalarmk.dll [10829 2004-04-01] (National Instruments) [File not signed]
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-07-10] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation)
R2 niarbk; C:\Windows\System32\drivers\niarbk.dll [37376 2004-04-08] (National Instruments Corporation) [File not signed]
R2 nibffrk; C:\Windows\System32\drivers\nibffrk.dll [21504 2004-04-08] (National Instruments Corporation) [File not signed]
R3 nicdrk; C:\Windows\System32\drivers\nicdrk.dll [128112 2004-03-30] (National Instruments Corporation) [File not signed]
R2 Nidaq32k; C:\Windows\system32\Drivers\Nidaq32k.sys [674304 2004-04-08] (National Instruments Corporation) [File not signed]
R2 nidimk; C:\Windows\System32\drivers\nidimk.dll [108124 2004-03-26] (National Instruments Corporation) [File not signed]
R2 nidmmk; C:\Windows\System32\drivers\nidmmk.dll [50688 2004-04-08] (National Instruments Corporation) [File not signed]
R2 nidmxfk; C:\Windows\System32\drivers\nidmxfk.dll [128117 2004-03-30] (National Instruments Corporation) [File not signed]
S3 nidsark; C:\Windows\System32\drivers\nidsark.dll [636522 2004-03-30] (National Instruments Corporation) [File not signed]
S3 niesrk; C:\Windows\System32\drivers\niesrk.dll [508523 2004-04-05] (National Instruments Corporation) [File not signed]
R2 nilvaik; C:\Windows\System32\drivers\nilvaik.dll [18037 2004-04-01] (National Instruments Corporation) [File not signed]
R3 nimdbgk; C:\Windows\System32\drivers\nimdbgk.dll [133227 2004-03-26] (National Instruments Corporation) [File not signed]
R2 nimdsk; C:\Windows\System32\drivers\nimdsk.dll [30208 2004-04-08] (National Instruments Corporation) [File not signed]
R3 nimru2k; C:\Windows\System32\drivers\nimru2k.dll [130141 2004-03-26] (National Instruments Corporation) [File not signed]
S3 nimsdrk; C:\Windows\System32\drivers\nimsdrk.dll [73346 2004-04-05] (National Instruments Corporation) [File not signed]
S3 nimslk; C:\Windows\System32\drivers\nimslk.dll [14464 2004-04-05] (National Instruments Corporation) [File not signed]
S3 nimsrlk; C:\Windows\System32\drivers\nimsrlk.dll [151683 2004-04-05] (National Instruments Corporation) [File not signed]
R3 nimstsk; C:\Windows\System32\drivers\nimstsk.dll [44149 2004-04-05] (National Instruments Corporation) [File not signed]
R3 nimxdfk; C:\Windows\System32\drivers\nimxdfk.dll [172639 2004-03-26] (National Instruments Corporation) [File not signed]
R2 nimxpk; C:\Windows\System32\drivers\nimxpk.dll [19570 2004-03-29] (National Instruments Corporation) [File not signed]
R3 niorbk; C:\Windows\System32\drivers\niorbk.dll [35420 2004-03-31] (National Instruments Corporation) [File not signed]
R0 NIPALK; C:\Windows\system32\Drivers\NIPALK.sys [373853 2004-03-26] (National Instruments Corporation) [File not signed]
R2 nipxirmk; C:\Windows\System32\drivers\nipxirmk.dll [41071 2004-03-15] (National Instruments Corporation) [File not signed]
R3 niscdk; C:\Windows\System32\drivers\niscdk.dll [385642 2004-03-30] (National Instruments Corporation) [File not signed]
S3 nisdigk; C:\Windows\System32\drivers\nisdigk.dll [203893 2004-04-04] (National Instruments Corporation) [File not signed]
S3 nispdk; C:\Windows\System32\drivers\nispdk.dll [67178 2004-03-30] () [File not signed]
S3 nissrk; C:\Windows\System32\drivers\nissrk.dll [393323 2004-04-05] (National Instruments Corporation) [File not signed]
S3 nistc2k; C:\Windows\System32\drivers\nistc2k.dll [121461 2004-03-30] (National Instruments Corporation) [File not signed]
R2 nistck; C:\Windows\System32\drivers\nistck.dll [111616 2004-04-08] (National Instruments Corporation) [File not signed]
S3 nistcrk; C:\Windows\System32\drivers\nistcrk.dll [81529 2004-04-04] (National Instruments Corporation) [File not signed]
R2 niswdk; C:\Windows\System32\drivers\niswdk.dll [341101 2004-03-31] (National Instruments Corporation) [File not signed]
S3 nitiork; C:\Windows\System32\drivers\nitiork.dll [1193593 2004-04-05] (National Instruments Corporation) [File not signed]
S3 NiViPxiK; C:\Windows\system32\Drivers\NiViPxiK.sys [24064 2004-03-30] (National Instruments) [File not signed]
S3 niwfrk; C:\Windows\System32\drivers\niwfrk.dll [285803 2004-04-05] (National Instruments Corporation) [File not signed]
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1754368 2008-11-25] ()
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-09-30] (Avira GmbH)
R2 tvtfilter; C:\Windows\System32\DRIVERS\tvtfilter.sys [33536 2009-08-04] (Lenovo) [File not signed]
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva-6.sys [43376 2013-10-10] (Cisco Systems, Inc.)
S2 eamonm; system32\DRIVERS\eamonm.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 PCDSRVC{C4B36920-79E24793-06000000}_0; \??\c:\progra~1\pc-doc~1\pcdsrvc.pkms [X]
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-10 16:18 - 2014-07-10 16:18 - 00854390 _____ () C:\Users\Christian\Downloads\SecurityCheck.exe
2014-07-10 13:16 - 2014-07-10 13:17 - 02347384 _____ (ESET) C:\Users\Christian\Downloads\esetsmartinstaller_deu.exe
2014-07-09 22:55 - 2014-06-20 21:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-09 22:55 - 2014-06-19 01:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-09 22:55 - 2014-06-19 01:56 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-09 22:55 - 2014-06-19 01:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-09 22:55 - 2014-06-19 01:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-09 22:55 - 2014-06-19 01:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-09 22:55 - 2014-06-19 01:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-09 22:55 - 2014-06-19 01:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-09 22:55 - 2014-06-19 01:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-09 22:55 - 2014-06-19 01:23 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-09 22:55 - 2014-06-19 01:16 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-09 22:55 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-09 22:55 - 2014-06-19 01:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-09 22:55 - 2014-06-19 01:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-09 22:55 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-09 22:55 - 2014-06-19 00:52 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-09 22:55 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-09 22:55 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-09 22:55 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-09 22:55 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-09 22:55 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-09 22:55 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-09 22:54 - 2014-06-30 03:40 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-07-09 22:54 - 2014-06-30 03:36 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-07-09 22:54 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-09 22:54 - 2014-06-19 01:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-09 22:54 - 2014-06-19 01:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-09 22:54 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-09 22:54 - 2014-06-19 01:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-09 22:54 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-09 22:54 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-09 22:54 - 2014-06-19 00:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-09 22:54 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-09 22:54 - 2014-06-18 02:52 - 02350080 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-09 22:54 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-09 22:54 - 2014-06-05 16:26 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-09 22:54 - 2014-05-30 09:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-09 22:54 - 2014-05-30 09:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-09 22:54 - 2014-05-30 09:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-09 22:54 - 2014-05-30 09:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-09 22:54 - 2014-05-30 09:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-09 22:54 - 2014-05-30 09:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-09 22:54 - 2014-05-30 09:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-09 22:54 - 2014-05-30 08:36 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-09 10:11 - 2014-07-09 10:11 - 00000967 _____ () C:\Users\Christian\Desktop\JRT.txt
2014-07-09 09:56 - 2014-07-09 09:57 - 01016261 _____ (Thisisu) C:\Users\Christian\Downloads\JRT.exe
2014-07-09 09:50 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-07-09 09:47 - 2014-07-09 09:47 - 01348263 _____ () C:\Users\Christian\Downloads\adwcleaner_3.215.exe
2014-07-08 08:33 - 2014-07-08 08:34 - 00041262 _____ () C:\Users\Christian\Downloads\Addition.txt
2014-07-08 08:31 - 2014-07-10 16:27 - 00023972 _____ () C:\Users\Christian\Downloads\FRST.txt
2014-07-08 08:31 - 2014-07-10 16:27 - 00000000 ____D () C:\FRST
2014-07-08 08:31 - 2014-07-08 08:31 - 01074688 _____ (Farbar) C:\Users\Christian\Downloads\FRST.exe
2014-07-07 22:04 - 2014-07-07 22:04 - 00001381 _____ () C:\Users\Christian\Desktop\pup.txt
2014-07-04 09:15 - 2014-07-04 09:15 - 00067868 _____ () C:\Users\Public\Documents\AccConnAdvanced.dat
2014-07-04 09:15 - 2014-07-04 09:15 - 00061950 _____ () C:\Users\Public\Documents\ACGinaWinlogon.dat
2014-07-03 13:08 - 2014-07-03 13:08 - 00001168 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-07-03 13:08 - 2014-07-03 13:08 - 00001156 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-07-03 13:08 - 2014-07-03 13:08 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-07-02 23:07 - 2014-07-02 23:07 - 00001146 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-07-02 23:07 - 2014-07-02 23:07 - 00000000 ____D () C:\ProgramData\Package Cache
2014-07-02 23:03 - 2014-07-02 23:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-07-02 22:37 - 2014-07-02 22:37 - 00000000 __SHD () C:\Users\Christian\AppData\Local\EmieUserList
2014-07-02 22:37 - 2014-07-02 22:37 - 00000000 __SHD () C:\Users\Christian\AppData\Local\EmieSiteList
2014-07-02 22:08 - 2014-07-10 14:01 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-02 22:06 - 2014-07-02 22:06 - 00001111 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-07-02 22:06 - 2014-07-02 22:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-07-02 22:06 - 2014-07-02 22:06 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-07-02 22:06 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-02 22:06 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-02 18:20 - 2014-07-02 18:20 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-07-02 18:19 - 2014-07-02 22:37 - 00000000 ____D () C:\Windows\AF54923662584AC6A0435B5B89C6EB61.TMP
2014-07-02 18:19 - 2014-07-02 18:19 - 00000000 ____D () C:\Program Files\Common Files\Wise Installation Wizard
2014-06-29 19:32 - 2014-06-29 19:32 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_ggsemc_01009.Wdf
2014-06-29 19:32 - 2014-06-29 19:32 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_ggflt_01009.Wdf
2014-06-29 19:21 - 2014-06-29 19:21 - 01461992 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01009.dll
2014-06-29 19:21 - 2014-06-29 19:21 - 00025200 _____ (Sony Ericsson Mobile Communications) C:\Windows\system32\Drivers\ggsemc.sys
2014-06-29 19:21 - 2014-06-29 19:21 - 00012400 _____ (Sony Ericsson Mobile Communications) C:\Windows\system32\Drivers\ggflt.sys
2014-06-29 19:20 - 2014-06-29 19:20 - 00000000 ____D () C:\ProgramData\Sony Mobile
2014-06-29 19:20 - 2014-06-29 19:20 - 00000000 ____D () C:\Program Files\Sony Mobile
2014-06-29 19:18 - 2014-06-29 19:18 - 00000000 ____D () C:\ProgramData\Sony
2014-06-29 19:18 - 2014-06-29 19:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2014-06-29 19:18 - 2014-06-29 19:18 - 00000000 ____D () C:\Program Files\Sony
2014-06-23 11:04 - 2014-06-23 11:05 - 00000000 ____D () C:\Users\Christian\Desktop\Numerics
2014-06-20 10:49 - 2014-06-20 10:50 - 00006517 _____ () C:\Users\Christian\prozessliste.txt
2014-06-18 10:52 - 2014-07-03 13:08 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-06-16 12:14 - 2014-06-16 12:14 - 00000000 ____D () C:\Users\Christian\AppData\Local\Adobe
2014-06-11 10:57 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-11 10:57 - 2014-04-05 04:25 - 01294272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-11 10:57 - 2014-04-05 04:24 - 00187840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-11 10:57 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-11 10:57 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-11 10:57 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-11 10:57 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll

==================== One Month Modified Files and Folders =======

2014-07-10 16:28 - 2014-07-08 08:31 - 00023972 _____ () C:\Users\Christian\Downloads\FRST.txt
2014-07-10 16:27 - 2014-07-08 08:31 - 00000000 ____D () C:\FRST
2014-07-10 16:18 - 2014-07-10 16:18 - 00854390 _____ () C:\Users\Christian\Downloads\SecurityCheck.exe
2014-07-10 16:04 - 2009-11-02 23:10 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-10 16:03 - 2013-10-14 22:12 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-10 15:48 - 2009-09-28 00:22 - 00000262 _____ () C:\Windows\Tasks\Auf Updates für Windows Live Toolbar prüfen.job
2014-07-10 14:01 - 2014-07-02 22:08 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-10 13:18 - 2010-03-20 14:26 - 01922250 _____ () C:\Windows\WindowsUpdate.log
2014-07-10 13:17 - 2014-07-10 13:16 - 02347384 _____ (ESET) C:\Users\Christian\Downloads\esetsmartinstaller_deu.exe
2014-07-10 13:12 - 2010-03-20 13:46 - 00022640 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-10 13:12 - 2010-03-20 13:46 - 00022640 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-10 13:11 - 2013-10-15 15:43 - 00035848 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-07-10 13:09 - 2010-03-20 13:47 - 00000000 ____D () C:\Users\Christian
2014-07-10 13:08 - 2009-11-02 23:10 - 00001100 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-10 13:05 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-10 13:05 - 2009-07-14 06:39 - 14675141 _____ () C:\Windows\setupact.log
2014-07-10 13:05 - 2009-07-14 06:33 - 00459688 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-10 12:54 - 2014-05-07 08:08 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-10 12:54 - 2009-07-14 10:57 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-10 12:54 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-07-10 00:09 - 2013-08-31 15:56 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-10 00:06 - 2010-09-25 15:36 - 93585272 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-09 17:28 - 2009-08-04 20:03 - 02019200 _____ () C:\Windows\system32\TPAPSLOG.LOG
2014-07-09 11:03 - 2013-03-11 20:35 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-07-09 11:03 - 2013-03-11 20:35 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-07-09 10:11 - 2014-07-09 10:11 - 00000967 _____ () C:\Users\Christian\Desktop\JRT.txt
2014-07-09 09:57 - 2014-07-09 09:56 - 01016261 _____ (Thisisu) C:\Users\Christian\Downloads\JRT.exe
2014-07-09 09:53 - 2010-03-20 14:11 - 00397244 _____ () C:\Windows\PFRO.log
2014-07-09 09:51 - 2014-05-14 15:49 - 00001088 _____ () C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-07-09 09:51 - 2013-10-13 19:20 - 00000000 ____D () C:\AdwCleaner
2014-07-09 09:51 - 2010-03-20 14:38 - 00001207 _____ () C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-07-09 09:47 - 2014-07-09 09:47 - 01348263 _____ () C:\Users\Christian\Downloads\adwcleaner_3.215.exe
2014-07-08 08:34 - 2014-07-08 08:33 - 00041262 _____ () C:\Users\Christian\Downloads\Addition.txt
2014-07-08 08:31 - 2014-07-08 08:31 - 01074688 _____ (Farbar) C:\Users\Christian\Downloads\FRST.exe
2014-07-07 22:04 - 2014-07-07 22:04 - 00001381 _____ () C:\Users\Christian\Desktop\pup.txt
2014-07-04 09:15 - 2014-07-04 09:15 - 00067868 _____ () C:\Users\Public\Documents\AccConnAdvanced.dat
2014-07-04 09:15 - 2014-07-04 09:15 - 00061950 _____ () C:\Users\Public\Documents\ACGinaWinlogon.dat
2014-07-04 09:15 - 2014-04-10 21:05 - 00005344 _____ () C:\Users\Public\Documents\AcIpConfig.dat
2014-07-04 09:15 - 2009-12-12 19:48 - 00067941 _____ () C:\Users\Public\Documents\AcSvc.dmp
2014-07-03 13:08 - 2014-07-03 13:08 - 00001168 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-07-03 13:08 - 2014-07-03 13:08 - 00001156 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-07-03 13:08 - 2014-07-03 13:08 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-07-03 13:08 - 2014-06-18 10:52 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-07-02 23:07 - 2014-07-02 23:07 - 00001146 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-07-02 23:07 - 2014-07-02 23:07 - 00000000 ____D () C:\ProgramData\Package Cache
2014-07-02 23:07 - 2014-07-02 23:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-07-02 23:07 - 2013-10-15 15:43 - 00000000 ____D () C:\Program Files\Avira
2014-07-02 23:07 - 2012-12-23 18:30 - 00000000 ____D () C:\ProgramData\Avira
2014-07-02 22:37 - 2014-07-02 22:37 - 00000000 __SHD () C:\Users\Christian\AppData\Local\EmieUserList
2014-07-02 22:37 - 2014-07-02 22:37 - 00000000 __SHD () C:\Users\Christian\AppData\Local\EmieSiteList
2014-07-02 22:37 - 2014-07-02 18:19 - 00000000 ____D () C:\Windows\AF54923662584AC6A0435B5B89C6EB61.TMP
2014-07-02 22:06 - 2014-07-02 22:06 - 00001111 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-07-02 22:06 - 2014-07-02 22:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-07-02 22:06 - 2014-07-02 22:06 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-07-02 22:06 - 2013-06-30 19:05 - 00000000 ____D () C:\Users\Christian\AppData\Roaming\Malwarebytes
2014-07-02 22:06 - 2013-06-30 19:05 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-02 22:06 - 2013-06-30 19:05 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-07-02 18:20 - 2014-07-02 18:20 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-07-02 18:19 - 2014-07-02 18:19 - 00000000 ____D () C:\Program Files\Common Files\Wise Installation Wizard
2014-07-01 14:55 - 2011-05-02 21:28 - 00000000 ___RD () C:\Users\Christian\Dropbox
2014-07-01 12:57 - 2011-05-02 21:26 - 00000000 ____D () C:\Users\Christian\AppData\Roaming\Dropbox
2014-07-01 12:56 - 2014-01-25 17:38 - 00000000 ____D () C:\Users\Christian\AppData\Roaming\DropboxMaster
2014-06-30 03:40 - 2014-07-09 22:54 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-30 03:36 - 2014-07-09 22:54 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-30 00:14 - 2009-08-04 19:47 - 00350054 _____ () C:\Windows\DPINST.LOG
2014-06-29 19:32 - 2014-06-29 19:32 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_ggsemc_01009.Wdf
2014-06-29 19:32 - 2014-06-29 19:32 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_ggflt_01009.Wdf
2014-06-29 19:21 - 2014-06-29 19:21 - 01461992 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01009.dll
2014-06-29 19:21 - 2014-06-29 19:21 - 00025200 _____ (Sony Ericsson Mobile Communications) C:\Windows\system32\Drivers\ggsemc.sys
2014-06-29 19:21 - 2014-06-29 19:21 - 00012400 _____ (Sony Ericsson Mobile Communications) C:\Windows\system32\Drivers\ggflt.sys
2014-06-29 19:20 - 2014-06-29 19:20 - 00000000 ____D () C:\ProgramData\Sony Mobile
2014-06-29 19:20 - 2014-06-29 19:20 - 00000000 ____D () C:\Program Files\Sony Mobile
2014-06-29 19:18 - 2014-06-29 19:18 - 00000000 ____D () C:\ProgramData\Sony
2014-06-29 19:18 - 2014-06-29 19:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2014-06-29 19:18 - 2014-06-29 19:18 - 00000000 ____D () C:\Program Files\Sony
2014-06-29 19:18 - 2009-08-04 19:55 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-06-26 12:19 - 2013-10-15 15:43 - 00097648 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-06-25 12:26 - 2010-03-20 14:36 - 01808244 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-23 11:05 - 2014-06-23 11:04 - 00000000 ____D () C:\Users\Christian\Desktop\Numerics
2014-06-22 20:53 - 2009-07-14 06:53 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-06-21 13:02 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-06-20 21:39 - 2014-07-09 22:55 - 00240824 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-06-20 10:50 - 2014-06-20 10:49 - 00006517 _____ () C:\Users\Christian\prozessliste.txt
2014-06-20 10:37 - 2010-12-08 00:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo II
2014-06-20 10:37 - 2010-12-07 23:51 - 00000000 ____D () C:\Program Files\Diablo II
2014-06-20 10:36 - 2014-01-09 23:14 - 00000000 ____D () C:\Users\Christian\Documents\UNICONSULT
2014-06-19 02:16 - 2014-07-09 22:54 - 17276416 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-19 01:56 - 2014-07-09 22:55 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-19 01:56 - 2014-07-09 22:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-19 01:38 - 2014-07-09 22:54 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-19 01:37 - 2014-07-09 22:55 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-19 01:36 - 2014-07-09 22:55 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-19 01:35 - 2014-07-09 22:54 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-06-19 01:32 - 2014-07-09 22:54 - 02179072 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-19 01:28 - 2014-07-09 22:55 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-19 01:28 - 2014-07-09 22:55 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-19 01:25 - 2014-07-09 22:55 - 00442368 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-19 01:23 - 2014-07-09 22:55 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-19 01:23 - 2014-07-09 22:55 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-19 01:22 - 2014-07-09 22:54 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-19 01:16 - 2014-07-09 22:55 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-19 01:12 - 2014-07-09 22:55 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-19 01:06 - 2014-07-09 22:55 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-19 01:01 - 2014-07-09 22:55 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-19 00:59 - 2014-07-09 22:54 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-19 00:58 - 2014-07-09 22:55 - 00239616 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-19 00:52 - 2014-07-09 22:55 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-19 00:52 - 2014-07-09 22:54 - 04254720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-19 00:49 - 2014-07-09 22:55 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-19 00:46 - 2014-07-09 22:54 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-19 00:45 - 2014-07-09 22:55 - 01964544 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-19 00:35 - 2014-07-09 22:55 - 11742208 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-19 00:13 - 2014-07-09 22:55 - 01791488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-19 00:09 - 2014-07-09 22:55 - 01139200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-19 00:07 - 2014-07-09 22:55 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-18 03:51 - 2014-07-09 22:54 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-06-18 02:52 - 2014-07-09 22:54 - 02350080 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-06-16 12:14 - 2014-06-16 12:14 - 00000000 ____D () C:\Users\Christian\AppData\Local\Adobe
2014-06-16 12:13 - 2009-09-28 11:07 - 00000395 _____ () C:\Users\Public\Documents\BluetoothLog.html
2014-06-11 14:12 - 2010-11-12 19:38 - 00000000 ____D () C:\Users\Christian\Documents\MATLAB

Some content of TEMP:
====================
C:\Users\Christian\AppData\Local\Temp\AMDCleanupUtility.exe
C:\Users\Christian\AppData\Local\Temp\avgnt.exe
C:\Users\Christian\AppData\Local\Temp\BackupSetup.exe
C:\Users\Christian\AppData\Local\Temp\Cleanup.dll
C:\Users\Christian\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmphfa9hs.dll
C:\Users\Christian\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\Christian\AppData\Local\Temp\msvcm80.dll
C:\Users\Christian\AppData\Local\Temp\msvcp80.dll
C:\Users\Christian\AppData\Local\Temp\msvcr80.dll
C:\Users\Christian\AppData\Local\Temp\Quarantine.exe
C:\Users\Christian\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\Christian\AppData\Local\Temp\SHSetup.exe
C:\Users\Christian\AppData\Local\Temp\SpotifyUninstall.exe
C:\Users\Christian\AppData\Local\Temp\tmp5DD9.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-08 13:48

==================== End Of Log ============================
         
--- --- ---

--- --- ---


Der ESET Scan hat ja 6 Dinge gefunden, aber nicht gelöscht, da ich ja den zugehörigen Haken entfernt habe. Sind die infizierten Dateien nun noch drauf?

Alt 11.07.2014, 11:03   #8
schrauber
/// the machine
/// TB-Ausbilder
 

PUP Crossrider von Malwarebytes entdeckt - Standard

PUP Crossrider von Malwarebytes entdeckt



Java updaten.

Advanced Fix 2013 deinstallieren.

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
C:\Program Files\Advanced Fix 2013
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.





Fertig

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 11.07.2014, 12:17   #9
eddie_88
 
PUP Crossrider von Malwarebytes entdeckt - Standard

PUP Crossrider von Malwarebytes entdeckt



Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:11-07-2014
Ran by Christian at 2014-07-11 13:15:55 Run:1
Running from C:\Users\Christian\Downloads
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
C:\Program Files\Advanced Fix 2013
*****************

C:\Program Files\Advanced Fix 2013 => Moved successfully.

==== End of Fixlog ====
         
Danke dir!

Alt 12.07.2014, 07:37   #10
schrauber
/// the machine
/// TB-Ausbilder
 

PUP Crossrider von Malwarebytes entdeckt - Standard

PUP Crossrider von Malwarebytes entdeckt



Gern Geschehen
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu PUP Crossrider von Malwarebytes entdeckt
appdata, datenbank, detected, entdeck, entdeckt, ersetzt, firefox, komplett, log-file, malicious, malwarebytes, mozilla, osx/chatzum.a, pup.optional.crossrider.a, roaming, service, spyhunter, spyhunter entfernen, webseite, webseiten, win32/toolbar.babylon.h, win32/toolbar.conduit, windows, windows 7



Ähnliche Themen: PUP Crossrider von Malwarebytes entdeckt


  1. malwarebytes hat was entdeckt PUP.Optional.Somoto
    Plagegeister aller Art und deren Bekämpfung - 08.06.2014 (5)
  2. malwarebytes hat was auf XP Rechner entdeckt
    Log-Analyse und Auswertung - 15.04.2014 (3)
  3. PUP.optional von Malwarebytes entdeckt, Firefox öffnet ständig neue (leere) Seiten
    Plagegeister aller Art und deren Bekämpfung - 11.04.2014 (3)
  4. Backdoor- und Trojan-Agents mit MalwareBytes entdeckt
    Log-Analyse und Auswertung - 20.01.2014 (6)
  5. Backdoor.Agent.FPA nach Routinescan mit MalwareBytes entdeckt
    Plagegeister aller Art und deren Bekämpfung - 28.12.2013 (7)
  6. Windows7: Malwarebytes entdeckt mehrere infizierte Dateien
    Log-Analyse und Auswertung - 13.11.2013 (10)
  7. Malwarebytes hat "Babylon" entdeckt und beseitigt, ist mein Rechner jetzt sauber?
    Plagegeister aller Art und deren Bekämpfung - 13.10.2013 (15)
  8. Nach entfernen von QV06 fand Malwarebytes 17 treffer (pup.optional.crossrider)
    Log-Analyse und Auswertung - 23.08.2013 (13)
  9. Malwarebytes hat Tojaner "Trojan.LameShield" entdeckt
    Log-Analyse und Auswertung - 08.04.2013 (15)
  10. 100 tan trojaner_spyware.zeus_trojan.zbot_trojan.agent.iet mit malwarebytes entdeckt
    Log-Analyse und Auswertung - 13.01.2013 (9)
  11. Laptop langsam - Malwarebytes entdeckt 3 infizierte Objekte
    Log-Analyse und Auswertung - 31.12.2012 (12)
  12. PUP.CrossRider.SSK mit Antimalware entdeckt!Was ist jetzt zu tun?
    Plagegeister aller Art und deren Bekämpfung - 15.12.2012 (22)
  13. pup.mywebsearch durch Malwarebytes entdeckt- was tun?
    Log-Analyse und Auswertung - 16.11.2012 (13)
  14. TR/Spy.Banker.Gen5 durch Malwarebytes entdeckt
    Plagegeister aller Art und deren Bekämpfung - 14.08.2012 (3)
  15. Malwarebytes hat dhxiuw.dat (Malware.Trace) entdeckt
    Plagegeister aller Art und deren Bekämpfung - 09.08.2012 (5)
  16. Antimalware Doctor entdeckt - mit Malwarebytes gelöscht - was nun?
    Plagegeister aller Art und deren Bekämpfung - 15.06.2011 (26)
  17. Malwarebytes entdeckt "Trojan.Banker", Rechner total langsam - System clean?
    Plagegeister aller Art und deren Bekämpfung - 16.11.2009 (12)

Zum Thema PUP Crossrider von Malwarebytes entdeckt - Hallo, ich habe mir bereits einmal von euch helfen lassen. Vielen Dank nochmal dafür. Eben hat mein Malwarebytes einen PUP gefunden. Mit Malwarebytes kriege ich den nicht komplett weg. Ich - PUP Crossrider von Malwarebytes entdeckt...
Archiv
Du betrachtest: PUP Crossrider von Malwarebytes entdeckt auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.