Trojaner-Board
Seite 1 von 3 1 23
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Windows Vista Laptop: Avast und Malware Protector melden Virenbefall (https://www.trojaner-board.de/156024-windows-vista-laptop-avast-malware-protector-melden-virenbefall.html)

Ottifant 03.07.2014 10:40
Windows Vista Laptop: Avast und Malware Protector melden Virenbefall
 
Liste der Anhänge anzeigen (Anzahl: 1)
Avast und Malware Protector melden Virenbefall. Ich habe die Anleitung für Hilfesuchende bei Trojaner- und Virenbefall durchgeführt. Bei Gmer gab es einen Systemabsturz - konnte nicht beendet werden. Füge die Protokolle als Anhang bei.

Bitte helfen Sie mir beim Entfernen. Ich habe versucht, alles so zu erfüllen, wie beschrieben. Sollte ich noch etwas vergessen haben, bitte ich um einen kurzen Hinweis.
Ein Protokoll meiner Avast Software habe ich leider nicht gefunden.

Danke !!

cosinus 03.07.2014 10:46
Logs bitte nicht anhängen, notfalls splitten und über mehrere Postings verteilt posten

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

Ottifant 03.07.2014 12:17
Anbei die Logfiles eingefügt:

1. FRST.TXT


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:01-07-2014
Ran by Rainer (administrator) on AMILO-LAPTOP on 03-07-2014 11:05:25
Running from C:\Users\Rainer\Downloads
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Motorola Inc.) C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Lexmark International Inc.) C:\Program Files\Lexmark 9300 Series\ezprint.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(C&E) C:\Program Files\C&E\OSD\osd.exe
( ) C:\Windows\System32\lxcqcoms.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
() C:\Program Files\RKS Fax\rksfax_control.exe
() C:\Program Files\Lexmark 9300 Series\lxcqmon.exe
(Geek Software GmbH) C:\Program Files\PDF24\pdf24.exe
(Fujitsu Siemens Computers) C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(PacketVideo) C:\Program Files\TwonkyMedia\twonkymediaserverwatchdog.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Google) C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-18] (Microsoft Corporation)
HKLM\...\Run: [StartCCC] => c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [90112 2006-11-10] ()
HKLM\...\Run: [SMSERIAL] => C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [630784 2006-11-22] (Motorola Inc.)
HKLM\...\Run: [JMB36X IDE Setup] => C:\Windows\RaidTool\xInsIDE.exe [36864 2007-03-20] ()
HKLM\...\Run: [recinfo742] => c:\RecInfo\RecInfo.exe [2764800 2007-10-23] ()
HKLM\...\Run: [EzPrint] => C:\Program Files\Lexmark 9300 Series\ezprint.exe [82864 2006-12-05] (Lexmark International Inc.)
HKLM\...\Run: [LXCQCATS] => C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCQtime.dll [106496 2006-11-21] (Lexmark International Inc.)
HKLM\...\Run: [OSD] => C:\Program Files\C&E\OSD\osd.exe [561152 2007-09-20] (C&E)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4468736 2007-05-10] (Realtek Semiconductor)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [1387288 2011-10-07] (Logitech, Inc.)
HKLM\...\Run: [RKS Fax Print Controller] => C:\Program Files\RKS Fax\rksfax_control.exe [3915784 2008-06-02] ()
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-04-23] (Apple Inc.)
HKLM\...\Run: [lxcqmon.exe] => C:\Program Files\Lexmark 9300 Series\lxcqmon.exe [291760 2007-01-11] ()
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [PDFPrint] => C:\Program Files\PDF24\pdf24.exe [162856 2013-07-22] (Geek Software GmbH)
HKLM\...\Run: [KeePass 2 PreLoad] => C:\Program Files\KeePass Password Safe 2\KeePass.exe [2065408 2013-11-03] (Dominik Reichl)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3890208 2014-06-06] (AVAST Software)
HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1826816 2007-05-07] (Realtek Semiconductor Corp.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKU\S-1-5-21-2449479715-2319816545-2623231108-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-18] (Microsoft Corporation)
HKU\S-1-5-21-2449479715-2319816545-2623231108-1000\...\Run: [A278FE6F0949773C9832532327141AFC9293ADF5._service_run] => C:\Program Files\Google\Chrome\Application\chrome.exe [860488 2014-06-05] (Google Inc.)
HKU\S-1-5-21-2449479715-2319816545-2623231108-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-18] (Microsoft Corporation)
HKU\S-1-5-21-2449479715-2319816545-2623231108-1000\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x91000000
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Google Calendar Sync.lnk
ShortcutTarget: Google Calendar Sync.lnk -> C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe (Google)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: GDriveBlacklistedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedEditOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedViewOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncingOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

ProxyServer: :0
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.msn.com/?ocid=EIE9HP&PC=UP50
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD
SearchScopes: HKLM - DefaultScope {8154D496-92A4-4BE2-B5BF-EE6EDDAB0680} URL = hxxp://www.sm.de/?q={searchTerms}
SearchScopes: HKLM - {8154D496-92A4-4BE2-B5BF-EE6EDDAB0680} URL = hxxp://www.sm.de/?q={searchTerms}
SearchScopes: HKCU - DefaultScope {8154D496-92A4-4BE2-B5BF-EE6EDDAB0680} URL = hxxp://www.sm.de/?q={searchTerms}
SearchScopes: HKCU - {8154D496-92A4-4BE2-B5BF-EE6EDDAB0680} URL = hxxp://www.sm.de/?q={searchTerms}
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
BHO: AusweisApp 1.8.0.0 - {C9EE92B7-EDD5-4ad9-8029-2EC6818E653A} - C:\Program Files\AusweisApp\siqeCardClient.ols (OpenLimit SignCubes AG)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: avast! Ad Blocker - {FFCB3198-32F3-4E8B-9539-4324694ED663} - C:\Program Files\AVAST Software\avast! Ad Blocker IE\Adblocker32.dll (AVAST Software)
Toolbar: HKLM - No Name - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} -  No File
Toolbar: HKCU - &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} -  No File
DPF: {BB608966-BC14-4875-9F63-853E5851A2B6} hxxp://download.microsoft.com/download/0/4/C/04CF1236-3181-4F87-8382-B56CCA6C15CF/pmupd806.exe
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{ACC1DE24-9C8A-425E-8DAF-19BAF870A1A1}: [NameServer]195.50.140.178 195.50.140.252

FireFox:
========
FF ProfilePath: C:\Users\Rainer\AppData\Roaming\Mozilla\Firefox\Profiles\3xug5btu.default
FF SearchEngineOrder.1: SuchMaschine
FF Homepage: hxxp://www.spiegel.de/
FF NetworkProxy: "ftp", "178.33.105.59"
FF NetworkProxy: "ftp_port", 3128
FF NetworkProxy: "http", "178.33.105.59"
FF NetworkProxy: "http_port", 3128
FF NetworkProxy: "no_proxies_on", "localhost, 127.0.0.1, stealthy.co"
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "178.33.105.59"
FF NetworkProxy: "socks_port", 3128
FF NetworkProxy: "ssl", "178.33.105.59"
FF NetworkProxy: "ssl_port", 3128
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_125.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @google.com/npPicasa2,version=2.0.0 - C:\Program Files\Picasa2\npPicasa2.dll No File
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.60.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101753.dll (Amazon.com, Inc.)
FF SearchPlugin: C:\Users\Rainer\AppData\Roaming\Mozilla\Firefox\Profiles\3xug5btu.default\searchplugins\search_engine.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: NoSquint - C:\Users\Rainer\AppData\Roaming\Mozilla\Firefox\Profiles\3xug5btu.default\Extensions\nosquint@urandom.ca.xpi [2013-04-05]
FF Extension: Adblock Plus - C:\Users\Rainer\AppData\Roaming\Mozilla\Firefox\Profiles\3xug5btu.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-06-16]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-11]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-06-16]

Chrome:
=======
CHR Extension: (Google Docs) - C:\Users\Rainer\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-05]
CHR Extension: (Google Drive) - C:\Users\Rainer\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-05]
CHR Extension: (YouTube) - C:\Users\Rainer\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-05]
CHR Extension: (Google-Suche) - C:\Users\Rainer\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-05]
CHR Extension: (avast! Online Security) - C:\Users\Rainer\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-04-06]
CHR Extension: (Google Wallet) - C:\Users\Rainer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-05]
CHR Extension: (Google Mail) - C:\Users\Rainer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-05]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-05-04]

========================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-05-04] (AVAST Software)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 lxcq_device; C:\Windows\system32\lxcqcoms.exe [537520 2006-12-05] ( )
S2 OsdService; C:\Program Files\C&E\OSD\OsdService\OsdService.exe [53248 2007-09-03] () [File not signed]
S3 ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [633856 2011-06-08] (Nokia) [File not signed]
R2 TestHandler; C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe [204800 2006-12-08] (Fujitsu Siemens Computers) [File not signed]
R2 TwonkyMedia; C:\Program Files\TwonkyMedia\twonkymediaserverwatchdog.exe [472664 2010-07-28] (PacketVideo)

==================== Drivers (Whitelisted) ====================

S3 61883; C:\Windows\System32\DRIVERS\61883.sys [45696 2008-01-18] (Microsoft Corporation)
R2 acedrv09; C:\Windows\system32\drivers\acedrv09.sys [373568 2007-06-18] (Protect Software GmbH)
R2 acehlp09; C:\Windows\system32\drivers\acehlp09.sys [201696 2007-05-30] (Protect Software GmbH)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-05-04] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-05-04] (AVAST Software)
R1 AswRdr; C:\Windows\system32\drivers\aswRdr.sys [54832 2014-05-15] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-05-04] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [777488 2014-05-15] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [411680 2014-05-15] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57672 2014-05-04] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [180632 2014-05-04] ()
S3 Cam5603D; C:\Windows\System32\Drivers\BisonCam.sys [753456 2007-06-01] ()
R3 CEBFilter; C:\Program Files\C&E\OSD\OsdService\cebuffer.sys [5120 2007-09-04] (Windows (R) Codename Longhorn DDK provider) [File not signed]
R3 CEIO; C:\Program Files\C&E\OSD\OsdService\ceio.sys [4608 2007-08-31] (Windows (R) Codename Longhorn DDK provider) [File not signed]
R3 cKBFilter; C:\Program Files\C&E\OSD\OsdService\kbfiltr.sys [7168 2007-08-31] (Windows (R) Codename Longhorn DDK provider) [File not signed]
S3 GigasetGenericUSB; C:\Windows\System32\DRIVERS\GigasetGenericUSB.sys [44032 2013-04-25] (Siemens Home and Office Communication Devices GmbH & Co. KG)
R3 itecir; C:\Windows\System32\DRIVERS\itecir.sys [46592 2007-04-04] (Windows (R) Codename Longhorn DDK provider)
S3 ivusb; C:\Windows\System32\DRIVERS\ivusb.sys [25112 2010-07-29] (Initio Corporation)
R0 JRAID; C:\Windows\System32\drivers\jraid.sys [48256 2007-06-13] (JMicron Technology Corp.)
R3 LUsbFilt; C:\Windows\System32\Drivers\LUsbFilt.Sys [30360 2011-09-02] (Logitech, Inc.)
R1 PCLEPCI; C:\Windows\system32\drivers\pclepci.sys [14165 2002-03-19] (Pinnacle Systems GmbH) [File not signed]
R3 pfc; C:\Windows\System32\drivers\pfc.sys [9856 2008-05-26] (Padus, Inc.) [File not signed]
S3 PolarUSB; C:\Windows\System32\DRIVERS\PolarUSB.sys [17343 2001-07-12] (Polar Electro) [File not signed]
S3 SD11CL32; C:\Windows\System32\DRIVERS\SD11CL32.sys [82688 2011-01-24] (SCM Microsystems Inc.)
S3 SDI01132; C:\Windows\System32\DRIVERS\SDI01132.sys [65408 2011-01-24] (SCM Microsystems Inc.)
R0 Si3531; C:\Windows\System32\DRIVERS\Si3531.sys [212520 2009-02-05] (Silicon Image, Inc)
R0 SiFilter; C:\Windows\System32\DRIVERS\SiWinAcc.sys [17064 2009-02-05] (Silicon Image, Inc.)
S3 silabenm; C:\Windows\System32\DRIVERS\silabenm.sys [47176 2010-07-28] (Silicon Laboratories)
S3 silabser; C:\Windows\System32\DRIVERS\silabser.sys [58112 2010-07-28] (Silicon Laboratories)
R0 SiRemFil; C:\Windows\System32\DRIVERS\SiRemFil.sys [12200 2009-02-05] (Silicon Image, Inc.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)
S3 tbhsd; C:\Windows\System32\drivers\tbhsd.sys [37920 2011-08-29] (RapidSolution Software AG)
S4 uigxrdr; C:\Windows\System32\DRIVERS\uigxrdr.sys [144384 2011-11-16] (1&1 Mail & Media GmbH) [File not signed]
R1 UimBus; C:\Windows\System32\DRIVERS\UimBus.sys [32048 2008-09-26] (Windows (R) 2000 DDK provider)
R1 Uim_IM; C:\Windows\System32\Drivers\Uim_IM.sys [129824 2008-09-26] (Paragon)
S4 viamraid; C:\Windows\system32\drivers\viamraid.sys [102912 2006-11-08] (VIA Technologies inc,.ltd)
S3 WsAudio_DeviceS(1); C:\Windows\System32\drivers\WsAudio_DeviceS(1).sys [25704 2010-12-24] (Wondershare)
S3 WsAudio_DeviceS(2); C:\Windows\System32\drivers\WsAudio_DeviceS(2).sys [25704 2010-12-24] (Wondershare)
S3 WsAudio_DeviceS(3); C:\Windows\System32\drivers\WsAudio_DeviceS(3).sys [25704 2010-12-24] (Wondershare)
S3 WsAudio_DeviceS(4); C:\Windows\System32\drivers\WsAudio_DeviceS(4).sys [25704 2010-12-24] (Wondershare)
S3 WsAudio_DeviceS(5); C:\Windows\System32\drivers\WsAudio_DeviceS(5).sys [25704 2010-12-24] (Wondershare)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-18] (Microsoft Corporation)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 catchme; \??\C:\Users\Rainer\AppData\Local\Temp\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
R3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 PalmUSBD; system32\drivers\PalmUSBD.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-03 11:05 - 2014-07-03 11:05 - 00022500 _____ () C:\Users\Rainer\Downloads\FRST.txt
2014-07-03 11:04 - 2014-07-03 11:05 - 00000000 ____D () C:\FRST
2014-07-03 11:04 - 2014-07-03 11:04 - 01073664 _____ (Farbar) C:\Users\Rainer\Downloads\FRST.exe
2014-07-03 11:03 - 2014-07-03 11:03 - 00000474 _____ () C:\Users\Rainer\Downloads\defogger_disable.log
2014-07-03 11:03 - 2014-07-03 11:03 - 00000000 _____ () C:\Users\Rainer\defogger_reenable
2014-07-03 11:02 - 2014-07-03 11:02 - 00050477 _____ () C:\Users\Rainer\Downloads\Defogger.exe
2014-07-03 10:56 - 2014-07-03 10:56 - 00005571 _____ () C:\Users\Rainer\Desktop\log.xml
2014-07-03 10:00 - 2014-07-03 10:00 - 04892480 _____ (WinZip International LLC ) C:\Users\Rainer\Downloads\wzmp_8.exe
2014-07-03 10:00 - 2014-07-03 10:00 - 00000992 _____ () C:\Users\Public\Desktop\WinZip Malware Protector.lnk
2014-07-03 10:00 - 2014-07-03 10:00 - 00000000 ____D () C:\Users\Rainer\AppData\Roaming\Nico Mak Computing
2014-07-03 10:00 - 2014-07-03 10:00 - 00000000 ____D () C:\ProgramData\Nico Mak Computing
2014-07-03 10:00 - 2014-07-03 10:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip Malware Protector
2014-07-03 10:00 - 2014-07-03 10:00 - 00000000 ____D () C:\Program Files\WinZip Malware Protector
2014-07-03 10:00 - 2013-03-15 17:01 - 00016384 _____ () C:\Windows\system32\wsusnative32.exe
2014-06-22 22:44 - 2014-07-03 10:34 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-22 22:43 - 2014-06-22 22:43 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-06-22 22:43 - 2014-06-22 22:42 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-06-22 22:42 - 2014-06-22 22:42 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-06-22 22:42 - 2014-06-22 22:42 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-06-22 22:42 - 2014-06-22 22:42 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-06-22 22:42 - 2014-06-22 22:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-06-22 22:38 - 2014-06-22 22:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-06-22 22:35 - 2014-06-22 22:38 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-06-22 22:35 - 2014-06-22 22:38 - 00000000 ____D () C:\Program Files\iTunes
2014-06-22 22:35 - 2014-06-22 22:35 - 00000000 ____D () C:\Program Files\iPod
2014-06-22 22:27 - 2014-06-22 22:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-06-22 22:27 - 2014-06-22 22:27 - 00000000 ____D () C:\Program Files\QuickTime
2014-06-21 14:44 - 2014-05-28 18:48 - 12356608 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-21 14:44 - 2014-05-28 18:39 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-21 14:44 - 2014-05-28 18:38 - 09711104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-21 14:44 - 2014-05-28 18:33 - 01106432 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-21 14:44 - 2014-05-28 18:32 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-21 14:44 - 2014-05-28 18:32 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-21 14:44 - 2014-05-28 18:31 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-06-21 14:44 - 2014-05-28 18:31 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-21 14:44 - 2014-05-28 18:30 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-21 14:44 - 2014-05-28 18:30 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-06-21 14:44 - 2014-05-28 18:30 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-21 14:44 - 2014-05-28 18:30 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-21 14:44 - 2014-05-28 18:30 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-21 14:44 - 2014-05-28 18:30 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-21 14:44 - 2014-05-28 18:30 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-06-21 14:44 - 2014-05-28 18:29 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-21 14:44 - 2014-05-28 18:29 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-21 14:44 - 2014-05-28 18:29 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-21 14:44 - 2014-05-28 18:29 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-06-21 14:44 - 2014-05-28 18:29 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-06-21 14:44 - 2014-05-28 18:28 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-21 14:44 - 2014-04-26 18:01 - 00502784 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-21 14:44 - 2014-04-05 04:42 - 00905664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-21 14:44 - 2014-03-10 03:22 - 01401344 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-21 14:44 - 2014-03-10 03:22 - 01248768 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-06 17:28 - 2014-06-06 17:28 - 00000016 ____H () C:\Users\Rainer\Downloads\SyncToy_9e443bad-f56c-402f-88c9-42a76b97b17d.dat
2014-06-03 12:14 - 2014-06-03 12:14 - 00021936 _____ () C:\00070001.emf
2014-06-03 12:14 - 2014-06-03 12:14 - 00021936 _____ () C:\00060001.emf
2014-06-03 12:14 - 2014-06-03 12:14 - 00000371 _____ () C:\JOB00007.INI
2014-06-03 12:14 - 2014-06-03 12:14 - 00000371 _____ () C:\JOB00006.INI

==================== One Month Modified Files and Folders =======

2014-07-03 11:05 - 2014-07-03 11:05 - 00022500 _____ () C:\Users\Rainer\Downloads\FRST.txt
2014-07-03 11:05 - 2014-07-03 11:04 - 00000000 ____D () C:\FRST
2014-07-03 11:04 - 2014-07-03 11:04 - 01073664 _____ (Farbar) C:\Users\Rainer\Downloads\FRST.exe
2014-07-03 11:04 - 2010-12-08 19:50 - 00000422 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{98615E68-E061-4150-859F-1819AC633BEB}.job
2014-07-03 11:03 - 2014-07-03 11:03 - 00000474 _____ () C:\Users\Rainer\Downloads\defogger_disable.log
2014-07-03 11:03 - 2014-07-03 11:03 - 00000000 _____ () C:\Users\Rainer\defogger_reenable
2014-07-03 11:03 - 2008-05-21 11:13 - 00000000 ____D () C:\Users\Rainer
2014-07-03 11:02 - 2014-07-03 11:02 - 00050477 _____ () C:\Users\Rainer\Downloads\Defogger.exe
2014-07-03 10:56 - 2014-07-03 10:56 - 00005571 _____ () C:\Users\Rainer\Desktop\log.xml
2014-07-03 10:34 - 2014-06-22 22:44 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-03 10:31 - 2010-01-06 12:22 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-03 10:00 - 2014-07-03 10:00 - 04892480 _____ (WinZip International LLC ) C:\Users\Rainer\Downloads\wzmp_8.exe
2014-07-03 10:00 - 2014-07-03 10:00 - 00000992 _____ () C:\Users\Public\Desktop\WinZip Malware Protector.lnk
2014-07-03 10:00 - 2014-07-03 10:00 - 00000000 ____D () C:\Users\Rainer\AppData\Roaming\Nico Mak Computing
2014-07-03 10:00 - 2014-07-03 10:00 - 00000000 ____D () C:\ProgramData\Nico Mak Computing
2014-07-03 10:00 - 2014-07-03 10:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip Malware Protector
2014-07-03 10:00 - 2014-07-03 10:00 - 00000000 ____D () C:\Program Files\WinZip Malware Protector
2014-07-03 09:55 - 2013-06-16 00:00 - 00000000 ____D () C:\Users\Rainer\AppData\Roaming\Malwarebytes
2014-07-03 09:55 - 2013-06-16 00:00 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-03 09:55 - 2013-06-16 00:00 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-07-03 09:49 - 2011-03-31 15:42 - 00000000 ____D () C:\Users\Rainer\AppData\Roaming\KeePass
2014-07-03 09:36 - 2008-05-21 11:09 - 02034273 _____ () C:\Windows\WindowsUpdate.log
2014-07-03 09:32 - 2010-01-06 12:22 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-03 09:31 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-03 09:31 - 2006-11-02 14:47 - 00003168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-03 09:31 - 2006-11-02 14:47 - 00003168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-03 09:29 - 2008-05-07 18:20 - 00000012 _____ () C:\Windows\bthservsdp.dat
2014-07-03 09:29 - 2006-11-02 15:01 - 00032514 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-07-01 11:26 - 2006-11-02 12:33 - 01575892 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-30 17:45 - 2013-04-05 10:41 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-06-30 15:10 - 2011-11-06 20:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-06-30 15:09 - 2008-06-09 16:52 - 00000000 ____D () C:\Program Files\CCleaner
2014-06-30 09:18 - 2008-05-21 20:22 - 00000000 ____D () C:\Users\Rainer\Documents\DKV
2014-06-26 16:39 - 2010-03-03 16:40 - 00000000 ____D () C:\Users\Rainer\AppData\Roaming\Mp3tag
2014-06-26 16:27 - 2014-05-07 10:03 - 00000000 ____D () C:\Users\Rainer\AppData\Roaming\vlc
2014-06-24 09:37 - 2011-03-31 15:42 - 00042574 _____ () C:\Users\Rainer\Documents\Paswörter.kdbx
2014-06-23 15:45 - 2008-05-21 20:24 - 00000000 ____D () C:\Users\Rainer\Documents\Urlaube
2014-06-22 22:57 - 2012-12-03 08:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-06-22 22:44 - 2012-03-29 11:12 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-06-22 22:44 - 2011-09-05 10:56 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-06-22 22:43 - 2014-06-22 22:43 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-06-22 22:42 - 2014-06-22 22:43 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-06-22 22:42 - 2014-06-22 22:42 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-06-22 22:42 - 2014-06-22 22:42 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-06-22 22:42 - 2014-06-22 22:42 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-06-22 22:42 - 2014-06-22 22:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-06-22 22:42 - 2008-08-06 16:40 - 00000000 ____D () C:\Program Files\Java
2014-06-22 22:38 - 2014-06-22 22:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-06-22 22:38 - 2014-06-22 22:35 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-06-22 22:38 - 2014-06-22 22:35 - 00000000 ____D () C:\Program Files\iTunes
2014-06-22 22:35 - 2014-06-22 22:35 - 00000000 ____D () C:\Program Files\iPod
2014-06-22 22:35 - 2009-09-15 18:55 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-06-22 22:31 - 2009-02-03 11:34 - 00000000 ____D () C:\ProgramData\Apple
2014-06-22 22:27 - 2014-06-22 22:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-06-22 22:27 - 2014-06-22 22:27 - 00000000 ____D () C:\Program Files\QuickTime
2014-06-21 14:49 - 2013-07-12 08:55 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-21 14:46 - 2006-11-02 12:24 - 92708840 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-06-06 17:28 - 2014-06-06 17:28 - 00000016 ____H () C:\Users\Rainer\Downloads\SyncToy_9e443bad-f56c-402f-88c9-42a76b97b17d.dat
2014-06-06 12:54 - 2013-02-07 12:25 - 00000000 ____D () C:\Users\Rainer\AppData\Roaming\foobar2000
2014-06-05 10:34 - 2009-06-12 15:19 - 00002452 _____ () C:\Users\Rainer\AppData\Roaming\wklnhst.dat
2014-06-03 12:18 - 2008-05-22 20:25 - 00101162 _____ () C:\Windows\system32\RKSFAX
2014-06-03 12:14 - 2014-06-03 12:14 - 00021936 _____ () C:\00070001.emf
2014-06-03 12:14 - 2014-06-03 12:14 - 00021936 _____ () C:\00060001.emf
2014-06-03 12:14 - 2014-06-03 12:14 - 00000371 _____ () C:\JOB00007.INI
2014-06-03 12:14 - 2014-06-03 12:14 - 00000371 _____ () C:\JOB00006.INI

Files to move or delete:
====================
C:\Users\Rainer\SyncToy_8afbcb92-e375-4102-a4c8-cde9f61430a5.dat


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-03 09:39

==================== End Of Log ============================
--- --- ---


2. Addition.txt

Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version:01-07-2014
Ran by Rainer at 2014-07-03 11:06:10
Running from C:\Users\Rainer\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

ABBYY FineReader 6.0 Sprint (HKLM\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.1784.41616 - ABBYY Software House)
Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.125 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.125 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM\...\Adobe Shockwave Player) (Version: 12.0.7.148 - Adobe Systems, Inc.)
AGEIA PhysX v7.11.13 (HKLM\...\{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}) (Version: 7.11.13 - AGEIA Technologies, Inc.)
Album Art Downloader XUI 1.00 (HKLM\...\Album Art Downloader XUI) (Version: 1.00 - hxxp://sourceforge.net/projects/album-art)
Amazon MP3-Downloader 1.0.17 (HKLM\...\Amazon MP3-Downloader) (Version: 1.0.17 - Amazon Services LLC)
Apple Application Support (HKLM\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audiograbber 1.83 SE  (HKLM\...\Audiograbber) (Version: 1.83 SE  - Audiograbber Deutschland)
Audiograbber Lame-MP3-Plugin (HKLM\...\Audiograbber-Lame) (Version: 1.0 - AG)
AusweisApp (HKLM\...\{EE56DCD1-13FD-435B-BC4C-EE8CD83FF17A}) (Version: 1.8.0 - OpenLimit SignCubes AG)
avast! Ad Blocker (HKLM\...\{021C6667-63D3-4416-B537-865E77F4DF4F}) (Version: 1.0.0.0 - AVAST Software)
avast! Free Antivirus (HKLM\...\avast) (Version: 9.0.2018 - Avast Software)
Bengal (VOLLVERSION) (HKLM\...\Bengal (VOLLVERSION)) (Version: 1.0.1.0 - INTENIUM GmbH)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Catalyst Control Center Core Implementation (Version: 2007.1205.1451.26462 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (Version: 2007.1205.1451.26462 - ATI) Hidden
Catalyst Control Center Graphics Full New (Version: 2007.1205.1451.26462 - ATI) Hidden
Catalyst Control Center Graphics Light (Version: 2007.1205.1451.26462 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (Version: 2007.1205.1451.26462 - ATI) Hidden
Catalyst Control Center Localization Chinese Standard (Version: 2007.1205.1451.26462 - ATI) Hidden
Catalyst Control Center Localization Chinese Traditional (Version: 2007.1205.1451.26462 - ATI) Hidden
Catalyst Control Center Localization Dutch (Version: 2007.1205.1451.26462 - ATI) Hidden
Catalyst Control Center Localization French (Version: 2007.1205.1451.26462 - ATI) Hidden
Catalyst Control Center Localization German (Version: 2007.1205.1451.26462 - ATI) Hidden
Catalyst Control Center Localization Italian (Version: 2007.1205.1451.26462 - ATI) Hidden
Catalyst Control Center Localization Japanese (Version: 2007.1205.1451.26462 - ATI) Hidden
Catalyst Control Center Localization Korean (Version: 2007.1205.1451.26462 - ATI) Hidden
Catalyst Control Center Localization Portuguese (Version: 2007.1205.1451.26462 - ATI) Hidden
Catalyst Control Center Localization Spanish (Version: 2007.1205.1451.26462 - ATI) Hidden
Catalyst Control Center Localization Swedish (Version: 2007.1205.1451.26462 - ATI) Hidden
CCC Help Chinese Standard (Version: 2007.1205.1450.26462 - ATI) Hidden
CCC Help Chinese Traditional (Version: 2007.1205.1450.26462 - ATI) Hidden
CCC Help Dutch (Version: 2007.1205.1450.26462 - ATI) Hidden
CCC Help English (Version: 2007.1205.1450.26462 - ATI) Hidden
CCC Help French (Version: 2007.1205.1450.26462 - ATI) Hidden
CCC Help German (Version: 2007.1205.1450.26462 - ATI) Hidden
CCC Help Italian (Version: 2007.1205.1450.26462 - ATI) Hidden
CCC Help Japanese (Version: 2007.1205.1450.26462 - ATI) Hidden
CCC Help Korean (Version: 2007.1205.1450.26462 - ATI) Hidden
CCC Help Portuguese (Version: 2007.1205.1450.26462 - ATI) Hidden
CCC Help Spanish (Version: 2007.1205.1450.26462 - ATI) Hidden
CCC Help Swedish (Version: 2007.1205.1450.26462 - ATI) Hidden
ccc-core-static (Version: 2007.1205.1451.26462 - Ihr Firmenname) Hidden
ccc-utility (Version: 2007.1205.1451.26462 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.15 - Piriform)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.1.4003 - CDBurnerXP)
ClocX (1.4) (HKLM\...\ClocX) (Version:  - )
Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
DEUTSCHLAND SPIELT GAME CENTER (HKLM\...\DSGPlayer) (Version: 1.2009.10.29 - INTENIUM GmbH)
Dream Pinball 3D Demo (HKLM\...\Dream Pinball 3D Demo) (Version: 1.00 - TopWare Interactive Inc.)
Dropbox (HKCU\...\Dropbox) (Version: 2.8.0 - Dropbox, Inc.)
Duden Deutsch 3 (HKLM\...\Duden Deutsch 3_is1) (Version:  - Duden Paetec)
Duden Deutsch 4 (HKLM\...\Duden Deutsch 4_is1) (Version:  - Duden Paetec)
Duden Langenscheidt Englisch 3 (HKLM\...\Duden Langenscheidt Englisch 3_is1) (Version:  - Duden PaeTec Schulbuchverlag)
Duden Langenscheidt Englisch 4 (HKLM\...\Duden Langenscheidt Englisch 4_is1) (Version:  - Duden PaeTec Schulbuchverlag)
Duden Mathematik 3 (HKLM\...\Duden Mathematik 3_is1) (Version:  - Duden Paetec)
Duden Mathematik 4 (HKLM\...\Duden Mathematik 4_is1) (Version:  - Duden Paetec)
eReg (Version: 1.20.138.34 - Logitech, Inc.) Hidden
EVEREST Ultimate Edition v4.60 (HKLM\...\EVEREST Ultimate Edition_is1) (Version: 4.60 - Lavalys, Inc.)
Exact Audio Copy 1.0beta3 (HKLM\...\Exact Audio Copy) (Version: 1.0beta3 - Andre Wiethoff)
FastStone Capture 5.3 (HKLM\...\FastStone Capture) (Version: 5.3 - FastStone Soft)
Filzip 3.06 (HKLM\...\Filzip 3.0.6.93_is1) (Version: 3.0.6 - Philipp Engel)
FirstSteps Diagnostics (HKLM\...\{94D66D71-12F0-48A5-B46A-D4B835A0F1B7}) (Version: 1.00 - Fujitsu Siemens Computers)
foobar2000 v1.2.9 (HKLM\...\foobar2000) (Version: 1.2.9 - Peter Pawlowski)
FormatFactory 3.0.1 (HKLM\...\FormatFactory) (Version: 3.0.1 - Free Time)
FSCLounge (HKLM\...\{9A3BC157-B94F-4EFD-ABA9-1E56DEB00655}) (Version: 1.0.0 - Fujitsu Siemens Computers)
Gigaset QuickSync (HKLM\...\{b49e8cfb-f094-4467-925a-97c23972cb50}) (Version: 8.3.0868.3 - Gigaset Communications GmbH)
GMX Upload-Manager (HKLM\...\GMX Upload-Manager) (Version: 2.0.670 - 1&1 Mail & Media GmbH)
Google Calendar Sync (HKLM\...\Google Calendar Sync) (Version:  - )
Google Chrome (HKLM\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Drive (HKLM\...\{D9F75285-4864-461D-83DA-8D056BAC44D1}) (Version: 1.16.6866.4367 - Google, Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
Integrity Tool (HKLM\...\{4F8697F4-3D30-4BD0-8F26-455C01F4EE8B}) (Version: 1.8.0 - OpenLimit SignCubes AG)
iTunes (HKLM\...\{0718A90E-93AA-49AF-A4FE-0165ACD91DF0}) (Version: 11.2.2.3 - Apple Inc.)
Java 7 Update 60 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)
Java Auto Updater (Version: 2.1.60.19 - Oracle, Inc.) Hidden
JMB36X Raid Configurer (HKLM\...\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}) (Version: 1.00.0000 - JMICRON Technology Corp.)
Joe (HKLM\...\{0AD3DEBC-5321-457E-8B43-8F546940169B}) (Version: 4.00.0050 - Wirth IT Design)
KeePass Password Safe 2.24 (HKLM\...\KeePassPasswordSafe2_is1) (Version: 2.24 - Dominik Reichl)
Lexmark 9300 Series (HKLM\...\Lexmark 9300 Series) (Version:  - Lexmark International, Inc.)
Logitech SetPoint 6.32 (HKLM\...\sp6) (Version: 6.32.20 - Logitech)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (German) (HKLM\...\{95120000-00AF-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Core Components (x86) ENU  (HKLM\...\{FF63121D-91C6-42CC-B341-F1AA729728E7}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Provider Services (x86) ENU  (HKLM\...\{D3A80508-CD83-4CA3-8671-914A1BC78B61}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Sync Framework Runtime v1.0 (x86) (HKLM\...\{A8BD5A60-E843-46DC-8271-ABF20756BE0F}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services v1.0 (x86) (HKLM\...\{03CAB33F-D1C2-48C6-8766-DAE84DFC25FE}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Windows Media Video 9 VCM (HKLM\...\WMV9_VCM) (Version:  - )
Microsoft Works (HKLM\...\{39D0E034-1042-4905-BECB-5502909FCB7C}) (Version: 9.7.0621 - Microsoft Corporation)
Motorola SM56 Data Fax Modem (HKLM\...\SMSERIAL) (Version:  - )
Mozilla Firefox 30.0 (x86 de) (HKLM\...\Mozilla Firefox 30.0 (x86 de)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
Mp3tag v2.49a (HKLM\...\Mp3tag) (Version: v2.49a - Florian Heidenreich)
MSVC80_x86 (Version: 1.0.1.0 - Nokia) Hidden
MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nokia Connectivity Cable Driver (HKLM\...\{2D99A593-C841-43A7-B7C9-D6F3AE70B756}) (Version: 7.1.45.0 - Nokia)
Nokia PC Suite (HKLM\...\Nokia PC Suite) (Version: 7.1.62.1 - Nokia)
Nokia PC Suite (Version: 7.1.62.1 - Nokia) Hidden
OpenOffice.org 3.2 (HKLM\...\{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}) (Version: 3.2.9502 - OpenOffice.org)
OSDInstall (HKLM\...\{EB863CFD-6889-47B0-9D79-492DE0D07EE7}) (Version: 1.0.0 - C&E)
PC Connectivity Solution (HKLM\...\{C373F7C4-05D2-4047-96D1-6AF30661C6AA}) (Version: 11.4.19.0 - Nokia)
PDF24 Creator 5.7.0 (HKLM\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
pdfsam (HKLM\...\pdfsam) (Version: 2.2.1 - )
piasync (HKLM\...\{CB7600E5-E524-11D6-9218-00D0B70768DA}) (Version:  - )
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Polar Precision Performance SW  (HKLM\...\{B116E95E-01B1-420A-AECB-B2B330B9BD97}) (Version: 4.03.040 - )
ProtectDisc Helper Driver (HKLM\...\ProtectDisc Driver) (Version: 9.1.0.0 - )
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Ravensburger tiptoi (HKLM\...\Ravensburger tiptoi) (Version:  - )
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version:  - )
RKS Fax (HKLM\...\RKSFaxVersion1_is1) (Version: 4.0 - RKS Software)
s25atonce 3.6.9 (HKLM\...\s25atonce_is1) (Version: 3.6.9 - Shaw Computerhard- & Software)
SDI011 dual interface reader (HKLM\...\{D0ED9100-DFFB-482C-8DB6-C626264757BD}) (Version: 1.01 - SCM Microsystems)
Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden
SES Driver (HKLM\...\{0673654C-5296-453B-9798-B61CD7E03FEB}) (Version: 1.0.0 - Western Digital)
Sicherheitsupdate für Windows Media Player (KB2845142) (HKLM\...\KB2845142_WM64) (Version:  - Microsoft Corporation)
Silicon Laboratories CP210x USB to UART Bridge (Driver Removal) (HKLM\...\SLABCOMM&10C4&EA60) (Version:  - Silicon Laboratories)
Skins (Version: 2007.1205.1451.26462 - ATI) Hidden
Skype™ 6.16 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
SpO2 V1.2 (HKLM\...\SpO2_is1) (Version:  - )
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
SyncToy 2.1 (x86) (HKLM\...\{A066194B-DC8F-449A-8E0F-B57BDD3A2072}) (Version: 2.1.0 - Microsoft)
Toggolino - Leseabenteuer (HKLM\...\Leseabenteuer_is1) (Version:  - Toggolino)
TwInbox (remove only) (HKLM\...\TwInbox) (Version:  - TechHit)
TwonkyMedia (HKLM\...\TwonkyMediaTwonkyMedia) (Version: 6.0.1.0 - PacketVideo)
TwonkyMedia (HKLM\...\TwonkyvisionUPnPTwonkyMedia) (Version: 4.4.9.0 - Twonkyvison)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
WebCam (HKLM\...\{4A57592C-FF92-4083-97A9-92783BD5AFB4}) (Version:  - )
Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows-Treiberpaket - Nokia Modem  (02/25/2011 4.7) (HKLM\...\E0AC723A3DE3A04256288CADBBB011B112AED454) (Version: 02/25/2011 4.7 - Nokia)
Windows-Treiberpaket - Nokia Modem  (02/25/2011 7.01.0.9) (HKLM\...\72A50F48CC5601190B9C4E74D81161693133E7F7) (Version: 02/25/2011 7.01.0.9 - Nokia)
Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0) (HKLM\...\504244733D18C8F63FF584AEB290E3904E791693) (Version: 08/22/2008 7.0.0.0 - Nokia)
WinZip Malware Protector (HKLM\...\WinZip Malware Protector_is1) (Version: 2.1.1000.10798 - WinZip International LLC)
Zattoo4 4.0.5 (HKLM\...\Zattoo4) (Version: 4.0.5 - Zattoo Inc.)

==================== Restore Points  =========================

29-06-2014 11:00:10 Geplanter Prüfpunkt
01-07-2014 05:59:56 Windows Update
01-07-2014 22:02:23 Geplanter Prüfpunkt

==================== Hosts content: ==========================

2006-11-02 12:23 - 2006-09-18 23:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost
::1            localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {2C2837F4-5359-485C-9B60-D48E37CBBB92} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2449479715-2319816545-2623231108-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {388B3BD0-044D-4390-BC7B-E2D660283F11} - System32\Tasks\{A256EE43-4E5B-486D-A288-015709509E40} => Chrome.exe hxxp://ui.skype.com/ui/0/6.1.0.129.272/de/abandoninstall?page=tsProgressBar
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-18] (Microsoft Corporation)
Task: {47C8D96B-EBB6-4AFA-84C2-7AEF1CE466D9} - \Microsoft\Windows Defender\MP Scheduled Scan No Task File <==== ATTENTION
Task: {4E7C9E7D-701D-4867-9C97-B2013CD6A77A} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2449479715-2319816545-2623231108-1003 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {5E768F60-700F-4077-9F30-E173E2577799} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {60ECE3F6-5C65-4C4C-B10F-8B4DDF4D51F4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-06] (Google Inc.)
Task: {6B71EFC4-11EF-4A44-8FDC-69C439E36A11} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-06-24] (Piriform Ltd)
Task: {717EB07D-A30C-4F81-8E3B-B3E117587BC6} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2449479715-2319816545-2623231108-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {81E183A5-7D10-47E7-97F2-833953A79654} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-05-04] (AVAST Software)
Task: {84120A11-1C77-470A-A045-97C972A2B439} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-06] (Google Inc.)
Task: {94232D91-0CB2-40B3-B7E5-10CACF9F3A89} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => c:\program files\windows defender\MpCmdRun.exe [2008-01-18] (Microsoft Corporation)
Task: {9A8EFB6F-47B4-4EBC-88A3-EE3C4C14A37C} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2449479715-2319816545-2623231108-1003 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {CF1462CC-D32A-43B4-887D-97596B8CB339} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {D13E40DB-A784-4F7E-9BA7-CD83D2786E76} - System32\Tasks\WinZip Malware Protector_startup => C:\Program Files\WinZip Malware Protector\WinZipMalwareProtector.exe [2013-07-15] (Nico Mak Computing)
Task: {D87763E7-7926-4B8C-954F-0D6A11B9E3B1} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-06-22] (Adobe Systems Incorporated)
Task: {D8F9ACED-0D99-4A26-9C51-C3FF9C98369D} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {DAC62515-F6F0-4190-B18C-29A1DCE7CD7F} - System32\Tasks\Freemium1ClickMaint => C:\Program Files\Covus Freemium\Free System Utilities\1Click.exe
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-05] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\User_Feed_Synchronization-{98615E68-E061-4150-859F-1819AC633BEB}.job => C:\Windows\system32\msfeedssync.exe

==================== Loaded Modules (whitelisted) =============

2014-07-03 06:46 - 2014-07-03 06:46 - 02789888 _____ () C:\Program Files\AVAST Software\Avast\defs\14070201\algo.dll
2009-12-11 09:41 - 2002-01-11 15:59 - 00094274 _____ () C:\Windows\System32\HPBHealr.dll
2009-12-11 09:41 - 2001-10-28 18:43 - 00116736 _____ () C:\Windows\System32\redmonnt.dll
2008-05-22 20:23 - 2007-08-09 00:19 - 00027648 _____ () C:\Windows\System32\rksfaxpm.dll
2008-05-21 16:04 - 2006-11-13 03:34 - 00118784 _____ () C:\Windows\system32\spool\PRTPROCS\W32X86\lxcqdrpp.dll
2008-05-07 18:32 - 2007-12-04 22:56 - 00159744 _____ () C:\Windows\system32\atitmmxx.dll
2008-05-07 18:34 - 2006-11-22 18:31 - 00065536 _____ () C:\Program Files\Motorola\SMSERIAL\sm56fra.dll
2008-05-07 18:34 - 2006-11-22 18:31 - 00065536 _____ () C:\Program Files\Motorola\SMSERIAL\sm56brz.dll
2008-05-07 18:34 - 2006-11-22 18:31 - 00053248 _____ () C:\Program Files\Motorola\SMSERIAL\sm56chs.dll
2008-05-07 18:34 - 2006-11-22 18:31 - 00053248 _____ () C:\Program Files\Motorola\SMSERIAL\sm56cht.dll
2008-05-07 18:34 - 2006-11-22 18:31 - 00065536 _____ () C:\Program Files\Motorola\SMSERIAL\sm56ger.dll
2008-05-07 18:34 - 2006-11-22 18:31 - 00065536 _____ () C:\Program Files\Motorola\SMSERIAL\sm56ita.dll
2008-05-07 18:34 - 2006-11-22 18:31 - 00057344 _____ () C:\Program Files\Motorola\SMSERIAL\sm56jpn.dll
2008-05-07 18:34 - 2006-11-22 18:31 - 00065536 _____ () C:\Program Files\Motorola\SMSERIAL\sm56esp.dll
2008-05-07 18:34 - 2006-11-22 18:31 - 00053248 _____ () C:\Program Files\Motorola\SMSERIAL\sm56kor.dll
2008-05-07 18:34 - 2006-11-22 18:31 - 00065536 _____ () C:\Program Files\Motorola\SMSERIAL\sm56dnk.dll
2008-05-21 16:02 - 2006-05-25 15:20 - 00241664 _____ () C:\Program Files\Lexmark 9300 Series\iptk.dll
2014-04-23 16:05 - 2014-04-23 16:05 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-04-23 16:04 - 2014-04-23 16:04 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2011-10-07 11:41 - 2011-10-07 11:41 - 00879896 _____ () C:\Program Files\Logitech\SetPointP\Macros\MacroCore.dll
2008-05-22 20:23 - 2008-06-02 14:43 - 03915784 _____ () C:\Program Files\RKS Fax\rksfax_control.exe
2008-05-21 16:02 - 2007-01-11 13:57 - 00291760 _____ () C:\Program Files\Lexmark 9300 Series\lxcqmon.exe
2008-05-21 16:02 - 2006-10-23 13:51 - 00278528 _____ () C:\Program Files\Lexmark 9300 Series\lxcqscw.dll
2008-05-21 16:02 - 2006-06-09 01:39 - 00143360 _____ () C:\Program Files\Lexmark 9300 Series\lxcqdrec.dll
2006-10-23 13:54 - 2006-10-23 13:54 - 00692224 _____ () C:\Windows\system32\lxcqdrs.dll
2006-09-29 06:28 - 2006-09-29 06:28 - 00065536 _____ () C:\Windows\system32\lxcqcaps.dll
2006-05-09 09:10 - 2006-05-09 09:10 - 00061440 _____ () C:\Windows\system32\lxcqcnv4.dll
2013-11-24 11:09 - 2013-11-24 11:09 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-06-21 15:27 - 2014-06-05 15:58 - 04217672 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.153\pdf.dll
2014-06-21 15:27 - 2014-06-05 15:58 - 00414536 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll
2014-06-21 15:27 - 2014-06-05 15:58 - 01732424 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.153\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:8FF81EB0

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TwonkyMedia Tray Control.lnk => C:\Windows\pss\TwonkyMedia Tray Control.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Rainer^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Produktregistrierung.lnk => C:\Windows\pss\Logitech . Produktregistrierung.lnk.Startup
MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files\BlueStacks\HD-Agent.exe
MSCONFIG\startupreg: CLMLServer =>
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: KeePass 2 PreLoad => "C:\Program Files\KeePass Password Safe 2\KeePass.exe" --preload
MSCONFIG\startupreg: lxcqmon.exe => "C:\Program Files\Lexmark 9300 Series\lxcqmon.exe"
MSCONFIG\startupreg: P2Go_Menu => "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
MSCONFIG\startupreg: PDFPrint => C:\Program Files\PDF24\pdf24.exe
MSCONFIG\startupreg: PDVD8LanguageShortcut =>
MSCONFIG\startupreg: RemoteControl8 =>
MSCONFIG\startupreg: RtHDVCpl => RtHDVCpl.exe
MSCONFIG\startupreg: swg => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
MSCONFIG\startupreg: TkBellExe => "C:\Program Files\Real\RealPlayer\Update\realsched.exe" -osboot
MSCONFIG\startupreg: UpdatePDRShortCut => "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
MSCONFIG\startupreg: UpdatePPShortCut => "C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerProducer" update "Software\CyberLink\PowerProducer\5.0"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/03/2014 09:56:50 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung mbam.exe, Version 1.0.0.532, Zeitstempel 0x53518532, fehlerhaftes Modul MSVCR100.dll, Version 10.0.40219.325, Zeitstempel 0x4df2be1e, Ausnahmecode 0x40000015, Fehleroffset 0x0008d6fd,
Prozess-ID 0x113c, Anwendungsstartzeit mbam.exe0.

Error: (07/03/2014 09:56:30 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung mbam.exe, Version 1.0.0.532, Zeitstempel 0x53518532, fehlerhaftes Modul MSVCR100.dll, Version 10.0.40219.325, Zeitstempel 0x4df2be1e, Ausnahmecode 0x40000015, Fehleroffset 0x0008d6fd,
Prozess-ID 0x149c, Anwendungsstartzeit mbam.exe0.

Error: (07/03/2014 09:56:00 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung mbam.exe, Version 1.0.0.532, Zeitstempel 0x53518532, fehlerhaftes Modul MSVCR100.dll, Version 10.0.40219.325, Zeitstempel 0x4df2be1e, Ausnahmecode 0x40000015, Fehleroffset 0x0008d6fd,
Prozess-ID 0x1568, Anwendungsstartzeit mbam.exe0.

Error: (07/03/2014 09:28:55 AM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (07/03/2014 08:13:40 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <MAPI://{S-1-5-21-2449479715-2319816545-2623231108-1000}/PERSÖNLICHE ORDNER($4821A99D)/X/POSTEINGANG/가가가가겧겼갟갇검곆갆걃겪갅곁겣곋겛겤겢걤걒걏가> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
        Ein an das System angeschlossenes Gerät funktioniert nicht.  (0x8007001f)

Error: (07/03/2014 08:13:40 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <MAPI://{S-1-5-21-2449479715-2319816545-2623231108-1000}/PERSÖNLICHE ORDNER($4821A99D)/X/POSTEINGANG/가가가가겧겼갟갇검곆갆걃겪갅곁겣곋겛겤겢걤걒걏가> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
        Ein an das System angeschlossenes Gerät funktioniert nicht.  (0x8007001f)

Error: (07/03/2014 08:13:03 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <MAPI://{S-1-5-21-2449479715-2319816545-2623231108-1000}/PERSÖNLICHE ORDNER($4821A99D)/X/POSTEINGANG/가가가가겧겼갟갇검곆갆걃겪갅곁겣곋겛겤겢계걒걏가> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
        Ein an das System angeschlossenes Gerät funktioniert nicht.  (0x8007001f)

Error: (07/03/2014 08:13:03 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <MAPI://{S-1-5-21-2449479715-2319816545-2623231108-1000}/PERSÖNLICHE ORDNER($4821A99D)/X/POSTEINGANG/가가가가겧겼갟갇검곆갆걃겪갅곁겣곋겛겤겢계걒걏가> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
        Ein an das System angeschlossenes Gerät funktioniert nicht.  (0x8007001f)

Error: (07/03/2014 08:13:01 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <MAPI://{S-1-5-21-2449479715-2319816545-2623231108-1000}/PERSÖNLICHE ORDNER($4821A99D)/X/POSTEINGANG/가가가가겧겼갟갇검곆갆걃겪갅곁겣곋겛겤겢계걒걏가> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
        Ein an das System angeschlossenes Gerät funktioniert nicht.  (0x8007001f)

Error: (07/03/2014 08:13:01 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <MAPI://{S-1-5-21-2449479715-2319816545-2623231108-1000}/PERSÖNLICHE ORDNER($4821A99D)/X/POSTEINGANG/가가가가겧겼갟갇검곆갆걃겪갅곁겣곋겛겤겢계걒걏가> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
        Ein an das System angeschlossenes Gerät funktioniert nicht.  (0x8007001f)


System errors:
=============
Error: (07/03/2014 11:02:29 AM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{2E4D4F64-FD95-4731-AC09-CA93409E62-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (07/03/2014 10:47:32 AM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{2E4D4F64-FD95-4731-AC09-CA93409E62-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (07/03/2014 10:35:26 AM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{2E4D4F64-FD95-4731-AC09-CA93409E62-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (07/03/2014 10:23:25 AM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{2E4D4F64-FD95-4731-AC09-CA93409E62-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (07/03/2014 10:11:24 AM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{2E4D4F64-FD95-4731-AC09-CA93409E62-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (07/03/2014 09:59:23 AM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{2E4D4F64-FD95-4731-AC09-CA93409E62-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (07/03/2014 09:47:22 AM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{2E4D4F64-FD95-4731-AC09-CA93409E62-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (07/03/2014 09:35:21 AM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{2E4D4F64-FD95-4731-AC09-CA93409E62-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (07/03/2014 09:33:16 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: OsdService1

Error: (07/03/2014 09:28:54 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}


Microsoft Office Sessions:
=========================
Error: (07/03/2014 09:56:50 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd113c01cf9694554b6ed4

Error: (07/03/2014 09:56:30 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd149c01cf969442eeb034

Error: (07/03/2014 09:56:00 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd156801cf969438210864

Error: (07/03/2014 09:28:55 AM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (07/03/2014 08:13:40 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
        Ein an das System angeschlossenes Gerät funktioniert nicht.  (0x8007001f)
MAPI://{S-1-5-21-2449479715-2319816545-2623231108-1000}/PERSÖNLICHE ORDNER($4821A99D)/X/POSTEINGANG/가가가가겧겼갟갇검곆갆걃겪갅곁겣곋겛겤겢걤걒걏가

Error: (07/03/2014 08:13:40 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
        Ein an das System angeschlossenes Gerät funktioniert nicht.  (0x8007001f)
MAPI://{S-1-5-21-2449479715-2319816545-2623231108-1000}/PERSÖNLICHE ORDNER($4821A99D)/X/POSTEINGANG/가가가가겧겼갟갇검곆갆걃겪갅곁겣곋겛겤겢걤걒걏가

Error: (07/03/2014 08:13:03 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
        Ein an das System angeschlossenes Gerät funktioniert nicht.  (0x8007001f)
MAPI://{S-1-5-21-2449479715-2319816545-2623231108-1000}/PERSÖNLICHE ORDNER($4821A99D)/X/POSTEINGANG/가가가가겧겼갟갇검곆갆걃겪갅곁겣곋겛겤겢계걒걏가

Error: (07/03/2014 08:13:03 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
        Ein an das System angeschlossenes Gerät funktioniert nicht.  (0x8007001f)
MAPI://{S-1-5-21-2449479715-2319816545-2623231108-1000}/PERSÖNLICHE ORDNER($4821A99D)/X/POSTEINGANG/가가가가겧겼갟갇검곆갆걃겪갅곁겣곋겛겤겢계걒걏가

Error: (07/03/2014 08:13:01 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
        Ein an das System angeschlossenes Gerät funktioniert nicht.  (0x8007001f)
MAPI://{S-1-5-21-2449479715-2319816545-2623231108-1000}/PERSÖNLICHE ORDNER($4821A99D)/X/POSTEINGANG/가가가가겧겼갟갇검곆갆걃겪갅곁겣곋겛겤겢계걒걏가

Error: (07/03/2014 08:13:01 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
        Ein an das System angeschlossenes Gerät funktioniert nicht.  (0x8007001f)
MAPI://{S-1-5-21-2449479715-2319816545-2623231108-1000}/PERSÖNLICHE ORDNER($4821A99D)/X/POSTEINGANG/가가가가겧겼갟갇검곆갆걃겪갅곁겣곋겛겤겢계걒걏가


CodeIntegrity Errors:
===================================
  Date: 2013-02-13 14:38:54.319
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\msiltcfg.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-02-06 21:15:42.879
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\msiltcfg.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-02-06 19:21:01.799
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\msiltcfg.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-02-06 16:59:30.695
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\msiltcfg.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-02-06 12:01:59.542
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\msiltcfg.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-02-06 11:50:28.140
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\msiltcfg.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-02-06 09:16:37.029
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\msiltcfg.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-01-31 13:07:52.939
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\msiltcfg.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-01-31 12:40:13.617
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\msiltcfg.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-01-31 12:32:14.104
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\msiltcfg.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info ===========================

Percentage of memory in use: 58%
Total physical RAM: 3069.7 MB
Available physical RAM: 1266.16 MB
Total Pagefile: 6338.38 MB
Available Pagefile: 4635.54 MB
Total Virtual: 2047.88 MB
Available Virtual: 1893.79 MB

==================== Drives ================================

Drive c: (SYSTEM) (Fixed) (Total:286.37 GB) (Free:29.29 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (AMILO) (Fixed) (Total:298.09 GB) (Free:0.51 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298 GB) (Disk ID: 2C3BC57C)
Partition 1: (Not Active) - (Size=12 GB) - (Type=27)
Partition 2: (Active) - (Size=286 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 298 GB) (Disk ID: 71517F5D)
Partition 1: (Active) - (Size=298 GB) - (Type=07 NTFS)

==================== End Of Log ============================
3. defogger_desable.log

Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 11:03 on 03/07/2014 (Rainer)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
4. log.xml

Code:
Nico Mak Computing
WinZip Malware Protector
 
Datum der Überprüfung Donnerstag, 3. Juli 2014
Datenbankversion 1861
Gefundene Elemente insgesamt 11
Überprüfte Objekte: 327889
Abgelaufene Zeit: 00:46:04
Name Gefundene Elemente
Name der Infektion virus.ramnit
Kategorie Script Virus
Bedrohungsstufe Severe
Durchgeführte Aktion NoActionTaken
Elemente gefunden 1
 Gefundener Bereich FileSystem
Details Dateiname c:\users\rainer\downloads\downloads programmdateien\trojaner\gmer_2.1.19163.exe
MD5 0
Signatur 4805721997147406904
Md5hash:  60bf4ae8cc40b0e3e28613657ed2eed8
 
 
Name der Infektion trojan-spy.banker
Kategorie Trojan Spy
Bedrohungsstufe Elevated
Durchgeführte Aktion NoActionTaken
Elemente gefunden 10


 Gefundener Bereich Registry
Details Registrierungsschlüssel hkey_local_machine
 system\currentcontrolset\services\catchme
 
 
Gefundener Bereich Registry
Details Registrierungsschlüssel hkey_local_machine
 system\currentcontrolset\services\catchme
 type
 
Gefundener Bereich Registry
Details Registrierungsschlüssel hkey_local_machine
 system\currentcontrolset\services\catchme
 errorcontrol
 
Gefundener Bereich Registry
Details Registrierungsschlüssel hkey_local_machine
 system\currentcontrolset\services\catchme
 start
 
Gefundener Bereich Registry
Details Registrierungsschlüssel hkey_local_machine
 system\currentcontrolset\services\catchme
 imagepath
 
Gefundener Bereich Registry
Details Registrierungsschlüssel hkey_local_machine
 system\currentcontrolset\services\catchme
 group
 
Gefundener Bereich Registry
Details Registrierungsschlüssel hkey_local_machine
 system\currentcontrolset\services\catchme\enum
 
 
Gefundener Bereich Registry
Details Registrierungsschlüssel hkey_local_machine
 system\currentcontrolset\services\catchme\enum
 0
 
Gefundener Bereich Registry
Details Registrierungsschlüssel hkey_local_machine
 system\currentcontrolset\services\catchme\enum
 count
 
Gefundener Bereich Registry
Details Registrierungsschlüssel hkey_local_machine
 system\currentcontrolset\services\catchme\enum
 nextinstance
 
 
© 2013 WinZip International LLC. All rights reserved.

cosinus 03.07.2014 12:19
Vergiss WinZip, das Teil ist Müll.
Was hat Avast angeblich gefunden?

Ottifant 03.07.2014 12:41
Avast meldet bereits
Im Virus Container ist unter Virus der Eintrag "Win32:EVO-gen[Susp]
Leider finde ich in Avast keine Protokollfunktion ....

Habe im Avast Data Verzeichnis doch etwas gefunden:

1. Auszug aus FileSystemShield.txt

Code:
*
* avast! Echtzeit-Schutz-Bericht
* Diese Berichtdatei wurde automatisch erstellt
*
* Start: Donnerstag, 3. Juli 2014 08:04:23
*


*
* Schutz beendet: Donnerstag, 3. Juli 2014 08:17:28
* Laufzeit war 13 Minute(n), 13 Sekunde(n)
*

*
* avast! Echtzeit-Schutz-Bericht
* Diese Berichtdatei wurde automatisch erstellt
*
* Start: Donnerstag, 3. Juli 2014 08:44:27
*


*
* Schutz beendet: Donnerstag, 3. Juli 2014 09:29:07
* Laufzeit war 44 Minute(n), 44 Sekunde(n)
*

*
* avast! Echtzeit-Schutz-Bericht
* Diese Berichtdatei wurde automatisch erstellt
*
* Start: Donnerstag, 3. Juli 2014 09:32:07
*

03.07.2014 10:36:07        C:\Users\Rainer\AppData\Local\TEMP\wstemp\fujitsu-siemens.scr_635399805665268868 [L] Win32:Evo-gen [Susp] (0)
Datei erfolgreich in Container verschoben...
*
* avast! Echtzeit-Schutz-Bericht
* Diese Berichtdatei wurde automatisch erstellt
*
* Start: Donnerstag, 3. Juli 2014 11:14:07
*
2. Event.lo.log Datei

Code:
30.06.2014        20:57:11        Aavm AUID event 8, product 1,  ARCEn 0, rn , status 0, progver 150996962, Guid 8cfcac3d-5cf0-4026-8598-4eb62b201508, Auid ZAeHsQBZqdQrCRLx
30.06.2014        20:57:12        The virus definitions have been automatically updated to version 140630-1.
30.06.2014        20:57:17        Maj 6 Min 0 GetVersionEx 6.0 Stored 6.0
30.06.2014        20:57:17        [00001B94] WriteAVASFirewallStatus preVista 0 IsWin8 0 Expired 0 Firewall 0
30.06.2014        20:57:17        [00001B94] WaitForWscService( 600 ) -> true
30.06.2014        20:57:17        [00001B94] Antivirus state 0 updatedSign 1
30.06.2014        20:57:17        [00001B94] Antispyware state 0 updatedSign 1
01.07.2014        15:04:30        Aavm AUID event 8, product 1,  ARCEn 0, rn , status 0, progver 0, Guid 8cfcac3d-5cf0-4026-8598-4eb62b201508, Auid ZAeHsQBZqdQrCRLx
01.07.2014        15:04:35        Aavm AUID event 8, product 1,  ARCEn 0, rn , status 0, progver 0, Guid 8cfcac3d-5cf0-4026-8598-4eb62b201508, Auid ZAeHsQBZqdQrCRLx
01.07.2014        15:04:36        Aavm AUID event 8, product 1,  ARCEn 0, rn , status 1, progver 150996962, Guid 8cfcac3d-5cf0-4026-8598-4eb62b201508, Auid ZAeHsQBZqdQrCRLx
01.07.2014        15:04:38        Aavm AUID event 8, product 1,  ARCEn 0, rn , status 1, progver 150996962, Guid 8cfcac3d-5cf0-4026-8598-4eb62b201508, Auid ZAeHsQBZqdQrCRLx
01.07.2014        15:04:48        Maj 6 Min 0 GetVersionEx 6.0 Stored 6.0
01.07.2014        15:04:48        [000008B4] WriteAVASFirewallStatus preVista 0 IsWin8 0 Expired 0 Firewall 0
01.07.2014        15:04:48        Aavm AUID event 8, product 1,  ARCEn 0, rn , status 0, progver 150996962, Guid 8cfcac3d-5cf0-4026-8598-4eb62b201508, Auid ZAeHsQBZqdQrCRLx
01.07.2014        15:08:26        [000008B4] WaitForWscService( 176 ) -> true
01.07.2014        15:08:26        [000008B4] Antivirus state 0 updatedSign 1
01.07.2014        15:08:26        [000008B4] Antispyware state 0 updatedSign 1
02.07.2014        06:13:01        Aavm AUID event 8, product 1,  ARCEn 0, rn , status 0, progver 150996962, Guid 8cfcac3d-5cf0-4026-8598-4eb62b201508, Auid ZAeHsQBZqdQrCRLx
02.07.2014        06:13:02        The virus definitions have been automatically updated to version 140701-0.
02.07.2014        06:13:02        Maj 6 Min 0 GetVersionEx 6.0 Stored 6.0
02.07.2014        06:13:02        [00000FA8] WriteAVASFirewallStatus preVista 0 IsWin8 0 Expired 0 Firewall 0
02.07.2014        06:13:02        [00000FA8] WaitForWscService( 600 ) -> true
02.07.2014        06:13:03        [00000FA8] Antivirus state 0 updatedSign 1
02.07.2014        06:13:03        [00000FA8] Antispyware state 0 updatedSign 1
02.07.2014        14:15:00        Aavm AUID event 8, product 1,  ARCEn 0, rn , status 0, progver 150996962, Guid 8cfcac3d-5cf0-4026-8598-4eb62b201508, Auid ZAeHsQBZqdQrCRLx
02.07.2014        14:15:00        The virus definitions have been automatically updated to version 140702-0.
02.07.2014        14:15:05        Maj 6 Min 0 GetVersionEx 6.0 Stored 6.0
02.07.2014        14:15:05        [000012A8] WriteAVASFirewallStatus preVista 0 IsWin8 0 Expired 0 Firewall 0
02.07.2014        14:15:05        [000012A8] WaitForWscService( 600 ) -> true
02.07.2014        14:15:05        [000012A8] Antivirus state 0 updatedSign 1
02.07.2014        14:15:05        [000012A8] Antispyware state 0 updatedSign 1
03.07.2014        06:46:09        Aavm AUID event 8, product 1,  ARCEn 0, rn , status 0, progver 150996962, Guid 8cfcac3d-5cf0-4026-8598-4eb62b201508, Auid ZAeHsQBZqdQrCRLx
03.07.2014        06:46:09        The virus definitions have been automatically updated to version 140702-1.
03.07.2014        06:46:14        Maj 6 Min 0 GetVersionEx 6.0 Stored 6.0
03.07.2014        06:46:14        [00000D44] WriteAVASFirewallStatus preVista 0 IsWin8 0 Expired 0 Firewall 0
03.07.2014        06:46:14        [00000D44] WaitForWscService( 600 ) -> true
03.07.2014        06:46:14        [00000D44] Antivirus state 0 updatedSign 1
03.07.2014        06:46:14        [00000D44] Antispyware state 0 updatedSign 1
03.07.2014        08:04:19        Aavm AUID event 8, product 1,  ARCEn 0, rn , status 0, progver 0, Guid 8cfcac3d-5cf0-4026-8598-4eb62b201508, Auid ZAeHsQBZqdQrCRLx
03.07.2014        08:04:23        Aavm AUID event 8, product 1,  ARCEn 0, rn , status 0, progver 0, Guid 8cfcac3d-5cf0-4026-8598-4eb62b201508, Auid ZAeHsQBZqdQrCRLx
03.07.2014        08:04:24        Aavm AUID event 8, product 1,  ARCEn 0, rn , status 1, progver 150996962, Guid 8cfcac3d-5cf0-4026-8598-4eb62b201508, Auid ZAeHsQBZqdQrCRLx
03.07.2014        08:04:24        Maj 6 Min 0 GetVersionEx 6.0 Stored 6.0
03.07.2014        08:04:24        [000008A8] WriteAVASFirewallStatus preVista 0 IsWin8 0 Expired 0 Firewall 0
03.07.2014        08:04:24        Aavm AUID event 8, product 1,  ARCEn 0, rn , status 0, progver 150996962, Guid 8cfcac3d-5cf0-4026-8598-4eb62b201508, Auid ZAeHsQBZqdQrCRLx
03.07.2014        08:07:50        [000008A8] WaitForWscService( 204 ) -> true
03.07.2014        08:07:50        [000008A8] Antivirus state 0 updatedSign 1
03.07.2014        08:07:50        [000008A8] Antispyware state 0 updatedSign 1
03.07.2014        08:16:19        AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of SVC: uigxrdr > C:\Windows\System32\DRIVERS\uigxrdr.sys failed, C000003B.
03.07.2014        08:16:19        AAVM - scanning warning: x_AavmCheckFileDirectEx: SVC: uigxrdr > C:\Windows\System32\DRIVERS\uigxrdr.sys (*RAW:SVC: uigxrdr > C:\Windows\System32\DRIVERS\uigxrdr.sys) returning error, C000003B.
03.07.2014        08:44:21        Aavm AUID event 8, product 1,  ARCEn 0, rn , status 0, progver 0, Guid 8cfcac3d-5cf0-4026-8598-4eb62b201508, Auid ZAeHsQBZqdQrCRLx
03.07.2014        08:44:27        Aavm AUID event 8, product 1,  ARCEn 0, rn , status 0, progver 0, Guid 8cfcac3d-5cf0-4026-8598-4eb62b201508, Auid ZAeHsQBZqdQrCRLx
03.07.2014        08:44:28        Aavm AUID event 8, product 1,  ARCEn 0, rn , status 1, progver 150996962, Guid 8cfcac3d-5cf0-4026-8598-4eb62b201508, Auid ZAeHsQBZqdQrCRLx
03.07.2014        08:44:30        Maj 6 Min 0 GetVersionEx 6.0 Stored 6.0
03.07.2014        08:44:30        [00000714] WriteAVASFirewallStatus preVista 0 IsWin8 0 Expired 0 Firewall 0
03.07.2014        08:44:30        Aavm AUID event 8, product 1,  ARCEn 0, rn , status 1, progver 150996962, Guid 8cfcac3d-5cf0-4026-8598-4eb62b201508, Auid ZAeHsQBZqdQrCRLx
03.07.2014        08:44:30        Aavm AUID event 8, product 1,  ARCEn 0, rn , status 0, progver 150996962, Guid 8cfcac3d-5cf0-4026-8598-4eb62b201508, Auid ZAeHsQBZqdQrCRLx
03.07.2014        08:48:36        [00000714] WaitForWscService( 120 ) -> true
03.07.2014        08:48:36        [00000714] Antivirus state 0 updatedSign 1
03.07.2014        08:48:42        [00000714] Antispyware state 0 updatedSign 1
03.07.2014        08:57:03        AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of SVC: uigxrdr > C:\Windows\System32\DRIVERS\uigxrdr.sys failed, C000003B.
03.07.2014        08:57:03        AAVM - scanning warning: x_AavmCheckFileDirectEx: SVC: uigxrdr > C:\Windows\System32\DRIVERS\uigxrdr.sys (*RAW:SVC: uigxrdr > C:\Windows\System32\DRIVERS\uigxrdr.sys) returning error, C000003B.
03.07.2014        09:02:55        AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of SVC: uigxrdr > C:\Windows\System32\DRIVERS\uigxrdr.sys failed, C000003B.
03.07.2014        09:02:55        AAVM - scanning warning: x_AavmCheckFileDirectEx: SVC: uigxrdr > C:\Windows\System32\DRIVERS\uigxrdr.sys (*RAW:SVC: uigxrdr > C:\Windows\System32\DRIVERS\uigxrdr.sys) returning error, C000003B.
03.07.2014        09:31:59        Aavm AUID event 8, product 1,  ARCEn 0, rn , status 0, progver 0, Guid 8cfcac3d-5cf0-4026-8598-4eb62b201508, Auid ZAeHsQBZqdQrCRLx
03.07.2014        09:32:07        Aavm AUID event 8, product 1,  ARCEn 0, rn , status 0, progver 0, Guid 8cfcac3d-5cf0-4026-8598-4eb62b201508, Auid ZAeHsQBZqdQrCRLx
03.07.2014        09:32:07        Aavm AUID event 8, product 1,  ARCEn 0, rn , status 1, progver 150996962, Guid 8cfcac3d-5cf0-4026-8598-4eb62b201508, Auid ZAeHsQBZqdQrCRLx
03.07.2014        09:32:07        Aavm AUID event 8, product 1,  ARCEn 0, rn , status 1, progver 150996962, Guid 8cfcac3d-5cf0-4026-8598-4eb62b201508, Auid ZAeHsQBZqdQrCRLx
03.07.2014        09:32:17        Maj 6 Min 0 GetVersionEx 6.0 Stored 6.0
03.07.2014        09:32:17        [00000868] WriteAVASFirewallStatus preVista 0 IsWin8 0 Expired 0 Firewall 0
03.07.2014        09:32:17        Aavm AUID event 8, product 1,  ARCEn 0, rn , status 0, progver 150996962, Guid 8cfcac3d-5cf0-4026-8598-4eb62b201508, Auid ZAeHsQBZqdQrCRLx
03.07.2014        09:35:09        [00000868] WaitForWscService( 267 ) -> true
03.07.2014        09:35:09        [00000868] Antivirus state 0 updatedSign 1
03.07.2014        09:35:09        [00000868] Antispyware state 0 updatedSign 1
03.07.2014        09:39:17        AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of SVC: uigxrdr > C:\Windows\System32\DRIVERS\uigxrdr.sys failed, C000003B.
03.07.2014        09:39:17        AAVM - scanning warning: x_AavmCheckFileDirectEx: SVC: uigxrdr > C:\Windows\System32\DRIVERS\uigxrdr.sys (*RAW:SVC: uigxrdr > C:\Windows\System32\DRIVERS\uigxrdr.sys) returning error, C000003B.
03.07.2014        09:58:19        AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of SVC: uigxrdr > C:\Windows\System32\DRIVERS\uigxrdr.sys failed, C000003B.
03.07.2014        09:58:19        AAVM - scanning warning: x_AavmCheckFileDirectEx: SVC: uigxrdr > C:\Windows\System32\DRIVERS\uigxrdr.sys (*RAW:SVC: uigxrdr > C:\Windows\System32\DRIVERS\uigxrdr.sys) returning error, C000003B.
03.07.2014        11:14:07        Aavm AUID event 8, product 1,  ARCEn 0, rn , status 0, progver 0, Guid 8cfcac3d-5cf0-4026-8598-4eb62b201508, Auid ZAeHsQBZqdQrCRLx
03.07.2014        11:14:07        Aavm AUID event 8, product 1,  ARCEn 0, rn , status 0, progver 0, Guid 8cfcac3d-5cf0-4026-8598-4eb62b201508, Auid ZAeHsQBZqdQrCRLx
03.07.2014        11:14:09        Aavm AUID event 8, product 1,  ARCEn 0, rn , status 1, progver 150996962, Guid 8cfcac3d-5cf0-4026-8598-4eb62b201508, Auid ZAeHsQBZqdQrCRLx
03.07.2014        11:14:09        Maj 6 Min 0 GetVersionEx 6.0 Stored 6.0
03.07.2014        11:14:09        [00000780] WriteAVASFirewallStatus preVista 0 IsWin8 0 Expired 0 Firewall 0
03.07.2014        11:14:09        Aavm AUID event 8, product 1,  ARCEn 0, rn , status 0, progver 150996962, Guid 8cfcac3d-5cf0-4026-8598-4eb62b201508, Auid ZAeHsQBZqdQrCRLx
03.07.2014        11:18:35        [00000780] WaitForWscService( 92 ) -> true
03.07.2014        11:18:43        [00000780] Antivirus state 0 updatedSign 1
03.07.2014        11:18:56        [00000780] Antispyware state 0 updatedSign 1
03.07.2014        11:26:15        AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of SVC: uigxrdr > C:\Windows\System32\DRIVERS\uigxrdr.sys failed, C000003B.
03.07.2014        11:26:15        AAVM - scanning warning: x_AavmCheckFileDirectEx: SVC: uigxrdr > C:\Windows\System32\DRIVERS\uigxrdr.sys (*RAW:SVC: uigxrdr > C:\Windows\System32\DRIVERS\uigxrdr.sys) returning error, C000003B.

cosinus 03.07.2014 12:49
Adware/Junkware/Toolbars entfernen


1. Schritt: adwCleaner

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).




2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




3. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


Ottifant 03.07.2014 13:34
Anbei die Ergebnisse:

1. AdwCleaner[S1].txt

Code:
# AdwCleaner v3.214 - Bericht erstellt am 03/07/2014 um 14:07:02
# Aktualisiert 29/06/2014 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzername : Rainer - AMILO-LAPTOP
# Gestartet von : C:\Users\Rainer\Downloads\adwcleaner_3.214.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\NCH Software
Ordner Gelöscht : C:\Program Files\NCH Software
Ordner Gelöscht : C:\Users\Rainer\AppData\Roaming\Gutscheinmieze
Ordner Gelöscht : C:\Users\Rainer\AppData\Roaming\NCH Software
Ordner Gelöscht : C:\Users\Rainer\AppData\Roaming\Uniblue
Datei Gelöscht : C:\Users\Rainer\AppData\Roaming\Microsoft\Windows\Start Menu\Startfenster.lnk
Datei Gelöscht : C:\Windows\System32\Tasks\Freemium1ClickMaint

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DAC62515-F6F0-4190-B18C-29A1DCE7CD7F}
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DAC62515-F6F0-4190-B18C-29A1DCE7CD7F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKLM\Software\Trymedia Systems
Schlüssel Gelöscht : HKLM\Software\Uniblue
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4

***** [ Browser ] *****

-\\ Internet Explorer v9.0.8112.16555


-\\ Mozilla Firefox v30.0 (de)

[ Datei : C:\Users\Rainer\AppData\Roaming\Mozilla\Firefox\Profiles\3xug5btu.default\prefs.js ]


-\\ Google Chrome v35.0.1916.153

[ Datei : C:\Users\Rainer\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [2196 octets] - [24/10/2013 11:13:04]
AdwCleaner[R1].txt - [2186 octets] - [03/07/2014 14:02:53]
AdwCleaner[S0].txt - [2367 octets] - [24/10/2013 11:14:52]
AdwCleaner[S1].txt - [2115 octets] - [03/07/2014 14:07:02]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [2175 octets] ##########
2. Jrt.txt

Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows Vista (TM) Home Premium x86
Ran by Rainer on 03.07.2014 at 14:18:39,33
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Rainer\AppData\Roaming\getrighttogo"
Successfully deleted: [Empty Folder] C:\Users\Rainer\appdata\local\{01427D7E-CE3A-4BC6-8FAB-4FA7E11393FC}
Successfully deleted: [Empty Folder] C:\Users\Rainer\appdata\local\{1ADA908C-5A00-4609-97A2-DFFD00F86CD5}
Successfully deleted: [Empty Folder] C:\Users\Rainer\appdata\local\{24A3D074-36D7-42BF-8E58-10D1A92F45B5}
Successfully deleted: [Empty Folder] C:\Users\Rainer\appdata\local\{2F66CB64-B218-4715-9A24-041944E1CCEE}
Successfully deleted: [Empty Folder] C:\Users\Rainer\appdata\local\{354A15EE-1397-49E6-B508-23F4398A2666}
Successfully deleted: [Empty Folder] C:\Users\Rainer\appdata\local\{3784DF90-A651-41E3-926F-C189FFEE53A3}
Successfully deleted: [Empty Folder] C:\Users\Rainer\appdata\local\{3ABAFDA1-D0F7-49E5-B990-FF65B8D1D4E1}
Successfully deleted: [Empty Folder] C:\Users\Rainer\appdata\local\{49001527-962B-47FC-AE69-D4E3E5BC14FF}
Successfully deleted: [Empty Folder] C:\Users\Rainer\appdata\local\{5903E943-369B-44CD-BEAB-56748D546D79}
Successfully deleted: [Empty Folder] C:\Users\Rainer\appdata\local\{59592445-D25D-4B98-B099-3F668C1EDAE9}
Successfully deleted: [Empty Folder] C:\Users\Rainer\appdata\local\{87A0F4B1-302F-472A-958C-F5440EDE90F9}
Successfully deleted: [Empty Folder] C:\Users\Rainer\appdata\local\{9A214D13-568E-4565-A9BD-EF5D7047E27F}
Successfully deleted: [Empty Folder] C:\Users\Rainer\appdata\local\{A9D312CB-D478-402D-B1D5-3851002F03C4}
Successfully deleted: [Empty Folder] C:\Users\Rainer\appdata\local\{ADDDAE86-F954-4810-AD04-B84F9101B7EF}
Successfully deleted: [Empty Folder] C:\Users\Rainer\appdata\local\{BCA4DD09-A030-44A7-8361-70B72A458A52}
Successfully deleted: [Empty Folder] C:\Users\Rainer\appdata\local\{D753510B-52E8-4857-BD91-5FB3303101C0}
Successfully deleted: [Empty Folder] C:\Users\Rainer\appdata\local\{E1D87854-4252-4FE8-B918-5285F3A60413}
Successfully deleted: [Empty Folder] C:\Users\Rainer\appdata\local\{F0EB22F3-9DA2-4786-99AA-EA5A50F94BBD}



~~~ FireFox

Emptied folder: C:\Users\Rainer\AppData\Roaming\mozilla\firefox\profiles\3xug5btu.default\minidumps [272 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 03.07.2014 at 14:22:10,11
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
3. Neuer Lauf FRST.txt


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:01-07-2014
Ran by Rainer (administrator) on AMILO-LAPTOP on 03-07-2014 14:26:43
Running from C:\Users\Rainer\Desktop
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Motorola Inc.) C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
(Lexmark International Inc.) C:\Program Files\Lexmark 9300 Series\ezprint.exe
(C&E) C:\Program Files\C&E\OSD\osd.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files\RKS Fax\rksfax_control.exe
() C:\Program Files\Lexmark 9300 Series\lxcqmon.exe
(Geek Software GmbH) C:\Program Files\PDF24\pdf24.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
( ) C:\Windows\System32\lxcqcoms.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Google) C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
(Fujitsu Siemens Computers) C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe
(PacketVideo) C:\Program Files\TwonkyMedia\twonkymediaserverwatchdog.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-18] (Microsoft Corporation)
HKLM\...\Run: [StartCCC] => c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [90112 2006-11-10] ()
HKLM\...\Run: [SMSERIAL] => C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [630784 2006-11-22] (Motorola Inc.)
HKLM\...\Run: [JMB36X IDE Setup] => C:\Windows\RaidTool\xInsIDE.exe [36864 2007-03-20] ()
HKLM\...\Run: [recinfo742] => c:\RecInfo\RecInfo.exe [2764800 2007-10-23] ()
HKLM\...\Run: [EzPrint] => C:\Program Files\Lexmark 9300 Series\ezprint.exe [82864 2006-12-05] (Lexmark International Inc.)
HKLM\...\Run: [LXCQCATS] => C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCQtime.dll [106496 2006-11-21] (Lexmark International Inc.)
HKLM\...\Run: [OSD] => C:\Program Files\C&E\OSD\osd.exe [561152 2007-09-20] (C&E)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4468736 2007-05-10] (Realtek Semiconductor)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [1387288 2011-10-07] (Logitech, Inc.)
HKLM\...\Run: [RKS Fax Print Controller] => C:\Program Files\RKS Fax\rksfax_control.exe [3915784 2008-06-02] ()
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-04-23] (Apple Inc.)
HKLM\...\Run: [lxcqmon.exe] => C:\Program Files\Lexmark 9300 Series\lxcqmon.exe [291760 2007-01-11] ()
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [PDFPrint] => C:\Program Files\PDF24\pdf24.exe [162856 2013-07-22] (Geek Software GmbH)
HKLM\...\Run: [KeePass 2 PreLoad] => C:\Program Files\KeePass Password Safe 2\KeePass.exe [2065408 2013-11-03] (Dominik Reichl)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3890208 2014-06-06] (AVAST Software)
HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1826816 2007-05-07] (Realtek Semiconductor Corp.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKU\S-1-5-21-2449479715-2319816545-2623231108-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-18] (Microsoft Corporation)
HKU\S-1-5-21-2449479715-2319816545-2623231108-1000\...\Run: [A278FE6F0949773C9832532327141AFC9293ADF5._service_run] => C:\Program Files\Google\Chrome\Application\chrome.exe [860488 2014-06-05] (Google Inc.)
HKU\S-1-5-21-2449479715-2319816545-2623231108-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-18] (Microsoft Corporation)
HKU\S-1-5-21-2449479715-2319816545-2623231108-1000\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x91000000
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Google Calendar Sync.lnk
ShortcutTarget: Google Calendar Sync.lnk -> C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe (Google)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: GDriveBlacklistedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedEditOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedViewOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncingOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

ProxyServer: :0
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.msn.com/?ocid=EIE9HP&PC=UP50
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {8154D496-92A4-4BE2-B5BF-EE6EDDAB0680} URL = hxxp://www.sm.de/?q={searchTerms}
SearchScopes: HKCU - {8154D496-92A4-4BE2-B5BF-EE6EDDAB0680} URL = hxxp://www.sm.de/?q={searchTerms}
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
BHO: AusweisApp 1.8.0.0 - {C9EE92B7-EDD5-4ad9-8029-2EC6818E653A} - C:\Program Files\AusweisApp\siqeCardClient.ols (OpenLimit SignCubes AG)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: avast! Ad Blocker - {FFCB3198-32F3-4E8B-9539-4324694ED663} - C:\Program Files\AVAST Software\avast! Ad Blocker IE\Adblocker32.dll (AVAST Software)
Toolbar: HKLM - No Name - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} -  No File
Toolbar: HKCU - &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} -  No File
DPF: {BB608966-BC14-4875-9F63-853E5851A2B6} hxxp://download.microsoft.com/download/0/4/C/04CF1236-3181-4F87-8382-B56CCA6C15CF/pmupd806.exe
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{ACC1DE24-9C8A-425E-8DAF-19BAF870A1A1}: [NameServer]195.50.140.178 195.50.140.252

FireFox:
========
FF ProfilePath: C:\Users\Rainer\AppData\Roaming\Mozilla\Firefox\Profiles\3xug5btu.default
FF SearchEngineOrder.1: SuchMaschine
FF Homepage: hxxp://www.spiegel.de/
FF NetworkProxy: "ftp", "178.33.105.59"
FF NetworkProxy: "ftp_port", 3128
FF NetworkProxy: "http", "178.33.105.59"
FF NetworkProxy: "http_port", 3128
FF NetworkProxy: "no_proxies_on", "localhost, 127.0.0.1, stealthy.co"
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "178.33.105.59"
FF NetworkProxy: "socks_port", 3128
FF NetworkProxy: "ssl", "178.33.105.59"
FF NetworkProxy: "ssl_port", 3128
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_125.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @google.com/npPicasa2,version=2.0.0 - C:\Program Files\Picasa2\npPicasa2.dll No File
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.60.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101753.dll (Amazon.com, Inc.)
FF SearchPlugin: C:\Users\Rainer\AppData\Roaming\Mozilla\Firefox\Profiles\3xug5btu.default\searchplugins\search_engine.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: NoSquint - C:\Users\Rainer\AppData\Roaming\Mozilla\Firefox\Profiles\3xug5btu.default\Extensions\nosquint@urandom.ca.xpi [2013-04-05]
FF Extension: Adblock Plus - C:\Users\Rainer\AppData\Roaming\Mozilla\Firefox\Profiles\3xug5btu.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-06-16]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-11]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-06-16]

Chrome:
=======
CHR HomePage:
CHR Extension: (Google Docs) - C:\Users\Rainer\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-05]
CHR Extension: (Google Drive) - C:\Users\Rainer\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-05]
CHR Extension: (YouTube) - C:\Users\Rainer\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-05]
CHR Extension: (Google-Suche) - C:\Users\Rainer\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-05]
CHR Extension: (avast! Online Security) - C:\Users\Rainer\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-04-06]
CHR Extension: (Google Wallet) - C:\Users\Rainer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-05]
CHR Extension: (Google Mail) - C:\Users\Rainer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-05]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-05-04]

========================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-05-04] (AVAST Software)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 lxcq_device; C:\Windows\system32\lxcqcoms.exe [537520 2006-12-05] ( )
S2 OsdService; C:\Program Files\C&E\OSD\OsdService\OsdService.exe [53248 2007-09-03] () [File not signed]
S3 ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [633856 2011-06-08] (Nokia) [File not signed]
R2 TestHandler; C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe [204800 2006-12-08] (Fujitsu Siemens Computers) [File not signed]
R2 TwonkyMedia; C:\Program Files\TwonkyMedia\twonkymediaserverwatchdog.exe [472664 2010-07-28] (PacketVideo)

==================== Drivers (Whitelisted) ====================

S3 61883; C:\Windows\System32\DRIVERS\61883.sys [45696 2008-01-18] (Microsoft Corporation)
R2 acedrv09; C:\Windows\system32\drivers\acedrv09.sys [373568 2007-06-18] (Protect Software GmbH)
R2 acehlp09; C:\Windows\system32\drivers\acehlp09.sys [201696 2007-05-30] (Protect Software GmbH)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-05-04] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-05-04] (AVAST Software)
R1 AswRdr; C:\Windows\system32\drivers\aswRdr.sys [54832 2014-05-15] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-05-04] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [777488 2014-05-15] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [411680 2014-05-15] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57672 2014-05-04] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [180632 2014-05-04] ()
S3 Cam5603D; C:\Windows\System32\Drivers\BisonCam.sys [753456 2007-06-01] ()
R3 CEBFilter; C:\Program Files\C&E\OSD\OsdService\cebuffer.sys [5120 2007-09-04] (Windows (R) Codename Longhorn DDK provider) [File not signed]
R3 CEIO; C:\Program Files\C&E\OSD\OsdService\ceio.sys [4608 2007-08-31] (Windows (R) Codename Longhorn DDK provider) [File not signed]
R3 cKBFilter; C:\Program Files\C&E\OSD\OsdService\kbfiltr.sys [7168 2007-08-31] (Windows (R) Codename Longhorn DDK provider) [File not signed]
S3 GigasetGenericUSB; C:\Windows\System32\DRIVERS\GigasetGenericUSB.sys [44032 2013-04-25] (Siemens Home and Office Communication Devices GmbH & Co. KG)
R3 itecir; C:\Windows\System32\DRIVERS\itecir.sys [46592 2007-04-04] (Windows (R) Codename Longhorn DDK provider)
S3 ivusb; C:\Windows\System32\DRIVERS\ivusb.sys [25112 2010-07-29] (Initio Corporation)
R0 JRAID; C:\Windows\System32\drivers\jraid.sys [48256 2007-06-13] (JMicron Technology Corp.)
R3 LUsbFilt; C:\Windows\System32\Drivers\LUsbFilt.Sys [30360 2011-09-02] (Logitech, Inc.)
R1 PCLEPCI; C:\Windows\system32\drivers\pclepci.sys [14165 2002-03-19] (Pinnacle Systems GmbH) [File not signed]
R3 pfc; C:\Windows\System32\drivers\pfc.sys [9856 2008-05-26] (Padus, Inc.) [File not signed]
S3 PolarUSB; C:\Windows\System32\DRIVERS\PolarUSB.sys [17343 2001-07-12] (Polar Electro) [File not signed]
S3 SD11CL32; C:\Windows\System32\DRIVERS\SD11CL32.sys [82688 2011-01-24] (SCM Microsystems Inc.)
S3 SDI01132; C:\Windows\System32\DRIVERS\SDI01132.sys [65408 2011-01-24] (SCM Microsystems Inc.)
R0 Si3531; C:\Windows\System32\DRIVERS\Si3531.sys [212520 2009-02-05] (Silicon Image, Inc)
R0 SiFilter; C:\Windows\System32\DRIVERS\SiWinAcc.sys [17064 2009-02-05] (Silicon Image, Inc.)
S3 silabenm; C:\Windows\System32\DRIVERS\silabenm.sys [47176 2010-07-28] (Silicon Laboratories)
S3 silabser; C:\Windows\System32\DRIVERS\silabser.sys [58112 2010-07-28] (Silicon Laboratories)
R0 SiRemFil; C:\Windows\System32\DRIVERS\SiRemFil.sys [12200 2009-02-05] (Silicon Image, Inc.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)
S3 tbhsd; C:\Windows\System32\drivers\tbhsd.sys [37920 2011-08-29] (RapidSolution Software AG)
S4 uigxrdr; C:\Windows\System32\DRIVERS\uigxrdr.sys [144384 2011-11-16] (1&1 Mail & Media GmbH) [File not signed]
R1 UimBus; C:\Windows\System32\DRIVERS\UimBus.sys [32048 2008-09-26] (Windows (R) 2000 DDK provider)
R1 Uim_IM; C:\Windows\System32\Drivers\Uim_IM.sys [129824 2008-09-26] (Paragon)
S4 viamraid; C:\Windows\system32\drivers\viamraid.sys [102912 2006-11-08] (VIA Technologies inc,.ltd)
S3 WsAudio_DeviceS(1); C:\Windows\System32\drivers\WsAudio_DeviceS(1).sys [25704 2010-12-24] (Wondershare)
S3 WsAudio_DeviceS(2); C:\Windows\System32\drivers\WsAudio_DeviceS(2).sys [25704 2010-12-24] (Wondershare)
S3 WsAudio_DeviceS(3); C:\Windows\System32\drivers\WsAudio_DeviceS(3).sys [25704 2010-12-24] (Wondershare)
S3 WsAudio_DeviceS(4); C:\Windows\System32\drivers\WsAudio_DeviceS(4).sys [25704 2010-12-24] (Wondershare)
S3 WsAudio_DeviceS(5); C:\Windows\System32\drivers\WsAudio_DeviceS(5).sys [25704 2010-12-24] (Wondershare)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-18] (Microsoft Corporation)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 catchme; \??\C:\Users\Rainer\AppData\Local\Temp\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 PalmUSBD; system32\drivers\PalmUSBD.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-03 14:22 - 2014-07-03 14:22 - 00002776 _____ () C:\Users\Rainer\Desktop\JRT.txt
2014-07-03 14:17 - 2014-07-03 14:17 - 01016261 _____ (Thisisu) C:\Users\Rainer\Downloads\JRT.exe
2014-07-03 14:16 - 2014-07-03 14:16 - 00002255 _____ () C:\Users\Rainer\Desktop\AdwCleaner[S1].txt
2014-07-03 14:08 - 2014-07-03 14:08 - 00000306 _____ () C:\Windows\PFRO.log
2014-07-03 14:03 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-07-03 14:01 - 2014-07-03 14:01 - 01346519 _____ () C:\Users\Rainer\Downloads\adwcleaner_3.214.exe
2014-07-03 13:09 - 2014-07-03 13:09 - 00035840 _____ () C:\Users\Rainer\Downloads\FRST.txt
2014-07-03 11:13 - 2014-07-03 11:13 - 452283792 _____ () C:\Windows\MEMORY.DMP
2014-07-03 11:13 - 2014-07-03 11:13 - 00143640 _____ () C:\Windows\Minidump\Mini070314-01.dmp
2014-07-03 11:07 - 2014-07-03 11:07 - 00380416 _____ () C:\Users\Rainer\Desktop\Gmer-19357.exe
2014-07-03 11:06 - 2014-07-03 11:06 - 00042474 _____ () C:\Users\Rainer\Desktop\Addition.txt
2014-07-03 11:05 - 2014-07-03 14:28 - 00022471 _____ () C:\Users\Rainer\Desktop\FRST.txt
2014-07-03 11:04 - 2014-07-03 14:26 - 00000000 ____D () C:\FRST
2014-07-03 11:04 - 2014-07-03 11:04 - 01073664 _____ (Farbar) C:\Users\Rainer\Desktop\FRST.exe
2014-07-03 11:03 - 2014-07-03 11:03 - 00000474 _____ () C:\Users\Rainer\Desktop\defogger_disable.log
2014-07-03 11:03 - 2014-07-03 11:03 - 00000000 _____ () C:\Users\Rainer\defogger_reenable
2014-07-03 11:02 - 2014-07-03 11:02 - 00050477 _____ () C:\Users\Rainer\Desktop\Defogger.exe
2014-07-03 10:56 - 2014-07-03 11:24 - 00005570 _____ () C:\Users\Rainer\Desktop\log.xml
2014-07-03 10:00 - 2014-07-03 13:58 - 00000000 ____D () C:\Users\Rainer\AppData\Roaming\Nico Mak Computing
2014-07-03 10:00 - 2014-07-03 10:00 - 04892480 _____ (WinZip International LLC ) C:\Users\Rainer\Desktop\wzmp_8.exe
2014-06-22 22:44 - 2014-07-03 13:34 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-22 22:43 - 2014-06-22 22:43 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-06-22 22:43 - 2014-06-22 22:42 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-06-22 22:42 - 2014-06-22 22:42 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-06-22 22:42 - 2014-06-22 22:42 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-06-22 22:42 - 2014-06-22 22:42 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-06-22 22:42 - 2014-06-22 22:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-06-22 22:38 - 2014-06-22 22:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-06-22 22:35 - 2014-06-22 22:38 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-06-22 22:35 - 2014-06-22 22:38 - 00000000 ____D () C:\Program Files\iTunes
2014-06-22 22:35 - 2014-06-22 22:35 - 00000000 ____D () C:\Program Files\iPod
2014-06-22 22:27 - 2014-06-22 22:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-06-22 22:27 - 2014-06-22 22:27 - 00000000 ____D () C:\Program Files\QuickTime
2014-06-21 14:44 - 2014-05-28 18:48 - 12356608 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-21 14:44 - 2014-05-28 18:39 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-21 14:44 - 2014-05-28 18:38 - 09711104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-21 14:44 - 2014-05-28 18:33 - 01106432 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-21 14:44 - 2014-05-28 18:32 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-21 14:44 - 2014-05-28 18:32 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-21 14:44 - 2014-05-28 18:31 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-06-21 14:44 - 2014-05-28 18:31 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-21 14:44 - 2014-05-28 18:30 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-21 14:44 - 2014-05-28 18:30 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-06-21 14:44 - 2014-05-28 18:30 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-21 14:44 - 2014-05-28 18:30 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-21 14:44 - 2014-05-28 18:30 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-21 14:44 - 2014-05-28 18:30 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-21 14:44 - 2014-05-28 18:30 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-06-21 14:44 - 2014-05-28 18:29 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-21 14:44 - 2014-05-28 18:29 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-21 14:44 - 2014-05-28 18:29 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-21 14:44 - 2014-05-28 18:29 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-06-21 14:44 - 2014-05-28 18:29 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-06-21 14:44 - 2014-05-28 18:28 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-21 14:44 - 2014-04-26 18:01 - 00502784 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-21 14:44 - 2014-04-05 04:42 - 00905664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-21 14:44 - 2014-03-10 03:22 - 01401344 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-21 14:44 - 2014-03-10 03:22 - 01248768 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-06 17:28 - 2014-06-06 17:28 - 00000016 ____H () C:\Users\Rainer\Desktop\SyncToy_9e443bad-f56c-402f-88c9-42a76b97b17d.dat
2014-06-03 12:14 - 2014-06-03 12:14 - 00021936 _____ () C:\00070001.emf
2014-06-03 12:14 - 2014-06-03 12:14 - 00021936 _____ () C:\00060001.emf
2014-06-03 12:14 - 2014-06-03 12:14 - 00000371 _____ () C:\JOB00007.INI
2014-06-03 12:14 - 2014-06-03 12:14 - 00000371 _____ () C:\JOB00006.INI

==================== One Month Modified Files and Folders =======

2014-07-03 14:28 - 2014-07-03 11:05 - 00022471 _____ () C:\Users\Rainer\Desktop\FRST.txt
2014-07-03 14:26 - 2014-07-03 11:04 - 00000000 ____D () C:\FRST
2014-07-03 14:26 - 2009-04-27 09:08 - 00000041 _____ () C:\Windows\Filzip.ini
2014-07-03 14:24 - 2010-12-08 19:50 - 00000422 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{98615E68-E061-4150-859F-1819AC633BEB}.job
2014-07-03 14:22 - 2014-07-03 14:22 - 00002776 _____ () C:\Users\Rainer\Desktop\JRT.txt
2014-07-03 14:18 - 2013-06-16 00:14 - 00000000 ____D () C:\Windows\ERUNT
2014-07-03 14:17 - 2014-07-03 14:17 - 01016261 _____ (Thisisu) C:\Users\Rainer\Downloads\JRT.exe
2014-07-03 14:16 - 2014-07-03 14:16 - 00002255 _____ () C:\Users\Rainer\Desktop\AdwCleaner[S1].txt
2014-07-03 14:16 - 2008-05-21 11:09 - 02047506 _____ () C:\Windows\WindowsUpdate.log
2014-07-03 14:09 - 2010-01-06 12:22 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-03 14:08 - 2014-07-03 14:08 - 00000306 _____ () C:\Windows\PFRO.log
2014-07-03 14:08 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-03 14:08 - 2006-11-02 14:47 - 00003168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-03 14:08 - 2006-11-02 14:47 - 00003168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-03 14:07 - 2013-10-24 11:12 - 00000000 ____D () C:\AdwCleaner
2014-07-03 14:07 - 2008-05-07 18:20 - 00000012 _____ () C:\Windows\bthservsdp.dat
2014-07-03 14:07 - 2006-11-02 15:01 - 00032514 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-07-03 14:01 - 2014-07-03 14:01 - 01346519 _____ () C:\Users\Rainer\Downloads\adwcleaner_3.214.exe
2014-07-03 13:58 - 2014-07-03 10:00 - 00000000 ____D () C:\Users\Rainer\AppData\Roaming\Nico Mak Computing
2014-07-03 13:34 - 2014-06-22 22:44 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-03 13:31 - 2010-01-06 12:22 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-03 13:09 - 2014-07-03 13:09 - 00035840 _____ () C:\Users\Rainer\Downloads\FRST.txt
2014-07-03 11:24 - 2014-07-03 10:56 - 00005570 _____ () C:\Users\Rainer\Desktop\log.xml
2014-07-03 11:13 - 2014-07-03 11:13 - 452283792 _____ () C:\Windows\MEMORY.DMP
2014-07-03 11:13 - 2014-07-03 11:13 - 00143640 _____ () C:\Windows\Minidump\Mini070314-01.dmp
2014-07-03 11:13 - 2011-01-22 11:12 - 00000000 ____D () C:\Windows\Minidump
2014-07-03 11:07 - 2014-07-03 11:07 - 00380416 _____ () C:\Users\Rainer\Desktop\Gmer-19357.exe
2014-07-03 11:06 - 2014-07-03 11:06 - 00042474 _____ () C:\Users\Rainer\Desktop\Addition.txt
2014-07-03 11:04 - 2014-07-03 11:04 - 01073664 _____ (Farbar) C:\Users\Rainer\Desktop\FRST.exe
2014-07-03 11:03 - 2014-07-03 11:03 - 00000474 _____ () C:\Users\Rainer\Desktop\defogger_disable.log
2014-07-03 11:03 - 2014-07-03 11:03 - 00000000 _____ () C:\Users\Rainer\defogger_reenable
2014-07-03 11:03 - 2008-05-21 11:13 - 00000000 ____D () C:\Users\Rainer
2014-07-03 11:02 - 2014-07-03 11:02 - 00050477 _____ () C:\Users\Rainer\Desktop\Defogger.exe
2014-07-03 10:00 - 2014-07-03 10:00 - 04892480 _____ (WinZip International LLC ) C:\Users\Rainer\Desktop\wzmp_8.exe
2014-07-03 09:55 - 2013-06-16 00:00 - 00000000 ____D () C:\Users\Rainer\AppData\Roaming\Malwarebytes
2014-07-03 09:55 - 2013-06-16 00:00 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-03 09:55 - 2013-06-16 00:00 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-07-03 09:49 - 2011-03-31 15:42 - 00000000 ____D () C:\Users\Rainer\AppData\Roaming\KeePass
2014-07-01 11:26 - 2006-11-02 12:33 - 01575892 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-30 17:45 - 2013-04-05 10:41 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-06-30 15:10 - 2011-11-06 20:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-06-30 15:09 - 2008-06-09 16:52 - 00000000 ____D () C:\Program Files\CCleaner
2014-06-30 09:18 - 2008-05-21 20:22 - 00000000 ____D () C:\Users\Rainer\Documents\DKV
2014-06-26 16:39 - 2010-03-03 16:40 - 00000000 ____D () C:\Users\Rainer\AppData\Roaming\Mp3tag
2014-06-26 16:27 - 2014-05-07 10:03 - 00000000 ____D () C:\Users\Rainer\AppData\Roaming\vlc
2014-06-24 09:37 - 2011-03-31 15:42 - 00042574 _____ () C:\Users\Rainer\Documents\Paswörter.kdbx
2014-06-23 15:45 - 2008-05-21 20:24 - 00000000 ____D () C:\Users\Rainer\Documents\Urlaube
2014-06-22 22:57 - 2012-12-03 08:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-06-22 22:44 - 2012-03-29 11:12 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-06-22 22:44 - 2011-09-05 10:56 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-06-22 22:43 - 2014-06-22 22:43 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-06-22 22:42 - 2014-06-22 22:43 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-06-22 22:42 - 2014-06-22 22:42 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-06-22 22:42 - 2014-06-22 22:42 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-06-22 22:42 - 2014-06-22 22:42 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-06-22 22:42 - 2014-06-22 22:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-06-22 22:42 - 2008-08-06 16:40 - 00000000 ____D () C:\Program Files\Java
2014-06-22 22:38 - 2014-06-22 22:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-06-22 22:38 - 2014-06-22 22:35 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-06-22 22:38 - 2014-06-22 22:35 - 00000000 ____D () C:\Program Files\iTunes
2014-06-22 22:35 - 2014-06-22 22:35 - 00000000 ____D () C:\Program Files\iPod
2014-06-22 22:35 - 2009-09-15 18:55 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-06-22 22:31 - 2009-02-03 11:34 - 00000000 ____D () C:\ProgramData\Apple
2014-06-22 22:27 - 2014-06-22 22:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-06-22 22:27 - 2014-06-22 22:27 - 00000000 ____D () C:\Program Files\QuickTime
2014-06-21 14:49 - 2013-07-12 08:55 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-21 14:46 - 2006-11-02 12:24 - 92708840 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-06-06 17:28 - 2014-06-06 17:28 - 00000016 ____H () C:\Users\Rainer\Desktop\SyncToy_9e443bad-f56c-402f-88c9-42a76b97b17d.dat
2014-06-06 12:54 - 2013-02-07 12:25 - 00000000 ____D () C:\Users\Rainer\AppData\Roaming\foobar2000
2014-06-05 10:34 - 2009-06-12 15:19 - 00002452 _____ () C:\Users\Rainer\AppData\Roaming\wklnhst.dat
2014-06-03 12:18 - 2008-05-22 20:25 - 00101162 _____ () C:\Windows\system32\RKSFAX
2014-06-03 12:14 - 2014-06-03 12:14 - 00021936 _____ () C:\00070001.emf
2014-06-03 12:14 - 2014-06-03 12:14 - 00021936 _____ () C:\00060001.emf
2014-06-03 12:14 - 2014-06-03 12:14 - 00000371 _____ () C:\JOB00007.INI
2014-06-03 12:14 - 2014-06-03 12:14 - 00000371 _____ () C:\JOB00006.INI

Files to move or delete:
====================
C:\Users\Rainer\SyncToy_8afbcb92-e375-4102-a4c8-cde9f61430a5.dat


Some content of TEMP:
====================
C:\Users\Rainer\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-03 14:18

==================== End Of Log ============================
--- --- ---

cosinus 03.07.2014 14:08
Bitte auch ne neue Addition.txt erstellen, dazu FRST starten und einen Haken setzen bei Addition.txt, dann auf Scan klicken.

http://saved.im/mtg0mjy4yjlu/2014-04...ryscantool.png

Ottifant 03.07.2014 14:22
Anbei die beiden Ergebnisse von FRST


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:01-07-2014
Ran by Rainer (administrator) on AMILO-LAPTOP on 03-07-2014 15:18:26
Running from C:\Users\Rainer\Desktop
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Motorola Inc.) C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
(Lexmark International Inc.) C:\Program Files\Lexmark 9300 Series\ezprint.exe
(C&E) C:\Program Files\C&E\OSD\osd.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files\RKS Fax\rksfax_control.exe
() C:\Program Files\Lexmark 9300 Series\lxcqmon.exe
(Geek Software GmbH) C:\Program Files\PDF24\pdf24.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
( ) C:\Windows\System32\lxcqcoms.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Google) C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
(Fujitsu Siemens Computers) C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe
(PacketVideo) C:\Program Files\TwonkyMedia\twonkymediaserverwatchdog.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-18] (Microsoft Corporation)
HKLM\...\Run: [StartCCC] => c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [90112 2006-11-10] ()
HKLM\...\Run: [SMSERIAL] => C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [630784 2006-11-22] (Motorola Inc.)
HKLM\...\Run: [JMB36X IDE Setup] => C:\Windows\RaidTool\xInsIDE.exe [36864 2007-03-20] ()
HKLM\...\Run: [recinfo742] => c:\RecInfo\RecInfo.exe [2764800 2007-10-23] ()
HKLM\...\Run: [EzPrint] => C:\Program Files\Lexmark 9300 Series\ezprint.exe [82864 2006-12-05] (Lexmark International Inc.)
HKLM\...\Run: [LXCQCATS] => C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCQtime.dll [106496 2006-11-21] (Lexmark International Inc.)
HKLM\...\Run: [OSD] => C:\Program Files\C&E\OSD\osd.exe [561152 2007-09-20] (C&E)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4468736 2007-05-10] (Realtek Semiconductor)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [1387288 2011-10-07] (Logitech, Inc.)
HKLM\...\Run: [RKS Fax Print Controller] => C:\Program Files\RKS Fax\rksfax_control.exe [3915784 2008-06-02] ()
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-04-23] (Apple Inc.)
HKLM\...\Run: [lxcqmon.exe] => C:\Program Files\Lexmark 9300 Series\lxcqmon.exe [291760 2007-01-11] ()
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [PDFPrint] => C:\Program Files\PDF24\pdf24.exe [162856 2013-07-22] (Geek Software GmbH)
HKLM\...\Run: [KeePass 2 PreLoad] => C:\Program Files\KeePass Password Safe 2\KeePass.exe [2065408 2013-11-03] (Dominik Reichl)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3890208 2014-06-06] (AVAST Software)
HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1826816 2007-05-07] (Realtek Semiconductor Corp.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKU\S-1-5-21-2449479715-2319816545-2623231108-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-18] (Microsoft Corporation)
HKU\S-1-5-21-2449479715-2319816545-2623231108-1000\...\Run: [A278FE6F0949773C9832532327141AFC9293ADF5._service_run] => C:\Program Files\Google\Chrome\Application\chrome.exe [860488 2014-06-05] (Google Inc.)
HKU\S-1-5-21-2449479715-2319816545-2623231108-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-18] (Microsoft Corporation)
HKU\S-1-5-21-2449479715-2319816545-2623231108-1000\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x91000000
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Google Calendar Sync.lnk
ShortcutTarget: Google Calendar Sync.lnk -> C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe (Google)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: GDriveBlacklistedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedEditOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedViewOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncingOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

ProxyServer: :0
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.msn.com/?ocid=EIE9HP&PC=UP50
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {8154D496-92A4-4BE2-B5BF-EE6EDDAB0680} URL = hxxp://www.sm.de/?q={searchTerms}
SearchScopes: HKCU - {8154D496-92A4-4BE2-B5BF-EE6EDDAB0680} URL = hxxp://www.sm.de/?q={searchTerms}
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
BHO: AusweisApp 1.8.0.0 - {C9EE92B7-EDD5-4ad9-8029-2EC6818E653A} - C:\Program Files\AusweisApp\siqeCardClient.ols (OpenLimit SignCubes AG)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: avast! Ad Blocker - {FFCB3198-32F3-4E8B-9539-4324694ED663} - C:\Program Files\AVAST Software\avast! Ad Blocker IE\Adblocker32.dll (AVAST Software)
Toolbar: HKLM - No Name - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} -  No File
Toolbar: HKCU - &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} -  No File
DPF: {BB608966-BC14-4875-9F63-853E5851A2B6} hxxp://download.microsoft.com/download/0/4/C/04CF1236-3181-4F87-8382-B56CCA6C15CF/pmupd806.exe
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{ACC1DE24-9C8A-425E-8DAF-19BAF870A1A1}: [NameServer]195.50.140.178 195.50.140.252

FireFox:
========
FF ProfilePath: C:\Users\Rainer\AppData\Roaming\Mozilla\Firefox\Profiles\3xug5btu.default
FF SearchEngineOrder.1: SuchMaschine
FF Homepage: hxxp://www.spiegel.de/
FF NetworkProxy: "ftp", "178.33.105.59"
FF NetworkProxy: "ftp_port", 3128
FF NetworkProxy: "http", "178.33.105.59"
FF NetworkProxy: "http_port", 3128
FF NetworkProxy: "no_proxies_on", "localhost, 127.0.0.1, stealthy.co"
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "178.33.105.59"
FF NetworkProxy: "socks_port", 3128
FF NetworkProxy: "ssl", "178.33.105.59"
FF NetworkProxy: "ssl_port", 3128
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_125.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @google.com/npPicasa2,version=2.0.0 - C:\Program Files\Picasa2\npPicasa2.dll No File
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.60.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101753.dll (Amazon.com, Inc.)
FF SearchPlugin: C:\Users\Rainer\AppData\Roaming\Mozilla\Firefox\Profiles\3xug5btu.default\searchplugins\search_engine.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: NoSquint - C:\Users\Rainer\AppData\Roaming\Mozilla\Firefox\Profiles\3xug5btu.default\Extensions\nosquint@urandom.ca.xpi [2013-04-05]
FF Extension: Adblock Plus - C:\Users\Rainer\AppData\Roaming\Mozilla\Firefox\Profiles\3xug5btu.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-06-16]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-11]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-06-16]

Chrome:
=======
CHR HomePage:
CHR Extension: (Google Docs) - C:\Users\Rainer\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-05]
CHR Extension: (Google Drive) - C:\Users\Rainer\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-05]
CHR Extension: (YouTube) - C:\Users\Rainer\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-05]
CHR Extension: (Google-Suche) - C:\Users\Rainer\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-05]
CHR Extension: (avast! Online Security) - C:\Users\Rainer\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-04-06]
CHR Extension: (Google Wallet) - C:\Users\Rainer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-05]
CHR Extension: (Google Mail) - C:\Users\Rainer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-05]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-05-04]

========================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-05-04] (AVAST Software)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 lxcq_device; C:\Windows\system32\lxcqcoms.exe [537520 2006-12-05] ( )
S2 OsdService; C:\Program Files\C&E\OSD\OsdService\OsdService.exe [53248 2007-09-03] () [File not signed]
S3 ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [633856 2011-06-08] (Nokia) [File not signed]
R2 TestHandler; C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe [204800 2006-12-08] (Fujitsu Siemens Computers) [File not signed]
R2 TwonkyMedia; C:\Program Files\TwonkyMedia\twonkymediaserverwatchdog.exe [472664 2010-07-28] (PacketVideo)

==================== Drivers (Whitelisted) ====================

S3 61883; C:\Windows\System32\DRIVERS\61883.sys [45696 2008-01-18] (Microsoft Corporation)
R2 acedrv09; C:\Windows\system32\drivers\acedrv09.sys [373568 2007-06-18] (Protect Software GmbH)
R2 acehlp09; C:\Windows\system32\drivers\acehlp09.sys [201696 2007-05-30] (Protect Software GmbH)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-05-04] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-05-04] (AVAST Software)
R1 AswRdr; C:\Windows\system32\drivers\aswRdr.sys [54832 2014-05-15] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-05-04] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [777488 2014-05-15] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [411680 2014-05-15] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57672 2014-05-04] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [180632 2014-05-04] ()
S3 Cam5603D; C:\Windows\System32\Drivers\BisonCam.sys [753456 2007-06-01] ()
R3 CEBFilter; C:\Program Files\C&E\OSD\OsdService\cebuffer.sys [5120 2007-09-04] (Windows (R) Codename Longhorn DDK provider) [File not signed]
R3 CEIO; C:\Program Files\C&E\OSD\OsdService\ceio.sys [4608 2007-08-31] (Windows (R) Codename Longhorn DDK provider) [File not signed]
R3 cKBFilter; C:\Program Files\C&E\OSD\OsdService\kbfiltr.sys [7168 2007-08-31] (Windows (R) Codename Longhorn DDK provider) [File not signed]
S3 GigasetGenericUSB; C:\Windows\System32\DRIVERS\GigasetGenericUSB.sys [44032 2013-04-25] (Siemens Home and Office Communication Devices GmbH & Co. KG)
R3 itecir; C:\Windows\System32\DRIVERS\itecir.sys [46592 2007-04-04] (Windows (R) Codename Longhorn DDK provider)
S3 ivusb; C:\Windows\System32\DRIVERS\ivusb.sys [25112 2010-07-29] (Initio Corporation)
R0 JRAID; C:\Windows\System32\drivers\jraid.sys [48256 2007-06-13] (JMicron Technology Corp.)
R3 LUsbFilt; C:\Windows\System32\Drivers\LUsbFilt.Sys [30360 2011-09-02] (Logitech, Inc.)
R1 PCLEPCI; C:\Windows\system32\drivers\pclepci.sys [14165 2002-03-19] (Pinnacle Systems GmbH) [File not signed]
R3 pfc; C:\Windows\System32\drivers\pfc.sys [9856 2008-05-26] (Padus, Inc.) [File not signed]
S3 PolarUSB; C:\Windows\System32\DRIVERS\PolarUSB.sys [17343 2001-07-12] (Polar Electro) [File not signed]
S3 SD11CL32; C:\Windows\System32\DRIVERS\SD11CL32.sys [82688 2011-01-24] (SCM Microsystems Inc.)
S3 SDI01132; C:\Windows\System32\DRIVERS\SDI01132.sys [65408 2011-01-24] (SCM Microsystems Inc.)
R0 Si3531; C:\Windows\System32\DRIVERS\Si3531.sys [212520 2009-02-05] (Silicon Image, Inc)
R0 SiFilter; C:\Windows\System32\DRIVERS\SiWinAcc.sys [17064 2009-02-05] (Silicon Image, Inc.)
S3 silabenm; C:\Windows\System32\DRIVERS\silabenm.sys [47176 2010-07-28] (Silicon Laboratories)
S3 silabser; C:\Windows\System32\DRIVERS\silabser.sys [58112 2010-07-28] (Silicon Laboratories)
R0 SiRemFil; C:\Windows\System32\DRIVERS\SiRemFil.sys [12200 2009-02-05] (Silicon Image, Inc.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)
S3 tbhsd; C:\Windows\System32\drivers\tbhsd.sys [37920 2011-08-29] (RapidSolution Software AG)
S4 uigxrdr; C:\Windows\System32\DRIVERS\uigxrdr.sys [144384 2011-11-16] (1&1 Mail & Media GmbH) [File not signed]
R1 UimBus; C:\Windows\System32\DRIVERS\UimBus.sys [32048 2008-09-26] (Windows (R) 2000 DDK provider)
R1 Uim_IM; C:\Windows\System32\Drivers\Uim_IM.sys [129824 2008-09-26] (Paragon)
S4 viamraid; C:\Windows\system32\drivers\viamraid.sys [102912 2006-11-08] (VIA Technologies inc,.ltd)
S3 WsAudio_DeviceS(1); C:\Windows\System32\drivers\WsAudio_DeviceS(1).sys [25704 2010-12-24] (Wondershare)
S3 WsAudio_DeviceS(2); C:\Windows\System32\drivers\WsAudio_DeviceS(2).sys [25704 2010-12-24] (Wondershare)
S3 WsAudio_DeviceS(3); C:\Windows\System32\drivers\WsAudio_DeviceS(3).sys [25704 2010-12-24] (Wondershare)
S3 WsAudio_DeviceS(4); C:\Windows\System32\drivers\WsAudio_DeviceS(4).sys [25704 2010-12-24] (Wondershare)
S3 WsAudio_DeviceS(5); C:\Windows\System32\drivers\WsAudio_DeviceS(5).sys [25704 2010-12-24] (Wondershare)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-18] (Microsoft Corporation)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 catchme; \??\C:\Users\Rainer\AppData\Local\Temp\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 PalmUSBD; system32\drivers\PalmUSBD.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-03 14:22 - 2014-07-03 14:22 - 00002776 _____ () C:\Users\Rainer\Desktop\JRT.txt
2014-07-03 14:17 - 2014-07-03 14:17 - 01016261 _____ (Thisisu) C:\Users\Rainer\Downloads\JRT.exe
2014-07-03 14:16 - 2014-07-03 14:16 - 00002255 _____ () C:\Users\Rainer\Desktop\AdwCleaner[S1].txt
2014-07-03 14:08 - 2014-07-03 14:08 - 00000306 _____ () C:\Windows\PFRO.log
2014-07-03 14:03 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-07-03 14:01 - 2014-07-03 14:01 - 01346519 _____ () C:\Users\Rainer\Downloads\adwcleaner_3.214.exe
2014-07-03 13:09 - 2014-07-03 13:09 - 00035840 _____ () C:\Users\Rainer\Downloads\FRST.txt
2014-07-03 11:13 - 2014-07-03 11:13 - 452283792 _____ () C:\Windows\MEMORY.DMP
2014-07-03 11:13 - 2014-07-03 11:13 - 00143640 _____ () C:\Windows\Minidump\Mini070314-01.dmp
2014-07-03 11:07 - 2014-07-03 11:07 - 00380416 _____ () C:\Users\Rainer\Desktop\Gmer-19357.exe
2014-07-03 11:06 - 2014-07-03 11:06 - 00042474 _____ () C:\Users\Rainer\Desktop\Addition.txt
2014-07-03 11:05 - 2014-07-03 15:18 - 00022424 _____ () C:\Users\Rainer\Desktop\FRST.txt
2014-07-03 11:04 - 2014-07-03 15:18 - 00000000 ____D () C:\FRST
2014-07-03 11:04 - 2014-07-03 11:04 - 01073664 _____ (Farbar) C:\Users\Rainer\Desktop\FRST.exe
2014-07-03 11:03 - 2014-07-03 11:03 - 00000474 _____ () C:\Users\Rainer\Desktop\defogger_disable.log
2014-07-03 11:03 - 2014-07-03 11:03 - 00000000 _____ () C:\Users\Rainer\defogger_reenable
2014-07-03 11:02 - 2014-07-03 11:02 - 00050477 _____ () C:\Users\Rainer\Desktop\Defogger.exe
2014-07-03 10:56 - 2014-07-03 11:24 - 00005570 _____ () C:\Users\Rainer\Desktop\log.xml
2014-07-03 10:00 - 2014-07-03 13:58 - 00000000 ____D () C:\Users\Rainer\AppData\Roaming\Nico Mak Computing
2014-07-03 10:00 - 2014-07-03 10:00 - 04892480 _____ (WinZip International LLC ) C:\Users\Rainer\Desktop\wzmp_8.exe
2014-06-22 22:44 - 2014-07-03 14:34 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-22 22:43 - 2014-06-22 22:43 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-06-22 22:43 - 2014-06-22 22:42 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-06-22 22:42 - 2014-06-22 22:42 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-06-22 22:42 - 2014-06-22 22:42 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-06-22 22:42 - 2014-06-22 22:42 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-06-22 22:42 - 2014-06-22 22:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-06-22 22:38 - 2014-06-22 22:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-06-22 22:35 - 2014-06-22 22:38 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-06-22 22:35 - 2014-06-22 22:38 - 00000000 ____D () C:\Program Files\iTunes
2014-06-22 22:35 - 2014-06-22 22:35 - 00000000 ____D () C:\Program Files\iPod
2014-06-22 22:27 - 2014-06-22 22:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-06-22 22:27 - 2014-06-22 22:27 - 00000000 ____D () C:\Program Files\QuickTime
2014-06-21 14:44 - 2014-05-28 18:48 - 12356608 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-21 14:44 - 2014-05-28 18:39 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-21 14:44 - 2014-05-28 18:38 - 09711104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-21 14:44 - 2014-05-28 18:33 - 01106432 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-21 14:44 - 2014-05-28 18:32 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-21 14:44 - 2014-05-28 18:32 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-21 14:44 - 2014-05-28 18:31 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-06-21 14:44 - 2014-05-28 18:31 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-21 14:44 - 2014-05-28 18:30 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-21 14:44 - 2014-05-28 18:30 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-06-21 14:44 - 2014-05-28 18:30 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-21 14:44 - 2014-05-28 18:30 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-21 14:44 - 2014-05-28 18:30 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-21 14:44 - 2014-05-28 18:30 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-21 14:44 - 2014-05-28 18:30 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-06-21 14:44 - 2014-05-28 18:29 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-21 14:44 - 2014-05-28 18:29 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-21 14:44 - 2014-05-28 18:29 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-21 14:44 - 2014-05-28 18:29 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-06-21 14:44 - 2014-05-28 18:29 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-06-21 14:44 - 2014-05-28 18:28 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-21 14:44 - 2014-04-26 18:01 - 00502784 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-21 14:44 - 2014-04-05 04:42 - 00905664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-21 14:44 - 2014-03-10 03:22 - 01401344 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-21 14:44 - 2014-03-10 03:22 - 01248768 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-06 17:28 - 2014-06-06 17:28 - 00000016 ____H () C:\Users\Rainer\Desktop\SyncToy_9e443bad-f56c-402f-88c9-42a76b97b17d.dat
2014-06-03 12:14 - 2014-06-03 12:14 - 00021936 _____ () C:\00070001.emf
2014-06-03 12:14 - 2014-06-03 12:14 - 00021936 _____ () C:\00060001.emf
2014-06-03 12:14 - 2014-06-03 12:14 - 00000371 _____ () C:\JOB00007.INI
2014-06-03 12:14 - 2014-06-03 12:14 - 00000371 _____ () C:\JOB00006.INI

==================== One Month Modified Files and Folders =======

2014-07-03 15:18 - 2014-07-03 11:05 - 00022424 _____ () C:\Users\Rainer\Desktop\FRST.txt
2014-07-03 15:18 - 2014-07-03 11:04 - 00000000 ____D () C:\FRST
2014-07-03 15:18 - 2009-04-27 09:08 - 00000041 _____ () C:\Windows\Filzip.ini
2014-07-03 15:14 - 2010-12-08 19:50 - 00000422 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{98615E68-E061-4150-859F-1819AC633BEB}.job
2014-07-03 15:11 - 2008-05-21 11:09 - 02047690 _____ () C:\Windows\WindowsUpdate.log
2014-07-03 14:41 - 2006-11-02 12:33 - 01598576 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-03 14:34 - 2014-06-22 22:44 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-03 14:31 - 2010-01-06 12:22 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-03 14:22 - 2014-07-03 14:22 - 00002776 _____ () C:\Users\Rainer\Desktop\JRT.txt
2014-07-03 14:18 - 2013-06-16 00:14 - 00000000 ____D () C:\Windows\ERUNT
2014-07-03 14:17 - 2014-07-03 14:17 - 01016261 _____ (Thisisu) C:\Users\Rainer\Downloads\JRT.exe
2014-07-03 14:16 - 2014-07-03 14:16 - 00002255 _____ () C:\Users\Rainer\Desktop\AdwCleaner[S1].txt
2014-07-03 14:09 - 2010-01-06 12:22 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-03 14:08 - 2014-07-03 14:08 - 00000306 _____ () C:\Windows\PFRO.log
2014-07-03 14:08 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-03 14:08 - 2006-11-02 14:47 - 00003168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-03 14:08 - 2006-11-02 14:47 - 00003168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-03 14:07 - 2013-10-24 11:12 - 00000000 ____D () C:\AdwCleaner
2014-07-03 14:07 - 2008-05-07 18:20 - 00000012 _____ () C:\Windows\bthservsdp.dat
2014-07-03 14:07 - 2006-11-02 15:01 - 00032514 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-07-03 14:01 - 2014-07-03 14:01 - 01346519 _____ () C:\Users\Rainer\Downloads\adwcleaner_3.214.exe
2014-07-03 13:58 - 2014-07-03 10:00 - 00000000 ____D () C:\Users\Rainer\AppData\Roaming\Nico Mak Computing
2014-07-03 13:09 - 2014-07-03 13:09 - 00035840 _____ () C:\Users\Rainer\Downloads\FRST.txt
2014-07-03 11:24 - 2014-07-03 10:56 - 00005570 _____ () C:\Users\Rainer\Desktop\log.xml
2014-07-03 11:13 - 2014-07-03 11:13 - 452283792 _____ () C:\Windows\MEMORY.DMP
2014-07-03 11:13 - 2014-07-03 11:13 - 00143640 _____ () C:\Windows\Minidump\Mini070314-01.dmp
2014-07-03 11:13 - 2011-01-22 11:12 - 00000000 ____D () C:\Windows\Minidump
2014-07-03 11:07 - 2014-07-03 11:07 - 00380416 _____ () C:\Users\Rainer\Desktop\Gmer-19357.exe
2014-07-03 11:06 - 2014-07-03 11:06 - 00042474 _____ () C:\Users\Rainer\Desktop\Addition.txt
2014-07-03 11:04 - 2014-07-03 11:04 - 01073664 _____ (Farbar) C:\Users\Rainer\Desktop\FRST.exe
2014-07-03 11:03 - 2014-07-03 11:03 - 00000474 _____ () C:\Users\Rainer\Desktop\defogger_disable.log
2014-07-03 11:03 - 2014-07-03 11:03 - 00000000 _____ () C:\Users\Rainer\defogger_reenable
2014-07-03 11:03 - 2008-05-21 11:13 - 00000000 ____D () C:\Users\Rainer
2014-07-03 11:02 - 2014-07-03 11:02 - 00050477 _____ () C:\Users\Rainer\Desktop\Defogger.exe
2014-07-03 10:00 - 2014-07-03 10:00 - 04892480 _____ (WinZip International LLC ) C:\Users\Rainer\Desktop\wzmp_8.exe
2014-07-03 09:55 - 2013-06-16 00:00 - 00000000 ____D () C:\Users\Rainer\AppData\Roaming\Malwarebytes
2014-07-03 09:55 - 2013-06-16 00:00 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-03 09:55 - 2013-06-16 00:00 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-07-03 09:49 - 2011-03-31 15:42 - 00000000 ____D () C:\Users\Rainer\AppData\Roaming\KeePass
2014-06-30 17:45 - 2013-04-05 10:41 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-06-30 15:10 - 2011-11-06 20:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-06-30 15:09 - 2008-06-09 16:52 - 00000000 ____D () C:\Program Files\CCleaner
2014-06-30 09:18 - 2008-05-21 20:22 - 00000000 ____D () C:\Users\Rainer\Documents\DKV
2014-06-26 16:39 - 2010-03-03 16:40 - 00000000 ____D () C:\Users\Rainer\AppData\Roaming\Mp3tag
2014-06-26 16:27 - 2014-05-07 10:03 - 00000000 ____D () C:\Users\Rainer\AppData\Roaming\vlc
2014-06-24 09:37 - 2011-03-31 15:42 - 00042574 _____ () C:\Users\Rainer\Documents\Paswörter.kdbx
2014-06-23 15:45 - 2008-05-21 20:24 - 00000000 ____D () C:\Users\Rainer\Documents\Urlaube
2014-06-22 22:57 - 2012-12-03 08:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-06-22 22:44 - 2012-03-29 11:12 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-06-22 22:44 - 2011-09-05 10:56 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-06-22 22:43 - 2014-06-22 22:43 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-06-22 22:42 - 2014-06-22 22:43 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-06-22 22:42 - 2014-06-22 22:42 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-06-22 22:42 - 2014-06-22 22:42 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-06-22 22:42 - 2014-06-22 22:42 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-06-22 22:42 - 2014-06-22 22:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-06-22 22:42 - 2008-08-06 16:40 - 00000000 ____D () C:\Program Files\Java
2014-06-22 22:38 - 2014-06-22 22:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-06-22 22:38 - 2014-06-22 22:35 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-06-22 22:38 - 2014-06-22 22:35 - 00000000 ____D () C:\Program Files\iTunes
2014-06-22 22:35 - 2014-06-22 22:35 - 00000000 ____D () C:\Program Files\iPod
2014-06-22 22:35 - 2009-09-15 18:55 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-06-22 22:31 - 2009-02-03 11:34 - 00000000 ____D () C:\ProgramData\Apple
2014-06-22 22:27 - 2014-06-22 22:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-06-22 22:27 - 2014-06-22 22:27 - 00000000 ____D () C:\Program Files\QuickTime
2014-06-21 14:49 - 2013-07-12 08:55 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-21 14:46 - 2006-11-02 12:24 - 92708840 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-06-06 17:28 - 2014-06-06 17:28 - 00000016 ____H () C:\Users\Rainer\Desktop\SyncToy_9e443bad-f56c-402f-88c9-42a76b97b17d.dat
2014-06-06 12:54 - 2013-02-07 12:25 - 00000000 ____D () C:\Users\Rainer\AppData\Roaming\foobar2000
2014-06-05 10:34 - 2009-06-12 15:19 - 00002452 _____ () C:\Users\Rainer\AppData\Roaming\wklnhst.dat
2014-06-03 12:18 - 2008-05-22 20:25 - 00101162 _____ () C:\Windows\system32\RKSFAX
2014-06-03 12:14 - 2014-06-03 12:14 - 00021936 _____ () C:\00070001.emf
2014-06-03 12:14 - 2014-06-03 12:14 - 00021936 _____ () C:\00060001.emf
2014-06-03 12:14 - 2014-06-03 12:14 - 00000371 _____ () C:\JOB00007.INI
2014-06-03 12:14 - 2014-06-03 12:14 - 00000371 _____ () C:\JOB00006.INI

Files to move or delete:
====================
C:\Users\Rainer\SyncToy_8afbcb92-e375-4102-a4c8-cde9f61430a5.dat


Some content of TEMP:
====================
C:\Users\Rainer\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-03 14:18

==================== End Of Log ============================
--- --- ---


und das zweite

Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version:01-07-2014
Ran by Rainer at 2014-07-03 15:19:03
Running from C:\Users\Rainer\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

ABBYY FineReader 6.0 Sprint (HKLM\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.1784.41616 - ABBYY Software House)
Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.125 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.125 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM\...\Adobe Shockwave Player) (Version: 12.0.7.148 - Adobe Systems, Inc.)
AGEIA PhysX v7.11.13 (HKLM\...\{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}) (Version: 7.11.13 - AGEIA Technologies, Inc.)
Album Art Downloader XUI 1.00 (HKLM\...\Album Art Downloader XUI) (Version: 1.00 - hxxp://sourceforge.net/projects/album-art)
Amazon MP3-Downloader 1.0.17 (HKLM\...\Amazon MP3-Downloader) (Version: 1.0.17 - Amazon Services LLC)
Apple Application Support (HKLM\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audiograbber 1.83 SE  (HKLM\...\Audiograbber) (Version: 1.83 SE  - Audiograbber Deutschland)
Audiograbber Lame-MP3-Plugin (HKLM\...\Audiograbber-Lame) (Version: 1.0 - AG)
AusweisApp (HKLM\...\{EE56DCD1-13FD-435B-BC4C-EE8CD83FF17A}) (Version: 1.8.0 - OpenLimit SignCubes AG)
avast! Ad Blocker (HKLM\...\{021C6667-63D3-4416-B537-865E77F4DF4F}) (Version: 1.0.0.0 - AVAST Software)
avast! Free Antivirus (HKLM\...\avast) (Version: 9.0.2018 - Avast Software)
Bengal (VOLLVERSION) (HKLM\...\Bengal (VOLLVERSION)) (Version: 1.0.1.0 - INTENIUM GmbH)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Catalyst Control Center Core Implementation (Version: 2007.1205.1451.26462 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (Version: 2007.1205.1451.26462 - ATI) Hidden
Catalyst Control Center Graphics Full New (Version: 2007.1205.1451.26462 - ATI) Hidden
Catalyst Control Center Graphics Light (Version: 2007.1205.1451.26462 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (Version: 2007.1205.1451.26462 - ATI) Hidden
Catalyst Control Center Localization Chinese Standard (Version: 2007.1205.1451.26462 - ATI) Hidden
Catalyst Control Center Localization Chinese Traditional (Version: 2007.1205.1451.26462 - ATI) Hidden
Catalyst Control Center Localization Dutch (Version: 2007.1205.1451.26462 - ATI) Hidden
Catalyst Control Center Localization French (Version: 2007.1205.1451.26462 - ATI) Hidden
Catalyst Control Center Localization German (Version: 2007.1205.1451.26462 - ATI) Hidden
Catalyst Control Center Localization Italian (Version: 2007.1205.1451.26462 - ATI) Hidden
Catalyst Control Center Localization Japanese (Version: 2007.1205.1451.26462 - ATI) Hidden
Catalyst Control Center Localization Korean (Version: 2007.1205.1451.26462 - ATI) Hidden
Catalyst Control Center Localization Portuguese (Version: 2007.1205.1451.26462 - ATI) Hidden
Catalyst Control Center Localization Spanish (Version: 2007.1205.1451.26462 - ATI) Hidden
Catalyst Control Center Localization Swedish (Version: 2007.1205.1451.26462 - ATI) Hidden
CCC Help Chinese Standard (Version: 2007.1205.1450.26462 - ATI) Hidden
CCC Help Chinese Traditional (Version: 2007.1205.1450.26462 - ATI) Hidden
CCC Help Dutch (Version: 2007.1205.1450.26462 - ATI) Hidden
CCC Help English (Version: 2007.1205.1450.26462 - ATI) Hidden
CCC Help French (Version: 2007.1205.1450.26462 - ATI) Hidden
CCC Help German (Version: 2007.1205.1450.26462 - ATI) Hidden
CCC Help Italian (Version: 2007.1205.1450.26462 - ATI) Hidden
CCC Help Japanese (Version: 2007.1205.1450.26462 - ATI) Hidden
CCC Help Korean (Version: 2007.1205.1450.26462 - ATI) Hidden
CCC Help Portuguese (Version: 2007.1205.1450.26462 - ATI) Hidden
CCC Help Spanish (Version: 2007.1205.1450.26462 - ATI) Hidden
CCC Help Swedish (Version: 2007.1205.1450.26462 - ATI) Hidden
ccc-core-static (Version: 2007.1205.1451.26462 - Ihr Firmenname) Hidden
ccc-utility (Version: 2007.1205.1451.26462 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.15 - Piriform)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.1.4003 - CDBurnerXP)
ClocX (1.4) (HKLM\...\ClocX) (Version:  - )
Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
DEUTSCHLAND SPIELT GAME CENTER (HKLM\...\DSGPlayer) (Version: 1.2009.10.29 - INTENIUM GmbH)
Dream Pinball 3D Demo (HKLM\...\Dream Pinball 3D Demo) (Version: 1.00 - TopWare Interactive Inc.)
Dropbox (HKCU\...\Dropbox) (Version: 2.8.0 - Dropbox, Inc.)
Duden Deutsch 3 (HKLM\...\Duden Deutsch 3_is1) (Version:  - Duden Paetec)
Duden Deutsch 4 (HKLM\...\Duden Deutsch 4_is1) (Version:  - Duden Paetec)
Duden Langenscheidt Englisch 3 (HKLM\...\Duden Langenscheidt Englisch 3_is1) (Version:  - Duden PaeTec Schulbuchverlag)
Duden Langenscheidt Englisch 4 (HKLM\...\Duden Langenscheidt Englisch 4_is1) (Version:  - Duden PaeTec Schulbuchverlag)
Duden Mathematik 3 (HKLM\...\Duden Mathematik 3_is1) (Version:  - Duden Paetec)
Duden Mathematik 4 (HKLM\...\Duden Mathematik 4_is1) (Version:  - Duden Paetec)
eReg (Version: 1.20.138.34 - Logitech, Inc.) Hidden
EVEREST Ultimate Edition v4.60 (HKLM\...\EVEREST Ultimate Edition_is1) (Version: 4.60 - Lavalys, Inc.)
Exact Audio Copy 1.0beta3 (HKLM\...\Exact Audio Copy) (Version: 1.0beta3 - Andre Wiethoff)
FastStone Capture 5.3 (HKLM\...\FastStone Capture) (Version: 5.3 - FastStone Soft)
Filzip 3.06 (HKLM\...\Filzip 3.0.6.93_is1) (Version: 3.0.6 - Philipp Engel)
FirstSteps Diagnostics (HKLM\...\{94D66D71-12F0-48A5-B46A-D4B835A0F1B7}) (Version: 1.00 - Fujitsu Siemens Computers)
foobar2000 v1.2.9 (HKLM\...\foobar2000) (Version: 1.2.9 - Peter Pawlowski)
FormatFactory 3.0.1 (HKLM\...\FormatFactory) (Version: 3.0.1 - Free Time)
FSCLounge (HKLM\...\{9A3BC157-B94F-4EFD-ABA9-1E56DEB00655}) (Version: 1.0.0 - Fujitsu Siemens Computers)
Gigaset QuickSync (HKLM\...\{b49e8cfb-f094-4467-925a-97c23972cb50}) (Version: 8.3.0868.3 - Gigaset Communications GmbH)
GMX Upload-Manager (HKLM\...\GMX Upload-Manager) (Version: 2.0.670 - 1&1 Mail & Media GmbH)
Google Calendar Sync (HKLM\...\Google Calendar Sync) (Version:  - )
Google Chrome (HKLM\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Drive (HKLM\...\{D9F75285-4864-461D-83DA-8D056BAC44D1}) (Version: 1.16.6866.4367 - Google, Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
Integrity Tool (HKLM\...\{4F8697F4-3D30-4BD0-8F26-455C01F4EE8B}) (Version: 1.8.0 - OpenLimit SignCubes AG)
iTunes (HKLM\...\{0718A90E-93AA-49AF-A4FE-0165ACD91DF0}) (Version: 11.2.2.3 - Apple Inc.)
Java 7 Update 60 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)
Java Auto Updater (Version: 2.1.60.19 - Oracle, Inc.) Hidden
JMB36X Raid Configurer (HKLM\...\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}) (Version: 1.00.0000 - JMICRON Technology Corp.)
Joe (HKLM\...\{0AD3DEBC-5321-457E-8B43-8F546940169B}) (Version: 4.00.0050 - Wirth IT Design)
KeePass Password Safe 2.24 (HKLM\...\KeePassPasswordSafe2_is1) (Version: 2.24 - Dominik Reichl)
Lexmark 9300 Series (HKLM\...\Lexmark 9300 Series) (Version:  - Lexmark International, Inc.)
Logitech SetPoint 6.32 (HKLM\...\sp6) (Version: 6.32.20 - Logitech)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (German) (HKLM\...\{95120000-00AF-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Core Components (x86) ENU  (HKLM\...\{FF63121D-91C6-42CC-B341-F1AA729728E7}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Provider Services (x86) ENU  (HKLM\...\{D3A80508-CD83-4CA3-8671-914A1BC78B61}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Sync Framework Runtime v1.0 (x86) (HKLM\...\{A8BD5A60-E843-46DC-8271-ABF20756BE0F}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services v1.0 (x86) (HKLM\...\{03CAB33F-D1C2-48C6-8766-DAE84DFC25FE}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Windows Media Video 9 VCM (HKLM\...\WMV9_VCM) (Version:  - )
Microsoft Works (HKLM\...\{39D0E034-1042-4905-BECB-5502909FCB7C}) (Version: 9.7.0621 - Microsoft Corporation)
Motorola SM56 Data Fax Modem (HKLM\...\SMSERIAL) (Version:  - )
Mozilla Firefox 30.0 (x86 de) (HKLM\...\Mozilla Firefox 30.0 (x86 de)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
Mp3tag v2.49a (HKLM\...\Mp3tag) (Version: v2.49a - Florian Heidenreich)
MSVC80_x86 (Version: 1.0.1.0 - Nokia) Hidden
MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nokia Connectivity Cable Driver (HKLM\...\{2D99A593-C841-43A7-B7C9-D6F3AE70B756}) (Version: 7.1.45.0 - Nokia)
Nokia PC Suite (HKLM\...\Nokia PC Suite) (Version: 7.1.62.1 - Nokia)
Nokia PC Suite (Version: 7.1.62.1 - Nokia) Hidden
OpenOffice.org 3.2 (HKLM\...\{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}) (Version: 3.2.9502 - OpenOffice.org)
OSDInstall (HKLM\...\{EB863CFD-6889-47B0-9D79-492DE0D07EE7}) (Version: 1.0.0 - C&E)
PC Connectivity Solution (HKLM\...\{C373F7C4-05D2-4047-96D1-6AF30661C6AA}) (Version: 11.4.19.0 - Nokia)
PDF24 Creator 5.7.0 (HKLM\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
pdfsam (HKLM\...\pdfsam) (Version: 2.2.1 - )
piasync (HKLM\...\{CB7600E5-E524-11D6-9218-00D0B70768DA}) (Version:  - )
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Polar Precision Performance SW  (HKLM\...\{B116E95E-01B1-420A-AECB-B2B330B9BD97}) (Version: 4.03.040 - )
ProtectDisc Helper Driver (HKLM\...\ProtectDisc Driver) (Version: 9.1.0.0 - )
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Ravensburger tiptoi (HKLM\...\Ravensburger tiptoi) (Version:  - )
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version:  - )
RKS Fax (HKLM\...\RKSFaxVersion1_is1) (Version: 4.0 - RKS Software)
s25atonce 3.6.9 (HKLM\...\s25atonce_is1) (Version: 3.6.9 - Shaw Computerhard- & Software)
SDI011 dual interface reader (HKLM\...\{D0ED9100-DFFB-482C-8DB6-C626264757BD}) (Version: 1.01 - SCM Microsystems)
Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden
SES Driver (HKLM\...\{0673654C-5296-453B-9798-B61CD7E03FEB}) (Version: 1.0.0 - Western Digital)
Sicherheitsupdate für Windows Media Player (KB2845142) (HKLM\...\KB2845142_WM64) (Version:  - Microsoft Corporation)
Silicon Laboratories CP210x USB to UART Bridge (Driver Removal) (HKLM\...\SLABCOMM&10C4&EA60) (Version:  - Silicon Laboratories)
Skins (Version: 2007.1205.1451.26462 - ATI) Hidden
Skype™ 6.16 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
SpO2 V1.2 (HKLM\...\SpO2_is1) (Version:  - )
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
SyncToy 2.1 (x86) (HKLM\...\{A066194B-DC8F-449A-8E0F-B57BDD3A2072}) (Version: 2.1.0 - Microsoft)
Toggolino - Leseabenteuer (HKLM\...\Leseabenteuer_is1) (Version:  - Toggolino)
TwInbox (remove only) (HKLM\...\TwInbox) (Version:  - TechHit)
TwonkyMedia (HKLM\...\TwonkyMediaTwonkyMedia) (Version: 6.0.1.0 - PacketVideo)
TwonkyMedia (HKLM\...\TwonkyvisionUPnPTwonkyMedia) (Version: 4.4.9.0 - Twonkyvison)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
WebCam (HKLM\...\{4A57592C-FF92-4083-97A9-92783BD5AFB4}) (Version:  - )
Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows-Treiberpaket - Nokia Modem  (02/25/2011 4.7) (HKLM\...\E0AC723A3DE3A04256288CADBBB011B112AED454) (Version: 02/25/2011 4.7 - Nokia)
Windows-Treiberpaket - Nokia Modem  (02/25/2011 7.01.0.9) (HKLM\...\72A50F48CC5601190B9C4E74D81161693133E7F7) (Version: 02/25/2011 7.01.0.9 - Nokia)
Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0) (HKLM\...\504244733D18C8F63FF584AEB290E3904E791693) (Version: 08/22/2008 7.0.0.0 - Nokia)
Zattoo4 4.0.5 (HKLM\...\Zattoo4) (Version: 4.0.5 - Zattoo Inc.)

==================== Restore Points  =========================

29-06-2014 11:00:10 Geplanter Prüfpunkt
01-07-2014 05:59:56 Windows Update
01-07-2014 22:02:23 Geplanter Prüfpunkt
03-07-2014 10:51:35 Geplanter Prüfpunkt

==================== Hosts content: ==========================

2006-11-02 12:23 - 2006-09-18 23:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost
::1            localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {2C2837F4-5359-485C-9B60-D48E37CBBB92} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2449479715-2319816545-2623231108-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {388B3BD0-044D-4390-BC7B-E2D660283F11} - System32\Tasks\{A256EE43-4E5B-486D-A288-015709509E40} => Chrome.exe hxxp://ui.skype.com/ui/0/6.1.0.129.272/de/abandoninstall?page=tsProgressBar
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-18] (Microsoft Corporation)
Task: {47C8D96B-EBB6-4AFA-84C2-7AEF1CE466D9} - \Microsoft\Windows Defender\MP Scheduled Scan No Task File <==== ATTENTION
Task: {4E7C9E7D-701D-4867-9C97-B2013CD6A77A} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2449479715-2319816545-2623231108-1003 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {5E768F60-700F-4077-9F30-E173E2577799} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {60ECE3F6-5C65-4C4C-B10F-8B4DDF4D51F4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-06] (Google Inc.)
Task: {6B71EFC4-11EF-4A44-8FDC-69C439E36A11} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-06-24] (Piriform Ltd)
Task: {717EB07D-A30C-4F81-8E3B-B3E117587BC6} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2449479715-2319816545-2623231108-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {81E183A5-7D10-47E7-97F2-833953A79654} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-05-04] (AVAST Software)
Task: {84120A11-1C77-470A-A045-97C972A2B439} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-06] (Google Inc.)
Task: {94232D91-0CB2-40B3-B7E5-10CACF9F3A89} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => c:\program files\windows defender\MpCmdRun.exe [2008-01-18] (Microsoft Corporation)
Task: {9A8EFB6F-47B4-4EBC-88A3-EE3C4C14A37C} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2449479715-2319816545-2623231108-1003 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {CF1462CC-D32A-43B4-887D-97596B8CB339} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {D87763E7-7926-4B8C-954F-0D6A11B9E3B1} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-06-22] (Adobe Systems Incorporated)
Task: {D8F9ACED-0D99-4A26-9C51-C3FF9C98369D} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-05] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\User_Feed_Synchronization-{98615E68-E061-4150-859F-1819AC633BEB}.job => C:\Windows\system32\msfeedssync.exe

==================== Loaded Modules (whitelisted) =============

2014-07-03 13:53 - 2014-07-03 13:53 - 02789888 _____ () C:\Program Files\AVAST Software\Avast\defs\14070300\algo.dll
2009-12-11 09:41 - 2002-01-11 15:59 - 00094274 _____ () C:\Windows\System32\HPBHealr.dll
2009-12-11 09:41 - 2001-10-28 18:43 - 00116736 _____ () C:\Windows\System32\redmonnt.dll
2008-05-22 20:23 - 2007-08-09 00:19 - 00027648 _____ () C:\Windows\System32\rksfaxpm.dll
2008-05-21 16:04 - 2006-11-13 03:34 - 00118784 _____ () C:\Windows\system32\spool\PRTPROCS\W32X86\lxcqdrpp.dll
2008-05-07 18:32 - 2007-12-04 22:56 - 00159744 _____ () C:\Windows\system32\atitmmxx.dll
2008-05-07 18:34 - 2006-11-22 18:31 - 00065536 _____ () C:\Program Files\Motorola\SMSERIAL\sm56fra.dll
2008-05-07 18:34 - 2006-11-22 18:31 - 00065536 _____ () C:\Program Files\Motorola\SMSERIAL\sm56brz.dll
2008-05-07 18:34 - 2006-11-22 18:31 - 00053248 _____ () C:\Program Files\Motorola\SMSERIAL\sm56chs.dll
2008-05-07 18:34 - 2006-11-22 18:31 - 00053248 _____ () C:\Program Files\Motorola\SMSERIAL\sm56cht.dll
2008-05-07 18:34 - 2006-11-22 18:31 - 00065536 _____ () C:\Program Files\Motorola\SMSERIAL\sm56ger.dll
2008-05-07 18:34 - 2006-11-22 18:31 - 00065536 _____ () C:\Program Files\Motorola\SMSERIAL\sm56ita.dll
2008-05-07 18:34 - 2006-11-22 18:31 - 00057344 _____ () C:\Program Files\Motorola\SMSERIAL\sm56jpn.dll
2008-05-07 18:34 - 2006-11-22 18:31 - 00065536 _____ () C:\Program Files\Motorola\SMSERIAL\sm56esp.dll
2008-05-07 18:34 - 2006-11-22 18:31 - 00053248 _____ () C:\Program Files\Motorola\SMSERIAL\sm56kor.dll
2008-05-07 18:34 - 2006-11-22 18:31 - 00065536 _____ () C:\Program Files\Motorola\SMSERIAL\sm56dnk.dll
2008-05-21 16:02 - 2006-05-25 15:20 - 00241664 _____ () C:\Program Files\Lexmark 9300 Series\iptk.dll
2011-10-07 11:41 - 2011-10-07 11:41 - 00879896 _____ () C:\Program Files\Logitech\SetPointP\Macros\MacroCore.dll
2014-04-23 16:05 - 2014-04-23 16:05 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-04-23 16:04 - 2014-04-23 16:04 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2008-05-22 20:23 - 2008-06-02 14:43 - 03915784 _____ () C:\Program Files\RKS Fax\rksfax_control.exe
2008-05-21 16:02 - 2007-01-11 13:57 - 00291760 _____ () C:\Program Files\Lexmark 9300 Series\lxcqmon.exe
2008-05-21 16:02 - 2006-10-23 13:51 - 00278528 _____ () C:\Program Files\Lexmark 9300 Series\lxcqscw.dll
2008-05-21 16:02 - 2006-06-09 01:39 - 00143360 _____ () C:\Program Files\Lexmark 9300 Series\lxcqdrec.dll
2013-11-24 11:09 - 2013-11-24 11:09 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2006-10-23 13:54 - 2006-10-23 13:54 - 00692224 _____ () C:\Windows\system32\lxcqdrs.dll
2006-09-29 06:28 - 2006-09-29 06:28 - 00065536 _____ () C:\Windows\system32\lxcqcaps.dll
2006-05-09 09:10 - 2006-05-09 09:10 - 00061440 _____ () C:\Windows\system32\lxcqcnv4.dll
2008-05-28 16:47 - 2004-09-08 13:45 - 00368128 _____ () C:\Program Files\Filzip\fzshext.dll
2014-06-21 15:27 - 2014-06-05 15:58 - 04217672 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.153\pdf.dll
2014-06-21 15:27 - 2014-06-05 15:58 - 00414536 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll
2014-06-21 15:27 - 2014-06-05 15:58 - 01732424 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.153\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:8FF81EB0

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TwonkyMedia Tray Control.lnk => C:\Windows\pss\TwonkyMedia Tray Control.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Rainer^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Produktregistrierung.lnk => C:\Windows\pss\Logitech . Produktregistrierung.lnk.Startup
MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files\BlueStacks\HD-Agent.exe
MSCONFIG\startupreg: CLMLServer =>
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: KeePass 2 PreLoad => "C:\Program Files\KeePass Password Safe 2\KeePass.exe" --preload
MSCONFIG\startupreg: lxcqmon.exe => "C:\Program Files\Lexmark 9300 Series\lxcqmon.exe"
MSCONFIG\startupreg: P2Go_Menu => "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
MSCONFIG\startupreg: PDFPrint => C:\Program Files\PDF24\pdf24.exe
MSCONFIG\startupreg: PDVD8LanguageShortcut =>
MSCONFIG\startupreg: RemoteControl8 =>
MSCONFIG\startupreg: RtHDVCpl => RtHDVCpl.exe
MSCONFIG\startupreg: swg => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
MSCONFIG\startupreg: TkBellExe => "C:\Program Files\Real\RealPlayer\Update\realsched.exe" -osboot
MSCONFIG\startupreg: UpdatePDRShortCut => "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
MSCONFIG\startupreg: UpdatePPShortCut => "C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerProducer" update "Software\CyberLink\PowerProducer\5.0"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============
Error: (07/03/2014 03:17:53 PM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{2E4D4F64-FD95-4731-AC09-CA93409E62-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (07/03/2014 03:14:53 PM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{2E4D4F64-FD95-4731-AC09-CA93409E62-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (07/03/2014 02:44:50 PM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{2E4D4F64-FD95-4731-AC09-CA93409E62-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2013-02-13 14:38:54.319
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\msiltcfg.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-02-06 21:15:42.879
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\msiltcfg.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-02-06 19:21:01.799
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\msiltcfg.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-02-06 16:59:30.695
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\msiltcfg.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-02-06 12:01:59.542
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\msiltcfg.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-02-06 11:50:28.140
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\msiltcfg.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-02-06 09:16:37.029
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\msiltcfg.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-01-31 13:07:52.939
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\msiltcfg.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-01-31 12:40:13.617
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\msiltcfg.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-01-31 12:32:14.104
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\msiltcfg.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info ===========================

Percentage of memory in use: 46%
Total physical RAM: 3069.7 MB
Available physical RAM: 1656.33 MB
Total Pagefile: 6344.37 MB
Available Pagefile: 4910.22 MB
Total Virtual: 2047.88 MB
Available Virtual: 1908.25 MB

==================== Drives ================================

Drive c: (SYSTEM) (Fixed) (Total:286.37 GB) (Free:27.9 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (AMILO) (Fixed) (Total:298.09 GB) (Free:0.51 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298 GB) (Disk ID: 2C3BC57C)
Partition 1: (Not Active) - (Size=12 GB) - (Type=27)
Partition 2: (Active) - (Size=286 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 298 GB) (Disk ID: 71517F5D)
Partition 1: (Active) - (Size=298 GB) - (Type=07 NTFS)

==================== End Of Log ============================

cosinus 03.07.2014 14:33
Zitat:
FF NetworkProxy: "ftp", "178.33.105.59"
FF NetworkProxy: "ftp_port", 3128
FF NetworkProxy: "http", "178.33.105.59"
FF NetworkProxy: "http_port", 3128
Was haste da eigentlich für nen Proxy drin? :wtf:

Ottifant 03.07.2014 14:46
Ich habe eine LAN-Internetverbindung über Arcor/Vodafone.
Die folgenden Daten habe ich bei Details der Verbindung gefunden. Ist es das, was Du wissen wolltest?

Code:
Verbindungsspezifisches DNS-Suffix:
Beschreibung: Realtek RTL8168B/8111B Family PCI-E Gigabit Ethernet NIC (NDIS 6.0)
Physikalische Adresse: 00-03-0D-82-D3-6D
DHCP-aktiviert: Ja
IPv4 IP-Adresse: 192.168.2.100
IPv4 Subnetzmaske: 255.255.255.0
Lease erhalten: Donnerstag, 3. Juli 2014 14:08:38
Lease läuft ab: Sonntag, 9. August 2150 22:11:56
IPv4 Standardgateway: 192.168.2.1
IPv4 DHCP-Server: 192.168.2.1
IPv4 DNS-Server: 192.168.2.1
IPv4 WINS-Server:
NetBIOS über TCPIP aktiviert: Ja
Verbindungslokale IPv6-Adresse: fe80::f18b:bebb:a906:a957%8
IPv6 Standardgateway:
IPv6 DNS-Server:

cosinus 03.07.2014 14:53
Das hat mit deinem Provider doch nichts zu tun.
Den Proxy-Server kannst du im System oder in jedem Programm zB dem Webbrowser eintragen. Dann wird der Datenverkehr (traffic) über den Server mit der Proxy-IP-Adresse abgewickelt.

Kennst du den Proxy mit der IP 178.33.105.59 ? Dahinter versteckt sich OVH Systems aus Frankreich => 178.33.105.59 - IP-Adresse - utrace - IP-Adressen und Domainnamen lokalisieren

Ottifant 03.07.2014 15:11
Sorry - ich bin etwas unerfahren in solchen Themen. Ich habe noch nie einen Proxy Server manuell eingetragen und kenne die genannte IP Adresse nicht. Ich habe meine Internet Verbindung ganz normal standardmäßig, wo alles automatisch vergeben wird.
Aktuell gehe ich über Chrome ins Internet. In Chrome habe ich nur die Einstellung gefunden, dass die Internetverbindung des Computers genutzt wird.

Ich habe im Log File gesehen, daß die von Dir genannte IP Adresse unter Firefox steht. In Firefox habe ich im relevanten Fenster gesehen, dass dort die genannte französische IP Adresse in den Feldern vorhanden sind, aber "kein Proxy" als relevant angekreuzt ist.

Keine Ahnung, woher die Daten kommen. Mehr weiß ich dazu nicht, reicht das?

cosinus 03.07.2014 15:15
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ProxyServer: :0
FF NetworkProxy: "ftp", "178.33.105.59"
FF NetworkProxy: "ftp_port", 3128
FF NetworkProxy: "http", "178.33.105.59"
FF NetworkProxy: "http_port", 3128
FF NetworkProxy: "no_proxies_on", "localhost, 127.0.0.1, stealthy.co"
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "178.33.105.59"
FF NetworkProxy: "socks_port", 3128
FF NetworkProxy: "ssl", "178.33.105.59"
FF NetworkProxy: "ssl_port", 3128
FF NetworkProxy: "type", 0
C:\Users\Rainer\SyncToy_8afbcb92-e375-4102-a4c8-cde9f61430a5.dat

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.


Ottifant 03.07.2014 15:31
Anbei das Ergebnis:

Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:01-07-2014
Ran by Rainer at 2014-07-03 16:30:33 Run:1
Running from C:\Users\Rainer\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
ProxyServer: :0
FF NetworkProxy: "ftp", "178.33.105.59"
FF NetworkProxy: "ftp_port", 3128
FF NetworkProxy: "http", "178.33.105.59"
FF NetworkProxy: "http_port", 3128
FF NetworkProxy: "no_proxies_on", "localhost, 127.0.0.1, stealthy.co"
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "178.33.105.59"
FF NetworkProxy: "socks_port", 3128
FF NetworkProxy: "ssl", "178.33.105.59"
FF NetworkProxy: "ssl_port", 3128
FF NetworkProxy: "type", 0
C:\Users\Rainer\SyncToy_8afbcb92-e375-4102-a4c8-cde9f61430a5.dat
*****************

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
C:\Users\Rainer\SyncToy_8afbcb92-e375-4102-a4c8-cde9f61430a5.dat => Moved successfully.

==== End of Fixlog ====


Alle Zeitangaben in WEZ +1. Es ist jetzt 07:22 Uhr.
Seite 1 von 3 1 23
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132