Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Windows 7: Chrome: Webseiten werden auf Werbung umgeleitet und Pop-Ups (https://www.trojaner-board.de/151599-windows-7-chrome-webseiten-werbung-umgeleitet-pop-ups.html)

Schattenlord 27.03.2014 20:21
Windows 7: Chrome: Webseiten werden auf Werbung umgeleitet und Pop-Ups
 
Hallo liebe/r HelferIn,
seit ein paar Tagen werde ich des Öfteren auf Werbung umgeleitet und es öffnen sich ständig Pop-Ups. Selbst, wenn ich nur in den Browser klicke, um ihn wieder in den Vordergrund zu holen ohne dabei auf einen Link zu klicken, öffnen sich neue Tabs und Pop-Ups. Auf Empfehlung eines Bekannten habe ich mir Malwarebytes Anti-Malware installiert. Diese Programm hat beim nächsten Start von Chrome eine Webseite geblockt und seitdem habe ich auch keine Pop-Ups mehr. Zwischendurch wird mir immer wieder angezeigt, dass etwas geblockt wird. Auch mein Antivir hat angeschlagen. Sowohl mit Antivir, als auch mit Anti-Malware hab ich einen Scan durchgeführt und alle Ergebnisse in die Quarantäne geschoben. Da ich aber nicht nur die Symptome bekämpfen möchte, hoffe ich hier auf Hilfe, den Virus? zu entfernen. Ich habe Anleitung für Hilfesuchende abgearbeitet und hänge nun die Logfiles an:

defogger_disable.log:
Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 16:52 on 27/03/2014 (Björn)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
FRST.txt:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Björn (administrator) on BJOERN-PC on 27-03-2014 16:55:02
Running from C:\Users\Björn\Downloads
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
() C:\Program Files (x86)\PacFunction\updatePacFunction.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
() C:\Program Files (x86)\PacFunction\bin\utilPacFunction.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Service.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-Network.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-BlockDevice.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-SharedFolder.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Logitech Inc.) C:\Program Files\Logitech\Gaming Software\LWEMon.exe
(Valve Corporation) D:\Program Files (x86)\Steam\Steam.exe
(Google Inc.) C:\Users\Björn\AppData\Local\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
() C:\Users\Björn\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
(Spotify Ltd) C:\Users\Björn\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
() C:\Program Files (x86)\spotimote\spotimote.exe
(FILSH Media GmbH) D:\Program Files (x86)\FILSHtray\FILSHtray.exe
(Realtime Soft Ltd) C:\Program Files\UltraMon\UltraMon.exe
(Dropbox, Inc.) C:\Users\Björn\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(AVM Berlin) C:\Users\Björn\AppData\Local\Apps\2.0\5QDKRKKY.6PP\PT18AWHJ.ZDC\frit..tion_1acae14e4778b8d2_0002.0003_6dcb4a48ddb2ee39\fritzbox-usb-fernanschluss.exe
(Geek Software GmbH) D:\Program Files (x86)\PDF24\pdf24.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Realtime Soft Ltd) C:\Program Files\UltraMon\UltraMonTaskbar.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
() C:\Program Files (x86)\PacFunction\bin\FilterApp_C64.exe
(Realtime Soft Ltd) C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe
(Realtime Soft Ltd) C:\Program Files\UltraMon\UltraMonUiAcc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
() C:\Program Files (x86)\PacFunction\bin\XTLSApp.exe
(Google Inc.) C:\Users\Björn\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Björn\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Björn\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Björn\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Björn\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Björn\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Björn\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Björn\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Björn\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Björn\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Björn\AppData\Local\Google\Chrome\Application\chrome.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
(Realtime Soft Ltd) C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7833120 2012-04-19] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] - C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2012-04-19] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Launch LgDeviceAgent] - C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe [415816 2010-08-03] (Logitech Inc.)
HKLM\...\Run: [Launch LGDCore] - C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe [4725320 2010-08-03] (Logitech Inc.)
HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [1744152 2011-10-07] (Logitech, Inc.)
HKLM\...\Run: [Start WingMan Profiler] - C:\Program Files\Logitech\Gaming Software\LWEMon.exe [190536 2010-06-14] (Logitech Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-11-06] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [PDFPrint] - D:\Program Files (x86)\PDF24\pdf24.exe [163000 2012-12-12] (Geek Software GmbH)
HKLM-x32\...\Run: [SDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [3825176 2012-11-13] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [DivXMediaServer] - C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-01-30] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-13] ()
HKLM-x32\...\Run: [BlueStacks Agent] - C:\Program Files (x86)\BlueStacks\HD-Agent.exe [601928 2013-05-13] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\Run: [Iminent] - C:\Program Files (x86)\Iminent\Iminent.exe /warmup "F77F87E5-A6BD-4922-A530-EDF63D7E9F8C"
HKLM-x32\...\Run: [IminentMessenger] - C:\Program Files (x86)\Iminent\Iminent.Messengers.exe
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-03-27] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3093385529-1678394880-1889526415-1001\...\Run: [Steam] - D:\Program Files (x86)\Steam\Steam.exe [1821888 2014-02-25] (Valve Corporation)
HKU\S-1-5-21-3093385529-1678394880-1889526415-1001\...\Run: [530E5466CDC257B57ADB6C547F455690AC4E50DE._service_run] - C:\Users\Björn\AppData\Local\Google\Chrome\Application\chrome.exe [859976 2014-03-15] (Google Inc.)
HKU\S-1-5-21-3093385529-1678394880-1889526415-1001\...\Run: [Rainlendar2] - C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe [2433024 2011-08-12] ()
HKU\S-1-5-21-3093385529-1678394880-1889526415-1001\...\Run: [KiesPreload] - C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564528 2013-11-06] (Samsung)
HKU\S-1-5-21-3093385529-1678394880-1889526415-1001\...\Run: [KiesAirMessage] - C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe [578560 2013-03-20] (Samsung Electronics)
HKU\S-1-5-21-3093385529-1678394880-1889526415-1001\...\Run: [KiesPDLR] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845168 2013-11-06] (Samsung)
HKU\S-1-5-21-3093385529-1678394880-1889526415-1001\...\Run: [] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845168 2013-11-06] (Samsung)
HKU\S-1-5-21-3093385529-1678394880-1889526415-1001\...\Run: [Google Update] - C:\Users\Björn\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-11-28] (Google Inc.)
HKU\S-1-5-21-3093385529-1678394880-1889526415-1001\...\Run: [AmazonMP3DownloaderHelper] - C:\Users\Björn\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [400704 2013-05-22] ()
HKU\S-1-5-21-3093385529-1678394880-1889526415-1001\...\Run: [Browser Infrastructure Helper] - C:\Users\Björn\AppData\Local\Smartbar\Application\Smartbar.exe startup
HKU\S-1-5-21-3093385529-1678394880-1889526415-1001\...\Run: [AVMUSBFernanschluss] - C:\Users\Björn\AppData\Local\Apps\2.0\5QDKRKKY.6PP\PT18AWHJ.ZDC\frit..tion_1acae14e4778b8d2_0002.0003_6dcb4a48ddb2ee39\AVMAutoStart.exe [139264 2013-12-22] (AVM Berlin)
HKU\S-1-5-21-3093385529-1678394880-1889526415-1001\...\Run: [Spotify Web Helper] - C:\Users\Björn\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171968 2014-01-20] (Spotify Ltd)
HKU\S-1-5-21-3093385529-1678394880-1889526415-1001\...\Run: [spotimote] - C:\Program Files (x86)\spotimote\spotimote.exe [2170416 2013-09-23] ()
HKU\S-1-5-21-3093385529-1678394880-1889526415-1001\...\Run: [Spybot-S&D Cleaning] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [3713032 2012-11-13] (Safer-Networking Ltd.)
HKU\S-1-5-21-3093385529-1678394880-1889526415-1001\...\MountPoints2: {259aa72e-8a48-11e1-bcf6-806e6f6e6963} - F:\SETUP.EXE
HKU\S-1-5-21-3093385529-1678394880-1889526415-1001\...\MountPoints2: {80f9ed06-eba4-11e1-8fb0-00248c3630cb} - G:\pushinst.exe
Startup: C:\Users\Björn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Björn\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Björn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=e9086af4-978d-4bd1-a786-e7f8b82eccb6&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=31/05/2013&type=hp1000
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=e9086af4-978d-4bd1-a786-e7f8b82eccb6&searchtype=hp&fr=linkury-tb&installDate=31/05/2013&type=hp1000
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x498D64551E6FCD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=e9086af4-978d-4bd1-a786-e7f8b82eccb6&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=31/05/2013&type=hp1000
URLSearchHook: HKLM-x32 - (No Name) - {ff65fdbc-5683-4dfd-9113-1fcb5b0a3447} - No File
URLSearchHook: HKCU - (No Name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No File
SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=e9086af4-978d-4bd1-a786-e7f8b82eccb6&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=31/05/2013&type=hp1000
SearchScopes: HKCU - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=e9086af4-978d-4bd1-a786-e7f8b82eccb6&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=31/05/2013&type=hp1000
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=e9086af4-978d-4bd1-a786-e7f8b82eccb6&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=31/05/2013&type=hp1000
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=007700248C3630CB&affID=119982&tsp=4981
BHO: HDvid-Codec V9.0 - {11111111-1111-1111-1111-110511131156} - C:\Program Files (x86)\HDvid-Codec V9.0\HDvid-Codec V9.0-bho64.dll (installdaddy)
BHO: Yahoo Community Smartbar (by Linkury)Engine - {31ad400d-1b06-4e33-a59a-90c2c140cba0} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HDvid-Codec V9.0 - {11111111-1111-1111-1111-110511131156} - C:\Program Files (x86)\HDvid-Codec V9.0\HDvid-Codec V9.0-bho.dll (installdaddy)
BHO-x32: No Name - {31ad400d-1b06-4e33-a59a-90c2c140cba0} -  No File
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: ArcPluginIEBHO Class - {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} - C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\ArcPluginIE.dll (Perfect World Entertainment Inc)
BHO-x32: No Name - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} -  No File
BHO-x32: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: No Name - {ff65fdbc-5683-4dfd-9113-1fcb5b0a3447} -  No File
Toolbar: HKLM - Yahoo Community Smartbar (by Linkury) - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - No Name - {ff65fdbc-5683-4dfd-9113-1fcb5b0a3447} -  No File
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKCU - No Name - {FF65FDBC-5683-4DFD-9113-1FCB5B0A3447} -  No File
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\53h5f9ae.default
FF user.js: detected! => C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\53h5f9ae.default\user.js
FF DefaultSearchEngine: Web Search
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Web Search
FF Homepage: hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=e9086af4-978d-4bd1-a786-e7f8b82eccb6&searchtype=hp&fr=linkury-tb&installDate=31/05/2013&type=hp1000
FF Keyword.URL: hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=e9086af4-978d-4bd1-a786-e7f8b82eccb6&searchtype=ds&fr=linkury-tb&installDate=31/05/2013&type=hp1000&p=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.17.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin - C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\npArcPluginFF.dll (Perfect World Entertainment Inc)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 - D:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Björn\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Björn\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Users\Björn\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\53h5f9ae.default\searchplugins\Web Search.xml
FF Extension: LyricsParty - C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\53h5f9ae.default\Extensions\128 [2013-08-21]
FF Extension: HDvid-Codec V9.0 - C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\53h5f9ae.default\Extensions\fca3238e-0f52-4634-8e93-c36d211b2ea9@c1c012cf-93b0-488e-a2c5-453d23bec199.com [2014-03-08]
FF Extension: Yahoo Community Smartbar - C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\53h5f9ae.default\Extensions\{e9086af4-978d-4bd1-a786-e7f8b82eccb6} [2013-09-30]
FF Extension: OneClickDownloader - C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\53h5f9ae.default\Extensions\OneClickDownload@OneClickDownload.com.xpi [2013-02-24]
FF Extension: Greasemonkey - C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\53h5f9ae.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2012-08-27]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013-10-27]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2013-10-27]
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013-03-04]
FF HKCU\...\Firefox\Extensions: [{ca101f1f-097d-4e2b-939a-b3b54b675d22}] - C:\Program Files (x86)\LyricsParty\133.xpi

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "sync": {
      "acknowledged_types": [ "Bookmarks", "Preferences", "Passwords", "Autofill Profiles", "Autofill", "Themes", "Typed URLs", "Extensions", "Encryption keys", "Search Engines", "Sessions", "Apps", "App Notifications" ],
      "app_notifications": true,
      "app_settings": true,
      "apps": true,
      "autofill": true,
      "autofill_profile": true,
      "bookmarks": true,
      "dictionary": true,
      "encryption_bootstrap_token": "AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAI+x3cDgMp0GEhUi93qKcyQAAAAACAAAAAAAQZgAAAAEAACAAAABX+FLpsf50j3w6pKZdwWkypCDw7jPsEEsPtI8wweXelwAAAAAOgAAAAAIAACAAAACRN3E+Qn3ckstjFoaP29b5sbIMVYRwKLHCTuQepZtFq0AAAABFx/k0aiSHY50B8ppOUYdfEQ1+Q0ZuK0ZFd+fSe3d6RIZyBa3znL8Pa27Wzsbs96RI8bnCOOjQgPUAz52tIPOgQAAAAA8lNdlHF5OhPBCkMiKS1sMR26wJRPFrDK1ujIz68nOAlOv6NzzYdroFFLwBGlogCWVnr2Z5qIIg8kpiVqgNeBc=",
      "extension_settings": true,
      "extensions": true,
      "favicon_images": true,
      "favicon_tracking": true,
      "favicons_syncing_enabled": true,
      "has_setup_completed": true,
      "history_delete_directives": true,
      "keep_everything_synced": true,
      "keystore_encryption_bootstrap_token": "AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAT4Qd482DY06YQLy4LijftwAAAAACAAAAAAAQZgAAAAEAACAAAACY7HHlaozskLV5L7YLUNFuSasfz0wJ4qDi5vtPpSHd1QAAAAAOgAAAAAIAACAAAABWEtyLqttIbXr2SGefQxhC7WtAlJdMsQULVBYY2f97T1AAAAAKK7SgnXw7ytESygrKdwe2CaKkrqWdJV0FCmQm3OU/vOMP2C+5mcX3elTExUplL6LWTrxmVu1G97IztbBSdspIrjY6B7c6YtHPn+JAmvDXmUAAAABdxpmJlgA541A4rzghKYb/k7N/8SSJ3wCztDS+2OSoL8GXZ7tzHLiWwfe7+W29/xPTpxW+/PeT+5v35BLcyzml",
      "last_synced_time": "13040409204087615",
      "managed_users": true,
      "passwords": true,
      "preferences": true,
      "priority_preferences": true,
      "search_engines": true,
      "session_sync_guid": "session_sync8Ywd7EZOKgfAi+o8QTLbUw==",
      "sessions": true,
      "suppress_start": false,
      "synced_notifications": true,
      "tabs": true,
      "themes": true,
      "typed_urls": true,
      "using_oauth"
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Björn\AppData\Local\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Björn\AppData\Local\Google\Chrome\Application\33.0.1750.154\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\Björn\AppData\Local\Google\Chrome\Application\33.0.1750.154\gcswf32.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Extension: (ProxTube) - C:\Users\Björn\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek [2012-04-28]
CHR Extension: (YouTube) - C:\Users\Björn\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-11-29]
CHR Extension: (Adblock Plus) - C:\Users\Björn\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2012-04-19]
CHR Extension: (Google-Suche) - C:\Users\Björn\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-11-29]
CHR Extension: (Google Cloud Print) - C:\Users\Björn\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmpbihcdnggfkckonfphcpjjckoebebn [2012-04-19]
CHR Extension: (HDvid-Codec V9.0) - C:\Users\Björn\AppData\Local\Google\Chrome\User Data\Default\Extensions\iilfecopjcmjdgfffklfdkhbkpkmcglh [2014-03-08]
CHR Extension: (JDownloader Integration for Google Chrome™) - C:\Users\Björn\AppData\Local\Google\Chrome\User Data\Default\Extensions\laeghehalempfenbefbjbhccjcoakpmm [2012-04-19]
CHR Extension: (Google Wallet) - C:\Users\Björn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-30]
CHR Extension: (Google Mail) - C:\Users\Björn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-11-29]
CHR HKCU\...\Chrome\Extension: [obilhkhfmlggcoildcnoeknaghkiiclj] - C:\Users\Björn\AppData\Local\CRE\obilhkhfmlggcoildcnoeknaghkiiclj.crx [2012-08-02]
CHR HKLM-x32\...\Chrome\Extension: [lmhcioafdnaphcmlajkgbnghloomafka] - C:\Program Files (x86)\LyricsParty\133.crx [2012-08-02]
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2013-02-07]
CHR HKLM-x32\...\Chrome\Extension: [obilhkhfmlggcoildcnoeknaghkiiclj] - C:\Users\Björn\AppData\Local\CRE\obilhkhfmlggcoildcnoeknaghkiiclj.crx [2012-08-02]
CHR HKLM-x32\...\Chrome\Extension: [pmlghpafmmnmmkjdhacccolfgnkiboco] - C:\Program Files (x86)\1ClickDownload\oneclickdownloader11.crx [2012-08-02]
CHR StartMenuInternet: Google Chrome - C:\Users\Björn\AppData\Local\Google\Chrome\Application\chrome.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-03-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-03-27] (Avira Operations GmbH & Co. KG)
S3 ArcService; C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe [88400 2014-01-24] (Perfect World Entertainment Inc)
R2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [393032 2013-05-13] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [384840 2013-05-13] (BlueStack Systems, Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-03-05] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-03-05] (Malwarebytes Corporation)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1103392 2012-11-13] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1369624 2012-11-13] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [168384 2012-11-13] (Safer-Networking Ltd.)
R2 Update PacFunction; C:\Program Files (x86)\PacFunction\updatePacFunction.exe [348448 2014-03-20] ()
R2 Util PacFunction; C:\Program Files (x86)\PacFunction\bin\utilPacFunction.exe [348448 2014-03-20] ()
R2 postgresql-8.4; C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N "postgresql-8.4" -D "C:/postgres" -w [X]

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2014-03-27] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2014-03-27] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-03-27] (Avira Operations GmbH & Co. KG)
R3 avmaura; C:\Windows\System32\DRIVERS\avmaura.sys [116480 2013-10-09] (AVM Berlin)
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2010-10-22] (AVM Berlin)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [70984 2013-05-13] (BlueStack Systems)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-05-31] (DT Soft Ltd)
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-02-05] ()
S3 fwlanusbn; C:\Windows\System32\DRIVERS\fwlanusbn.sys [714368 2010-10-22] (AVM GmbH)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-03-05] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-03-27] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-03-05] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
R1 wStLib64; C:\Windows\System32\drivers\wStLib64.sys [61120 2014-03-22] (StdLib)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-27 16:55 - 2014-03-27 16:55 - 00033165 _____ () C:\Users\Björn\Downloads\FRST.txt
2014-03-27 16:54 - 2014-03-27 16:55 - 00000000 ____D () C:\FRST
2014-03-27 16:53 - 2014-03-27 16:53 - 02157056 _____ (Farbar) C:\Users\Björn\Downloads\FRST64.exe
2014-03-27 16:52 - 2014-03-27 16:52 - 00000472 _____ () C:\Users\Björn\Downloads\defogger_disable.log
2014-03-27 16:52 - 2014-03-27 16:52 - 00000168 _____ () C:\Users\Björn\defogger_reenable
2014-03-27 16:51 - 2014-03-27 16:51 - 00050477 _____ () C:\Users\Björn\Downloads\Defogger.exe
2014-03-27 16:47 - 2014-03-27 16:47 - 00000000 ____D () C:\Users\Björn\Documents\Geld Björn
2014-03-27 16:47 - 2014-03-27 16:47 - 00000000 ____D () C:\Users\Björn\Documents\Dirk JGA
2014-03-27 16:46 - 2014-03-27 16:47 - 00000000 ____D () C:\Users\Björn\Desktop\Steffi
2014-03-27 16:41 - 2014-03-27 16:44 - 00000000 ____D () C:\Users\Björn\Documents\Bewerbung Provinzial
2014-03-27 16:37 - 2014-03-27 16:37 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-27 16:36 - 2014-03-27 16:36 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-27 16:36 - 2014-03-27 16:36 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-27 16:36 - 2014-03-27 16:36 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-03-27 16:36 - 2014-03-05 09:26 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-27 16:36 - 2014-03-05 09:26 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-03-27 16:36 - 2014-03-05 09:26 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-27 16:34 - 2014-03-27 16:34 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Björn\Downloads\mbam-setup-2.0.0.1000.exe
2014-03-27 16:08 - 2014-03-27 16:08 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-03-27 16:02 - 2014-03-27 16:02 - 00000056 _____ () C:\Windows\setupact.log
2014-03-27 06:03 - 2014-03-27 06:03 - 00000000 ____D () C:\Users\Björn\AppData\Roaming\Avira
2014-03-27 06:02 - 2014-03-27 06:02 - 00002070 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2014-03-27 06:02 - 2014-03-27 06:02 - 00000000 ____D () C:\ProgramData\Avira
2014-03-27 06:02 - 2014-03-27 06:02 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-03-27 06:02 - 2014-03-27 06:00 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-03-27 06:02 - 2014-03-27 06:00 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-03-27 06:02 - 2014-03-27 06:00 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-03-27 05:56 - 2014-03-27 05:56 - 00005636 _____ () C:\Windows\wininit.ini
2014-03-27 05:17 - 2009-06-10 22:00 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20140327-051759.backup
2014-03-22 09:51 - 2014-03-22 09:51 - 00061120 _____ (StdLib) C:\Windows\system32\Drivers\wStLib64.sys
2014-03-20 00:25 - 2014-03-20 22:57 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-03-19 15:52 - 2014-03-19 15:52 - 00000000 ____D () C:\Users\Default\AppData\Local\Google
2014-03-19 15:52 - 2014-03-19 15:52 - 00000000 ____D () C:\Users\Default User\AppData\Local\Google
2014-03-18 16:45 - 2014-03-18 16:45 - 00921000 _____ (Oracle Corporation) C:\Users\Björn\Downloads\chromeinstall-7u51 (1).exe
2014-03-18 16:38 - 2014-03-18 16:38 - 00921000 _____ (Oracle Corporation) C:\Users\Björn\Downloads\chromeinstall-7u51.exe
2014-03-16 16:48 - 2014-03-16 16:58 - 00000000 ____D () C:\Users\Björn\Documents\Ordnungsamt
2014-03-14 02:16 - 2014-03-01 07:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-14 02:16 - 2014-03-01 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-14 02:16 - 2014-03-01 06:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-14 02:16 - 2014-03-01 05:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-14 02:16 - 2014-03-01 05:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-14 02:16 - 2014-03-01 05:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-14 02:16 - 2014-03-01 05:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-14 02:16 - 2014-03-01 05:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-14 02:16 - 2014-03-01 05:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-14 02:16 - 2014-03-01 05:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-14 02:16 - 2014-03-01 05:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-14 02:16 - 2014-03-01 05:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-14 02:16 - 2014-03-01 05:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-14 02:16 - 2014-03-01 05:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-14 02:16 - 2014-03-01 05:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-14 02:16 - 2014-03-01 05:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-14 02:16 - 2014-03-01 05:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-14 02:16 - 2014-03-01 04:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-14 02:16 - 2014-03-01 04:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-14 02:16 - 2014-03-01 04:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-14 02:16 - 2014-03-01 04:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-14 02:16 - 2014-03-01 04:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-14 02:16 - 2014-03-01 04:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-14 02:16 - 2014-03-01 04:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-14 02:16 - 2014-03-01 04:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-14 02:16 - 2014-03-01 04:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-14 02:16 - 2014-03-01 04:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-14 02:16 - 2014-03-01 04:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-14 02:16 - 2014-03-01 04:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-14 02:16 - 2014-03-01 04:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-14 02:16 - 2014-03-01 04:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-14 02:16 - 2014-03-01 04:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-14 02:16 - 2014-03-01 04:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-14 02:16 - 2014-03-01 04:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-14 02:16 - 2014-03-01 03:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-14 02:16 - 2014-03-01 03:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-14 02:16 - 2014-03-01 03:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-14 02:16 - 2014-03-01 03:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-14 02:16 - 2014-03-01 03:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-14 02:16 - 2014-03-01 03:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-14 02:16 - 2014-02-07 02:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-14 02:16 - 2014-01-29 03:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-14 02:16 - 2014-01-29 03:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-14 02:16 - 2014-01-28 03:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-14 02:15 - 2014-02-04 03:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-14 02:15 - 2014-02-04 03:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-14 02:15 - 2014-02-04 03:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-14 02:15 - 2014-02-04 03:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-08 17:10 - 2014-03-08 17:10 - 00000000 ____D () C:\Program Files (x86)\ffdshow
2014-03-08 17:10 - 2012-04-09 00:40 - 00079360 _____ () C:\Windows\SysWOW64\ff_vfw.dll
2014-03-08 17:09 - 2014-03-27 16:02 - 00003112 _____ () C:\Windows\Tasks\HDvid-Codec V9.0-chromeinstaller.job
2014-03-08 17:09 - 2014-03-27 16:02 - 00002426 _____ () C:\Windows\Tasks\HDvid-Codec V9.0-firefoxinstaller.job
2014-03-08 17:09 - 2014-03-27 16:02 - 00001538 _____ () C:\Windows\Tasks\HDvid-Codec V9.0-updater.job
2014-03-08 17:09 - 2014-03-27 16:02 - 00001484 _____ () C:\Windows\Tasks\HDvid-Codec V9.0-codedownloader.job
2014-03-08 17:09 - 2014-03-27 16:02 - 00001372 _____ () C:\Windows\Tasks\HDvid-Codec V9.0-enabler.job
2014-03-08 17:09 - 2014-03-10 13:25 - 00000000 ____D () C:\Program Files (x86)\PacFunction
2014-03-08 17:09 - 2014-03-08 17:09 - 00004568 _____ () C:\Windows\System32\Tasks\HDvid-Codec V9.0-updater
2014-03-08 17:09 - 2014-03-08 17:09 - 00004514 _____ () C:\Windows\System32\Tasks\HDvid-Codec V9.0-codedownloader
2014-03-08 17:09 - 2014-03-08 17:09 - 00004402 _____ () C:\Windows\System32\Tasks\HDvid-Codec V9.0-enabler
2014-03-08 17:09 - 2014-03-08 17:09 - 00000000 ____D () C:\Program Files (x86)\HDvid-Codec V9.0
2014-03-08 17:08 - 2014-03-08 17:09 - 00000000 ____D () C:\Program Files (x86)\hdvidcodec.com
2014-03-08 17:08 - 2014-03-08 17:08 - 00541512 _____ () C:\Users\Björn\Downloads\HDvid-codec-Chrome.exe
2014-03-06 20:36 - 2014-03-06 20:36 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-06 20:36 - 2014-03-06 20:36 - 00000000 ____D () C:\Users\Björn\AppData\Local\Skype
2014-03-04 12:56 - 2014-03-04 12:56 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-03-04 12:56 - 2014-03-04 12:56 - 00000000 ____D () C:\Program Files\iTunes
2014-03-04 12:56 - 2014-03-04 12:56 - 00000000 ____D () C:\Program Files\iPod
2014-03-04 12:56 - 2014-03-04 12:56 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-03-02 23:23 - 2014-03-02 23:23 - 00000276 _____ () C:\SSUUpdater.log
2014-03-02 23:06 - 2014-03-02 23:06 - 00000000 ____D () C:\Users\Björn\AppData\Local\Splashtop
2014-03-02 23:06 - 2014-03-02 23:06 - 00000000 ____D () C:\Users\Björn\AppData\Local\Splashtop
2014-03-02 23:06 - 2014-03-02 23:06 - 00000000 ____D () C:\Users\Björn
2014-03-02 23:05 - 2014-03-02 23:05 - 00000000 ____D () C:\Program Files (x86)\Splashtop
2014-03-02 23:04 - 2014-03-02 23:05 - 19565208 _____ (Splashtop Inc.) C:\Users\Björn\Downloads\Splashtop_Streamer_WIN_v2.5.0.1.EXE
2014-03-02 23:01 - 2014-03-02 23:05 - 00000000 ____D () C:\ProgramData\Splashtop
2014-03-02 22:58 - 2014-03-02 22:59 - 11239624 _____ (Splashtop Inc.) C:\Users\Björn\Downloads\Splashtop_Personal_Win_v2.4.5.2.exe

==================== One Month Modified Files and Folders =======

2014-03-27 16:55 - 2014-03-27 16:55 - 00033165 _____ () C:\Users\Björn\Downloads\FRST.txt
2014-03-27 16:55 - 2014-03-27 16:54 - 00000000 ____D () C:\FRST
2014-03-27 16:53 - 2014-03-27 16:53 - 02157056 _____ (Farbar) C:\Users\Björn\Downloads\FRST64.exe
2014-03-27 16:52 - 2014-03-27 16:52 - 00000472 _____ () C:\Users\Björn\Downloads\defogger_disable.log
2014-03-27 16:52 - 2014-03-27 16:52 - 00000168 _____ () C:\Users\Björn\defogger_reenable
2014-03-27 16:52 - 2012-04-19 18:57 - 00000000 ____D () C:\Users\Björn
2014-03-27 16:51 - 2014-03-27 16:51 - 00050477 _____ () C:\Users\Björn\Downloads\Defogger.exe
2014-03-27 16:48 - 2012-04-19 22:23 - 00000000 ____D () C:\Users\Björn\Documents\Studium
2014-03-27 16:47 - 2014-03-27 16:47 - 00000000 ____D () C:\Users\Björn\Documents\Geld Björn
2014-03-27 16:47 - 2014-03-27 16:47 - 00000000 ____D () C:\Users\Björn\Documents\Dirk JGA
2014-03-27 16:47 - 2014-03-27 16:46 - 00000000 ____D () C:\Users\Björn\Desktop\Steffi
2014-03-27 16:44 - 2014-03-27 16:41 - 00000000 ____D () C:\Users\Björn\Documents\Bewerbung Provinzial
2014-03-27 16:42 - 2012-04-19 19:40 - 00000000 ____D () C:\Users\Björn\AppData\Roaming\Dropbox
2014-03-27 16:42 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Public\Libraries
2014-03-27 16:37 - 2014-03-27 16:37 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-27 16:36 - 2014-03-27 16:36 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-27 16:36 - 2014-03-27 16:36 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-27 16:36 - 2014-03-27 16:36 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-03-27 16:34 - 2014-03-27 16:34 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Björn\Downloads\mbam-setup-2.0.0.1000.exe
2014-03-27 16:32 - 2013-12-22 17:20 - 00000000 ____D () C:\Users\Björn\AppData\Local\Battle.net
2014-03-27 16:25 - 2012-07-31 14:15 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-27 16:24 - 2012-11-28 22:43 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3093385529-1678394880-1889526415-1001UA.job
2014-03-27 16:09 - 2009-07-14 05:45 - 00013568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-27 16:09 - 2009-07-14 05:45 - 00013568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-27 16:08 - 2014-03-27 16:08 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-03-27 16:08 - 2009-07-14 18:58 - 00699416 _____ () C:\Windows\system32\perfh007.dat
2014-03-27 16:08 - 2009-07-14 18:58 - 00149556 _____ () C:\Windows\system32\perfc007.dat
2014-03-27 16:08 - 2009-07-14 06:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-27 16:05 - 2012-04-19 18:57 - 01803274 _____ () C:\Windows\WindowsUpdate.log
2014-03-27 16:03 - 2009-07-14 06:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-03-27 16:02 - 2014-03-27 16:02 - 00000056 _____ () C:\Windows\setupact.log
2014-03-27 16:02 - 2014-03-08 17:09 - 00003112 _____ () C:\Windows\Tasks\HDvid-Codec V9.0-chromeinstaller.job
2014-03-27 16:02 - 2014-03-08 17:09 - 00002426 _____ () C:\Windows\Tasks\HDvid-Codec V9.0-firefoxinstaller.job
2014-03-27 16:02 - 2014-03-08 17:09 - 00001538 _____ () C:\Windows\Tasks\HDvid-Codec V9.0-updater.job
2014-03-27 16:02 - 2014-03-08 17:09 - 00001484 _____ () C:\Windows\Tasks\HDvid-Codec V9.0-codedownloader.job
2014-03-27 16:02 - 2014-03-08 17:09 - 00001372 _____ () C:\Windows\Tasks\HDvid-Codec V9.0-enabler.job
2014-03-27 16:02 - 2013-05-31 16:15 - 00000546 _____ () C:\Windows\Tasks\MATLAB R2012b Startup Accelerator.job
2014-03-27 16:02 - 2012-06-15 16:18 - 00000000 ____D () C:\Users\Björn\.rainlendar2
2014-03-27 16:02 - 2012-04-22 01:13 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-03-27 16:02 - 2012-04-19 21:49 - 00000000 ____D () C:\postgres
2014-03-27 16:02 - 2012-04-19 19:46 - 00341770 _____ () C:\Windows\PFRO.log
2014-03-27 16:02 - 2012-04-19 19:42 - 00000000 ___RD () C:\Users\Björn\Dropbox
2014-03-27 16:02 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-27 16:02 - 2009-07-14 03:34 - 00000678 _____ () C:\Windows\win.ini
2014-03-27 06:03 - 2014-03-27 06:03 - 00000000 ____D () C:\Users\Björn\AppData\Roaming\Avira
2014-03-27 06:02 - 2014-03-27 06:02 - 00002070 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2014-03-27 06:02 - 2014-03-27 06:02 - 00000000 ____D () C:\ProgramData\Avira
2014-03-27 06:02 - 2014-03-27 06:02 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-03-27 06:00 - 2014-03-27 06:02 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-03-27 06:00 - 2014-03-27 06:02 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-03-27 06:00 - 2014-03-27 06:02 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-03-27 05:56 - 2014-03-27 05:56 - 00005636 _____ () C:\Windows\wininit.ini
2014-03-27 05:06 - 2009-07-14 06:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-03-26 22:32 - 2014-02-03 17:38 - 00011039 _____ () C:\Users\Björn\Desktop\Essen.xlsx
2014-03-26 15:23 - 2012-11-28 22:43 - 00001068 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3093385529-1678394880-1889526415-1001Core.job
2014-03-26 11:50 - 2012-04-19 21:52 - 00000000 ____D () C:\Users\postgres
2014-03-23 23:21 - 2012-04-19 22:18 - 00000000 ____D () C:\Users\Björn\AppData\Local\PokerStars.EU
2014-03-23 23:20 - 2013-11-27 23:52 - 00000000 ____D () C:\Program Files (x86)\PokerStars.EU
2014-03-23 19:47 - 2013-10-27 11:35 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-22 20:25 - 2013-12-22 17:19 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-03-22 09:51 - 2014-03-22 09:51 - 00061120 _____ (StdLib) C:\Windows\system32\Drivers\wStLib64.sys
2014-03-21 19:02 - 2012-08-07 21:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-20 22:57 - 2014-03-20 00:25 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-03-20 00:43 - 2013-10-20 20:06 - 00000000 ____D () C:\Users\Björn\AppData\Local\Spotify
2014-03-20 00:43 - 2013-10-20 20:05 - 00000000 ____D () C:\Users\Björn\AppData\Roaming\Spotify
2014-03-19 15:52 - 2014-03-19 15:52 - 00000000 ____D () C:\Users\Default\AppData\Local\Google
2014-03-19 15:52 - 2014-03-19 15:52 - 00000000 ____D () C:\Users\Default User\AppData\Local\Google
2014-03-19 03:01 - 2013-08-14 18:43 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-19 03:00 - 2012-04-19 19:12 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-18 16:45 - 2014-03-18 16:45 - 00921000 _____ (Oracle Corporation) C:\Users\Björn\Downloads\chromeinstall-7u51 (1).exe
2014-03-18 16:38 - 2014-03-18 16:38 - 00921000 _____ (Oracle Corporation) C:\Users\Björn\Downloads\chromeinstall-7u51.exe
2014-03-17 10:22 - 2012-04-19 23:21 - 00000000 ____D () C:\Users\Björn\AppData\Local\Deployment
2014-03-16 16:58 - 2014-03-16 16:48 - 00000000 ____D () C:\Users\Björn\Documents\Ordnungsamt
2014-03-16 16:48 - 2012-04-19 22:23 - 00000000 ____D () C:\Users\Björn\Documents\GEZ
2014-03-14 18:02 - 2013-12-22 17:27 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-03-14 03:18 - 2012-05-19 12:20 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-14 03:18 - 2012-05-19 12:20 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-14 03:18 - 2009-07-14 05:45 - 00419896 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-14 03:02 - 2012-04-23 22:39 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-13 01:47 - 2012-05-14 18:04 - 00000000 ____D () C:\Program Files (x86)\Diablo III
2014-03-12 21:25 - 2012-07-31 14:15 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-12 21:25 - 2012-07-31 14:15 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-12 21:25 - 2012-07-31 14:15 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-10 13:25 - 2014-03-08 17:09 - 00000000 ____D () C:\Program Files (x86)\PacFunction
2014-03-09 03:06 - 2012-04-19 19:23 - 00000000 ____D () C:\Users\Björn\AppData\Roaming\Skype
2014-03-09 02:01 - 2012-04-19 18:57 - 00000000 ___RD () C:\Users\Björn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-08 17:10 - 2014-03-08 17:10 - 00000000 ____D () C:\Program Files (x86)\ffdshow
2014-03-08 17:09 - 2014-03-08 17:09 - 00004568 _____ () C:\Windows\System32\Tasks\HDvid-Codec V9.0-updater
2014-03-08 17:09 - 2014-03-08 17:09 - 00004514 _____ () C:\Windows\System32\Tasks\HDvid-Codec V9.0-codedownloader
2014-03-08 17:09 - 2014-03-08 17:09 - 00004402 _____ () C:\Windows\System32\Tasks\HDvid-Codec V9.0-enabler
2014-03-08 17:09 - 2014-03-08 17:09 - 00000000 ____D () C:\Program Files (x86)\HDvid-Codec V9.0
2014-03-08 17:09 - 2014-03-08 17:08 - 00000000 ____D () C:\Program Files (x86)\hdvidcodec.com
2014-03-08 17:08 - 2014-03-08 17:08 - 00541512 _____ () C:\Users\Björn\Downloads\HDvid-codec-Chrome.exe
2014-03-06 20:36 - 2014-03-06 20:36 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-06 20:36 - 2014-03-06 20:36 - 00000000 ____D () C:\Users\Björn\AppData\Local\Skype
2014-03-06 20:36 - 2012-04-19 19:22 - 00000000 ____D () C:\ProgramData\Skype
2014-03-05 09:26 - 2014-03-27 16:36 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-05 09:26 - 2014-03-27 16:36 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-03-05 09:26 - 2014-03-27 16:36 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-04 12:56 - 2014-03-04 12:56 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-03-04 12:56 - 2014-03-04 12:56 - 00000000 ____D () C:\Program Files\iTunes
2014-03-04 12:56 - 2014-03-04 12:56 - 00000000 ____D () C:\Program Files\iPod
2014-03-04 12:56 - 2014-03-04 12:56 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-03-04 12:56 - 2012-09-18 09:38 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-03-04 01:44 - 2012-05-11 11:25 - 00000000 ____D () C:\Users\Björn\AppData\Roaming\vlc
2014-03-04 01:06 - 2012-05-11 11:26 - 00000000 ____D () C:\Users\Björn\AppData\Roaming\dvdcss
2014-03-03 18:13 - 2012-04-19 21:28 - 00000000 ____D () C:\Users\Björn\AppData\Local\PMB Files
2014-03-03 18:13 - 2012-04-19 21:28 - 00000000 ____D () C:\ProgramData\PMB Files
2014-03-02 23:23 - 2014-03-02 23:23 - 00000276 _____ () C:\SSUUpdater.log
2014-03-02 23:06 - 2014-03-02 23:06 - 00000000 ____D () C:\Users\Björn\AppData\Local\Splashtop
2014-03-02 23:06 - 2014-03-02 23:06 - 00000000 ____D () C:\Users\Björn\AppData\Local\Splashtop
2014-03-02 23:06 - 2014-03-02 23:06 - 00000000 ____D () C:\Users\Björn
2014-03-02 23:05 - 2014-03-02 23:05 - 00000000 ____D () C:\Program Files (x86)\Splashtop
2014-03-02 23:05 - 2014-03-02 23:04 - 19565208 _____ (Splashtop Inc.) C:\Users\Björn\Downloads\Splashtop_Streamer_WIN_v2.5.0.1.EXE
2014-03-02 23:05 - 2014-03-02 23:01 - 00000000 ____D () C:\ProgramData\Splashtop
2014-03-02 22:59 - 2014-03-02 22:58 - 11239624 _____ (Splashtop Inc.) C:\Users\Björn\Downloads\Splashtop_Personal_Win_v2.4.5.2.exe
2014-03-01 07:05 - 2014-03-14 02:16 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-01 06:17 - 2014-03-14 02:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-01 06:16 - 2014-03-14 02:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-01 05:58 - 2014-03-14 02:16 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-01 05:52 - 2014-03-14 02:16 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-01 05:51 - 2014-03-14 02:16 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-01 05:42 - 2014-03-14 02:16 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-01 05:40 - 2014-03-14 02:16 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-01 05:37 - 2014-03-14 02:16 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-01 05:33 - 2014-03-14 02:16 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-01 05:33 - 2014-03-14 02:16 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-01 05:32 - 2014-03-14 02:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-01 05:30 - 2014-03-14 02:16 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-01 05:23 - 2014-03-14 02:16 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-01 05:17 - 2014-03-14 02:16 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-01 05:11 - 2014-03-14 02:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-01 05:02 - 2014-03-14 02:16 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-01 04:54 - 2014-03-14 02:16 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-01 04:52 - 2014-03-14 02:16 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-01 04:51 - 2014-03-14 02:16 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-01 04:47 - 2014-03-14 02:16 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-01 04:43 - 2014-03-14 02:16 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-01 04:43 - 2014-03-14 02:16 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-01 04:42 - 2014-03-14 02:16 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-01 04:40 - 2014-03-14 02:16 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-01 04:38 - 2014-03-14 02:16 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-01 04:37 - 2014-03-14 02:16 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-01 04:35 - 2014-03-14 02:16 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-01 04:18 - 2014-03-14 02:16 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-01 04:16 - 2014-03-14 02:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-01 04:14 - 2014-03-14 02:16 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-01 04:10 - 2014-03-14 02:16 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-01 04:03 - 2014-03-14 02:16 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-01 04:00 - 2014-03-14 02:16 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-01 03:57 - 2014-03-14 02:16 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-01 03:38 - 2014-03-14 02:16 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-01 03:32 - 2014-03-14 02:16 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-01 03:27 - 2014-03-14 02:16 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-01 03:25 - 2014-03-14 02:16 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-01 03:25 - 2014-03-14 02:16 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-27 03:01 - 2012-04-19 23:15 - 01593956 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI

Files to move or delete:
====================
C:\Users\Björn\limboole.exe


Some content of TEMP:
====================
C:\Users\Björn\AppData\Local\Temp\avgnt.exe
C:\Users\Björn\AppData\Local\Temp\ose00000.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-20 01:13

==================== End Of Log ============================
--- --- ---


Addition.txt:
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by Björn at 2014-03-27 16:55:32
Running from C:\Users\Björn\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

µTorrent (HKLM-x32\...\uTorrent) (Version: 3.2.0 - BitTorrent Inc.)
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Amazon MP3-Downloader 1.0.18 (HKCU\...\Amazon MP3-Downloader) (Version: 1.0.18 - Amazon Services LLC)
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Arc (HKLM-x32\...\{CED8E25B-122A-4E80-B612-7F99B93284B3}) (Version: 1.0.0.5510 - Perfect World Entertainment)
AutoHotkey 1.0.48.05 (HKLM-x32\...\AutoHotkey) (Version: 1.0.48.05 - Chris Mallett)
AutoIt v3.3.8.1 (HKLM-x32\...\AutoItv3) (Version:  - AutoIt Team)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
Batman: Arkham Asylum GOTY Edition (HKLM-x32\...\Steam App 35140) (Version:  - Rocksteady Studios)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.7.12.896 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM-x32\...\{A7FC82AC-986D-48D5-8AAE-A75C1D829E0A}) (Version: 0.7.12.896 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.47.1.0333 - Disc Soft Ltd)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{92C42EDD-6524-4577-B2EB-6C68C63B6D4A}) (Version:  - Microsoft)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.24 - DivX, LLC)
Dropbox (HKCU\...\Dropbox) (Version: 2.4.11 - Dropbox, Inc.)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Evernote v. 5.1.2 (HKLM-x32\...\{12FB6296-8840-11E3-86D7-00163E98E7D0}) (Version: 5.1.2.2387 - Evernote Corp.)
ffdshow v1.2.4422 [2012-04-09] (HKLM-x32\...\ffdshow_is1) (Version: 1.2.4422.0 - )
FILSHtray (HKLM-x32\...\{0844CC2A-512E-4BA1-872B-02887E7A2672}) (Version: 0.12 - FILSH Media GmbH)
Fraps (HKLM-x32\...\Fraps) (Version:  - )
Free PDF to Word Doc Converter v1.1 (HKLM-x32\...\Free PDF to Word Doc Converter_is1) (Version: 1.1 - www.hellopdf.com)
Free YouTube to MP3 Converter version 3.11.26.706 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.11.26.706 - DVDVideoSoft Ltd.)
FRITZ!Box USB-Fernanschluss (HKCU\...\2db37667170956ee) (Version: 2.3.2.0 - AVM Berlin)
GeoGebra (HKLM-x32\...\GeoGebra) (Version: 4.0.30.0 - International GeoGebra Institute)
Google Chrome (HKCU\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
Google Update Helper (x32 Version: 1.3.23.0 - DealPly Technologies Ltd) Hidden <==== ATTENTION
HDVidCodec (HKLM-x32\...\1ClickDownload) (Version: 2.1 Build 26473 - hdvidcodec.com) <==== ATTENTION
HDvid-Codec V9.0 (HKLM-x32\...\HDvid-Codec V9.0) (Version: 1.34.2.13 - installdaddy)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Holdem Manager (HKLM-x32\...\HoldemManager) (Version:  - )
ICM Trainer Light (HKLM-x32\...\{3C630BB8-692D-4495-A0BD-40336CD51F99}) (Version: 1.4 - PokerStrategy.com)
Icy Tower Toolbar (HKLM-x32\...\Icy_Tower Toolbar) (Version: 6.9.0.16 - Icy Tower)
IDroo 1.0.0.154 (HKLM-x32\...\IDroo) (Version: 1.0.0.154 - Iteral Group Ltd)
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Java 7 Update 17 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417017FF}) (Version: 7.0.170 - Oracle)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java SE Development Kit 7 Update 17 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170170}) (Version: 1.7.0.170 - Oracle)
Java(TM) 6 Update 37 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216035FF}) (Version: 6.0.370 - Oracle)
join.me (HKCU\...\JoinMe) (Version: 1.3.1.429 - LogMeIn, Inc.)
League of Legends (HKLM-x32\...\{918A9082-6287-4D25-9002-5E5D5E4971CB}) (Version: 1.02.0000 - Riot Games)
Logitech GamePanel Software 3.06.109 (HKLM\...\{A1E85B9A-AFAD-4D38-AF01-6B020DD5213A}) (Version: 3.06.109 - Logitech Inc.)
Logitech Gaming Software 5.10 (HKLM\...\{1444D2EE-C7AD-44A8-844F-2634B49353D1}) (Version: 5.10.127 - Logitech)
Logitech Harmony Remote Software 7 (HKLM-x32\...\{5C6F884D-680C-448B-B4C9-22296EE1B206}) (Version: 7.7.0.0 - Logitech)
Logitech Harmony Remote Software 7 (x32 Version: 7.7.0.0 - Logitech) Hidden
Logitech SetPoint 6.32 (HKLM\...\sp6) (Version: 6.32.20 - Logitech)
Malwarebytes Anti-Malware Version 2.00.0.1000 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.00.0.1000 - Malwarebytes Corporation)
ManiaPlanet (HKLM-x32\...\ManiaPlanet_is1) (Version:  - Nadeo)
MATLAB R2012b (HKLM\...\Matlab R2012b) (Version: 8.0 - The MathWorks, Inc.)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MiKTeX 2.9 (HKLM\...\MiKTeX 2.9) (Version: 2.9 - MiKTeX.org)
Mozilla Firefox 24.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 24.0 (x86 en-US)) (Version: 24.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 24.4.0 - Mozilla)
Mozilla Thunderbird 24.4.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.4.0 (x86 de)) (Version: 24.4.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyFreeCodec (HKCU\...\MyFreeCodec) (Version:  - )
NVIDIA 3D Vision Controller-Treiber 301.42 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 301.42 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 311.06 - NVIDIA Corporation)
NVIDIA Grafiktreiber 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.06 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.108.688 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.12.0213 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.12.0213 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0213 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1106 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 311.06 (Version: 311.06 - NVIDIA Corporation) Hidden
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.11.3 - NVIDIA Corporation) Hidden
Opera 12.10 (HKLM-x32\...\Opera 12.10.1652) (Version: 12.10.1652 - Opera Software ASA)
Oracle VM VirtualBox 4.1.18 (HKLM\...\{4EE61784-10C6-4B7C-A0B2-5BED17B05741}) (Version: 4.1.18 - Oracle Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.3.1.4482 - Electronic Arts, Inc.)
PacFunction (HKLM\...\PacFunction) (Version: 2014.03.05.221816 - PacFunction)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)
PDF24 Creator 5.2.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
PokerStars (HKLM-x32\...\PokerStars) (Version:  - PokerStars)
PokerStars.eu (HKLM-x32\...\PokerStars.eu) (Version:  - PokerStars.eu)
PokerStrategy.com Equilab (HKLM-x32\...\{4C454033-8240-425E-A170-1C648FCB74FD}) (Version: 1.2.6.0 - PokerStrategy.com)
PokerStrategy.com SideKick (HKCU\...\5e9f0bf649a2dbca) (Version: 2.0.1220.2 - PokerStrategy.com)
PostgreSQL 8.4 (HKLM-x32\...\PostgreSQL 8.4) (Version: 8.4 - PostgreSQL Global Development Group)
Rainlendar2 (remove only) (HKLM-x32\...\Rainlendar2) (Version:  - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5859 - Realtek Semiconductor Corp.)
Remote Control USB Driver (HKLM-x32\...\{8471021C-F529-43DE-84DF-3612E10F58C4}) (Version: 2.3.2.317 - )
Sacred 2 (HKLM-x32\...\{1023383E-D9F6-478C-A965-23A4657B3C9A}) (Version: 2.0.2.0 - Ascaron Entertainment)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.3.2.12064_10 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.3.2.12064_10 - Samsung Electronics Co., Ltd.) Hidden
Samsung Story Album Viewer (HKLM-x32\...\InstallShield_{698BBAD8-B116-495D-B879-0F07A533E57F}) (Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.)
Samsung Story Album Viewer (x32 Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.29.0 - SAMSUNG Electronics Co., Ltd.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Splashtop Software Updater (HKLM-x32\...\Splashtop Software Updater) (Version: 1.5.6.15 - Splashtop Inc.)
Splashtop Streamer (HKLM-x32\...\{B7C5EA94-B96A-41F5-BE95-25D78B486678}) (Version: 2.5.0.1 - Splashtop Inc.)
Spotify (HKCU\...\Spotify) (Version: 0.9.7.16.g4b197456 - Spotify AB)
spotimote (HKLM-x32\...\spotimote) (Version:  - )
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.0.12 - Safer-Networking Ltd.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
TableNinja (HKLM-x32\...\{07390157-76DC-448B-B756-6022DF5BEF7A}) (Version: 1.2.157 - ALXSoftware)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.6 - TeamSpeak Systems GmbH)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.24848 - TeamViewer)
Tesseract-OCR - open source OCR engine (HKLM-x32\...\Tesseract-OCR) (Version: 3.02.02 - Tesseract-OCR community)
TeXnicCenter Version 1.0 Stable RC1 (HKLM-x32\...\TeXnicCenter_is1) (Version: Version 1.0 Stable RC1 - TeXnicCenter.org)
UltraMon (HKLM\...\{537056B7-32A4-4408-9B54-0341963C7C9C}) (Version: 3.1.0 - Realtime Soft Ltd)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{C70D2038-A2C4-4A99-87DE-5272BB44F0CE}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{83B1B530-7D9E-4C6A-907F-E979CEE9C295}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{81812245-FC84-426A-BC02-6659C88CC7B2}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2775360) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{80F56E3F-1D47-4E45-B6E0-FEF4E919F4F9}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2878227) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{5D357893-40BA-4323-86BA-D97C66CD72F4}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{8C55AA83-54C2-4236-A622-78440A411DC5}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{E78E2B68-8FD1-42EE-BB74-99A4D9E6222D}) (Version:  - Microsoft)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VLC media player 2.0.1 (HKLM-x32\...\VLC media player) (Version: 2.0.1 - VideoLAN)
WinRAR 4.11 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.11.0 - win.rar GmbH)
Yahoo Community Smartbar (HKLM-x32\...\{9E105931-898D-457E-B175-7F422AA0A5E3}) (Version: 1.51.66.11081 - Linkury Inc.) <==== ATTENTION
Yahoo Community Smartbar Engine (HKCU\...\{32b2b04b-cd4d-4137-8737-64b555d1d3b5}) (Version: 1.51.66.11081 - Linkury Inc.) <==== ATTENTION
yEd Graph Editor 3.9.1 (HKLM-x32\...\3309-7404-0599-8908) (Version: 3.9.1 - yWorks GmbH)

==================== Restore Points  =========================

19-03-2014 02:00:10 Windows Update
25-03-2014 10:16:34 Windows Update

==================== Hosts content: ==========================

2012-04-19 20:09 - 2014-03-27 05:17 - 00450709 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1        www.007guard.com
127.0.0.1        007guard.com
127.0.0.1        008i.com
127.0.0.1        www.008k.com
127.0.0.1        008k.com
127.0.0.1        www.00hq.com
127.0.0.1        00hq.com
127.0.0.1        010402.com
127.0.0.1        www.032439.com
127.0.0.1        032439.com
127.0.0.1        www.0scan.com
127.0.0.1        0scan.com
127.0.0.1        1000gratisproben.com
127.0.0.1        www.1000gratisproben.com
127.0.0.1        1001namen.com
127.0.0.1        www.1001namen.com
127.0.0.1        100888290cs.com
127.0.0.1        www.100888290cs.com
127.0.0.1        www.100sexlinks.com
127.0.0.1        100sexlinks.com
127.0.0.1        10sek.com
127.0.0.1        www.10sek.com
127.0.0.1        www.1-2005-search.com
127.0.0.1        1-2005-search.com
127.0.0.1        123fporn.info
127.0.0.1        www.123fporn.info
127.0.0.1        123haustiereundmehr.com
127.0.0.1        www.123haustiereundmehr.com
127.0.0.1        123moviedownload.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

Task: {174D55F8-178C-4B83-ADF5-57A74FAB1938} - System32\Tasks\HDvid-Codec V9.0-enabler => C:\Program Files (x86)\HDvid-Codec V9.0\HDvid-Codec V9.0-enabler.exe [2014-03-08] (installdaddy)
Task: {1CD8EFA5-0089-4B2D-AA43-92A062FF4BD1} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {373A5D9B-59A2-4307-9023-3C04E704A172} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {497A7AB9-DF3B-4E35-AEA9-86F4DE886997} - System32\Tasks\HDvid-Codec V9.0-chromeinstaller => C:\Program Files (x86)\HDvid-Codec V9.0\HDvid-Codec V9.0-chromeinstaller.exe [2014-03-08] (installdaddy)
Task: {5EFB2BC4-6F38-42BE-ADE5-809BABB41B62} - System32\Tasks\HDvid-Codec V9.0-updater => C:\Program Files (x86)\HDvid-Codec V9.0\HDvid-Codec V9.0-updater.exe [2014-03-08] (installdaddy)
Task: {94C82FDB-73A2-48B0-95DC-B4261A20D219} - System32\Tasks\HDvid-Codec V9.0-firefoxinstaller => C:\Program Files (x86)\HDvid-Codec V9.0\HDvid-Codec V9.0-firefoxinstaller.exe [2014-03-08] (installdaddy)
Task: {9ABE94C0-9822-4D50-AD27-088AEE7BB3A1} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {AF9B10BB-2FAC-4EB5-8AF9-3ABB06632A3C} - System32\Tasks\HDvid-Codec V9.0-codedownloader => C:\Program Files (x86)\HDvid-Codec V9.0\HDvid-Codec V9.0-codedownloader.exe [2014-03-08] (installdaddy)
Task: {BBE1AF83-C9CC-4C4B-8E6F-6E7A951FB875} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3093385529-1678394880-1889526415-1001Core => C:\Users\Björn\AppData\Local\Google\Update\GoogleUpdate.exe [2012-11-28] (Google Inc.)
Task: {BEB9773C-1037-478A-8159-1829424C9B18} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3093385529-1678394880-1889526415-1001UA => C:\Users\Björn\AppData\Local\Google\Update\GoogleUpdate.exe [2012-11-28] (Google Inc.)
Task: {D740E83C-9276-48D6-87CC-17B648BF4765} - System32\Tasks\MATLAB R2012b Startup Accelerator => D:\Program Files\MATLAB\R2012b\bin\win64\MATLABStartupAccelerator.exe [2012-07-20] ()
Task: {DD416370-D102-4F09-BC39-D95C10043569} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-12] (Adobe Systems Incorporated)
Task: {FD59E472-9C22-4295-9C30-3F65C2664A1F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3093385529-1678394880-1889526415-1001Core.job => C:\Users\Björn\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3093385529-1678394880-1889526415-1001UA.job => C:\Users\Björn\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HDvid-Codec V9.0-chromeinstaller.job => C:\Program Files (x86)\HDvid-Codec V9.0\HDvid-Codec V9.0-chromeinstaller.exe
Task: C:\Windows\Tasks\HDvid-Codec V9.0-codedownloader.job => C:\Program Files (x86)\HDvid-Codec V9.0\HDvid-Codec V9.0-codedownloader.exe
Task: C:\Windows\Tasks\HDvid-Codec V9.0-enabler.job => C:\Program Files (x86)\HDvid-Codec V9.0\HDvid-Codec V9.0-enabler.exe
Task: C:\Windows\Tasks\HDvid-Codec V9.0-firefoxinstaller.job => C:\Program Files (x86)\HDvid-Codec V9.0\HDvid-Codec V9.0-firefoxinstaller.exe
Task: C:\Windows\Tasks\HDvid-Codec V9.0-updater.job => C:\Program Files (x86)\HDvid-Codec V9.0\HDvid-Codec V9.0-updater.exe
Task: C:\Windows\Tasks\MATLAB R2012b Startup Accelerator.job => D:\Program Files\MATLAB\R2012b\bin\win64\MATLABStartupAccelerator.exe

==================== Loaded Modules (whitelisted) =============

2014-03-05 23:24 - 2014-03-20 13:17 - 00348448 _____ () C:\Program Files (x86)\PacFunction\updatePacFunction.exe
2014-03-08 18:12 - 2014-03-20 12:37 - 00348448 _____ () C:\Program Files (x86)\PacFunction\bin\utilPacFunction.exe
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2012-04-19 23:27 - 2012-02-17 19:55 - 00193536 _____ () D:\Program Files\WinRAR\rarext.dll
2011-10-07 10:39 - 2011-10-07 10:39 - 01304856 _____ () C:\Program Files\Logitech\SetPointP\Macros\MacroCore.dll
2011-08-12 06:45 - 2011-08-12 06:45 - 02433024 _____ () C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe
2013-05-22 19:50 - 2013-05-22 19:50 - 00400704 _____ () C:\Users\Björn\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
2013-09-23 21:23 - 2013-09-23 21:23 - 02170416 _____ () C:\Program Files (x86)\spotimote\spotimote.exe
2012-11-30 03:06 - 2013-02-13 03:37 - 01263952 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
2014-03-22 09:51 - 2014-03-22 09:51 - 00287008 _____ () C:\Program Files (x86)\PacFunction\bin\FilterApp_C64.exe
2014-03-19 16:20 - 2014-03-25 22:39 - 00078624 _____ () C:\Program Files (x86)\PacFunction\bin\XTLSApp.exe
2014-03-27 06:02 - 2014-03-27 06:00 - 00394808 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 13:16 - 2014-01-20 13:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-04-19 21:47 - 2012-02-24 08:25 - 00172032 _____ () C:\Program Files (x86)\PostgreSQL\8.4\bin\LIBPQ.dll
2013-01-09 01:25 - 2012-11-13 14:06 - 00108960 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2013-01-09 01:25 - 2012-11-13 14:06 - 00416160 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2013-01-09 01:25 - 2012-11-13 14:06 - 00158624 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2013-01-09 01:25 - 2012-08-23 09:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2013-01-09 01:25 - 2012-11-13 14:06 - 00528288 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl
2012-04-19 21:47 - 2009-02-12 20:01 - 00976384 _____ () C:\Program Files (x86)\PostgreSQL\8.4\bin\libxml2.dll
2012-04-19 21:47 - 2005-07-20 11:48 - 00059904 _____ () C:\Program Files (x86)\PostgreSQL\8.4\bin\zlib1.dll
2013-09-23 21:23 - 2013-09-23 21:23 - 00084528 _____ () C:\Program Files (x86)\spotimote\msgdll.dll
2014-01-08 19:19 - 2013-12-12 23:19 - 00142848 _____ () D:\Program Files (x86)\Steam\libavresample-1.dll
2014-01-08 19:19 - 2013-11-05 02:12 - 00890592 _____ () D:\Program Files (x86)\Steam\libavutil-52.dll
2013-03-12 17:10 - 2014-02-11 03:34 - 00751616 _____ () D:\Program Files (x86)\Steam\SDL2.dll
2013-01-09 23:02 - 2014-02-25 22:57 - 01135296 _____ () D:\Program Files (x86)\Steam\bin\chromehtml.DLL
2013-01-09 23:02 - 2014-01-11 00:33 - 20625832 _____ () D:\Program Files (x86)\Steam\bin\libcef.dll
2013-01-09 23:02 - 2013-06-15 00:49 - 01100800 _____ () D:\Program Files (x86)\Steam\bin\avcodec-53.dll
2013-01-09 23:02 - 2013-06-15 00:49 - 00124416 _____ () D:\Program Files (x86)\Steam\bin\avutil-51.dll
2013-01-09 23:02 - 2013-06-15 00:49 - 00192000 _____ () D:\Program Files (x86)\Steam\bin\avformat-53.dll
2014-03-15 14:26 - 2014-03-15 01:50 - 00051016 _____ () C:\Users\Björn\AppData\Local\Google\Chrome\Application\33.0.1750.154\chrome_elf.dll
2010-05-23 19:20 - 2010-05-23 19:20 - 00126976 _____ () C:\Program Files (x86)\Rainlendar2\lua51.dll
2011-08-12 06:45 - 2011-08-12 06:45 - 00198144 _____ () C:\Program Files (x86)\Rainlendar2\plugins\iCalendarPlugin.dll
2010-05-23 19:20 - 2010-05-23 19:20 - 00012288 _____ () C:\Program Files (x86)\Rainlendar2\lfs.dll
2013-05-03 22:31 - 2013-05-03 22:31 - 01477840 _____ () C:\Program Files (x86)\spotimote\libspotify.dll
2013-10-19 00:55 - 2013-10-19 00:55 - 25100288 _____ () C:\Users\Björn\AppData\Roaming\Dropbox\bin\libcef.dll
2014-01-22 13:29 - 2014-01-22 13:29 - 00433664 _____ () C:\Program Files (x86)\Evernote\Evernote\libxml2.dll
2014-01-22 13:29 - 2014-01-22 13:29 - 00315392 _____ () C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
2013-01-09 01:25 - 2012-11-13 14:06 - 00554400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl
2013-02-13 03:38 - 2013-02-13 03:38 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
2014-03-19 16:20 - 2014-03-25 22:39 - 00179488 _____ () C:\Program Files (x86)\PacFunction\bin\xtlsapp.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2014-03-15 14:26 - 2014-03-15 01:50 - 00716616 _____ () C:\Users\Björn\AppData\Local\Google\Chrome\Application\33.0.1750.154\libglesv2.dll
2014-03-15 14:26 - 2014-03-15 01:50 - 00100168 _____ () C:\Users\Björn\AppData\Local\Google\Chrome\Application\33.0.1750.154\libegl.dll
2014-03-15 14:26 - 2014-03-15 01:50 - 04061000 _____ () C:\Users\Björn\AppData\Local\Google\Chrome\Application\33.0.1750.154\pdf.dll
2014-03-15 14:26 - 2014-03-15 01:50 - 00394568 _____ () C:\Users\Björn\AppData\Local\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll
2014-03-15 14:26 - 2014-03-15 01:50 - 01647432 _____ () C:\Users\Björn\AppData\Local\Google\Chrome\Application\33.0.1750.154\ffmpegsumo.dll
2014-03-15 14:26 - 2014-03-15 01:50 - 13637448 _____ () C:\Users\Björn\AppData\Local\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupreg: PokerStrategy.com SideKick => "C:\Users\Björn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PokerStrategy.com\PokerStrategy.com SideKick.appref-ms"

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/27/2014 04:02:53 PM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall

Error: (03/27/2014 05:07:04 AM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall

Error: (03/27/2014 05:06:41 AM) (Source: BstHdAndroidSvc) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
  bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
  bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (03/27/2014 04:58:07 AM) (Source: Application Hang) (User: )
Description: Programm Battle.net.exe, Version 1.0.10.4336 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1dd0

Startzeit: 01cf4970a1a377a3

Endzeit: 3

Anwendungspfad: C:\Program Files (x86)\Battle.net\Battle.net.4336\Battle.net.exe

Berichts-ID: ff2afca5-b563-11e3-98b8-00248c3630cb

Error: (03/27/2014 04:57:01 AM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall

Error: (03/27/2014 04:56:42 AM) (Source: BstHdAndroidSvc) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
  bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
  bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (03/27/2014 03:09:25 AM) (Source: BstHdAndroidSvc) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
  bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
  bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (03/26/2014 09:18:22 PM) (Source: BstHdAndroidSvc) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
  bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
  bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (03/26/2014 11:54:38 AM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall

Error: (03/26/2014 11:50:43 AM) (Source: BstHdAndroidSvc) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
  bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
  bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)


System errors:
=============
Error: (03/27/2014 04:04:31 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069

Error: (03/27/2014 04:04:31 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (03/27/2014 05:08:42 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069

Error: (03/27/2014 05:08:42 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (03/27/2014 05:06:41 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "BlueStacks Android Service" wurde mit folgendem Fehler beendet:
%%1064

Error: (03/27/2014 05:06:38 AM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ‎27.‎03.‎2014 um 05:05:28 unerwartet heruntergefahren.

Error: (03/27/2014 04:58:43 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069

Error: (03/27/2014 04:58:43 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (03/27/2014 04:56:42 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "BlueStacks Android Service" wurde mit folgendem Fehler beendet:
%%1064

Error: (03/27/2014 04:56:39 AM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ‎27.‎03.‎2014 um 03:16:11 unerwartet heruntergefahren.


Microsoft Office Sessions:
=========================
Error: (03/27/2014 04:02:53 PM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall

Error: (03/27/2014 05:07:04 AM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall

Error: (03/27/2014 05:06:41 AM) (Source: BstHdAndroidSvc)(User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
  bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
  bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (03/27/2014 04:58:07 AM) (Source: Application Hang)(User: )
Description: Battle.net.exe1.0.10.43361dd001cf4970a1a377a33C:\Program Files (x86)\Battle.net\Battle.net.4336\Battle.net.exeff2afca5-b563-11e3-98b8-00248c3630cb

Error: (03/27/2014 04:57:01 AM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall

Error: (03/27/2014 04:56:42 AM) (Source: BstHdAndroidSvc)(User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
  bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
  bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (03/27/2014 03:09:25 AM) (Source: BstHdAndroidSvc)(User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
  bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
  bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (03/26/2014 09:18:22 PM) (Source: BstHdAndroidSvc)(User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
  bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
  bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (03/26/2014 11:54:38 AM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall

Error: (03/26/2014 11:50:43 AM) (Source: BstHdAndroidSvc)(User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
  bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
  bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)


CodeIntegrity Errors:
===================================
  Date: 2013-02-14 11:53:05.345
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-02-14 11:53:05.286
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-02-14 11:53:03.217
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-02-14 11:53:03.157
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-02-14 11:53:01.080
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-02-14 11:53:01.020
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-02-14 11:52:58.949
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-02-14 11:52:58.892
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-02-14 11:52:56.824
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-02-14 11:52:56.766
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info ===========================

Percentage of memory in use: 75%
Total physical RAM: 4095.05 MB
Available physical RAM: 998.84 MB
Total Pagefile: 8188.28 MB
Available Pagefile: 3809.45 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:167.68 GB) (Free:21.05 GB) NTFS
Drive d: () (Fixed) (Total:683.5 GB) (Free:658.76 GB) NTFS
Drive e: () (Fixed) (Total:247.92 GB) (Free:247.82 GB) NTFS
Drive f: (CALIFORNICATION_SEASON_1_DISC_1) (CDROM) (Total:7.5 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 168 GB) (Disk ID: 157B2201)
Partition 1: (Not Active) - (Size=168 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 78BC26E7)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=683 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=248 GB) - (Type=07 NTFS)

==================== End Of Log ============================
GMER.log:
Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-03-27 17:07:01
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP5T0L0-7 OCZ-AGILITY3 rev.2.15 167,68GB
Running: 3cwjsxg5.exe; Driver: C:\Users\BJRN~1\AppData\Local\Temp\kxdiipow.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528                                                                    fffff80002fee000 45 bytes [00, 00, 00, 00, 00, 00, 00, ...]
INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 575                                                                    fffff80002fee02f 16 bytes [00, 00, 00, 00, 00, 00, 00, ...]

---- User code sections - GMER 2.1 ----

.text    C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe[4304] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69  0000000075cf1465 2 bytes [CF, 75]
.text    C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe[4304] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  0000000075cf14bb 2 bytes [CF, 75]
.text    ...                                                                                                                                    * 2
.text    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[5924] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69      0000000075cf1465 2 bytes [CF, 75]
.text    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[5924] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155      0000000075cf14bb 2 bytes [CF, 75]
.text    ...                                                                                                                                    * 2
.text    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[8092] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                0000000075cf1465 2 bytes [CF, 75]
.text    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[8092] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155              0000000075cf14bb 2 bytes [CF, 75]
.text    ...                                                                                                                                    * 2
?        C:\Windows\system32\mssprxy.dll [8092] entry point in ".rdata" section                                                                000000005d8571e6

---- EOF - GMER 2.1 ----
Antivir & Anti-Malware: Als zip angehängt, weil der Beitrag zu lang wurde

Ich bedanke mich schon jetzt für die für mich aufgebrachte Arbeit und Zeit.

Gruß,
Björn

M-K-D-B 27.03.2014 21:05
:hallo:


Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.


Bitte beachte folgende Hinweise:
  • Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support unterbrechen bis jegliche Art von illegaler Software vom Rechner entfernt wurde.
  • Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags.
  • Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
  • Solltest du mir nicht innerhalb von 4 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo.
    Solltest du einmal länger abwesend sein, so gib mir bitte Bescheid!
  • Während der Bereinigung bitte nichts installieren oder deinstallieren, außer ich bitte dich darum!
  • Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort zu starten!
    Ich kann Dir niemals eine Garantie geben, dass auch ich alles finde. Eine Formatierung ist meist der schnellere und immer der sicherste Weg.
    Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.








Schritt 1
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).





Schritt 2

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.






Schritt 3
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.







Schritt 4
Bitte lade dir zoek.exe von hier: http://hijackthis.nl/smeenk/
  • Bitte deaktiviere während des Scans alle Virenscanner, da sie das Ergebnis beeinflussen können.
  • Starte die zoek.exe mit einem Doppelklick.
  • Achtung: Das folgende Skript wurde nur für diesen speziellen Fall geschrieben und sollte nicht 1:1 auf andere Computer übernommen werden.
  • Kopiere den Text der folgenden Box in das Skriptfenster von zoek:
    Code:
    FFdefaults;
    CHRdefaults;
    iedefaults;
    emptyclsid;
    autoclean;
  • Nun klicke auf "Run script" und sei geduldig bis das Skript durchgelaufen ist.
  • Wenn das Tool fertig ist, wird sich eine Logdatei öffnen (ggf. erst nach einem Neustart). Das Log befindet sich aber auch noch unter c:
  • Bitte poste mir das ZOEK-Log (möglichst in CODE-Tags - #-Symbol im Antwortfenster klicken)





Bitte poste mit deiner nächsten Antwort
  • die Logdatei von AdwCleaner,
  • die Logdatei von JRT,
  • die Logdatei von MBAM,
  • die Logdatei von Zoek.

Schattenlord 27.03.2014 23:48
Hallo Matthias,
Danke für die Hilfe. Ich habe eine Frage zu Schritt 3. Wie ich bereits im Start Post schrieb, habe ich dieses Programm schon installiert, soll ich es deinstallieren und neu runter laden oder einfach nur mit dem bestehenden Programm die Schritte durchführen?
LG,
Björn

M-K-D-B 28.03.2014 19:27
Servus,


mit dem bestehenden Programm die Schritte durchführen. :)

Schattenlord 28.03.2014 20:10
Hallo Matthias,
anbei die gewünschten Log Dateien :)
adwCleaner[S1]:
Code:
# AdwCleaner v3.022 - Bericht erstellt am 27/03/2014 um 23:37:07
# Aktualisiert 13/03/2014 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : Björn - BJOERN-PC
# Gestartet von : C:\Users\Björn\Desktop\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Program Files (x86)\Splashtop

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\1ClicktorrentFile
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\1ClicktorrentFile1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.bandobjectattribute
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.dockingpanel
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbarbandobject
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.smartbardisplaystate
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.smartbarmenuform
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\oneclick
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\oneclickmg
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\smartbar_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\smartbar_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dealplylive.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\5b6d9deb668b915
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2928751
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5C3B5DAA-0AFF-4808-90FB-0F2F2D760E36}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FD501041-8EBE-11CE-8183-00AA00577DA2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FF65FDBC-5683-4DFD-9113-1FCB5B0A3447}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A85489D8-9FB7-4AD9-93EE-CD7E5B3B15C2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AE93F30A-4DCE-4FA3-9D01-6941E7EF07D0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E567812A-BD95-494A-AE1A-66BF953152FB}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{FF65FDBC-5683-4DFD-9113-1FCB5B0A3447}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{FF65FDBC-5683-4DFD-9113-1FCB5B0A3447}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{FF65FDBC-5683-4DFD-9113-1FCB5B0A3447}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Wert Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Schlüssel Gelöscht : HKCU\Software\BabSolution
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\Delta
Schlüssel Gelöscht : HKCU\Software\installedbrowserextensions
Schlüssel Gelöscht : HKCU\Software\Myfree Codec
Schlüssel Gelöscht : HKCU\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\Splashtop Inc.
Schlüssel Gelöscht : HKCU\Software\TENCENT
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\lyricsparty
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Icy_Tower
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\Delta
Schlüssel Gelöscht : HKLM\Software\Myfree Codec
Schlüssel Gelöscht : HKLM\Software\Splashtop Inc.
Schlüssel Gelöscht : HKLM\Software\Icy_Tower
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B7C5EA94-B96A-41F5-BE95-25D78B486678}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Splashtop Software Updater
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Icy_Tower Toolbar
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Speedchecker Limited
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\49AE5C7BA69B5F14EB59527DB8846687
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\49AE5C7BA69B5F14EB59527DB8846687

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.16521


-\\ Mozilla Firefox v24.0 (en-US)

[ Datei : C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\53h5f9ae.default\prefs.js ]

Zeile gelöscht : user_pref("CT2832595.FirstTime", "true");
Zeile gelöscht : user_pref("CT2832595.FirstTimeFF3", "true");
Zeile gelöscht : user_pref("CT2832595.LoginRevertSettingsEnabled", true);
Zeile gelöscht : user_pref("CT2832595.RevertSettingsEnabled", true);
Zeile gelöscht : user_pref("CT2832595.UserID", "UN52039384870627798");
Zeile gelöscht : user_pref("CT2832595.activeToolbar.enc", "c3RhZW1tZQ==");
Zeile gelöscht : user_pref("CT2832595.addressBarTakeOverEnabledInHidden", "true");
Zeile gelöscht : user_pref("CT2832595.countryCode", "DE");
Zeile gelöscht : user_pref("CT2832595.enableAlerts", "never");
Zeile gelöscht : user_pref("CT2832595.enableFix404ByUser", "FALSE");
Zeile gelöscht : user_pref("CT2832595.firstTimeDialogOpened", "true");
Zeile gelöscht : user_pref("CT2832595.fixPageNotFoundErrorByUser", "TRUE");
Zeile gelöscht : user_pref("CT2832595.fixPageNotFoundErrorInHidden", "true");
Zeile gelöscht : user_pref("CT2832595.fixUrls", true);
Zeile gelöscht : user_pref("CT2832595.fullUserID", "UN52039384870627798.UP.20130728130217");
Zeile gelöscht : user_pref("CT2832595.homepageuserchanged", true);
Zeile gelöscht : user_pref("CT2832595.hxxp___toolbar_innogames_de_toolbars_flags.APP_WIN_FEATURES", "cmVzaXphYmxlPW5vLCBzYXZlcmVzaXplZHNpemU9bm8sIGhzY3JvbGw9bm8sIHZzY3JvbGw9bm8sIHRpdGxlYmFyPW5vLCBjbG9zZWJ1dHRvbj1ubywg[...]
Zeile gelöscht : user_pref("CT2832595.hxxp___toolbar_innogames_de_toolbars_staemme.APP_WIN_FEATURES.enc", "cmVzaXphYmxlPW5vLCBzYXZlcmVzaXplZHNpemU9bm8sIGhzY3JvbGw9bm8sIHZzY3JvbGw9bm8sIHRpdGxlYmFyPW5vLCBjbG9zZWJ1dHRvbj[...]
Zeile gelöscht : user_pref("CT2832595.hxxp___toolbar_innogames_de_toolbars_switch.APP_WIN_FEATURES", "cmVzaXphYmxlPW5vLCBzYXZlcmVzaXplZHNpemU9bm8sIGhzY3JvbGw9bm8sIHZzY3JvbGw9bm8sIHRpdGxlYmFyPW5vLCBjbG9zZW9uZXh0ZXJuYWx[...]
Zeile gelöscht : user_pref("CT2832595.installType", "DirectDownload");
Zeile gelöscht : user_pref("CT2832595.isCheckedStartAsHidden", true);
Zeile gelöscht : user_pref("CT2832595.isFirstTimeToolbarLoading", "false");
Zeile gelöscht : user_pref("CT2832595.isNewTabEnabled", false);
Zeile gelöscht : user_pref("CT2832595.isPerformedSmartBarTransition", "true");
Zeile gelöscht : user_pref("CT2832595.lastVersion", "10.16.9.506");
Zeile gelöscht : user_pref("CT2832595.migrateAppsAndComponents", true);
Zeile gelöscht : user_pref("CT2832595.search.searchAppId", "129333561190981396");
Zeile gelöscht : user_pref("CT2832595.search.searchCount", "0");
Zeile gelöscht : user_pref("CT2832595.searchInNewTabEnabled", "false");
Zeile gelöscht : user_pref("CT2832595.searchInNewTabEnabledByUser", "false");
Zeile gelöscht : user_pref("CT2832595.searchInNewTabEnabledInHidden", "true");
Zeile gelöscht : user_pref("CT2832595.searchSuggestEnabledByUser", "false");
Zeile gelöscht : user_pref("CT2832595.serviceLayer_services_Configuration_lastUpdate", "1375206499459");
Zeile gelöscht : user_pref("CT2832595.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1375009458381");
Zeile gelöscht : user_pref("CT2832595.serviceLayer_services_appsMetadata_lastUpdate", "1375206499112");
Zeile gelöscht : user_pref("CT2832595.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1375009458311");
Zeile gelöscht : user_pref("CT2832595.serviceLayer_services_location_lastUpdate", "1373412345753");
Zeile gelöscht : user_pref("CT2832595.serviceLayer_services_login_10.13.1.89_lastUpdate", "1352675538999");
Zeile gelöscht : user_pref("CT2832595.serviceLayer_services_login_10.13.40.15_lastUpdate", "1359439471849");
Zeile gelöscht : user_pref("CT2832595.serviceLayer_services_login_10.14.370.524_lastUpdate", "1370971764622");
Zeile gelöscht : user_pref("CT2832595.serviceLayer_services_login_10.14.40.128_lastUpdate", "1362905432637");
Zeile gelöscht : user_pref("CT2832595.serviceLayer_services_login_10.16.2.509_lastUpdate", "1373412345590");
Zeile gelöscht : user_pref("CT2832595.serviceLayer_services_login_10.16.7.524_lastUpdate", "1375206499186");
Zeile gelöscht : user_pref("CT2832595.serviceLayer_services_login_lastUpdate", "1352754988964");
Zeile gelöscht : user_pref("CT2832595.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1375009458353");
Zeile gelöscht : user_pref("CT2832595.serviceLayer_services_searchAPI_lastUpdate", "1375206499135");
Zeile gelöscht : user_pref("CT2832595.serviceLayer_services_serviceMap_lastUpdate", "1375206499061");
Zeile gelöscht : user_pref("CT2832595.serviceLayer_services_toolbarContextMenu_lastUpdate", "1375009458226");
Zeile gelöscht : user_pref("CT2832595.serviceLayer_services_toolbarSettings_lastUpdate", "1375213699262");
Zeile gelöscht : user_pref("CT2832595.serviceLayer_services_translation_lastUpdate", "1375206499365");
Zeile gelöscht : user_pref("CT2832595.settingsINI", true);
Zeile gelöscht : user_pref("CT2832595.showToolbarPermission", "false");
Zeile gelöscht : user_pref("CT2832595.smartbar.CTID", "CT2832595");
Zeile gelöscht : user_pref("CT2832595.smartbar.Uninstall", "0");
Zeile gelöscht : user_pref("CT2832595.smartbar.toolbarName", "InnoGames International ");
Zeile gelöscht : user_pref("CT2832595.staemme_market.enc", "ZGU=");
Zeile gelöscht : user_pref("CT2832595.staemme_username_en", "VTJOb1lYUjBaVzVzYjNKa09UST0=");
Zeile gelöscht : user_pref("CT2832595.staemme_village_de84.enc", "MTEyMTI2");
Zeile gelöscht : user_pref("CT2832595.toolbarBornServerTime", "7-9-2012");
Zeile gelöscht : user_pref("CT2832595.toolbarCurrentServerTime", "30-7-2013");
Zeile gelöscht : user_pref("CT2832595.toolbarLoginClientTime", "Thu Mar 14 2013 17:12:08 GMT+0100");
Zeile gelöscht : user_pref("CT2832595.toolbarUrl.enc", "aHR0cDovL3Rvb2xiYXIuaW5ub2dhbWVzLmRlL3Rvb2xiYXJzL3N0YWVtbWUvdG9vbGJhci5waHA=");
Zeile gelöscht : user_pref("CT2832595.toolbar_market.enc", "ZGU=");
Zeile gelöscht : user_pref("browser.search.defaultenginename", "Web Search");
Zeile gelöscht : user_pref("browser.search.selectedEngine", "Web Search");
Zeile gelöscht : user_pref("extensions.helperbar.DockingPositionDown", false);
Zeile gelöscht : user_pref("extensions.helperbar.SmartbarDisabled", false);
Zeile gelöscht : user_pref("extensions.helperbar.SmartbarStateMinimaized", false);
Zeile gelöscht : user_pref("extensions.helperbar.Visibility", true);
Zeile gelöscht : user_pref("extensions.helperbar.countryiso", "de");
Zeile gelöscht : user_pref("extensions.helperbar.downloadprovider", "yahoooc");
Zeile gelöscht : user_pref("extensions.helperbar.installationid", "e9086af4-978d-4bd1-a786-e7f8b82eccb6");
Zeile gelöscht : user_pref("extensions.helperbar.installdate", "31/05/2013");
Zeile gelöscht : user_pref("extensions.helperbar.publisher", "yahoooc");
Zeile gelöscht : user_pref("extensions.helperbar.type", "hp1000");
Zeile gelöscht : user_pref("smartbar.machineId", "NVVZX4IJEC5ZWH3T8KARERQVVTS0SURDNJ7T/YXT3U7WP3+XWNV+IKZWBABIFNFF4W2ZB0NG8S7EJH/ZHKTVLG");

-\\ Google Chrome v

[ Datei : C:\Users\Björn\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [19163 octets] - [27/03/2014 23:35:16]
AdwCleaner[R1].txt - [16391 octets] - [27/03/2014 23:36:32]
AdwCleaner[S0].txt - [2843 octets] - [27/03/2014 23:35:57]
AdwCleaner[S1].txt - [15591 octets] - [27/03/2014 23:37:07]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [15652 octets] ##########
JRT:
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Windows 7 Professional x64
Ran by Bj”rn on 27.03.2014 at 23:40:52,79
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3093385529-1678394880-1889526415-1001\Software\sweetim



~~~ Files

Successfully deleted: [File] "C:\Users\Bj”rn\appdata\local\google\chrome\user data\default\local storage\http_start.iminent.com_0.localstorage"
Successfully deleted: [File] "C:\Users\Bj”rn\appdata\local\google\chrome\user data\default\local storage\http_start.iminent.com_0.localstorage-journal"



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Bj”rn\appdata\local\cre"



~~~ FireFox

Successfully deleted the following from C:\Users\Bj”rn\AppData\Roaming\mozilla\firefox\profiles\53h5f9ae.default\prefs.js

user_pref("extensions.afca3238e0f5246348e93c36d211b2ea9c1c012cf93b0488ea2c5453d23bec199com51356.51356.name", "HDvid-Codec V9.0");
Emptied folder: C:\Users\Bj”rn\AppData\Roaming\mozilla\firefox\profiles\53h5f9ae.default\minidumps [63 files]



~~~ Chrome

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Google [Blacklisted Policy]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 27.03.2014 at 23:46:24,46
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
mbam:
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 28.03.2014
Suchlauf-Zeit: 19:48:03
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.0.1000
Malware Datenbank: v2014.03.28.07
Rootkit Datenbank: v2014.03.27.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Chameleon: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Björn

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 323389
Verstrichene Zeit: 8 Min, 25 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Shuriken: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 0
(No malicious items detected)

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 0
(No malicious items detected)

Physische Sektoren: 0
(No malicious items detected)


(end)
zoek-result:
Code:
Zoek.exe v5.0.0.0 Updated 07-March-2014
Tool run by Bj”rn on 28.03.2014 at 19:50:37,50.
Microsoft Windows 7 Professional  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\BJRN~1\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

28.03.2014 19:51:28 Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-3093385529-1678394880-1889526415-1001\Software\Mozilla\Firefox\Extensions\{ca101f1f-097d-4e2b-939a-b3b54b675d22} deleted successfully
HKEY_USERS\S-1-5-21-3093385529-1678394880-1889526415-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Mozilla\Firefox\Extensions\{ca101f1f-097d-4e2b-939a-b3b54b675d22} deleted successfully

==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\BJRN~1\AppData\Roaming\Mozilla\Firefox\Profiles\53h5f9ae.default\prefs.js:
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.order.1", "Google");

Added to C:\Users\BJRN~1\AppData\Roaming\Mozilla\Firefox\Profiles\53h5f9ae.default\prefs.js:
user_pref("browser.startup.homepage", "hxxp://www.google.com");
user_pref("browser.search.defaulturl", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "hxxp://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

Deleted from C:\Users\BJRN~1\AppData\Roaming\Thunderbird\Profiles\bzawikeo.default\prefs.js:

Added to C:\Users\BJRN~1\AppData\Roaming\Thunderbird\Profiles\bzawikeo.default\prefs.js:
user_pref("browser.startup.homepage", "hxxp://www.google.com");
user_pref("browser.search.defaulturl", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "hxxp://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

ProfilePath: C:\Users\BJRN~1\AppData\Roaming\Mozilla\Firefox\Profiles\53h5f9ae.default

user.js not found
---- Lines OneClickDownload removed from prefs.js ----
user_pref("extensions.bootstrappedAddons", "{\"OneClickDownload@OneClickDownload.com\":{\"version\":\"1.3\",\"type\":\"extension\",\"descriptor\":\"C:
user_pref("extensions.OneClickDownload.filter", "filter:1,3");
---- Lines OneClickDownload modified from prefs.js ----

user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"{23fcfd51-4958-4f00-80a3-ae97e717ed8b}\":{\"descriptor\":\"C:\\\\
---- Lines afca3238e0f5246348e93c36d211b2ea9c1c012cf93b0488ea2c5453d23bec199com51356 removed from prefs.js ----
user_pref("extensions.afca3238e0f5246348e93c36d211b2ea9c1c012cf93b0488ea2c5453d23bec199com51356.51356.active", true);
user_pref("extensions.afca3238e0f5246348e93c36d211b2ea9c1c012cf93b0488ea2c5453d23bec199com51356.51356.addressbar", "NA");
user_pref("extensions.afca3238e0f5246348e93c36d211b2ea9c1c012cf93b0488ea2c5453d23bec199com51356.51356.addressbarenhanced", "");
user_pref("extensions.afca3238e0f5246348e93c36d211b2ea9c1c012cf93b0488ea2c5453d23bec199com51356.51356.asyncdb.was_copied", "true");
user_pref("extensions.afca3238e0f5246348e93c36d211b2ea9c1c012cf93b0488ea2c5453d23bec199com51356.51356.asyncdb_dbWasSet", true);
user_pref("extensions.afca3238e0f5246348e93c36d211b2ea9c1c012cf93b0488ea2c5453d23bec199com51356.51356.asyncdb_dbWasSet_FF25_FIX", true);
user_pref("extensions.afca3238e0f5246348e93c36d211b2ea9c1c012cf93b0488ea2c5453d23bec199com51356.51356.asyncinternaldb.was_copied", "true");
user_pref("extensions.afca3238e0f5246348e93c36d211b2ea9c1c012cf93b0488ea2c5453d23bec199com51356.51356.asyncinternaldb_dbWasSet", true);
user_pref("extensions.afca3238e0f5246348e93c36d211b2ea9c1c012cf93b0488ea2c5453d23bec199com51356.51356.asyncinternaldb_dbWasSet_FF25_FIX", true);
user_pref("extensions.afca3238e0f5246348e93c36d211b2ea9c1c012cf93b0488ea2c5453d23bec199com51356.51356.backgroundver", 2);
user_pref("extensions.afca3238e0f5246348e93c36d211b2ea9c1c012cf93b0488ea2c5453d23bec199com51356.51356.certdomaininstaller", "");
user_pref("extensions.afca3238e0f5246348e93c36d211b2ea9c1c012cf93b0488ea2c5453d23bec199com51356.51356.changeprevious", false);
user_pref("extensions.afca3238e0f5246348e93c36d211b2ea9c1c012cf93b0488ea2c5453d23bec199com51356.51356.cookie.au.expiration", "Fri Feb 01 2030 00:00:00
user_pref("extensions.afca3238e0f5246348e93c36d211b2ea9c1c012cf93b0488ea2c5453d23bec199com51356.51356.cookie.au.value", "%222014-3-23%22");
user_pref("extensions.afca3238e0f5246348e93c36d211b2ea9c1c012cf93b0488ea2c5453d23bec199com51356.51356.cookie.cnt.expiration", "Fri Feb 01 2030 00:00:0
user_pref("extensions.afca3238e0f5246348e93c36d211b2ea9c1c012cf93b0488ea2c5453d23bec199com51356.51356.cookie.cnt.value", "%22DE%22");
user_pref("extensions.afca3238e0f5246348e93c36d211b2ea9c1c012cf93b0488ea2c5453d23bec199com51356.51356.cookie.first_run.expiration", "Fri Feb 01 2030 0
user_pref("extensions.afca3238e0f5246348e93c36d211b2ea9c1c012cf93b0488ea2c5453d23bec199com51356.51356.cookie.first_run.value", "%221%22");
user_pref("extensions.afca3238e0f5246348e93c36d211b2ea9c1c012cf93b0488ea2c5453d23bec199com51356.51356.cookie.install.expiration", "Fri Feb 01 2030 00:
user_pref("extensions.afca3238e0f5246348e93c36d211b2ea9c1c012cf93b0488ea2c5453d23bec199com51356.51356.cookie.install.value", "%222014-3-23%22");
user_pref("extensions.afca3238e0f5246348e93c36d211b2ea9c1c012cf93b0488ea2c5453d23bec199com51356.51356.cookie.InstallationTime.expiration", "Fri Feb 01
user_pref("extensions.afca3238e0f5246348e93c36d211b2ea9c1c012cf93b0488ea2c5453d23bec199com51356.51356.cookie.InstallationTime.value", "%221394294937%2
user_pref("extensions.afca3238e0f5246348e93c36d211b2ea9c1c012cf93b0488ea2c5453d23bec199com51356.51356.cookie.InstallerParams.expiration", "Fri Feb 01
user_pref("extensions.afca3238e0f5246348e93c36d211b2ea9c1c012cf93b0488ea2c5453d23bec199com51356.51356.cookie.InstallerParams.value", "%7B%22source_id%
user_pref("extensions.afca3238e0f5246348e93c36d211b2ea9c1c012cf93b0488ea2c5453d23bec199com51356.51356.cookie.testingGaq.expiration", "Fri Feb 01 2030
user_pref("extensions.afca3238e0f5246348e93c36d211b2ea9c1c012cf93b0488ea2c5453d23bec199com51356.51356.cookie.testingGaq.value", "%22http%3A//extclickm
user_pref("extensions.afca3238e0f5246348e93c36d211b2ea9c1c012cf93b0488ea2c5453d23bec199com51356.51356.description", "HDVid Codec - Enjoy the future of
user_pref("extensions.afca3238e0f5246348e93c36d211b2ea9c1c012cf93b0488ea2c5453d23bec199com51356.51356.domain", "");
user_pref("extensions.afca3238e0f5246348e93c36d211b2ea9c1c012cf93b0488ea2c5453d23bec199com51356.51356.enablesearch", false);
user_pref("extensions.afca3238e0f5246348e93c36d211b2ea9c1c012cf93b0488ea2c5453d23bec199com51356.51356.homepage", "");
user_pref("extensions.afca3238e0f5246348e93c36d211b2ea9c1c012cf93b0488ea2c5453d23bec199com51356.51356.iframe", false);
user_pref("extensions.afca3238e0f5246348e93c36d211b2ea9c1c012cf93b0488ea2c5453d23bec199com51356.51356.InstallationThankYouPage", true);
user_pref("extensions.afca3238e0f5246348e93c36d211b2ea9c1c012cf93b0488ea2c5453d23bec199com51356.51356.InstallationTime", 1394294937);
user_pref("extensions.afca3238e0f5246348e93c36d211b2ea9c1c012cf93b0488ea2c5453d23bec199com51356.51356.internaldb.__defualt_browser__.expiration", "Fri
user_pref("extensions.afca3238e0f5246348e93c36d211b2ea9c1c012cf93b0488ea2c5453d23bec199com51356.51356.internaldb.__defualt_browser__.value", "%22ch%22
user_pref("extensions.afca3238e0f5246348e93c36d211b2ea9c1c012cf93b0488ea2c5453d23bec199com51356.51356.internaldb.installer.expiration", "Fri Feb 01 20
user_pref("extensions.afca3238e0f5246348e93c36d211b2ea9c1c012cf93b0488ea2c5453d23bec199com51356.51356.internaldb.installer.value", "%7B%22InstallerIde
user_pref("extensions.afca3238e0f5246348e93c36d211b2ea9c1c012cf93b0488ea2c5453d23bec199com51356.51356.internaldb.InstallerIdentifiers.expiration", "Fr
user_pref("extensions.afca3238e0f5246348e93c36d211b2ea9c1c012cf93b0488ea2c5453d23bec199com51356.51356.internaldb.InstallerIdentifiers.value", "%7B%22i
user_pref("extensions.afca3238e0f5246348e93c36d211b2ea9c1c012cf93b0488ea2c5453d23bec199com51356.51356.internaldb.InstallerParams.expiration", "Fri Feb
user_pref("extensions.afca3238e0f5246348e93c36d211b2ea9c1c012cf93b0488ea2c5453d23bec199com51356.51356.internaldb.InstallerParams.value", "%7B%22source
user_pref("extensions.afca3238e0f5246348e93c36d211b2ea9c1c012cf93b0488ea2c5453d23bec199com51356.51356.internaldb.InstallerParamsCache.expiration", "Fr
user_pref("extensions.afca3238e0f5246348e93c36d211b2ea9c1c012cf93b0488ea2c5453d23bec199com51356.51356.internaldb.InstallerParamsCache.value", "%7B%22s
user_pref("extensions.afca3238e0f5246348e93c36d211b2ea9c1c012cf93b0488ea2c5453d23bec199com51356.51356.internaldb.InstallerUserIdentifiersCache.expirat
user_pref("extensions.afca3238e0f5246348e93c36d211b2ea9c1c012cf93b0488ea2c5453d23bec199com51356.51356.internaldb.InstallerUserIdentifiersCache.value",
user_pref("extensions.afca3238e0f5246348e93c36d211b2ea9c1c012cf93b0488ea2c5453d23bec199com51356.51356.internaldb.monetization_plugin_bundledUrls.expir
user_pref("extensions.afca3238e0f5246348e93c36d211b2ea9c1c012cf93b0488ea2c5453d23bec199com51356.51356.internaldb.monetization_plugin_bundledUrls.value
user_pref("extensions.afca3238e0f5246348e93c36d211b2ea9c1c012cf93b0488ea2c5453d23bec199com51356.51356.internaldb.monetization_plugin_bundledWithHash.e
user_pref("extensions.afca3238e0f5246348e93c36d211b2ea9c1c012cf93b0488ea2c5453d23bec199com51356.51356.internaldb.monetization_plugin_bundledWithHash.v
user_pref("extensions.afca3238e0f5246348e93c36d211b2ea9c1c012cf93b0488ea2c5453d23bec199com51356.51356.internaldb.monetization_plugin_notBundledArr_.ex
user_pref("extensions.afca3238e0f5246348e93c36d211b2ea9c1c012cf93b0488ea2c5453d23bec199com51356.51356.internaldb.monetization_plugin_notBundledArr_.va
user_pref("extensions.afca3238e0f5246348e93c36d211b2ea9c1c012cf93b0488ea2c5453d23bec199com51356.51356.internaldb.Resources_appVer.expiration", "Fri Fe
user_pref("extensions.afca3238e0f5246348e93c36d211b2ea9c1c012cf93b0488ea2c5453d23bec199com51356.51356.internaldb.Resources_appVer.value", "26");
user_pref("extensions.afca3238e0f5246348e93c36d211b2ea9c1c012cf93b0488ea2c5453d23bec199com51356.51356.internaldb.Resources_lastVersion.expiration", "F
user_pref("extensions.afca3238e0f5246348e93c36d211b2ea9c1c012cf93b0488ea2c5453d23bec199com51356.51356.internaldb.Resources_lastVersion.value", "1");
user_pref("extensions.afca3238e0f5246348e93c36d211b2ea9c1c012cf93b0488ea2c5453d23bec199com51356.51356.internaldb.Resources_meta.expiration", "Fri Feb
user_pref("extensions.afca3238e0f5246348e93c36d211b2ea9c1c012cf93b0488ea2c5453d23bec199com51356.51356.internaldb.Resources_meta.value", "%7B%7D");
user_pref("extensions.afca3238e0f5246348e93c36d211b2ea9c1c012cf93b0488ea2c5453d23bec199com51356.51356.internaldb.Resources_nextCheck.expiration", "Mon
user_pref("extensions.afca3238e0f5246348e93c36d211b2ea9c1c012cf93b0488ea2c5453d23bec199com51356.51356.internaldb.Resources_nextCheck.value", "true");
user_pref("extensions.afca3238e0f5246348e93c36d211b2ea9c1c012cf93b0488ea2c5453d23bec199com51356.51356.internaldb.Resources_queue.expiration", "Fri Feb
user_pref("extensions.afca3238e0f5246348e93c36d211b2ea9c1c012cf93b0488ea2c5453d23bec199com51356.51356.internaldb.Resources_queue.value", "%7B%7D");
user_pref("extensions.afca3238e0f5246348e93c36d211b2ea9c1c012cf93b0488ea2c5453d23bec199com51356.51356.lastDailyReport", "1395598950651");
user_pref("extensions.afca3238e0f5246348e93c36d211b2ea9c1c012cf93b0488ea2c5453d23bec199com51356.51356.lastUpdate", "1395598949597");
user_pref("extensions.afca3238e0f5246348e93c36d211b2ea9c1c012cf93b0488ea2c5453d23bec199com51356.51356.manifesturl", "");
user_pref("extensions.afca3238e0f5246348e93c36d211b2ea9c1c012cf93b0488ea2c5453d23bec199com51356.51356.newtab", "");
user_pref("extensions.afca3238e0f5246348e93c36d211b2ea9c1c012cf93b0488ea2c5453d23bec199com51356.51356.opensearch", "");
user_pref("extensions.afca3238e0f5246348e93c36d211b2ea9c1c012cf93b0488ea2c5453d23bec199com51356.51356.pluginsurl", "https://w9u6a2p6.ssl.hwcdn.net/plu
user_pref("extensions.afca3238e0f5246348e93c36d211b2ea9c1c012cf93b0488ea2c5453d23bec199com51356.51356.pluginsversion", 22);
user_pref("extensions.afca3238e0f5246348e93c36d211b2ea9c1c012cf93b0488ea2c5453d23bec199com51356.51356.publisher", "installdaddy");
user_pref("extensions.afca3238e0f5246348e93c36d211b2ea9c1c012cf93b0488ea2c5453d23bec199com51356.51356.searchstatus", 0);
user_pref("extensions.afca3238e0f5246348e93c36d211b2ea9c1c012cf93b0488ea2c5453d23bec199com51356.51356.setnewtab", false);
user_pref("extensions.afca3238e0f5246348e93c36d211b2ea9c1c012cf93b0488ea2c5453d23bec199com51356.51356.thankyou", "");
user_pref("extensions.afca3238e0f5246348e93c36d211b2ea9c1c012cf93b0488ea2c5453d23bec199com51356.51356.updateinterval", 360);
user_pref("extensions.afca3238e0f5246348e93c36d211b2ea9c1c012cf93b0488ea2c5453d23bec199com51356.51356.ver", 26);
user_pref("extensions.afca3238e0f5246348e93c36d211b2ea9c1c012cf93b0488ea2c5453d23bec199com51356.apps", "51356");
user_pref("extensions.afca3238e0f5246348e93c36d211b2ea9c1c012cf93b0488ea2c5453d23bec199com51356.bic", "144f02df54969c62d8158517ecc1b61b");
user_pref("extensions.afca3238e0f5246348e93c36d211b2ea9c1c012cf93b0488ea2c5453d23bec199com51356.cid", 51356);
user_pref("extensions.afca3238e0f5246348e93c36d211b2ea9c1c012cf93b0488ea2c5453d23bec199com51356.FilesValidatorDueTime", "1395599007128");
user_pref("extensions.afca3238e0f5246348e93c36d211b2ea9c1c012cf93b0488ea2c5453d23bec199com51356.firstrun", false);
user_pref("extensions.afca3238e0f5246348e93c36d211b2ea9c1c012cf93b0488ea2c5453d23bec199com51356.hadappinstalled", true);
user_pref("extensions.afca3238e0f5246348e93c36d211b2ea9c1c012cf93b0488ea2c5453d23bec199com51356.installationdate", 1395598948);
user_pref("extensions.afca3238e0f5246348e93c36d211b2ea9c1c012cf93b0488ea2c5453d23bec199com51356.modetype", "production");
user_pref("extensions.afca3238e0f5246348e93c36d211b2ea9c1c012cf93b0488ea2c5453d23bec199com51356.reportInstall", true);
user_pref("extensions.afca3238e0f5246348e93c36d211b2ea9c1c012cf93b0488ea2c5453d23bec199com51356.statsDailyCounter", 1);
---- FireFox user.js and prefs.js backups ----

prefs__2000_.backup

ProfilePath: C:\Users\BJRN~1\AppData\Roaming\Thunderbird\Profiles\bzawikeo.default

user.js not found
---- FireFox user.js and prefs.js backups ----

prefs__2000_.backup

==== Deleting Files \ Folders ======================

C:\Users\Björn\AppData\Local\avgchrome not found
C:\PROGRA~2\COMMON~1\DVDVideoSoft\bin deleted
C:\Users\BJRN~1\Downloads\SideKickSetup (1).exe deleted
C:\Users\BJRN~1\Downloads\SideKickSetup.exe deleted
C:\Users\BJRN~1\Downloads\FreeYouTubeToMP3Converter31126.exe deleted
C:\Windows\wininit.ini deleted
C:\Users\BJRN~1\AppData\Roaming\Mozilla\Firefox\Profiles\53h5f9ae.default\jetpack deleted
C:\Users\BJRN~1\AppData\Roaming\Mozilla\Firefox\Profiles\53h5f9ae.default\CT2832595 deleted
C:\Users\BJRN~1\limboole.exe deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{23fcfd51-4958-4f00-80a3-ae97e717ed8b}"="C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5" [04.03.2013 15:08]

==== Firefox Extensions ======================

ProfilePath: C:\Users\BJRN~1\AppData\Roaming\Mozilla\Firefox\Profiles\53h5f9ae.default
- DivX Plus Web Player HTML5 lt;videogt; - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
- Undetermined - C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\53h5f9ae.default\extensions\{e9086af4-978d-4bd1-a786-e7f8b82eccb6}
- Undetermined - C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\53h5f9ae.default\extensions\fca3238e-0f52-4634-8e93-c36d211b2ea9@c1c012cf-93b0-488e-a2c5-453d23bec199.com
- Yahoo Community Smartbar - %ProfilePath%\extensions\{e9086af4-978d-4bd1-a786-e7f8b82eccb6}
- Greasemonkey - %ProfilePath%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi

ProfilePath: C:\Users\BJRN~1\AppData\Roaming\Thunderbird\Profiles\bzawikeo.default
- Instrument Test - %ProfilePath%\extensions\tbtestpilot@labs.mozilla.com.xpi
- Zindus - %ProfilePath%\extensions\{ad7d8a66-253b-11dc-977c-000c29a3126e}.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================


==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
lmhcioafdnaphcmlajkgbnghloomafka - C:\Program Files (x86)\LyricsParty\133.crx[]
nneajnkjbffgblleaoojgaacokifdkhm - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx[07.02.2013 06:47]
obilhkhfmlggcoildcnoeknaghkiiclj - C:\Users\Bj”rn\AppData\Local\CRE\obilhkhfmlggcoildcnoeknaghkiiclj.crx[]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
obilhkhfmlggcoildcnoeknaghkiiclj - C:\Users\Bj”rn\AppData\Local\CRE\obilhkhfmlggcoildcnoeknaghkiiclj.crx[]

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://www.google.com"
"Search Page"="hxxp://www.google.com"
"Search Bar"="hxxp://www.google.com"
"Use Search Asst"="yes"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"Default"="www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl]
"Default"="www.google.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"Default"="www.google.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="hxxp://www.google.com"
"SearchAssistant"="hxxp://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="hxxp://www.google.com"
"Use Search Asst"="no"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="hxxp://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="hxxp://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="hxxp://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"SearchAssistant"="hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google  Url="hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Reset Google Chrome ======================

C:\Users\Default\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Default User\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\lmhcioafdnaphcmlajkgbnghloomafka deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\obilhkhfmlggcoildcnoeknaghkiiclj deleted successfully
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\obilhkhfmlggcoildcnoeknaghkiiclj deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Björn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Björn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Björn\AppData\Local\Temp\acro_rd_dir\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Björn\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

No Chrome Cache found

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=194 folders=20 52028644 bytes)

==== Empty Temp Folders ======================

C:\Users\Björn\AppData\Local\Temp emptied successfully
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\postgres\AppData\Local\Temp emptied successfully
C:\Users\UpdatusUser\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\BJRN~1\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on 28.03.2014 at 20:07:05,16 ======================
LG,
Björn

M-K-D-B 29.03.2014 20:20
Servus,



Wir spüren die letzten Reste auf, damit wir sie später entfernen können:





Schritt 1
Kontrollscan mit FRST
Führe wie zuvor beschrieben einen Scan mit FRST aus.
Setze dazu einen Haken bei Addition.txt rechts unten und klicke auf Scan.
Es werden zwei Logdateien erzeugt. Poste mir diese.





Schritt 2
Lade dir die passende Version von SystemLook vom folgenden Spiegel herunter und speichere das Tool auf dem Desktop:
SystemLook (32 bit) | SystemLook (64 bit)
  • Doppelklicke auf die SystemLook.exe, um das Tool zu starten.
  • Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:

    Code:
    :regfind
    Conduit
    LyricsParty
  • Klicke nun auf den Button Look, um den Scan zu starten.
  • Der Suchlauf kann einige Zeit dauern.
  • Wenn der Suchlauf beendet ist, wird sich dein Editor mit den Ergebnissen öffnen, poste diese in deinen Thread.
  • Die Ergebnisse werden auch auf dem Desktop als SystemLook.txt gespeichert.








Gibt es noch Probleme mit Malware? Wenn ja, welche?
Wie läuft der Rechner derzeit?





Bitte poste mit deiner nächsten Antwort
  • die zwei Logdateien von FRST,
  • die Logdatei von SystemLook,
  • die Beantwortung der gestellten Fragen.

Schattenlord 30.03.2014 05:42
Hallo,
danke nochmals, hier die Logs:

FRST:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Björn (administrator) on BJOERN-PC on 30-03-2014 06:35:10
Running from C:\Users\Björn\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Logitech Inc.) C:\Program Files\Logitech\Gaming Software\LWEMon.exe
(Valve Corporation) D:\Program Files (x86)\Steam\Steam.exe
(Google Inc.) C:\Users\Björn\AppData\Local\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Users\Björn\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
(Spotify Ltd) C:\Users\Björn\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
() C:\Program Files (x86)\spotimote\spotimote.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
(FILSH Media GmbH) D:\Program Files (x86)\FILSHtray\FILSHtray.exe
(Realtime Soft Ltd) C:\Program Files\UltraMon\UltraMon.exe
(Dropbox, Inc.) C:\Users\Björn\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Geek Software GmbH) D:\Program Files (x86)\PDF24\pdf24.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Realtime Soft Ltd) C:\Program Files\UltraMon\UltraMonTaskbar.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(AVM Berlin) C:\Users\Björn\AppData\Local\Apps\2.0\5QDKRKKY.6PP\PT18AWHJ.ZDC\frit..tion_1acae14e4778b8d2_0002.0003_6dcb4a48ddb2ee39\fritzbox-usb-fernanschluss.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Realtime Soft Ltd) C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
(Google Inc.) C:\Users\Björn\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Björn\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Björn\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Björn\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Björn\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Björn\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Björn\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Björn\AppData\Local\Google\Chrome\Application\chrome.exe
(Realtime Soft Ltd) C:\Program Files\UltraMon\UltraMonUiAcc.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7833120 2012-04-19] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] - C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2012-04-19] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Launch LgDeviceAgent] - C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe [415816 2010-08-03] (Logitech Inc.)
HKLM\...\Run: [Launch LGDCore] - C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe [4725320 2010-08-03] (Logitech Inc.)
HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [1744152 2011-10-07] (Logitech, Inc.)
HKLM\...\Run: [Start WingMan Profiler] - C:\Program Files\Logitech\Gaming Software\LWEMon.exe [190536 2010-06-14] (Logitech Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-11-06] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [PDFPrint] - D:\Program Files (x86)\PDF24\pdf24.exe [163000 2012-12-12] (Geek Software GmbH)
HKLM-x32\...\Run: [SDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [3825176 2012-11-13] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [DivXMediaServer] - C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-01-30] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-13] ()
HKLM-x32\...\Run: [BlueStacks Agent] - C:\Program Files (x86)\BlueStacks\HD-Agent.exe [601928 2013-05-13] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-03-27] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3093385529-1678394880-1889526415-1001\...\Run: [Steam] - D:\Program Files (x86)\Steam\Steam.exe [1821888 2014-02-25] (Valve Corporation)
HKU\S-1-5-21-3093385529-1678394880-1889526415-1001\...\Run: [530E5466CDC257B57ADB6C547F455690AC4E50DE._service_run] - C:\Users\Björn\AppData\Local\Google\Chrome\Application\chrome.exe [859976 2014-03-15] (Google Inc.)
HKU\S-1-5-21-3093385529-1678394880-1889526415-1001\...\Run: [Rainlendar2] - C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe [2433024 2011-08-12] ()
HKU\S-1-5-21-3093385529-1678394880-1889526415-1001\...\Run: [KiesPreload] - C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564528 2013-11-06] (Samsung)
HKU\S-1-5-21-3093385529-1678394880-1889526415-1001\...\Run: [KiesAirMessage] - C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe [578560 2013-03-20] (Samsung Electronics)
HKU\S-1-5-21-3093385529-1678394880-1889526415-1001\...\Run: [KiesPDLR] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845168 2013-11-06] (Samsung)
HKU\S-1-5-21-3093385529-1678394880-1889526415-1001\...\Run: [] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845168 2013-11-06] (Samsung)
HKU\S-1-5-21-3093385529-1678394880-1889526415-1001\...\Run: [Google Update] - C:\Users\Björn\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-11-28] (Google Inc.)
HKU\S-1-5-21-3093385529-1678394880-1889526415-1001\...\Run: [AmazonMP3DownloaderHelper] - C:\Users\Björn\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [400704 2013-05-22] ()
HKU\S-1-5-21-3093385529-1678394880-1889526415-1001\...\Run: [AVMUSBFernanschluss] - C:\Users\Björn\AppData\Local\Apps\2.0\5QDKRKKY.6PP\PT18AWHJ.ZDC\frit..tion_1acae14e4778b8d2_0002.0003_6dcb4a48ddb2ee39\AVMAutoStart.exe [139264 2013-12-22] (AVM Berlin)
HKU\S-1-5-21-3093385529-1678394880-1889526415-1001\...\Run: [Spotify Web Helper] - C:\Users\Björn\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171968 2014-01-20] (Spotify Ltd)
HKU\S-1-5-21-3093385529-1678394880-1889526415-1001\...\Run: [spotimote] - C:\Program Files (x86)\spotimote\spotimote.exe [2170416 2013-09-23] ()
HKU\S-1-5-21-3093385529-1678394880-1889526415-1001\...\Run: [Spybot-S&D Cleaning] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [3713032 2012-11-13] (Safer-Networking Ltd.)
HKU\S-1-5-21-3093385529-1678394880-1889526415-1001\...\MountPoints2: {259aa72e-8a48-11e1-bcf6-806e6f6e6963} - F:\SETUP.EXE
HKU\S-1-5-21-3093385529-1678394880-1889526415-1001\...\MountPoints2: {80f9ed06-eba4-11e1-8fb0-00248c3630cb} - G:\pushinst.exe
Startup: C:\Users\Björn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Björn\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Björn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x498D64551E6FCD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: ArcPluginIEBHO Class - {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} - C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\ArcPluginIE.dll (Perfect World Entertainment Inc)
BHO-x32: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\53h5f9ae.default
FF NewTab: hxxp://www.google.com/
FF DefaultSearchEngine: Google
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.com
FF Keyword.URL: hxxp://www.google.com/search?btnG=Google+Search&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.17.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin - C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\npArcPluginFF.dll (Perfect World Entertainment Inc)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 - D:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Björn\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Björn\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Users\Björn\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Yahoo Community Smartbar - C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\53h5f9ae.default\Extensions\{e9086af4-978d-4bd1-a786-e7f8b82eccb6} [2013-09-30]
FF Extension: Greasemonkey - C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\53h5f9ae.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2012-08-27]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013-10-27]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2013-10-27]
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013-03-04]

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "sync": {
      "acknowledged_types": [ "Bookmarks", "Preferences", "Passwords", "Autofill Profiles", "Autofill", "Themes", "Typed URLs", "Extensions", "Encryption keys", "Search Engines", "Sessions", "Apps", "App Notifications" ],
      "app_notifications": true,
      "app_settings": true,
      "apps": true,
      "autofill": true,
      "autofill_profile": true,
      "bookmarks": true,
      "dictionary": true,
      "encryption_bootstrap_token": "AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAI+x3cDgMp0GEhUi93qKcyQAAAAACAAAAAAAQZgAAAAEAACAAAABX+FLpsf50j3w6pKZdwWkypCDw7jPsEEsPtI8wweXelwAAAAAOgAAAAAIAACAAAACRN3E+Qn3ckstjFoaP29b5sbIMVYRwKLHCTuQepZtFq0AAAABFx/k0aiSHY50B8ppOUYdfEQ1+Q0ZuK0ZFd+fSe3d6RIZyBa3znL8Pa27Wzsbs96RI8bnCOOjQgPUAz52tIPOgQAAAAA8lNdlHF5OhPBCkMiKS1sMR26wJRPFrDK1ujIz68nOAlOv6NzzYdroFFLwBGlogCWVnr2Z5qIIg8kpiVqgNeBc=",
      "extension_settings": true,
      "extensions": true,
      "favicon_images": true,
      "favicon_tracking": true,
      "favicons_syncing_enabled": true,
      "has_setup_completed": true,
      "history_delete_directives": true,
      "keep_everything_synced": true,
      "keystore_encryption_bootstrap_token": "AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAT4Qd482DY06YQLy4LijftwAAAAACAAAAAAAQZgAAAAEAACAAAACY7HHlaozskLV5L7YLUNFuSasfz0wJ4qDi5vtPpSHd1QAAAAAOgAAAAAIAACAAAABWEtyLqttIbXr2SGefQxhC7WtAlJdMsQULVBYY2f97T1AAAAAKK7SgnXw7ytESygrKdwe2CaKkrqWdJV0FCmQm3OU/vOMP2C+5mcX3elTExUplL6LWTrxmVu1G97IztbBSdspIrjY6B7c6YtHPn+JAmvDXmUAAAABdxpmJlgA541A4rzghKYb/k7N/8SSJ3wCztDS+2OSoL8GXZ7tzHLiWwfe7+W29/xPTpxW+/PeT+5v35BLcyzml",
      "last_synced_time": "13040627639952987",
      "managed_users": true,
      "passwords": true,
      "preferences": true,
      "priority_preferences": true,
      "search_engines": true,
      "session_sync_guid": "session_sync8Ywd7EZOKgfAi+o8QTLbUw==",
      "sessions": true,
      "suppress_start": false,
      "synced_notifications": true,
      "tabs": true,
      "themes": true,
      "typed_urls": true,
      "using_oauth"
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Björn\AppData\Local\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Björn\AppData\Local\Google\Chrome\Application\33.0.1750.154\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\Björn\AppData\Local\Google\Chrome\Application\33.0.1750.154\gcswf32.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Extension: (ProxTube) - C:\Users\Björn\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek [2012-04-28]
CHR Extension: (YouTube) - C:\Users\Björn\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-11-29]
CHR Extension: (Adblock Plus) - C:\Users\Björn\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2012-04-19]
CHR Extension: (Google-Suche) - C:\Users\Björn\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-11-29]
CHR Extension: (Google Cloud Print) - C:\Users\Björn\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmpbihcdnggfkckonfphcpjjckoebebn [2012-04-19]
CHR Extension: (JDownloader Integration for Google Chrome™) - C:\Users\Björn\AppData\Local\Google\Chrome\User Data\Default\Extensions\laeghehalempfenbefbjbhccjcoakpmm [2012-04-19]
CHR Extension: (Google Wallet) - C:\Users\Björn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-30]
CHR Extension: (Google Mail) - C:\Users\Björn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-11-29]
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2013-02-07]
CHR StartMenuInternet: Google Chrome - C:\Users\Björn\AppData\Local\Google\Chrome\Application\chrome.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-03-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-03-27] (Avira Operations GmbH & Co. KG)
S3 ArcService; C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe [88400 2014-01-24] (Perfect World Entertainment Inc)
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [393032 2013-05-13] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [384840 2013-05-13] (BlueStack Systems, Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-03-05] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-03-05] (Malwarebytes Corporation)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1103392 2012-11-13] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1369624 2012-11-13] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [168384 2012-11-13] (Safer-Networking Ltd.)
R2 postgresql-8.4; C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N "postgresql-8.4" -D "C:/postgres" -w [X]

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2014-03-27] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2014-03-27] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-03-27] (Avira Operations GmbH & Co. KG)
R3 avmaura; C:\Windows\System32\DRIVERS\avmaura.sys [116480 2013-10-10] (AVM Berlin)
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2010-10-22] (AVM Berlin)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [70984 2013-05-13] (BlueStack Systems)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-05-31] (DT Soft Ltd)
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-02-05] ()
S3 fwlanusbn; C:\Windows\System32\DRIVERS\fwlanusbn.sys [714368 2010-10-22] (AVM GmbH)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-03-05] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-03-30] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-03-05] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
R1 wStLib64; C:\Windows\System32\drivers\wStLib64.sys [61120 2014-03-22] (StdLib)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-28 21:21 - 2014-03-28 21:21 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01007.Wdf
2014-03-28 21:21 - 2014-03-28 21:19 - 00045579 ____N () C:\Users\Björn\Desktop\Kontakte.vcf
2014-03-28 21:08 - 2014-03-28 21:08 - 00023633 _____ () C:\Users\Björn\Desktop\zoek-results.txt
2014-03-28 21:02 - 2014-03-28 21:02 - 00000000 ____D () C:\Users\Bj÷rn\AppData\Roaming\Macromedia
2014-03-28 21:02 - 2014-03-28 21:02 - 00000000 ____D () C:\Users\Bj÷rn
2014-03-28 21:02 - 2014-03-28 20:50 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-03-28 20:51 - 2014-03-28 21:07 - 00023633 _____ () C:\zoek-results.log
2014-03-28 20:50 - 2014-03-28 21:00 - 00000000 ____D () C:\zoek_backup
2014-03-28 20:50 - 2014-03-28 20:50 - 00001149 _____ () C:\Users\Björn\Desktop\mbam.txt
2014-03-28 20:48 - 2014-03-28 20:48 - 01285120 _____ () C:\Users\Björn\Desktop\zoek.exe
2014-03-28 00:46 - 2014-03-28 00:46 - 00001694 _____ () C:\Users\Björn\Desktop\JRT.txt
2014-03-28 00:40 - 2014-03-28 00:40 - 01038974 _____ (Thisisu) C:\Users\Björn\Desktop\JRT.exe
2014-03-28 00:40 - 2014-03-28 00:40 - 00000000 ____D () C:\Windows\ERUNT
2014-03-28 00:39 - 2014-03-28 00:39 - 00015777 _____ () C:\Users\Björn\Desktop\AdwCleaner[S1].txt
2014-03-28 00:35 - 2014-03-28 00:37 - 00000000 ____D () C:\AdwCleaner
2014-03-28 00:33 - 2014-03-28 00:33 - 01950720 _____ () C:\Users\Björn\Desktop\adwcleaner.exe
2014-03-27 21:17 - 2014-03-27 21:18 - 00002093 _____ () C:\Users\Björn\Desktop\Anti_Malware_und_Antivir.zip
2014-03-27 21:15 - 2014-03-27 21:15 - 00012423 _____ () C:\Users\Björn\Desktop\Anti-Malware.txt
2014-03-27 21:03 - 2014-03-27 21:03 - 00017500 _____ () C:\Users\Björn\Desktop\Antivir.txt
2014-03-27 18:07 - 2014-03-27 18:07 - 00002502 _____ () C:\Users\Björn\Desktop\GMER.log
2014-03-27 17:58 - 2014-03-27 17:58 - 00380416 _____ () C:\Users\Björn\Desktop\3cwjsxg5.exe
2014-03-27 17:55 - 2014-03-30 06:35 - 00026961 _____ () C:\Users\Björn\Desktop\FRST.txt
2014-03-27 17:55 - 2014-03-27 17:56 - 00048302 _____ () C:\Users\Björn\Desktop\Addition.txt
2014-03-27 17:54 - 2014-03-30 06:35 - 00000000 ____D () C:\FRST
2014-03-27 17:53 - 2014-03-27 17:53 - 02157056 _____ (Farbar) C:\Users\Björn\Desktop\FRST64.exe
2014-03-27 17:52 - 2014-03-27 17:52 - 00000472 _____ () C:\Users\Björn\Desktop\defogger_disable.log
2014-03-27 17:52 - 2014-03-27 17:52 - 00000168 _____ () C:\Users\Björn\defogger_reenable
2014-03-27 17:51 - 2014-03-27 17:51 - 00050477 _____ () C:\Users\Björn\Desktop\Defogger.exe
2014-03-27 17:47 - 2014-03-27 17:47 - 00000000 ____D () C:\Users\Björn\Documents\Geld Björn
2014-03-27 17:47 - 2014-03-27 17:47 - 00000000 ____D () C:\Users\Björn\Documents\Dirk JGA
2014-03-27 17:46 - 2014-03-27 17:47 - 00000000 ____D () C:\Users\Björn\Desktop\Steffi
2014-03-27 17:41 - 2014-03-27 17:44 - 00000000 ____D () C:\Users\Björn\Documents\Bewerbung Provinzial
2014-03-27 17:37 - 2014-03-30 05:34 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-27 17:36 - 2014-03-27 17:36 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-27 17:36 - 2014-03-27 17:36 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-27 17:36 - 2014-03-27 17:36 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-03-27 17:36 - 2014-03-05 10:26 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-27 17:36 - 2014-03-05 10:26 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-03-27 17:36 - 2014-03-05 10:26 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-27 17:34 - 2014-03-27 17:34 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Björn\Downloads\mbam-setup-2.0.0.1000.exe
2014-03-27 17:08 - 2014-03-27 17:08 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-03-27 17:02 - 2014-03-29 22:57 - 00006687 _____ () C:\Windows\setupact.log
2014-03-27 07:03 - 2014-03-27 07:03 - 00000000 ____D () C:\Users\Björn\AppData\Roaming\Avira
2014-03-27 07:02 - 2014-03-27 07:02 - 00002070 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2014-03-27 07:02 - 2014-03-27 07:02 - 00000000 ____D () C:\ProgramData\Avira
2014-03-27 07:02 - 2014-03-27 07:02 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-03-27 07:02 - 2014-03-27 07:00 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-03-27 07:02 - 2014-03-27 07:00 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-03-27 07:02 - 2014-03-27 07:00 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-03-27 06:17 - 2009-06-10 23:00 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20140327-051759.backup
2014-03-22 10:51 - 2014-03-22 10:51 - 00061120 _____ (StdLib) C:\Windows\system32\Drivers\wStLib64.sys
2014-03-20 01:25 - 2014-03-20 23:57 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-03-19 16:52 - 2014-03-19 16:52 - 00000000 ____D () C:\Users\Default\AppData\Local\Google
2014-03-19 16:52 - 2014-03-19 16:52 - 00000000 ____D () C:\Users\Default User\AppData\Local\Google
2014-03-18 17:45 - 2014-03-18 17:45 - 00921000 _____ (Oracle Corporation) C:\Users\Björn\Downloads\chromeinstall-7u51 (1).exe
2014-03-18 17:38 - 2014-03-18 17:38 - 00921000 _____ (Oracle Corporation) C:\Users\Björn\Downloads\chromeinstall-7u51.exe
2014-03-16 17:48 - 2014-03-16 17:58 - 00000000 ____D () C:\Users\Björn\Documents\Ordnungsamt
2014-03-14 03:16 - 2014-03-01 08:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-14 03:16 - 2014-03-01 07:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-14 03:16 - 2014-03-01 07:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-14 03:16 - 2014-03-01 06:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-14 03:16 - 2014-03-01 06:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-14 03:16 - 2014-03-01 06:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-14 03:16 - 2014-03-01 06:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-14 03:16 - 2014-03-01 06:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-14 03:16 - 2014-03-01 06:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-14 03:16 - 2014-03-01 06:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-14 03:16 - 2014-03-01 06:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-14 03:16 - 2014-03-01 06:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-14 03:16 - 2014-03-01 06:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-14 03:16 - 2014-03-01 06:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-14 03:16 - 2014-03-01 06:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-14 03:16 - 2014-03-01 06:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-14 03:16 - 2014-03-01 06:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-14 03:16 - 2014-03-01 05:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-14 03:16 - 2014-03-01 05:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-14 03:16 - 2014-03-01 05:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-14 03:16 - 2014-03-01 05:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-14 03:16 - 2014-03-01 05:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-14 03:16 - 2014-03-01 05:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-14 03:16 - 2014-03-01 05:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-14 03:16 - 2014-03-01 05:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-14 03:16 - 2014-03-01 05:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-14 03:16 - 2014-03-01 05:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-14 03:16 - 2014-03-01 05:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-14 03:16 - 2014-03-01 05:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-14 03:16 - 2014-03-01 05:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-14 03:16 - 2014-03-01 05:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-14 03:16 - 2014-03-01 05:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-14 03:16 - 2014-03-01 05:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-14 03:16 - 2014-03-01 05:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-14 03:16 - 2014-03-01 04:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-14 03:16 - 2014-03-01 04:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-14 03:16 - 2014-03-01 04:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-14 03:16 - 2014-03-01 04:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-14 03:16 - 2014-03-01 04:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-14 03:16 - 2014-03-01 04:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-14 03:16 - 2014-02-07 03:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-14 03:16 - 2014-01-29 04:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-14 03:16 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-14 03:16 - 2014-01-28 04:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-14 03:15 - 2014-02-04 04:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-14 03:15 - 2014-02-04 04:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-14 03:15 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-14 03:15 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-08 18:10 - 2014-03-08 18:10 - 00000000 ____D () C:\Program Files (x86)\ffdshow
2014-03-08 18:10 - 2012-04-09 01:40 - 00079360 _____ () C:\Windows\SysWOW64\ff_vfw.dll
2014-03-06 21:36 - 2014-03-06 21:36 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-06 21:36 - 2014-03-06 21:36 - 00000000 ____D () C:\Users\Björn\AppData\Local\Skype
2014-03-04 13:56 - 2014-03-04 13:56 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-03-04 13:56 - 2014-03-04 13:56 - 00000000 ____D () C:\Program Files\iTunes
2014-03-04 13:56 - 2014-03-04 13:56 - 00000000 ____D () C:\Program Files\iPod
2014-03-04 13:56 - 2014-03-04 13:56 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-03-03 00:23 - 2014-03-03 00:23 - 00000276 _____ () C:\SSUUpdater.log
2014-03-03 00:06 - 2014-03-03 00:06 - 00000000 ____D () C:\Users\Björn\AppData\Local\Splashtop
2014-03-03 00:06 - 2014-03-03 00:06 - 00000000 ____D () C:\Users\Björn
2014-03-03 00:04 - 2014-03-03 00:05 - 19565208 _____ (Splashtop Inc.) C:\Users\Björn\Downloads\Splashtop_Streamer_WIN_v2.5.0.1.EXE
2014-03-02 23:58 - 2014-03-02 23:59 - 11239624 _____ (Splashtop Inc.) C:\Users\Björn\Downloads\Splashtop_Personal_Win_v2.4.5.2.exe

==================== One Month Modified Files and Folders =======

2014-03-30 06:35 - 2014-03-27 17:55 - 00026961 _____ () C:\Users\Björn\Desktop\FRST.txt
2014-03-30 06:35 - 2014-03-27 17:54 - 00000000 ____D () C:\FRST
2014-03-30 06:28 - 2012-11-28 23:43 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3093385529-1678394880-1889526415-1001UA.job
2014-03-30 06:25 - 2012-07-31 15:15 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-30 05:34 - 2014-03-27 17:37 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-30 04:00 - 2012-04-19 19:57 - 01914182 _____ () C:\Windows\WindowsUpdate.log
2014-03-29 23:11 - 2009-07-14 19:58 - 00699416 _____ () C:\Windows\system32\perfh007.dat
2014-03-29 23:11 - 2009-07-14 19:58 - 00149556 _____ () C:\Windows\system32\perfc007.dat
2014-03-29 23:11 - 2009-07-14 07:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-29 23:05 - 2009-07-14 06:45 - 00013568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-29 23:05 - 2009-07-14 06:45 - 00013568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-29 23:00 - 2013-05-31 17:15 - 00000546 _____ () C:\Windows\Tasks\MATLAB R2012b Startup Accelerator.job
2014-03-29 23:00 - 2012-06-15 17:18 - 00000000 ____D () C:\Users\Björn\.rainlendar2
2014-03-29 23:00 - 2012-04-19 20:42 - 00000000 ___RD () C:\Users\Björn\Dropbox
2014-03-29 23:00 - 2012-04-19 20:40 - 00000000 ____D () C:\Users\Björn\AppData\Roaming\Dropbox
2014-03-29 23:00 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-03-29 22:57 - 2014-03-27 17:02 - 00006687 _____ () C:\Windows\setupact.log
2014-03-29 22:57 - 2012-04-22 02:13 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-03-29 22:57 - 2012-04-19 22:49 - 00000000 ____D () C:\postgres
2014-03-29 22:57 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-29 16:12 - 2013-12-22 18:20 - 00000000 ____D () C:\Users\Björn\AppData\Local\Battle.net
2014-03-29 12:28 - 2012-11-28 23:43 - 00001068 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3093385529-1678394880-1889526415-1001Core.job
2014-03-29 12:23 - 2012-11-28 23:43 - 00004090 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3093385529-1678394880-1889526415-1001UA
2014-03-29 12:23 - 2012-11-28 23:43 - 00003694 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3093385529-1678394880-1889526415-1001Core
2014-03-29 00:56 - 2012-05-11 12:26 - 00000000 ____D () C:\Users\Björn\AppData\Roaming\dvdcss
2014-03-28 23:28 - 2014-02-03 18:38 - 00011042 _____ () C:\Users\Björn\Desktop\Essen.xlsx
2014-03-28 21:21 - 2014-03-28 21:21 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01007.Wdf
2014-03-28 21:19 - 2014-03-28 21:21 - 00045579 ____N () C:\Users\Björn\Desktop\Kontakte.vcf
2014-03-28 21:08 - 2014-03-28 21:08 - 00023633 _____ () C:\Users\Björn\Desktop\zoek-results.txt
2014-03-28 21:07 - 2014-03-28 20:51 - 00023633 _____ () C:\zoek-results.log
2014-03-28 21:06 - 2012-04-19 20:46 - 00418436 _____ () C:\Windows\PFRO.log
2014-03-28 21:02 - 2014-03-28 21:02 - 00000000 ____D () C:\Users\Bj÷rn\AppData\Roaming\Macromedia
2014-03-28 21:02 - 2014-03-28 21:02 - 00000000 ____D () C:\Users\Bj÷rn
2014-03-28 21:00 - 2014-03-28 20:50 - 00000000 ____D () C:\zoek_backup
2014-03-28 21:00 - 2012-04-19 19:57 - 00000000 ____D () C:\Users\Björn
2014-03-28 20:50 - 2014-03-28 21:02 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-03-28 20:50 - 2014-03-28 20:50 - 00001149 _____ () C:\Users\Björn\Desktop\mbam.txt
2014-03-28 20:48 - 2014-03-28 20:48 - 01285120 _____ () C:\Users\Björn\Desktop\zoek.exe
2014-03-28 00:46 - 2014-03-28 00:46 - 00001694 _____ () C:\Users\Björn\Desktop\JRT.txt
2014-03-28 00:40 - 2014-03-28 00:40 - 01038974 _____ (Thisisu) C:\Users\Björn\Desktop\JRT.exe
2014-03-28 00:40 - 2014-03-28 00:40 - 00000000 ____D () C:\Windows\ERUNT
2014-03-28 00:39 - 2014-03-28 00:39 - 00015777 _____ () C:\Users\Björn\Desktop\AdwCleaner[S1].txt
2014-03-28 00:37 - 2014-03-28 00:35 - 00000000 ____D () C:\AdwCleaner
2014-03-28 00:33 - 2014-03-28 00:33 - 01950720 _____ () C:\Users\Björn\Desktop\adwcleaner.exe
2014-03-27 21:22 - 2009-07-14 04:34 - 00000678 _____ () C:\Windows\win.ini
2014-03-27 21:18 - 2014-03-27 21:17 - 00002093 _____ () C:\Users\Björn\Desktop\Anti_Malware_und_Antivir.zip
2014-03-27 21:15 - 2014-03-27 21:15 - 00012423 _____ () C:\Users\Björn\Desktop\Anti-Malware.txt
2014-03-27 21:03 - 2014-03-27 21:03 - 00017500 _____ () C:\Users\Björn\Desktop\Antivir.txt
2014-03-27 18:07 - 2014-03-27 18:07 - 00002502 _____ () C:\Users\Björn\Desktop\GMER.log
2014-03-27 17:58 - 2014-03-27 17:58 - 00380416 _____ () C:\Users\Björn\Desktop\3cwjsxg5.exe
2014-03-27 17:56 - 2014-03-27 17:55 - 00048302 _____ () C:\Users\Björn\Desktop\Addition.txt
2014-03-27 17:53 - 2014-03-27 17:53 - 02157056 _____ (Farbar) C:\Users\Björn\Desktop\FRST64.exe
2014-03-27 17:52 - 2014-03-27 17:52 - 00000472 _____ () C:\Users\Björn\Desktop\defogger_disable.log
2014-03-27 17:52 - 2014-03-27 17:52 - 00000168 _____ () C:\Users\Björn\defogger_reenable
2014-03-27 17:51 - 2014-03-27 17:51 - 00050477 _____ () C:\Users\Björn\Desktop\Defogger.exe
2014-03-27 17:48 - 2012-04-19 23:23 - 00000000 ____D () C:\Users\Björn\Documents\Studium
2014-03-27 17:47 - 2014-03-27 17:47 - 00000000 ____D () C:\Users\Björn\Documents\Geld Björn
2014-03-27 17:47 - 2014-03-27 17:47 - 00000000 ____D () C:\Users\Björn\Documents\Dirk JGA
2014-03-27 17:47 - 2014-03-27 17:46 - 00000000 ____D () C:\Users\Björn\Desktop\Steffi
2014-03-27 17:44 - 2014-03-27 17:41 - 00000000 ____D () C:\Users\Björn\Documents\Bewerbung Provinzial
2014-03-27 17:42 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Public\Libraries
2014-03-27 17:36 - 2014-03-27 17:36 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-27 17:36 - 2014-03-27 17:36 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-27 17:36 - 2014-03-27 17:36 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-03-27 17:34 - 2014-03-27 17:34 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Björn\Downloads\mbam-setup-2.0.0.1000.exe
2014-03-27 17:08 - 2014-03-27 17:08 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-03-27 07:03 - 2014-03-27 07:03 - 00000000 ____D () C:\Users\Björn\AppData\Roaming\Avira
2014-03-27 07:02 - 2014-03-27 07:02 - 00002070 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2014-03-27 07:02 - 2014-03-27 07:02 - 00000000 ____D () C:\ProgramData\Avira
2014-03-27 07:02 - 2014-03-27 07:02 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-03-27 07:00 - 2014-03-27 07:02 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-03-27 07:00 - 2014-03-27 07:02 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-03-27 07:00 - 2014-03-27 07:02 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-03-27 06:06 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-03-26 12:50 - 2012-04-19 22:52 - 00000000 ____D () C:\Users\postgres
2014-03-24 00:21 - 2012-04-19 23:18 - 00000000 ____D () C:\Users\Björn\AppData\Local\PokerStars.EU
2014-03-24 00:20 - 2013-11-28 00:52 - 00000000 ____D () C:\Program Files (x86)\PokerStars.EU
2014-03-23 20:47 - 2013-10-27 12:35 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-22 21:25 - 2013-12-22 18:19 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-03-22 10:51 - 2014-03-22 10:51 - 00061120 _____ (StdLib) C:\Windows\system32\Drivers\wStLib64.sys
2014-03-21 20:02 - 2012-08-07 22:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-20 23:57 - 2014-03-20 01:25 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-03-20 01:43 - 2013-10-20 21:06 - 00000000 ____D () C:\Users\Björn\AppData\Local\Spotify
2014-03-20 01:43 - 2013-10-20 21:05 - 00000000 ____D () C:\Users\Björn\AppData\Roaming\Spotify
2014-03-19 16:52 - 2014-03-19 16:52 - 00000000 ____D () C:\Users\Default\AppData\Local\Google
2014-03-19 16:52 - 2014-03-19 16:52 - 00000000 ____D () C:\Users\Default User\AppData\Local\Google
2014-03-19 04:01 - 2013-08-14 19:43 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-19 04:00 - 2012-04-19 20:12 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-18 17:45 - 2014-03-18 17:45 - 00921000 _____ (Oracle Corporation) C:\Users\Björn\Downloads\chromeinstall-7u51 (1).exe
2014-03-18 17:38 - 2014-03-18 17:38 - 00921000 _____ (Oracle Corporation) C:\Users\Björn\Downloads\chromeinstall-7u51.exe
2014-03-17 11:22 - 2012-04-20 00:21 - 00000000 ____D () C:\Users\Björn\AppData\Local\Deployment
2014-03-16 17:58 - 2014-03-16 17:48 - 00000000 ____D () C:\Users\Björn\Documents\Ordnungsamt
2014-03-16 17:48 - 2012-04-19 23:23 - 00000000 ____D () C:\Users\Björn\Documents\GEZ
2014-03-14 19:02 - 2013-12-22 18:27 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-03-14 04:18 - 2012-05-19 13:20 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-14 04:18 - 2012-05-19 13:20 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-14 04:18 - 2009-07-14 06:45 - 00419896 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-14 04:02 - 2012-04-23 23:39 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-13 02:47 - 2012-05-14 19:04 - 00000000 ____D () C:\Program Files (x86)\Diablo III
2014-03-12 22:25 - 2012-07-31 15:15 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-12 22:25 - 2012-07-31 15:15 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-12 22:25 - 2012-07-31 15:15 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-09 04:06 - 2012-04-19 20:23 - 00000000 ____D () C:\Users\Björn\AppData\Roaming\Skype
2014-03-09 03:01 - 2012-04-19 19:57 - 00000000 ___RD () C:\Users\Björn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-08 18:10 - 2014-03-08 18:10 - 00000000 ____D () C:\Program Files (x86)\ffdshow
2014-03-06 21:36 - 2014-03-06 21:36 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-06 21:36 - 2014-03-06 21:36 - 00000000 ____D () C:\Users\Björn\AppData\Local\Skype
2014-03-06 21:36 - 2012-04-19 20:22 - 00000000 ____D () C:\ProgramData\Skype
2014-03-05 10:26 - 2014-03-27 17:36 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-05 10:26 - 2014-03-27 17:36 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-03-05 10:26 - 2014-03-27 17:36 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-04 13:56 - 2014-03-04 13:56 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-03-04 13:56 - 2014-03-04 13:56 - 00000000 ____D () C:\Program Files\iTunes
2014-03-04 13:56 - 2014-03-04 13:56 - 00000000 ____D () C:\Program Files\iPod
2014-03-04 13:56 - 2014-03-04 13:56 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-03-04 13:56 - 2012-09-18 10:38 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-03-04 02:44 - 2012-05-11 12:25 - 00000000 ____D () C:\Users\Björn\AppData\Roaming\vlc
2014-03-03 19:13 - 2012-04-19 22:28 - 00000000 ____D () C:\Users\Björn\AppData\Local\PMB Files
2014-03-03 19:13 - 2012-04-19 22:28 - 00000000 ____D () C:\ProgramData\PMB Files
2014-03-03 00:23 - 2014-03-03 00:23 - 00000276 _____ () C:\SSUUpdater.log
2014-03-03 00:06 - 2014-03-03 00:06 - 00000000 ____D () C:\Users\Björn\AppData\Local\Splashtop
2014-03-03 00:06 - 2014-03-03 00:06 - 00000000 ____D () C:\Users\Björn
2014-03-03 00:05 - 2014-03-03 00:04 - 19565208 _____ (Splashtop Inc.) C:\Users\Björn\Downloads\Splashtop_Streamer_WIN_v2.5.0.1.EXE
2014-03-02 23:59 - 2014-03-02 23:58 - 11239624 _____ (Splashtop Inc.) C:\Users\Björn\Downloads\Splashtop_Personal_Win_v2.4.5.2.exe
2014-03-01 08:05 - 2014-03-14 03:16 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-01 07:17 - 2014-03-14 03:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-01 07:16 - 2014-03-14 03:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-01 06:58 - 2014-03-14 03:16 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-01 06:52 - 2014-03-14 03:16 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-01 06:51 - 2014-03-14 03:16 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-01 06:42 - 2014-03-14 03:16 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-01 06:40 - 2014-03-14 03:16 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-01 06:37 - 2014-03-14 03:16 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-01 06:33 - 2014-03-14 03:16 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-01 06:33 - 2014-03-14 03:16 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-01 06:32 - 2014-03-14 03:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-01 06:30 - 2014-03-14 03:16 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-01 06:23 - 2014-03-14 03:16 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-01 06:17 - 2014-03-14 03:16 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-01 06:11 - 2014-03-14 03:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-01 06:02 - 2014-03-14 03:16 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-01 05:54 - 2014-03-14 03:16 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-01 05:52 - 2014-03-14 03:16 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-01 05:51 - 2014-03-14 03:16 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-01 05:47 - 2014-03-14 03:16 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-01 05:43 - 2014-03-14 03:16 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-01 05:43 - 2014-03-14 03:16 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-01 05:42 - 2014-03-14 03:16 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-01 05:40 - 2014-03-14 03:16 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-01 05:38 - 2014-03-14 03:16 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-01 05:37 - 2014-03-14 03:16 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-01 05:35 - 2014-03-14 03:16 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-01 05:18 - 2014-03-14 03:16 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-01 05:16 - 2014-03-14 03:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-01 05:14 - 2014-03-14 03:16 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-01 05:10 - 2014-03-14 03:16 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-01 05:03 - 2014-03-14 03:16 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-01 05:00 - 2014-03-14 03:16 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-01 04:57 - 2014-03-14 03:16 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-01 04:38 - 2014-03-14 03:16 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-01 04:32 - 2014-03-14 03:16 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-01 04:27 - 2014-03-14 03:16 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-01 04:25 - 2014-03-14 03:16 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-01 04:25 - 2014-03-14 03:16 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

Some content of TEMP:
====================
C:\Users\Björn\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-20 02:13

==================== End Of Log ============================
--- --- ---

--- --- ---


Addition:
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by Björn at 2014-03-30 06:35:38
Running from C:\Users\Björn\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

µTorrent (HKLM-x32\...\uTorrent) (Version: 3.2.0 - BitTorrent Inc.)
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Amazon MP3-Downloader 1.0.18 (HKCU\...\Amazon MP3-Downloader) (Version: 1.0.18 - Amazon Services LLC)
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Arc (HKLM-x32\...\{CED8E25B-122A-4E80-B612-7F99B93284B3}) (Version: 1.0.0.5510 - Perfect World Entertainment)
AutoHotkey 1.0.48.05 (HKLM-x32\...\AutoHotkey) (Version: 1.0.48.05 - Chris Mallett)
AutoIt v3.3.8.1 (HKLM-x32\...\AutoItv3) (Version:  - AutoIt Team)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
Batman: Arkham Asylum GOTY Edition (HKLM-x32\...\Steam App 35140) (Version:  - Rocksteady Studios)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.7.12.896 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM-x32\...\{A7FC82AC-986D-48D5-8AAE-A75C1D829E0A}) (Version: 0.7.12.896 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.47.1.0333 - Disc Soft Ltd)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{92C42EDD-6524-4577-B2EB-6C68C63B6D4A}) (Version:  - Microsoft)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.24 - DivX, LLC)
Dropbox (HKCU\...\Dropbox) (Version: 2.4.11 - Dropbox, Inc.)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Evernote v. 5.1.2 (HKLM-x32\...\{12FB6296-8840-11E3-86D7-00163E98E7D0}) (Version: 5.1.2.2387 - Evernote Corp.)
ffdshow v1.2.4422 [2012-04-09] (HKLM-x32\...\ffdshow_is1) (Version: 1.2.4422.0 - )
FILSHtray (HKLM-x32\...\{0844CC2A-512E-4BA1-872B-02887E7A2672}) (Version: 0.12 - FILSH Media GmbH)
Fraps (HKLM-x32\...\Fraps) (Version:  - )
Free PDF to Word Doc Converter v1.1 (HKLM-x32\...\Free PDF to Word Doc Converter_is1) (Version: 1.1 - www.hellopdf.com)
Free YouTube to MP3 Converter version 3.11.26.706 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.11.26.706 - DVDVideoSoft Ltd.)
FRITZ!Box USB-Fernanschluss (HKCU\...\2db37667170956ee) (Version: 2.3.2.0 - AVM Berlin)
GeoGebra (HKLM-x32\...\GeoGebra) (Version: 4.0.30.0 - International GeoGebra Institute)
Google Chrome (HKCU\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
Google Update Helper (x32 Version: 1.3.23.0 - DealPly Technologies Ltd) Hidden <==== ATTENTION
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Holdem Manager (HKLM-x32\...\HoldemManager) (Version:  - )
ICM Trainer Light (HKLM-x32\...\{3C630BB8-692D-4495-A0BD-40336CD51F99}) (Version: 1.4 - PokerStrategy.com)
IDroo 1.0.0.154 (HKLM-x32\...\IDroo) (Version: 1.0.0.154 - Iteral Group Ltd)
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Java 7 Update 17 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417017FF}) (Version: 7.0.170 - Oracle)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java SE Development Kit 7 Update 17 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170170}) (Version: 1.7.0.170 - Oracle)
Java(TM) 6 Update 37 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216035FF}) (Version: 6.0.370 - Oracle)
join.me (HKCU\...\JoinMe) (Version: 1.3.1.429 - LogMeIn, Inc.)
League of Legends (HKLM-x32\...\{918A9082-6287-4D25-9002-5E5D5E4971CB}) (Version: 1.02.0000 - Riot Games)
Logitech GamePanel Software 3.06.109 (HKLM\...\{A1E85B9A-AFAD-4D38-AF01-6B020DD5213A}) (Version: 3.06.109 - Logitech Inc.)
Logitech Gaming Software 5.10 (HKLM\...\{1444D2EE-C7AD-44A8-844F-2634B49353D1}) (Version: 5.10.127 - Logitech)
Logitech Harmony Remote Software 7 (HKLM-x32\...\{5C6F884D-680C-448B-B4C9-22296EE1B206}) (Version: 7.7.0.0 - Logitech)
Logitech Harmony Remote Software 7 (x32 Version: 7.7.0.0 - Logitech) Hidden
Logitech SetPoint 6.32 (HKLM\...\sp6) (Version: 6.32.20 - Logitech)
Malwarebytes Anti-Malware Version 2.00.0.1000 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.00.0.1000 - Malwarebytes Corporation)
ManiaPlanet (HKLM-x32\...\ManiaPlanet_is1) (Version:  - Nadeo)
MATLAB R2012b (HKLM\...\Matlab R2012b) (Version: 8.0 - The MathWorks, Inc.)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MiKTeX 2.9 (HKLM\...\MiKTeX 2.9) (Version: 2.9 - MiKTeX.org)
Mozilla Firefox 24.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 24.0 (x86 en-US)) (Version: 24.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 24.4.0 - Mozilla)
Mozilla Thunderbird 24.4.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.4.0 (x86 de)) (Version: 24.4.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA 3D Vision Controller-Treiber 301.42 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 301.42 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 311.06 - NVIDIA Corporation)
NVIDIA Grafiktreiber 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.06 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.108.688 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.12.0213 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.12.0213 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0213 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1106 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 311.06 (Version: 311.06 - NVIDIA Corporation) Hidden
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.11.3 - NVIDIA Corporation) Hidden
Opera 12.10 (HKLM-x32\...\Opera 12.10.1652) (Version: 12.10.1652 - Opera Software ASA)
Oracle VM VirtualBox 4.1.18 (HKLM\...\{4EE61784-10C6-4B7C-A0B2-5BED17B05741}) (Version: 4.1.18 - Oracle Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.3.1.4482 - Electronic Arts, Inc.)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)
PDF24 Creator 5.2.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
PokerStars (HKLM-x32\...\PokerStars) (Version:  - PokerStars)
PokerStars.eu (HKLM-x32\...\PokerStars.eu) (Version:  - PokerStars.eu)
PokerStrategy.com Equilab (HKLM-x32\...\{4C454033-8240-425E-A170-1C648FCB74FD}) (Version: 1.2.6.0 - PokerStrategy.com)
PokerStrategy.com SideKick (HKCU\...\5e9f0bf649a2dbca) (Version: 2.0.1220.2 - PokerStrategy.com)
PostgreSQL 8.4 (HKLM-x32\...\PostgreSQL 8.4) (Version: 8.4 - PostgreSQL Global Development Group)
Rainlendar2 (remove only) (HKLM-x32\...\Rainlendar2) (Version:  - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5859 - Realtek Semiconductor Corp.)
Remote Control USB Driver (HKLM-x32\...\{8471021C-F529-43DE-84DF-3612E10F58C4}) (Version: 2.3.2.317 - )
Sacred 2 (HKLM-x32\...\{1023383E-D9F6-478C-A965-23A4657B3C9A}) (Version: 2.0.2.0 - Ascaron Entertainment)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.3.2.12064_10 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.3.2.12064_10 - Samsung Electronics Co., Ltd.) Hidden
Samsung Story Album Viewer (HKLM-x32\...\InstallShield_{698BBAD8-B116-495D-B879-0F07A533E57F}) (Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.)
Samsung Story Album Viewer (x32 Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.29.0 - SAMSUNG Electronics Co., Ltd.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Spotify (HKCU\...\Spotify) (Version: 0.9.7.16.g4b197456 - Spotify AB)
spotimote (HKLM-x32\...\spotimote) (Version:  - )
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.0.12 - Safer-Networking Ltd.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
TableNinja (HKLM-x32\...\{07390157-76DC-448B-B756-6022DF5BEF7A}) (Version: 1.2.157 - ALXSoftware)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.6 - TeamSpeak Systems GmbH)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.24848 - TeamViewer)
Tesseract-OCR - open source OCR engine (HKLM-x32\...\Tesseract-OCR) (Version: 3.02.02 - Tesseract-OCR community)
TeXnicCenter Version 1.0 Stable RC1 (HKLM-x32\...\TeXnicCenter_is1) (Version: Version 1.0 Stable RC1 - TeXnicCenter.org)
UltraMon (HKLM\...\{537056B7-32A4-4408-9B54-0341963C7C9C}) (Version: 3.1.0 - Realtime Soft Ltd)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{C70D2038-A2C4-4A99-87DE-5272BB44F0CE}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{83B1B530-7D9E-4C6A-907F-E979CEE9C295}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{81812245-FC84-426A-BC02-6659C88CC7B2}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2775360) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{80F56E3F-1D47-4E45-B6E0-FEF4E919F4F9}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2878227) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{5D357893-40BA-4323-86BA-D97C66CD72F4}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{8C55AA83-54C2-4236-A622-78440A411DC5}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{E78E2B68-8FD1-42EE-BB74-99A4D9E6222D}) (Version:  - Microsoft)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VLC media player 2.0.1 (HKLM-x32\...\VLC media player) (Version: 2.0.1 - VideoLAN)
WinRAR 4.11 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.11.0 - win.rar GmbH)
Yahoo Community Smartbar (HKLM-x32\...\{9E105931-898D-457E-B175-7F422AA0A5E3}) (Version: 1.51.66.11081 - Linkury Inc.) <==== ATTENTION
Yahoo Community Smartbar Engine (HKCU\...\{32b2b04b-cd4d-4137-8737-64b555d1d3b5}) (Version: 1.51.66.11081 - Linkury Inc.) <==== ATTENTION
yEd Graph Editor 3.9.1 (HKLM-x32\...\3309-7404-0599-8908) (Version: 3.9.1 - yWorks GmbH)

==================== Restore Points  =========================

27-03-2014 19:57:15 Geplanter Prüfpunkt
28-03-2014 18:51:25 zoek.exe restore point

==================== Hosts content: ==========================

2012-04-19 21:09 - 2014-03-27 06:17 - 00450709 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1        www.007guard.com
127.0.0.1        007guard.com
127.0.0.1        008i.com
127.0.0.1        www.008k.com
127.0.0.1        008k.com
127.0.0.1        www.00hq.com
127.0.0.1        00hq.com
127.0.0.1        010402.com
127.0.0.1        www.032439.com
127.0.0.1        032439.com
127.0.0.1        www.0scan.com
127.0.0.1        0scan.com
127.0.0.1        1000gratisproben.com
127.0.0.1        www.1000gratisproben.com
127.0.0.1        1001namen.com
127.0.0.1        www.1001namen.com
127.0.0.1        100888290cs.com
127.0.0.1        www.100888290cs.com
127.0.0.1        www.100sexlinks.com
127.0.0.1        100sexlinks.com
127.0.0.1        10sek.com
127.0.0.1        www.10sek.com
127.0.0.1        www.1-2005-search.com
127.0.0.1        1-2005-search.com
127.0.0.1        123fporn.info
127.0.0.1        www.123fporn.info
127.0.0.1        123haustiereundmehr.com
127.0.0.1        www.123haustiereundmehr.com
127.0.0.1        123moviedownload.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

Task: {1CD8EFA5-0089-4B2D-AA43-92A062FF4BD1} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {373A5D9B-59A2-4307-9023-3C04E704A172} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {9ABE94C0-9822-4D50-AD27-088AEE7BB3A1} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {BBE1AF83-C9CC-4C4B-8E6F-6E7A951FB875} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3093385529-1678394880-1889526415-1001Core => C:\Users\Björn\AppData\Local\Google\Update\GoogleUpdate.exe [2012-11-28] (Google Inc.)
Task: {BEB9773C-1037-478A-8159-1829424C9B18} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3093385529-1678394880-1889526415-1001UA => C:\Users\Björn\AppData\Local\Google\Update\GoogleUpdate.exe [2012-11-28] (Google Inc.)
Task: {D740E83C-9276-48D6-87CC-17B648BF4765} - System32\Tasks\MATLAB R2012b Startup Accelerator => D:\Program Files\MATLAB\R2012b\bin\win64\MATLABStartupAccelerator.exe [2012-07-20] ()
Task: {DD416370-D102-4F09-BC39-D95C10043569} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-12] (Adobe Systems Incorporated)
Task: {FD59E472-9C22-4295-9C30-3F65C2664A1F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3093385529-1678394880-1889526415-1001Core.job => C:\Users\Björn\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3093385529-1678394880-1889526415-1001UA.job => C:\Users\Björn\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\MATLAB R2012b Startup Accelerator.job => D:\Program Files\MATLAB\R2012b\bin\win64\MATLABStartupAccelerator.exe

==================== Loaded Modules (whitelisted) =============

2012-04-22 02:13 - 2013-01-18 17:00 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2012-04-20 00:27 - 2012-02-17 20:55 - 00193536 _____ () D:\Program Files\WinRAR\rarext.dll
2011-10-07 11:39 - 2011-10-07 11:39 - 01304856 _____ () C:\Program Files\Logitech\SetPointP\Macros\MacroCore.dll
2011-08-12 07:45 - 2011-08-12 07:45 - 02433024 _____ () C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe
2013-05-22 20:50 - 2013-05-22 20:50 - 00400704 _____ () C:\Users\Björn\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
2013-09-23 22:23 - 2013-09-23 22:23 - 02170416 _____ () C:\Program Files (x86)\spotimote\spotimote.exe
2012-11-30 04:06 - 2013-02-13 04:37 - 01263952 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
2014-03-27 07:02 - 2014-03-27 07:00 - 00394808 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-04-19 22:47 - 2012-02-24 09:25 - 00172032 _____ () C:\Program Files (x86)\PostgreSQL\8.4\bin\LIBPQ.dll
2013-01-09 02:25 - 2012-11-13 15:06 - 00108960 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2013-01-09 02:25 - 2012-11-13 15:06 - 00416160 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2013-01-09 02:25 - 2012-11-13 15:06 - 00158624 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2013-01-09 02:25 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2013-01-09 02:25 - 2012-11-13 15:06 - 00528288 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl
2012-04-19 22:47 - 2009-02-12 21:01 - 00976384 _____ () C:\Program Files (x86)\PostgreSQL\8.4\bin\libxml2.dll
2012-04-19 22:47 - 2005-07-20 12:48 - 00059904 _____ () C:\Program Files (x86)\PostgreSQL\8.4\bin\zlib1.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2013-09-23 22:23 - 2013-09-23 22:23 - 00084528 _____ () C:\Program Files (x86)\spotimote\msgdll.dll
2014-01-08 20:19 - 2013-12-13 00:19 - 00142848 _____ () D:\Program Files (x86)\Steam\libavresample-1.dll
2014-01-08 20:19 - 2013-11-05 03:12 - 00890592 _____ () D:\Program Files (x86)\Steam\libavutil-52.dll
2013-03-12 18:10 - 2014-02-11 04:34 - 00751616 _____ () D:\Program Files (x86)\Steam\SDL2.dll
2013-01-10 00:02 - 2014-02-25 23:57 - 01135296 _____ () D:\Program Files (x86)\Steam\bin\chromehtml.DLL
2013-01-10 00:02 - 2014-01-11 01:33 - 20625832 _____ () D:\Program Files (x86)\Steam\bin\libcef.dll
2013-01-10 00:02 - 2013-06-15 01:49 - 01100800 _____ () D:\Program Files (x86)\Steam\bin\avcodec-53.dll
2013-01-10 00:02 - 2013-06-15 01:49 - 00124416 _____ () D:\Program Files (x86)\Steam\bin\avutil-51.dll
2013-01-10 00:02 - 2013-06-15 01:49 - 00192000 _____ () D:\Program Files (x86)\Steam\bin\avformat-53.dll
2014-03-15 15:26 - 2014-03-15 02:50 - 00051016 _____ () C:\Users\Björn\AppData\Local\Google\Chrome\Application\33.0.1750.154\chrome_elf.dll
2010-05-23 20:20 - 2010-05-23 20:20 - 00126976 _____ () C:\Program Files (x86)\Rainlendar2\lua51.dll
2011-08-12 07:45 - 2011-08-12 07:45 - 00198144 _____ () C:\Program Files (x86)\Rainlendar2\plugins\iCalendarPlugin.dll
2010-05-23 20:20 - 2010-05-23 20:20 - 00012288 _____ () C:\Program Files (x86)\Rainlendar2\lfs.dll
2013-05-03 23:31 - 2013-05-03 23:31 - 01477840 _____ () C:\Program Files (x86)\spotimote\libspotify.dll
2013-10-19 01:55 - 2013-10-19 01:55 - 25100288 _____ () C:\Users\Björn\AppData\Roaming\Dropbox\bin\libcef.dll
2014-01-22 14:29 - 2014-01-22 14:29 - 00433664 _____ () C:\Program Files (x86)\Evernote\Evernote\libxml2.dll
2014-01-22 14:29 - 2014-01-22 14:29 - 00315392 _____ () C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
2013-01-09 02:25 - 2012-11-13 15:06 - 00554400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl
2013-02-13 04:38 - 2013-02-13 04:38 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
2014-03-15 15:26 - 2014-03-15 02:50 - 00716616 _____ () C:\Users\Björn\AppData\Local\Google\Chrome\Application\33.0.1750.154\libglesv2.dll
2014-03-15 15:26 - 2014-03-15 02:50 - 00100168 _____ () C:\Users\Björn\AppData\Local\Google\Chrome\Application\33.0.1750.154\libegl.dll
2014-03-15 15:26 - 2014-03-15 02:50 - 04061000 _____ () C:\Users\Björn\AppData\Local\Google\Chrome\Application\33.0.1750.154\pdf.dll
2014-03-15 15:26 - 2014-03-15 02:50 - 00394568 _____ () C:\Users\Björn\AppData\Local\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll
2014-03-15 15:26 - 2014-03-15 02:50 - 01647432 _____ () C:\Users\Björn\AppData\Local\Google\Chrome\Application\33.0.1750.154\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupreg: PokerStrategy.com SideKick => "C:\Users\Björn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PokerStrategy.com\PokerStrategy.com SideKick.appref-ms"

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/29/2014 11:00:32 PM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall

Error: (03/29/2014 10:57:40 PM) (Source: BstHdAndroidSvc) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
  bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
  bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (03/29/2014 00:12:50 PM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall

Error: (03/29/2014 00:12:12 PM) (Source: BstHdAndroidSvc) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
  bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
  bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (03/28/2014 10:36:25 PM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall

Error: (03/28/2014 10:35:43 PM) (Source: BstHdAndroidSvc) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
  bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
  bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (03/28/2014 08:38:36 PM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall

Error: (03/28/2014 04:33:02 PM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall


System errors:
=============
Error: (03/29/2014 11:00:00 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069

Error: (03/29/2014 11:00:00 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (03/29/2014 10:57:40 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "BlueStacks Android Service" wurde mit folgendem Fehler beendet:
%%1064

Error: (03/29/2014 04:16:04 PM) (Source: DCOM) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (03/29/2014 00:14:41 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069

Error: (03/29/2014 00:14:41 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (03/29/2014 00:12:12 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "BlueStacks Android Service" wurde mit folgendem Fehler beendet:
%%1064

Error: (03/28/2014 10:38:02 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069

Error: (03/28/2014 10:38:02 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (03/28/2014 10:37:09 PM) (Source: atapi) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort5 gefunden.


Microsoft Office Sessions:
=========================
Error: (03/29/2014 11:00:32 PM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall

Error: (03/29/2014 10:57:40 PM) (Source: BstHdAndroidSvc)(User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
  bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
  bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (03/29/2014 00:12:50 PM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall

Error: (03/29/2014 00:12:12 PM) (Source: BstHdAndroidSvc)(User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
  bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
  bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (03/28/2014 10:36:25 PM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall

Error: (03/28/2014 10:35:43 PM) (Source: BstHdAndroidSvc)(User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
  bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
  bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (03/28/2014 08:38:36 PM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall

Error: (03/28/2014 04:33:02 PM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall


CodeIntegrity Errors:
===================================
  Date: 2013-02-14 11:53:05.345
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-02-14 11:53:05.286
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-02-14 11:53:03.217
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-02-14 11:53:03.157
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-02-14 11:53:01.080
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-02-14 11:53:01.020
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-02-14 11:52:58.949
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-02-14 11:52:58.892
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-02-14 11:52:56.824
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-02-14 11:52:56.766
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info ===========================

Percentage of memory in use: 61%
Total physical RAM: 4095.05 MB
Available physical RAM: 1580.83 MB
Total Pagefile: 8188.28 MB
Available Pagefile: 5006.75 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:167.68 GB) (Free:23.34 GB) NTFS
Drive d: () (Fixed) (Total:683.5 GB) (Free:658.76 GB) NTFS
Drive e: () (Fixed) (Total:247.92 GB) (Free:247.82 GB) NTFS
Drive f: (X_MEN_3_RENTAL) (CDROM) (Total:6.94 GB) (Free:0 GB) UDF
Drive i: () (Removable) (Total:1.87 GB) (Free:1.74 GB) FAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 168 GB) (Disk ID: 157B2201)
Partition 1: (Not Active) - (Size=168 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 78BC26E7)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=683 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=248 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 2 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================
SystemLook:
Code:
SystemLook 30.07.11 by jpshortstuff
Log created at 06:37 on 30/03/2014 by Björn
Administrator - Elevation successful

========== regfind ==========

Searching for "Conduit"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966]
"2D6317878F0F5264AAF3277D97A58C24"="C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\iSyncConduit.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966\2D6317878F0F5264AAF3277D97A58C24]
"File"="iSyncConduit.dll"

Searching for "LyricsParty"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{06806808-055B-4C53-AAE9-346ABBE90AD5}\1.0\0\win32]
@="C:\Program Files (x86)\LyricsParty\128.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{06806808-055B-4C53-AAE9-346ABBE90AD5}\1.0\HELPDIR]
@="C:\Program Files (x86)\LyricsParty"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{06806808-055B-4C53-AAE9-346ABBE90AD5}\1.0\0\win32]
@="C:\Program Files (x86)\LyricsParty\128.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{06806808-055B-4C53-AAE9-346ABBE90AD5}\1.0\HELPDIR]
@="C:\Program Files (x86)\LyricsParty"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{06806808-055B-4C53-AAE9-346ABBE90AD5}\1.0\0\win32]
@="C:\Program Files (x86)\LyricsParty\128.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{06806808-055B-4C53-AAE9-346ABBE90AD5}\1.0\HELPDIR]
@="C:\Program Files (x86)\LyricsParty"

-= EOF =-
Nun zu den Fragen:
Ich merke momentan nichts mehr von der Malware. Keine Popups mehr, keine komische Werbung und weder Malware, noch Antivir haben noch angeschlagen (nur zoek mag Antivir nicht^^)

Der Rechner läuft komplett flüssig, allerdings hatte ich auch keine Performanceprobleme, während die Werbung etc. mich gestört haben.

LG,
Björn

M-K-D-B 30.03.2014 13:01
Servus,



Zitat:
Zitat von Schattenlord (Beitrag 1276236)
nur zoek mag Antivir nicht^^)
Ja, das ist ein Fehlalarm von Avira, einfach ignorieren. ;)




Wir entfernen die letzten Reste und kontrollieren nochmal alles. ESET kann länger (> 2 h) dauern.
Im Anschluss daran räumen wir auf und ich gebe dir noch ein paar Tipps mit auf den Weg.



Schritt 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument


Code:
start
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{06806808-055B-4C53-AAE9-346ABBE90AD5}" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{06806808-055B-4C53-AAE9-346ABBE90AD5}" /f
end

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.






Schritt 2
Downloade dir die passende Version von HitmanPro auf deinen Desktop: HitmanPro - 32 Bit | HitmanPro - 64 Bit.
  • Starte die HitmanPro.exe
  • Klicke auf
  • Entferne den Haken bei
  • Klicke auf
    und
  • Akzeptiere die Lizenzbedingungen und klicke auf
  • Klicke auf

    und auf
  • Wenn der Scan beendet wurde, nichts löschen lassen etc. sondern wähle unten links auf der Button-Leiste
    und speichere die Logdatei auf Deinem Desktop.
  • Schließe HitmanPro und poste mir das Log.

 






Schritt 3

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset






Schritt 4
Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.






Bitte poste mit deiner nächsten Antwort
  • die Logdatei von FRST,
  • die Logdatei von HitmanPro,
  • die Logdatei von ESET,
  • die Logdatei von SecurityCheck.

Schattenlord 30.03.2014 17:29
Hallo,
hier die geforderten Logs ;)

FRST:
Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014
Ran by Björn at 2014-03-30 14:15:21 Run:1
Running from C:\Users\Björn\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{06806808-055B-4C53-AAE9-346ABBE90AD5}" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{06806808-055B-4C53-AAE9-346ABBE90AD5}" /f
end
*****************

HKLM\SOFTWARE\Policies\Google => Key deleted successfully.

========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{06806808-055B-4C53-AAE9-346ABBE90AD5}" /f =========

Der Vorgang wurde erfolgreich beendet.



========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{06806808-055B-4C53-AAE9-346ABBE90AD5}" /f =========

FEHLER: Der angegebene Registrierungsschlssel bzw. Wert wurde nicht gefunden.


========= End of Reg: =========


==== End of Fixlog ====
Hitman:
Code:
HitmanPro 3.7.9.216
www.hitmanpro.com

  Computer name . . . . : BJOERN-PC
  Windows . . . . . . . : 6.1.1.7601.X64/4
  User name . . . . . . : BJOERN-PC\Björn
  UAC . . . . . . . . . : Enabled
  License . . . . . . . : Trial (30 days left)

  Scan date . . . . . . : 2014-03-30 14:17:17
  Scan mode . . . . . . : Normal
  Scan duration . . . . : 1m 40s
  Disk access mode  . . : Direct disk access (SRB)
  Cloud . . . . . . . . : Internet
  Reboot  . . . . . . . : Yes

  Threats . . . . . . . : 0
  Traces  . . . . . . . : 17

  Objects scanned . . . : 2.769.347
  Files scanned . . . . : 57.094
  Remnants scanned  . . : 681.329 files / 2.030.924 keys

Suspicious files ____________________________________________________________

  C:\Users\Björn\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe -> Deleted
      Size . . . . . . . : 400.704 bytes
      Age  . . . . . . . : 292.9 days (2013-06-10 16:11:05)
      Entropy  . . . . . : 6.3
      SHA-256  . . . . . : C82171BEDBFE593A04D09C2E20B0528AA3CEC722D6919F8A5C70C6EFFB9EFEAE
      RSA Key Size . . . : 2048
      Parent Name  . . . : C:\Windows\Explorer.EXE
      Authenticode . . . : Self-signed
      Running processes  : 3684
      Fuzzy  . . . . . . : 24.0
        Program is code self-signed.
        This program is actively listening for inbound network connections.
        Uses the Windows Registry to run each time the user logs on.
        Authors name is missing in version info. This is not common to most programs.
        Version control is missing. This file is probably created by an individual. This is not typical for most programs.
        Program starts automatically without user intervention.
        The file is in use by one or more active processes.
      Startup
        HKU\S-1-5-21-3093385529-1678394880-1889526415-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AmazonMP3DownloaderHelper
      Network Ports
        0.0.0.0:4618       


Potential Unwanted Programs _________________________________________________

  HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}\ (FTDownloader) -> Deleted
  HKLM\SOFTWARE\Classes\Record\{2009AF2F-5786-3067-8799-B97F7832FDD6}\ (FLV Player) -> Deleted
  HKLM\SOFTWARE\Classes\Record\{425E7597-03A2-338D-B72A-0E51FFE77A7E}\ (FLV Player) -> Deleted
  HKLM\SOFTWARE\Classes\Record\{915BB7D5-082E-3B91-B1E0-45B5FDE01F24}\ (FLV Player) -> Deleted
  HKLM\SOFTWARE\Classes\Record\{FB2E65F4-5687-33EF-9BBF-4E3C9C98D3B9}\ (FLV Player) -> Deleted
  HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}\ (FTDownloader) -> PendingDelete
  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\5E8031606EB60A64C882918F8FF38DD4\ (FLV Player) -> Deleted
  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964\ (FLV Player) -> Deleted
  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467\ (FLV Player) -> Deleted
  HKU\S-1-5-21-3093385529-1678394880-1889526415-1001\Software\Microsoft\Installer\UpgradeCodes\5E8031606EB60A64C882918F8FF38DD4\ (FLV Player) -> Deleted
  HKU\S-1-5-21-3093385529-1678394880-1889526415-1001\Software\Microsoft\Internet Explorer\Approved Extensions\{4D2D3B0F-69BE-477A-90F5-FDDB05357975} (Claro) -> Deleted
  HKU\S-1-5-21-3093385529-1678394880-1889526415-1001\Software\Microsoft\Internet Explorer\Approved Extensions\{98889811-442D-49DD-99D7-DC866BE87DBC} (Claro) -> Deleted
  HKU\S-1-5-21-3093385529-1678394880-1889526415-1010\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ (FLV Player) -> Deleted
ESET:
Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=7e50d2c78a02354c8d018a6f089b773c
# engine=17682
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-03-30 04:18:22
# local_time=2014-03-30 06:18:22 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 94 14483 303508 7261 0
# compatibility_mode=5893 16776574 100 94 329340 147826152 0 0
# scanned=460171
# found=1
# cleaned=0
# scan_time=13605
sh=6FC2E155EC8DACADBB800C7CB390C365BA700509 ft=0 fh=0000000000000000 vn="Win32/Adware.AddLyrics.L application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\53h5f9ae.default\Extensions\128\chrome\content\main.js.vir"
SecurityCheck:
Code:
Results of screen317's Security Check version 0.99.80 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
Avira Desktop 
 Antivirus up to date!  (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
 MVPS Hosts File 
 Spybot - Search & Destroy
 Java(TM) 6 Update 37 
 Java 7 Update 51 
 Adobe Flash Player 12.0.0.77 
 Adobe Reader 10.1.9 Adobe Reader out of Date! 
 Mozilla Firefox 24.0 Firefox out of Date! 
 Mozilla Thunderbird (24.4.0)
 Google Chrome 33.0.1750.152 
 Google Chrome 33.0.1750.154 
````````Process Check: objlist.exe by Laurent```````` 
 Malwarebytes Anti-Malware mbamservice.exe 
 Malwarebytes Anti-Malware mbam.exe 
 Spybot Teatimer.exe is disabled!
 Avira Antivir avgnt.exe
 Avira Antivir avguard.exe
 Malwarebytes Anti-Malware mbamscheduler.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 
````````````````````End of Log``````````````````````
LG,
Björn

M-K-D-B 31.03.2014 13:23
Servus,






Wenn du keine Probleme mehr hast, dann sind wir hier fertig. Deine Logdateien sind sauber. :daumenhoc
Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern.





Schritt 1
Prüfe bitte auch (regelmässig) ob folgende Links fehlende Updates bei deinen Plugins zeigen:




Schritt 2
Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.







Schritt 3
Abschließend habe ich noch ein paar Tipps zur Absicherung deines Systems.


Ich kann gar nicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti-Viren-Programm und zusätzlicher Schutz
  • Gehe sicher, dass du immer nur eine Anti-Viren Software installiert hast und dass diese auch up to date ist!
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion bietet zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • AdwCleaner
    Dieses Tool erkennt eine Vielzahl von Werbeprogrammen (Adware) und unerwümschten Programmen (PUPs).
    Starte das Tool einmal die Woche und lass es laufen. Sollte eine neue Version verfügbar sein, so wird dies angezeigt und du kannst dir die neueste Version direkt auf den Desktop downloaden.
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • WOT (Web of trust)
    Dieses AddOn warnt dich, bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser
Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Mozilla Firefox
  • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
  • NoScript
    Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt, wenn Du es bestätigst.
  • AdblockPlus
    Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
    Es spart außerdem Downloadkapazität.


Performance
  • Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
  • Halte dich fern von Registry Cleanern.
    Diese Schaden deinem System mehr als dass sie helfen. Hier ein englischer Link:
    Miekemoes Blogspot ( MVP )


Was du vermeiden solltest:
  • Klicke nicht auf alles, nur weil es dich dazu auffordert und schön bunt ist.
  • Verwende keine P2P oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie z.B. deinFoto.jpg.exe.
  • Lade keine Software von Softonic oder Chip herunter, da diese Installer oft mit Adware oder unerünschter Software versehen sind!



Nun bleibt mir nur noch dir viel Spaß beim sicheren Surfen zu wünschen... ... und vielleicht möchtest du ja das Trojaner-Board unterstützen?

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann.

M-K-D-B 04.04.2014 17:40
Ich bin froh, dass wir helfen konnten :abklatsch:

In diesem Forum kannst du eine kurze Rückmeldung zur Bereinigung abgeben, sofern du das möchtest:
Lob, Kritik und Wünsche
Klicke dazu auf den Button "NEUES THEMA" und poste ein kleines Feedback. Vielen Dank! :)

Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen, schicke mir bitte eine PM.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen.


Alle Zeitangaben in WEZ +1. Es ist jetzt 05:41 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19