Trojaner-Board - Zero.access.c ist auf meinem System, Vista SP1, und, nach Bereinigung, angeblich verschwunden?

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - Zero.access.c ist auf meinem System, Vista SP1, und, nach Bereinigung, angeblich verschwunden? (https://www.trojaner-board.de/146179-zero-access-c-meinem-system-vista-sp1-bereinigung-angeblich-verschwunden.html)

Mit der Scheibe geht das nit. Haste ne vollwertige DVD?

Moin, moin,

nee, diese war beim Rechner dabei. Aber ich könnte eine andere besorgen.

Meinst Du, daß es mit einer "fremden" DVD legal geht?

Danke und viele Grüße

Jörg

P. S. Was ich besorgen kann, ist eine DVD mit SP2. Kann ich die auf meinem System verwenden?

Versuch es, geht aber nicht glaube ich. Wenn Du SP2 manuell zuvor installierst?

Hallo Schrauber,

das mit der manuellen Installation habe ich versucht. Leider ist mein Rechner der Meinung, daß dies nicht ohne SP1 geht. Aber SP1 ist installiert. Der Versuch der manuellen Installation von SP1 wird mit der Meldung abgebrochen, daß SP1 bereits installiert ist.
Bist Du der Meinung, daß mein Computer frei von Befall ist?
Hast Du noch einen anderen Vorschlag?

Wenn dies so sein sollte, würde ich ihn noch ein wenig nutzen und ihn dann kpl. neu aufsetzen :-(

... auf jeden Fall kommt eine Spende.

Vielen Dank für Deine Hilfe und ein paar stressfreie Tage.

Jörg

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ZeroAccess:

C:\Users\Joerg\AppData\Local\Google\Desktop\Install

ZeroAccess:

C:\Program Files\Google\Desktop\Install

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Bitte nochmal ein frisches FRST log.

Guten Tag Schrauber,

hier nochmal ein FRST

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-12-2013

Ran by Joerg (administrator) on DESKTOP on 24-12-2013 14:59:39

Running from C:\Users\Joerg\Desktop

Microsoft® Windows Vista™ Home Premium  Service Pack 1 (X86) OS Language: German Standard

Internet Explorer Version 7

Boot Mode: Normal
 

==================== Processes (Whitelisted) ===================
 

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(B.H.A Corporation) C:\Windows\System32\bgsvcgen.exe

(REINER SCT) C:\Windows\System32\cjpcsc.exe

(devolo AG) C:\Program Files\devolo\dlan\devolonetsvc.exe

(Microsoft Corporation) C:\Windows\ehome\ehrecvr.exe

(Microsoft Corporation) C:\Windows\ehome\ehsched.exe

(IObit) C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe

(BUFFALO INC.) C:\Program Files\BUFFALO\NASNAVI\nassvc.exe

(TuneUp Software) C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe

(X10) C:\Program Files\Common Files\X10\Common\X10nets.exe

(TuneUp Software) C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe

(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [11430504 2011-10-17] (Realtek Semiconductor)

HKLM\...\Run: [AppleSyncNotifier] - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-10-06] (Apple Inc.)

HKLM\...\Run: [NUSB3MON] - C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [115048 2011-09-16] (Renesas Electronics Corporation)

HKLM\...\Run: [RUSB3MON] - C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe [115048 2011-09-20] (Renesas Electronics Corporation)

HKLM\...\Run: [Kernel and Hardware Abstraction Layer] - KHALMNPR.EXE                                                                                                                                                                                                                                                             

HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)

HKLM\...\Policies\Explorer: [ShowDriveLettersFirst] 4

HKCU\...\Run: [SyncService] - C:\Program Files\SYNCING.NET\bin\SyncService.exe [1730144 2013-08-20] (ASBYTE)

HKCU\...\Policies\system: [LogonHoursAction] 2

HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 1

HKCU\...\Policies\Explorer: [TaskbarNoNotification] 1

HKCU\...\Policies\Explorer: [CDRAutoRun] 0

HKU\Carmen\...\Run: [ehTray.exe] - C:\Windows\ehome\ehtray.exe [ 2008-01-18] (Microsoft Corporation)

HKU\Carmen\...\Run: [SyncService] - I:\Program Files\SYNCING.NET\SYNCING.NET\bin\SyncService.exe [ 2009-07-20] (SYNCING.NET Technologies GmbH)

HKU\Carmen\...\Run: [Updater] - C:\ProgramData\Updater\updater.exe

HKU\Carmen\...\Policies\system: [LogonHoursAction] 2

HKU\Carmen\...\Policies\system: [DontDisplayLogonHoursWarnings] 1

HKU\Catherine-Sophie\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter

HKU\Catherine-Sophie\...\Run: [SyncService] - "C:\Program Files\SYNCING.NET Technologies\SYNCING.NET\bin\SyncService.exe" /silent

HKU\Catherine-Sophie\...\Run: [AusweisApp] - I:\Program Files\AusweisApp\siqBootLoader.exe                                                                                                                                                                                                                            

HKU\Catherine-Sophie\...\Run: [ANT Agent] - C:\Program Files\Garmin\ANT Agent\ANT Agent.exe [ 2013-02-15] (GARMIN Corp.)

HKU\Catherine-Sophie\...\Run: [dualmonitor] - C:\Program Files\Dual Monitor\DualMonitor.exe                                                                                                                                                                                                                            

HKU\Catherine-Sophie\...\Run: [ehTray.exe] - C:\Windows\ehome\ehtray.exe [ 2008-01-18] (Microsoft Corporation)

HKU\Catherine-Sophie\...\Policies\system: [LogonHoursAction] 2

HKU\Catherine-Sophie\...\Policies\system: [DontDisplayLogonHoursWarnings] 1

HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter

HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter

HKU\DEG\...\Run: [SyncService] - "C:\Program Files\SYNCING.NET Technologies\SYNCING.NET\bin\SyncService.exe" /silent

HKU\DEG\...\Run: [dualmonitor] - C:\Program Files\Dual Monitor\DualMonitor.exe                                                                                                                                                                                                                            

HKU\DEG\...\Run: [ehTray.exe] - C:\Windows\ehome\ehtray.exe [ 2008-01-18] (Microsoft Corporation)

HKU\DEG\...\Policies\system: [LogonHoursAction] 2

HKU\DEG\...\Policies\system: [DontDisplayLogonHoursWarnings] 1

HKU\Dominik\...\Run: [ehTray.exe] - C:\Windows\ehome\ehtray.exe [ 2008-01-18] (Microsoft Corporation)

HKU\Dominik\...\Run: [SyncService] - I:\Program Files\SYNCING.NET\SYNCING.NET\bin\SyncService.exe [ 2009-07-20] (SYNCING.NET Technologies GmbH)

HKU\Dominik\...\Run: [LightScribe Control Panel] - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden                                                                                                                                                                                            

HKU\Dominik\...\Run: [ANT Agent] - C:\Program Files\Garmin\ANT Agent\ANT Agent.exe [ 2013-02-15] (GARMIN Corp.)

HKU\Dominik\...\Run: [dualmonitor] - C:\Program Files\Dual Monitor\DualMonitor.exe                                                                                                                                                                                                                            

HKU\Dominik\...\RunOnce: [Shockwave Updater] - C:\Windows\system32\Adobe\Shockwave 11\SwHelper_1150600.exe -Update -1150600 -"Mozilla/5.0_(Windows;_U;_Windows_NT_6.0;_de;_rv:1.9.1.2)_Gecko/20090729_Firefox/3.5.2_(.NET_CLR_3.5.30729)" -"hxxp://www.nordsee-club24.de/blog/urlaub/kinder-und-jugendreisen/campus-nordsee-gaestehaus.html"

HKU\Dominik\...\Policies\system: [LogonHoursAction] 2

HKU\Dominik\...\Policies\system: [DontDisplayLogonHoursWarnings] 1

HKU\Gast\...\Run: [BullGuard] - "C:\Program Files\BullGuard Software\BullGuard\BullGuard.exe"

HKU\Gast\...\Run: [ehTray.exe] - C:\Windows\ehome\ehtray.exe [ 2008-01-18] (Microsoft Corporation)

HKU\Gast\...\Run: [SyncService] - I:\Program Files\SYNCING.NET\SYNCING.NET\bin\SyncService.exe [ 2009-07-20] (SYNCING.NET Technologies GmbH)

HKU\Gast\...\Run: [AusweisApp] - I:\Program Files\AusweisApp\siqBootLoader.exe                                                                                                                                                                                                                            

HKU\Gast\...\Run: [ANT Agent] - C:\Program Files\Garmin\ANT Agent\ANT Agent.exe [ 2013-02-15] (GARMIN Corp.)

HKU\Gast\...\Run: [dualmonitor] - C:\Program Files\Dual Monitor\DualMonitor.exe                                                                                                                                                                                                                            

HKU\Gast\...\RunOnce: [Shockwave Updater] - C:\Windows\system32\Adobe\Shockwave 11\SwHelper_1150600.exe -Update -1150600 -"Mozilla/5.0_(Windows;_U;_Windows_NT_6.0;_de;_rv:1.9.1.2)_Gecko/20090729_Firefox/3.5.2_(.NET_CLR_3.5.30729)" -"hxxp://www.nordsee-club24.de/blog/urlaub/kinder-und-jugendreisen/campus-nordsee-gaestehaus.html"

HKU\Gast\...\Policies\system: [LogonHoursAction] 2

HKU\Gast\...\Policies\system: [DontDisplayLogonHoursWarnings] 1

HKU\UpdatusUser\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter

HKU\UpdatusUser\...\Run: [SyncService] - "C:\Program Files\SYNCING.NET Technologies\SYNCING.NET\bin\SyncService.exe" /silent

HKU\UpdatusUser\...\Run: [AusweisApp] - I:\Program Files\AusweisApp\siqBootLoader.exe                                                                                                                                                                                                                            

HKU\UpdatusUser\...\Run: [ANT Agent] - C:\Program Files\Garmin\ANT Agent\ANT Agent.exe [ 2013-02-15] (GARMIN Corp.)

HKU\UpdatusUser\...\Run: [dualmonitor] - C:\Program Files\Dual Monitor\DualMonitor.exe                                                                                                                                                                                                                            

HKU\UpdatusUser\...\Run: [ehTray.exe] - C:\Windows\ehome\ehtray.exe [ 2008-01-18] (Microsoft Corporation)

HKU\UpdatusUser\...\Policies\system: [LogonHoursAction] 2

HKU\UpdatusUser\...\Policies\system: [DontDisplayLogonHoursWarnings] 1

Lsa: [Authentication Packages] msv1_0 relog_ap

Startup: C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk

ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
 

==================== Internet (Whitelisted) ====================
 

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/

HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie

SearchScopes: HKLM - DefaultScope value is missing.

BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} -  No File

BHO: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll (IObit)

BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

BHO: AusweisApp 1.8.0.0 - {C9EE92B7-EDD5-4ad9-8029-2EC6818E653A} - C:\Program Files\AusweisApp\siqeCardClient.ols (OpenLimit SignCubes AG)

BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

Toolbar: HKLM - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} -  No File

Toolbar: HKCU - No Name - {968631B6-4729-440D-9BF4-251F5593EC9A} -  No File

Toolbar: HKCU - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)

Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

ShellExecuteHooks: CExecuteHook Object - {7B0E5486-E11D-437f-AC8B-7901C7D3FCCB} - C:\Program Files\SYNCING.NET\bin\ShellUI.dll [1198176 2013-08-20] (ASBYTE)

Winsock: Catalog5 01 %SystemRoot%\System32\mswsock.dll [223232] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)

Tcpip\..\Interfaces\{5D24B219-8B75-42F7-B0E3-E3BA710ACB43}: [NameServer]192.168.0.1
 

FireFox:

========

FF ProfilePath: C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887

FF Homepage: hxxp://www.ighome.com/?t=336956

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()

FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.)

FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin: @canon.com/MycameraPlugin - C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)

FF Plugin: @garmin.com/GpsControl - C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)

FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin: @google.com/npPicasa3,version=3.0.0 - I:\Program Files\Picasa3\npPicasa3.dll (Google, Inc.)

FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF Plugin: @photodex.com/PhotodexPresenter - C:\Program Files\Photodex Presenter\npPxPlay.dll ( )

FF Plugin: @reiner-sct.com/OWOK,version=2.0.0.4 - C:\Program Files\REINER SCT\OWOK\NPAPI-20\nprsct_owok_npapi-2004.dll (REINER Kartengeräte GmbH und Co. KG.)

FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @videolan.org/vlc,version=2.1.0 - C:\Program Files\Multimedia\VLC\npvlc.dll (VideoLAN)

FF Plugin: Adobe Acrobat - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)

FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin: yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 - C:\Program Files\Yahoo!\Common\npyaxmpb.dll No File

FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Joerg\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Joerg\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101714.dll (Amazon.com, Inc.)

FF Extension: Разпознаване на устройство Logitech - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\DeviceDetection@logitech.com

FF Extension: FRITZ!Box AddOn - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\fb_add_on@avm.de

FF Extension: Foxdie - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\Foxdie@tanjihay.com

FF Extension: Foxdie (Graphite) - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\FoxdieGraphite@tanjihay.com

FF Extension: Geolocater - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\geolocater@3liz.com

FF Extension: KeeFox - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\keefox@chris.tomlinson

FF Extension: Youtube MP3 Podcaster - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\youtubemp3podcaster@jeremy.d.gregorio.com

FF Extension: Forecastfox - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}

FF Extension: Garmin Communicator - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}

FF Extension: EPUBReader - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}

FF Extension: Universal Print - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\{BE2100B3-1D80-48eb-ACCF-D26750644378}

FF Extension: Bitdefender QuickScan - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360}

FF Extension: Adblock Plus Pop-up Addon - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\adblockpopups@jessehakanen.net.xpi

FF Extension: NASA Night Launch - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\nasanightlaunch@example.com.xpi

FF Extension: 1-Click YouTube Video Downloader - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\YoutubeDownloader@PeterOlayev.com.xpi

FF Extension: TweakTube - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\{15e67a59-bd3d-49ae-90dd-b3d3fd14c2ed}.xpi

FF Extension: Integrated Inbox for Gmail &amp; Google Apps - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\{28197867-b1ef-4140-8e3b-55c45b9c8460}.xpi

FF Extension: X-notifier - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\{37fa1426-b82d-11db-8314-0800200c9a66}.xpi

FF Extension: AddonFox - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\{ad48108d-92a6-4eb9-87e4-978aca1dbae4}.xpi

FF Extension: Adblock Plus - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

FF Extension: DownThemAll! - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi

FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

FF HKLM\...\Firefox\Extensions: [{4F3D26C8-9907-48ff-BC74-B8C572D317BF}] - C:\Program Files\AusweisApp\mozilla\eCardClientExt_FFxx_Win

FF Extension: AusweisApp - C:\Program Files\AusweisApp\mozilla\eCardClientExt_FFxx_Win

FF HKLM\...\Firefox\Extensions: [{4F0963A3-1658-4fde-9585-23A25CC288BF}] - C:\Program Files\AusweisApp\mozilla\eCardClientPIn_FFxx_Win

FF Extension: AusweisApp - C:\Program Files\AusweisApp\mozilla\eCardClientPIn_FFxx_Win

FF HKCU\...\Firefox\Extensions: [{a3490cb9-8f1a-4bc5-b1a7-6c2bc4b83424}] - C:\Program Files\Show-Password\136.xpi

FF StartMenuInternet: FIREFOX.EXE - C:\Program Files\Online\Mozilla Firefox\firefox.exe
 

Chrome: 

=======

CHR DefaultSearchURL: hxxp://www.google.com/search?q={searchTerms}&ie=utf-8&oe=utf-8&aq=t

CHR DefaultNewTabURL: 

CHR Plugin: (Photodex Presenter Plugin) - C:\Program Files\Photodex Presenter\npPxPlay.dll ( )

CHR Extension: (Amazon-Icon) - C:\Users\Joerg\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkcedibhemacmilmkpndpkoidlnmgngg\1.0_0

CHR Extension: (DVDVideoSoft Browser Extension) - C:\Users\Joerg\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_1

CHR Extension: (Google Wallet) - C:\Users\Joerg\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0

CHR HKLM\...\Chrome\Extension: [logekkkdbdidmmcgkonmmonclldogceg] - C:\Program Files\Show-Password\136.crx

CHR HKLM\...\Chrome\Extension: [mkcedibhemacmilmkpndpkoidlnmgngg] - C:\Users\Joerg\ChromeExtensions\mkcedibhemacmilmkpndpkoidlnmgngg\amazon.crx

CHR StartMenuInternet: Google Chrome - C:\Users\Joerg\AppData\Local\Google\Chrome\Application\chrome.exe

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 

========================== Services (Whitelisted) =================
 

S4 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [427288 2007-08-31] (Acronis)

R2 bgsvcgen; C:\Windows\System32\bgsvcgen.exe [145504 2007-06-15] (B.H.A Corporation)

S4 BotkindSyncService; I:\Program Files\Allway Sync\Bin\SyncService.exe [182784 2013-12-12] ()

R2 cjpcsc; C:\Windows\system32\cjpcsc.exe [514128 2012-03-19] (REINER SCT)

S4 CVPND; N:\Program Files\DEG\Cisco Systems\VPN Client\cvpnd.exe [1528616 2010-09-27] (Cisco Systems, Inc.)

R2 DevoloNetworkService; C:\Program Files\devolo\dlan\devolonetsvc.exe [3526136 2013-08-27] (devolo AG)

S4 gupdate1c98625899d211c; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2009-02-03] (Google Inc.)

S3 LBTServ; C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe [121360 2009-07-20] (Logitech, Inc.)

R2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2151744 2013-11-26] (IObit)

R2 NasPmService; C:\Program Files\BUFFALO\NASNAVI\nassvc.exe [251184 2008-07-11] (BUFFALO INC.)

S4 Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero\Nero8\Nero BackItUp\NBService.exe [853288 2007-09-20] (Nero AG)

S4 PMBDeviceInfoProvider; N:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [479840 2012-11-27] (Sony Corporation)

S4 RemoteAccess; C:\Windows\system32\svchost.exe [21504 2008-01-18] (Microsoft Corporation)

S4 Rohos Disk; C:\Program Files\Rohos\agent.exe [813400 2012-08-24] (Tesline-Service SRL)

S4 SN_Service; C:\Program Files\SYNCING.NET\bin\SN_Service.exe [32768 2013-05-03] (ASBYTE)

S4 StarMoney 8.0 OnlineUpdate; C:\Program Files\StarMoney 8.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe [699680 2012-12-21] (Star Finanz - Software Entwicklung und Vertriebs GmbH)

S4 TryAndDecideService; C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe [498872 2007-08-31] ()

R2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe [1729336 2013-10-11] (TuneUp Software)

S3 TwonkyProxy; C:\Program Files\Twonky\TwonkyServer\twonkyproxy.exe [545608 2012-05-03] ()

S3 TwonkyServer; C:\Program Files\Twonky\TwonkyServer\twonkystarter.exe [541512 2012-05-03] (PacketVideo)

S3 TwonkyWebDav; C:\Program Files\Twonky\TwonkyServer\twonkywebdav.exe [271176 2012-05-03] ()

R2 x10nets; C:\Program Files\Common Files\X10\Common\X10nets.exe [20480 2001-11-12] (X10)
 

==================== Drivers (Whitelisted) ====================
 

R3 3xHybrid; C:\Windows\System32\DRIVERS\3xHybrid.sys [1006816 2009-09-24] (NXP Semiconductors Germany GmbH)

R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [281760 2011-02-26] ()

R1 bizVSerial; C:\Windows\System32\drivers\bizVSerialNT.sys [14949 2007-05-31] (franson.biz)

S3 camvid20; C:\Windows\System32\DRIVERS\camdrv21.sys [253909 2004-05-19] (Philips Components BU Imaging Solutions)

R1 cdrbsdrv; C:\Windows\System32\Drivers\cdrbsdrv.sys [33408 2006-02-20] (B.H.A Corporation)

S3 cjusb; C:\Windows\System32\DRIVERS\cjusb.sys [28144 2011-03-29] (REINER SCT)

S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)

R2 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [308859 2010-09-27] (Cisco Systems, Inc.)

R3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [131984 2008-11-16] (Deterministic Networks, Inc.)

S3 FETNDIS; C:\Windows\System32\DRIVERS\fetnd5.sys [45568 2006-11-02] (VIA Technologies, Inc.              )

S3 FNETTHJM; C:\Windows\System32\drivers\fnetthjm.sys [23936 2010-09-07] (FNet Co., Ltd.)

S3 grmnusb; C:\Windows\System32\drivers\grmnusb.sys [15720 2012-04-18] (GARMIN Corp.)

S3 IntelDH; C:\Windows\System32\Drivers\IntelDH.sys [5632 2007-10-15] (Intel Corporation)

R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25888 2009-11-24] ()

S3 MHIKEY10; C:\Windows\System32\Drivers\MHIKEY10.sys [50560 2008-05-27] (Generic USB smartcard reader)

R3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [554496 2007-09-21] (Ralink Technology Corp.)

R2 NPF_devolo; C:\Windows\system32\drivers\npf_devolo.sys [35840 2013-08-27] (CACE Technologies)

R1 prodrv06; C:\Windows\System32\drivers\prodrv06.sys [77184 2004-03-09] (Protection Technology)

R0 prohlp02; C:\Windows\System32\drivers\prohlp02.sys [65504 2004-03-09] (Protection Technology)

R0 prosync1; C:\Windows\System32\drivers\prosync1.sys [6944 2003-09-06] (Protection Technology)

S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [15576 2013-07-01] ()

S3 pwdspio; C:\Windows\system32\pwdspio.sys [10200 2013-07-01] ()

R2 RHDISK; C:\Program Files\Rohos\RHDISK.SYS [40960 2012-08-23] (Tesline-Service SRL)

R3 rusb3hub; C:\Windows\System32\DRIVERS\rusb3hub.sys [80896 2012-05-10] (Renesas Electronics Corporation)

R3 rusb3xhc; C:\Windows\System32\DRIVERS\rusb3xhc.sys [172032 2012-05-10] (Renesas Electronics Corporation)

R0 sfhlp01; C:\Windows\System32\drivers\sfhlp01.sys [4832 2003-12-01] (Protection Technology)

R0 sfvfs02; C:\Windows\System32\drivers\sfvfs02.sys [83320 2007-02-08] (Protection Technology (StarForce))

S3 silabenm; C:\Windows\System32\DRIVERS\silabenm.sys [47176 2011-01-27] (Silicon Laboratories)

S3 silabser; C:\Windows\System32\DRIVERS\silabser.sys [58496 2011-01-27] (Silicon Laboratories)

S3 SIUSBXP; C:\Windows\System32\drivers\SiUSBXp.sys [14848 2009-03-09] (Silicon Laboratories)

S3 StarOpen; C:\Windows\System32\Drivers\StarOpen.sys [7168 2009-09-28] ()

S3 StMp3Rec; C:\Windows\System32\Drivers\StMp3Rec.sys [19840 2007-06-15] (Generic)

S3 tbhsd; C:\Windows\System32\drivers\tbhsd.sys [27936 2008-07-15] (RapidSolution Software AG)

R0 tdrpman; C:\Windows\System32\DRIVERS\tdrpman.sys [368736 2008-03-29] (Acronis)

R2 tifsfilter; C:\Windows\System32\DRIVERS\tifsfilt.sys [44416 2008-03-29] (Acronis)

R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys [10088 2012-08-28] (TuneUp Software)

S3 USBTINSP; C:\Windows\System32\DRIVERS\tinspusb.sys [122752 2010-07-07] (Texas Instruments)

R3 X10Hid; C:\Windows\System32\Drivers\x10hid.sys [13976 2006-11-17] (X10 Wireless Technology, Inc.)

R3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [27416 2006-11-30] (X10 Wireless Technology, Inc.)

S2 adfs; No ImagePath

U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-18] (Microsoft Corporation)

S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x]

S3 catchme; \??\C:\ComboFix\catchme.sys [x]

S3 GigasetGenericUSB; system32\DRIVERS\GigasetGenericUSB.sys [x]

S3 IpInIp; system32\DRIVERS\ipinip.sys [x]

S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]

S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]

S3 PalmUSBD; system32\drivers\PalmUSBD.sys [x]

S0 PxHelp20; System32\Drivers\PxHelp20.sys [x]

S3 TSHWMDTCP; \??\C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys [x]
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2013-12-24 14:59 - 2013-12-24 15:00 - 00030880 _____ C:\Users\Joerg\Desktop\FRST.txt

2013-12-24 14:50 - 2013-12-24 14:50 - 00000366 _____ C:\Windows\PFRO.log

2013-12-23 08:59 - 2013-12-23 08:59 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\CalculatedFieldsPlugin

2013-12-22 17:24 - 2013-12-22 17:24 - 00000031 _____ C:\fcStart.ini

2013-12-21 20:13 - 2013-12-21 20:13 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\Macromedia

2013-12-21 15:03 - 2013-12-21 15:03 - 00000000 ____D C:\Program Files\Windows Resource Kits

2013-12-21 09:31 - 2013-12-21 09:36 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared

2013-12-21 09:31 - 2013-12-21 09:31 - 00142936 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT.SYS

2013-12-21 09:31 - 2013-12-21 09:31 - 00008194 _____ C:\Windows\system32\Drivers\SYMEVENT.CAT

2013-12-21 09:30 - 2013-12-21 12:32 - 00000000 ____D C:\Windows\system32\Drivers\NIS

2013-12-21 09:30 - 2013-12-21 09:30 - 00000000 ____D C:\Program Files\Norton Internet Security CBE

2013-12-20 18:16 - 2009-08-19 22:50 - 00022872 _____ (Adobe Systems Inc.) C:\Windows\system32\AdobePDFUI.dll

2013-12-19 20:27 - 2013-12-19 20:27 - 00000000 ____D C:\ProgramData\WindowsSearch

2013-12-19 13:53 - 2013-12-19 13:49 - 00891200 _____ C:\Users\Joerg\Desktop\SecurityCheck.exe

2013-12-19 13:53 - 2013-12-19 13:48 - 02347384 _____ (ESET) C:\Users\Joerg\Desktop\esetsmartinstaller_enu.exe

2013-12-18 17:51 - 2013-12-24 14:58 - 00000000 ___RD C:\Users\Public\Recorded TV

2013-12-18 17:34 - 2013-12-23 09:44 - 00181064 _____ (Sysinternals) C:\Windows\PSEXESVC.EXE

2013-12-18 17:34 - 2013-12-18 17:34 - 00000207 _____ C:\Windows\tweaking.com-regbackup-DESKTOP-Microsoft®-Windows-Vista™-Home-Premium-(32-bit).dat

2013-12-18 17:32 - 2013-12-18 17:32 - 00000000 ____D C:\RegBackup

2013-12-18 16:00 - 2013-12-18 16:00 - 00000000 ____D C:\Windows\ERUNT

2013-12-18 15:45 - 2013-12-18 18:11 - 00000000 ____D C:\AdwCleaner

2013-12-18 15:26 - 2013-12-18 15:26 - 00000618 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-12-18 15:25 - 2013-12-18 15:24 - 01226750 _____ C:\Users\Joerg\Desktop\adwcleaner.exe

2013-12-18 15:25 - 2013-12-18 15:24 - 01034531 _____ (Thisisu) C:\Users\Joerg\Desktop\JRT.exe

2013-12-17 18:14 - 2013-12-17 18:14 - 00027224 _____ C:\ComboFix.txt

2013-12-17 17:49 - 2013-12-22 15:25 - 00000000 ____D C:\ComboFix

2013-12-17 17:34 - 2013-12-17 18:13 - 00000000 ____D C:\Qoobox

2013-12-17 17:30 - 2013-12-17 16:04 - 05155004 ____R (Swearware) C:\Users\Joerg\Desktop\ComboFix.exe

2013-12-17 16:17 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe

2013-12-17 16:17 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe

2013-12-17 16:17 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe

2013-12-17 16:17 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe

2013-12-17 16:17 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe

2013-12-17 16:17 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe

2013-12-17 16:17 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe

2013-12-17 16:17 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe

2013-12-17 16:14 - 2013-12-17 18:11 - 00000000 ____D C:\Windows\erdnt

2013-12-16 16:10 - 2013-12-24 14:52 - 00000000 ____D C:\FRST

2013-12-16 16:10 - 2013-12-24 14:49 - 01061581 _____ (Farbar) C:\Users\Joerg\Desktop\FRST.exe

2013-12-15 19:28 - 2013-12-21 14:57 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\QuickScan

2013-12-15 19:14 - 2013-12-15 19:43 - 3133878462 _____ C:\avenger.txt

2013-12-15 09:58 - 2013-12-15 10:57 - 00001912 _____ C:\Windows\epplauncher.mif

2013-12-15 09:45 - 2013-12-21 21:01 - 00000392 ____H C:\Windows\Tasks\User_Feed_Synchronization-{792C0784-4E0D-417A-B5F3-2D5B5D6A4312}.job

2013-12-12 19:16 - 2013-12-12 19:15 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe

2013-12-12 19:16 - 2013-12-12 19:15 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe

2013-12-12 19:16 - 2013-12-12 19:15 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe

2013-12-12 19:16 - 2013-12-12 19:15 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll

2013-12-06 14:54 - 2013-12-22 15:26 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1

2013-12-06 14:54 - 2013-12-06 14:55 - 00000000 ____D C:\Program Files\iTunes

2013-12-06 14:54 - 2013-12-06 14:54 - 00000000 ____D C:\Program Files\iPod

2013-11-26 17:32 - 2013-11-26 17:32 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\Malwarebytes

2013-11-26 17:31 - 2013-11-26 17:31 - 00000000 ____D C:\ProgramData\Malwarebytes

2013-11-26 17:31 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2013-11-26 17:25 - 2013-10-31 09:35 - 00001136 _____ C:\Users\Joerg\Documents\indexfile.txt

2013-11-26 16:58 - 2013-12-22 15:27 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\IObit

2013-11-26 16:58 - 2013-12-21 17:19 - 00000000 ____D C:\ProgramData\ProductData

2013-11-26 16:58 - 2013-12-17 16:05 - 00000000 ____D C:\ProgramData\IObit

2013-11-26 16:58 - 2013-12-06 17:24 - 00001166 _____ C:\Users\Joerg\AppData\Roaming\Microsoft\Windows\Start Menu\Uninstall Programs.lnk

2013-11-26 16:58 - 2013-11-26 16:59 - 00000000 ____D C:\Program Files\IObit

2013-11-26 16:48 - 2013-11-26 16:48 - 00000953 _____ C:\Users\Joerg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

2013-11-26 16:28 - 2013-11-26 16:28 - 32823600 _____ (DVDVideoSoft Ltd.                                           ) C:\Users\Joerg\Downloads\FreeAVIVideoConverter (1).exe

2013-11-24 17:11 - 2013-12-22 15:27 - 00000000 ____D C:\Users\Joerg\Documents\StreamTransport

2013-11-24 15:02 - 2013-11-26 18:24 - 00000000 ____D C:\ProgramData\Updater

2013-11-24 15:01 - 2013-11-24 15:02 - 00000000 ____D C:\Users\Joerg\AppData\Local\Mobogenie

2013-11-24 15:01 - 2013-11-24 15:01 - 00000000 ____D C:\Users\Joerg\Documents\Mobogenie

2013-11-24 15:01 - 2013-11-24 15:01 - 00000000 ____D C:\Users\Joerg\AppData\Local\cache

2013-11-24 15:01 - 2013-11-24 15:01 - 00000000 _____ C:\Users\Joerg\daemonprocess.txt

2013-11-24 15:00 - 2013-11-24 15:02 - 00000000 ____D C:\Program Files\Mobogenie

2013-11-24 10:23 - 2013-11-24 10:23 - 28289104 _____ (Any-Video-Converter.com                                     ) C:\Users\Joerg\Downloads\avc-free.exe

2013-11-24 10:21 - 2013-11-24 10:21 - 00000000 ____D C:\Users\Joerg\Documents\Any Video Converter
 

==================== One Month Modified Files and Folders =======
 

2013-12-24 15:00 - 2013-12-24 14:59 - 00030880 _____ C:\Users\Joerg\Desktop\FRST.txt

2013-12-24 14:58 - 2013-12-18 17:51 - 00000000 ___RD C:\Users\Public\Recorded TV

2013-12-24 14:58 - 2006-11-02 13:47 - 00003344 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

2013-12-24 14:58 - 2006-11-02 13:47 - 00003344 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

2013-12-24 14:57 - 2006-11-02 14:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2013-12-24 14:56 - 2012-06-11 11:42 - 01207562 _____ C:\Windows\WindowsUpdate.log

2013-12-24 14:56 - 2006-11-02 14:01 - 00032558 _____ C:\Windows\Tasks\SCHEDLGU.TXT

2013-12-24 14:52 - 2013-12-16 16:10 - 00000000 ____D C:\FRST

2013-12-24 14:50 - 2013-12-24 14:50 - 00000366 _____ C:\Windows\PFRO.log

2013-12-24 14:49 - 2013-12-16 16:10 - 01061581 _____ (Farbar) C:\Users\Joerg\Desktop\FRST.exe

2013-12-23 19:35 - 2012-12-29 20:47 - 00000000 ____D C:\Users\Joerg\AppData\Local\CrashDumps

2013-12-23 11:25 - 2008-03-11 18:55 - 00000000 ____D C:\Users\Joerg

2013-12-23 10:21 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\Microsoft.NET

2013-12-23 10:18 - 2006-11-02 11:33 - 01592432 _____ C:\Windows\system32\PerfStringBackup.INI

2013-12-23 09:54 - 2012-06-11 11:39 - 02438576 _____ C:\Windows\system32\FNTCACHE.DAT

2013-12-23 09:44 - 2013-12-18 17:34 - 00181064 _____ (Sysinternals) C:\Windows\PSEXESVC.EXE

2013-12-23 09:42 - 2012-06-10 09:36 - 00142992 _____ C:\Users\Joerg\AppData\Local\GDIPFONTCACHEV1.DAT

2013-12-23 09:23 - 2009-05-31 16:17 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\KeePass

2013-12-23 09:23 - 2008-03-14 17:51 - 00000000 ____D C:\Users\Joerg\Documents\Sonstiges

2013-12-23 08:59 - 2013-12-23 08:59 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\CalculatedFieldsPlugin

2013-12-22 17:24 - 2013-12-22 17:24 - 00000031 _____ C:\fcStart.ini

2013-12-22 17:18 - 2013-02-07 19:30 - 00000000 ____D C:\Program Files\MSXML 4.0

2013-12-22 17:01 - 2009-09-05 19:15 - 00000000 ____D C:\Windows\pss

2013-12-22 15:27 - 2013-11-26 16:58 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\IObit

2013-12-22 15:27 - 2013-11-24 17:11 - 00000000 ____D C:\Users\Joerg\Documents\StreamTransport

2013-12-22 15:27 - 2013-09-25 13:20 - 00000000 ____D C:\Users\Joerg\Documents\FotoMorph Data

2013-12-22 15:27 - 2013-07-27 13:32 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\ContactConversionWizard

2013-12-22 15:27 - 2013-07-06 14:31 - 00000000 ____D C:\Users\Joerg\AppData\Local\Temp8409436aa8c8fe2607f46d888894a0a2

2013-12-22 15:27 - 2013-07-06 14:31 - 00000000 ____D C:\Users\Joerg\AppData\Local\Temp57e798956ff6945e831cb73b3f5ebe6d

2013-12-22 15:27 - 2013-04-28 16:02 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\MyPhoneExplorer

2013-12-22 15:27 - 2013-04-01 08:49 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\mp3DirectCut

2013-12-22 15:27 - 2013-03-10 10:28 - 00000000 ___RD C:\Users\Joerg\Desktop\Fotografie

2013-12-22 15:27 - 2012-08-21 18:41 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\PhotoFiltre 7

2013-12-22 15:27 - 2012-06-08 17:55 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\TwonkyServer

2013-12-22 15:27 - 2012-05-21 16:49 - 00000000 ___SD C:\Users\Joerg\Google Drive

2013-12-22 15:27 - 2012-04-17 14:30 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\DVDVideoSoft

2013-12-22 15:27 - 2012-02-27 20:10 - 00000000 ____D C:\Users\Joerg\XnViewPortable

2013-12-22 15:27 - 2012-01-02 20:00 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\Chipcardmaster

2013-12-22 15:27 - 2011-12-25 11:53 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\SmartLine

2013-12-22 15:27 - 2011-12-05 19:51 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\MediaMonkey

2013-12-22 15:27 - 2011-12-03 11:34 - 00000000 ___RD C:\Users\Joerg\Documents\Dropbox

2013-12-22 15:27 - 2011-05-03 18:56 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\gtk-2.0

2013-12-22 15:27 - 2011-05-03 15:20 - 00000000 ____D C:\Users\Joerg\Gpredict

2013-12-22 15:27 - 2011-02-05 21:11 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\PhotoScape

2013-12-22 15:27 - 2010-10-28 09:42 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\DynaGeo

2013-12-22 15:27 - 2010-10-28 09:32 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\Notepad++

2013-12-22 15:27 - 2010-09-19 11:16 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\Ahnenblatt

2013-12-22 15:27 - 2010-06-21 17:23 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\GeoSetter

2013-12-22 15:27 - 2010-05-29 20:55 - 00000000 ___RD C:\Users\Joerg\Desktop\Sport

2013-12-22 15:27 - 2009-09-23 19:02 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\EQMOD

2013-12-22 15:27 - 2009-09-04 18:01 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\Nvu

2013-12-22 15:27 - 2009-08-12 19:33 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\dvdcss

2013-12-22 15:27 - 2009-08-03 08:56 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\vlc

2013-12-22 15:27 - 2009-02-19 14:20 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\skychart

2013-12-22 15:27 - 2008-06-13 18:42 - 00000000 ___RD C:\Users\Joerg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games

2013-12-22 15:27 - 2008-05-01 10:21 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\Skype

2013-12-22 15:27 - 2008-04-20 09:29 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\Thunderbird

2013-12-22 15:27 - 2008-04-17 18:39 - 00000000 ____D C:\Users\Joerg\Documents\TrackMania

2013-12-22 15:27 - 2008-03-22 14:22 - 00000000 ___RD C:\Users\Joerg\Desktop\Games

2013-12-22 15:27 - 2008-03-14 18:54 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\Synchronizer

2013-12-22 15:27 - 2008-03-14 18:38 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\Stellarium

2013-12-22 15:27 - 2008-03-14 17:45 - 00000000 ___SD C:\Users\Joerg\Documents\Meine Shapes

2013-12-22 15:27 - 2008-03-14 17:45 - 00000000 ____D C:\Users\Joerg\Documents\Navigation

2013-12-22 15:27 - 2008-03-14 17:41 - 00000000 ____D C:\Users\Joerg\Documents\MediaShows

2013-12-22 15:27 - 2008-03-14 17:40 - 00000000 ____D C:\Users\Joerg\Documents\Cartes du Ciel

2013-12-22 15:27 - 2008-03-14 17:40 - 00000000 ____D C:\Users\Joerg\Documents\Astronomie

2013-12-22 15:27 - 2008-03-11 19:23 - 00000000 ___RD C:\Users\Joerg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Online

2013-12-22 15:27 - 2008-03-11 19:22 - 00000000 ___RD C:\Users\Joerg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Util

2013-12-22 15:27 - 2008-03-11 19:21 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Anwendung

2013-12-22 15:27 - 2008-03-11 19:17 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\Adobe

2013-12-22 15:27 - 2008-03-11 18:56 - 00000000 ____D C:\Users\Joerg\AppData\Local\TVEnhance

2013-12-22 15:27 - 2008-03-11 18:55 - 00000000 ___RD C:\Users\Joerg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories

2013-12-22 15:27 - 2006-11-02 13:37 - 00000000 ____D C:\Program Files\Windows Defender

2013-12-22 15:27 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\system32\spool

2013-12-22 15:27 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\system32\Msdtc

2013-12-22 15:27 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\system

2013-12-22 15:26 - 2013-12-06 14:54 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1

2013-12-22 15:26 - 2013-07-06 14:31 - 00000000 ____D C:\Users\Joerg\AppData\Local\Temp4195a7306b30f4fd47dce8db05cd6580

2013-12-22 15:26 - 2012-04-17 14:31 - 00000000 ____D C:\Program Files\Common Files\DVDVideoSoft

2013-12-22 15:26 - 2010-10-29 21:53 - 00000000 ____D C:\ProgramData\FLEXnet

2013-12-22 15:26 - 2010-10-29 20:10 - 00000000 ____D C:\Program Files\Common Files\Adobe

2013-12-22 15:26 - 2010-02-13 10:44 - 00000000 ____D C:\Users\Joerg\.jskat

2013-12-22 15:26 - 2009-08-30 09:41 - 00000000 ____D C:\Program Files\Common Files\PX Storage Engine

2013-12-22 15:26 - 2009-02-19 14:25 - 00000000 ____D C:\Users\Joerg\AppData\Local\Skychart

2013-12-22 15:26 - 2008-04-26 09:14 - 00000000 ____D C:\Users\Joerg\AppData\Local\MediaMonkey

2013-12-22 15:26 - 2007-10-10 12:05 - 00000000 ____D C:\Program Files\Adobe

2013-12-22 15:25 - 2013-12-17 17:49 - 00000000 ____D C:\ComboFix

2013-12-22 15:24 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\registration

2013-12-22 10:43 - 2006-11-02 11:22 - 83099648 _____ C:\Windows\system32\config\software_previous

2013-12-22 10:43 - 2006-11-02 11:22 - 53739520 _____ C:\Windows\system32\config\system_previous

2013-12-22 10:43 - 2006-11-02 11:22 - 36438016 _____ C:\Windows\system32\config\components_previous

2013-12-22 10:43 - 2006-11-02 11:22 - 00319488 _____ C:\Windows\system32\config\default_previous

2013-12-22 10:43 - 2006-11-02 11:22 - 00204800 _____ C:\Windows\system32\config\sam_previous

2013-12-22 10:43 - 2006-11-02 11:22 - 00028672 _____ C:\Windows\system32\config\security_previous

2013-12-22 10:24 - 2012-09-03 15:56 - 00000000 ____D C:\Users\DEG

2013-12-22 10:24 - 2010-11-10 16:29 - 00000000 ____D C:\Users\Catherine-Sophie

2013-12-22 10:24 - 2008-04-20 10:13 - 00000000 ____D C:\Users\Dominik

2013-12-22 10:24 - 2008-03-13 19:00 - 00000000 ____D C:\Users\Gast

2013-12-21 21:01 - 2013-12-15 09:45 - 00000392 ____H C:\Windows\Tasks\User_Feed_Synchronization-{792C0784-4E0D-417A-B5F3-2D5B5D6A4312}.job

2013-12-21 20:16 - 2006-11-02 11:22 - 83361792 _____ C:\Windows\system32\config\software.old

2013-12-21 20:16 - 2006-11-02 11:22 - 53739520 _____ C:\Windows\system32\config\system.old

2013-12-21 20:16 - 2006-11-02 11:22 - 36438016 _____ C:\Windows\system32\config\components.old

2013-12-21 20:16 - 2006-11-02 11:22 - 00524288 _____ C:\Windows\system32\config\default.old

2013-12-21 20:16 - 2006-11-02 11:22 - 00204800 _____ C:\Windows\system32\config\sam.old

2013-12-21 20:16 - 2006-11-02 11:22 - 00028672 _____ C:\Windows\system32\config\security.old

2013-12-21 20:13 - 2013-12-21 20:13 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\Macromedia

2013-12-21 17:20 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\system32\de-DE

2013-12-21 17:19 - 2013-11-26 16:58 - 00000000 ____D C:\ProgramData\ProductData

2013-12-21 16:45 - 2013-10-09 09:49 - 00000000 ____D C:\Users\Carmen\AppData\Roaming\JFritz

2013-12-21 16:40 - 2008-03-21 20:28 - 00142992 _____ C:\Users\Carmen\AppData\Local\GDIPFONTCACHEV1.DAT

2013-12-21 15:17 - 2010-05-22 16:49 - 00000000 ____D C:\Users\Joerg\AppData\Local\FixItCenter

2013-12-21 15:03 - 2013-12-21 15:03 - 00000000 ____D C:\Program Files\Windows Resource Kits

2013-12-21 14:57 - 2013-12-15 19:28 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\QuickScan

2013-12-21 12:32 - 2013-12-21 09:30 - 00000000 ____D C:\Windows\system32\Drivers\NIS

2013-12-21 10:08 - 2012-01-02 20:00 - 00000000 ____D C:\Program Files\Chipcardmaster

2013-12-21 09:45 - 2013-03-27 17:03 - 00000000 ____D C:\Program Files\AusweisApp

2013-12-21 09:41 - 2012-02-21 16:36 - 00000000 ____D C:\Users\Joerg\.ausweisapp

2013-12-21 09:36 - 2013-12-21 09:31 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared

2013-12-21 09:31 - 2013-12-21 09:31 - 00142936 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT.SYS

2013-12-21 09:31 - 2013-12-21 09:31 - 00008194 _____ C:\Windows\system32\Drivers\SYMEVENT.CAT

2013-12-21 09:30 - 2013-12-21 09:30 - 00000000 ____D C:\Program Files\Norton Internet Security CBE

2013-12-21 09:30 - 2012-11-25 09:38 - 00000000 ____D C:\ProgramData\Norton

2013-12-20 18:43 - 2007-10-10 12:06 - 00000000 ____D C:\ProgramData\Adobe

2013-12-19 20:27 - 2013-12-19 20:27 - 00000000 ____D C:\ProgramData\WindowsSearch

2013-12-19 13:49 - 2013-12-19 13:53 - 00891200 _____ C:\Users\Joerg\Desktop\SecurityCheck.exe

2013-12-19 13:48 - 2013-12-19 13:53 - 02347384 _____ (ESET) C:\Users\Joerg\Desktop\esetsmartinstaller_enu.exe

2013-12-18 18:11 - 2013-12-18 15:45 - 00000000 ____D C:\AdwCleaner

2013-12-18 17:51 - 2006-11-02 12:18 - 00000000 ___RD C:\Users\Public

2013-12-18 17:45 - 2006-11-02 11:23 - 00000855 _____ C:\Windows\system32\Drivers\etc\hosts_bak_676

2013-12-18 17:34 - 2013-12-18 17:34 - 00000207 _____ C:\Windows\tweaking.com-regbackup-DESKTOP-Microsoft®-Windows-Vista™-Home-Premium-(32-bit).dat

2013-12-18 17:32 - 2013-12-18 17:32 - 00000000 ____D C:\RegBackup

2013-12-18 16:00 - 2013-12-18 16:00 - 00000000 ____D C:\Windows\ERUNT

2013-12-18 15:26 - 2013-12-18 15:26 - 00000618 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-12-18 15:24 - 2013-12-18 15:25 - 01226750 _____ C:\Users\Joerg\Desktop\adwcleaner.exe

2013-12-18 15:24 - 2013-12-18 15:25 - 01034531 _____ (Thisisu) C:\Users\Joerg\Desktop\JRT.exe

2013-12-17 18:14 - 2013-12-17 18:14 - 00027224 _____ C:\ComboFix.txt

2013-12-17 18:13 - 2013-12-17 17:34 - 00000000 ____D C:\Qoobox

2013-12-17 18:11 - 2013-12-17 16:14 - 00000000 ____D C:\Windows\erdnt

2013-12-17 18:07 - 2006-11-02 11:23 - 00000215 _____ C:\Windows\system.ini

2013-12-17 18:07 - 2006-11-02 11:23 - 00000027 _____ C:\Windows\system32\Drivers\etc\hosts_bak_663

2013-12-17 16:05 - 2013-11-26 16:58 - 00000000 ____D C:\ProgramData\IObit

2013-12-17 16:04 - 2013-12-17 17:30 - 05155004 ____R (Swearware) C:\Users\Joerg\Desktop\ComboFix.exe

2013-12-15 19:43 - 2013-12-15 19:14 - 3133878462 _____ C:\avenger.txt

2013-12-15 19:14 - 2011-01-26 19:37 - 00000000 ____D C:\Windows\Sun

2013-12-15 18:05 - 2012-09-20 13:27 - 00000000 ____D C:\Program Files\TuneUp Utilities 2013

2013-12-15 17:22 - 2012-06-17 18:09 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe

2013-12-15 17:22 - 2011-06-23 09:17 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

2013-12-15 17:22 - 2008-04-05 17:05 - 00000000 ____D C:\Program Files\Google

2013-12-15 16:32 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\system32\LogFiles

2013-12-15 10:57 - 2013-12-15 09:58 - 00001912 _____ C:\Windows\epplauncher.mif

2013-12-15 09:32 - 2010-05-28 19:30 - 01056768 _____ C:\Windows\system32\defltbase.sdb

2013-12-13 20:20 - 2009-09-06 21:26 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\Media Player Classic

2013-12-13 19:22 - 2008-04-23 18:40 - 00050688 _____ C:\Users\Joerg\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2013-12-12 19:32 - 2008-03-12 20:38 - 00000000 ____D C:\Users\Joerg\AppData\Local\Adobe

2013-12-12 19:17 - 2013-10-04 19:25 - 00000000 ____D C:\ProgramData\Oracle

2013-12-12 19:15 - 2013-12-12 19:16 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe

2013-12-12 19:15 - 2013-12-12 19:16 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe

2013-12-12 19:15 - 2013-12-12 19:16 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe

2013-12-12 19:15 - 2013-12-12 19:16 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll

2013-12-12 18:01 - 2012-07-10 08:41 - 00000000 ____D C:\Program Files\StarMoney 8.0 S-Edition

2013-12-12 17:49 - 2012-10-10 17:57 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service

2013-12-11 17:47 - 2007-10-10 11:37 - 00000000 ____D C:\ProgramData\Microsoft Help

2013-12-11 17:44 - 2013-07-23 19:59 - 00000000 ____D C:\Windows\system32\MRT

2013-12-11 17:40 - 2006-11-02 11:24 - 88123800 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe

2013-12-08 15:24 - 2012-11-18 18:24 - 00000000 ____D C:\Users\Joerg\AppData\Local\Rohos

2013-12-08 10:07 - 2008-03-12 18:52 - 00000000 ____D C:\Program Files\Astronomie

2013-12-08 09:56 - 2008-05-01 10:20 - 00000000 ____D C:\ProgramData\Skype

2013-12-07 09:40 - 2006-11-02 11:22 - 83361792 _____ C:\Windows\system32\config\SOFTWARE_tureg_old

2013-12-07 09:40 - 2006-11-02 11:22 - 53215232 _____ C:\Windows\system32\config\SYSTEM_tureg_old

2013-12-07 09:40 - 2006-11-02 11:22 - 36069376 _____ C:\Windows\system32\config\COMPONENTS_tureg_old

2013-12-07 09:40 - 2006-11-02 11:22 - 00524288 _____ C:\Windows\system32\config\DEFAULT_tureg_old

2013-12-07 09:40 - 2006-11-02 11:22 - 00028672 _____ C:\Windows\system32\config\SECURITY_tureg_old

2013-12-06 18:13 - 2006-11-02 11:22 - 00204800 _____ C:\Windows\system32\config\SAM_tureg_old

2013-12-06 17:24 - 2013-11-26 16:58 - 00001166 _____ C:\Users\Joerg\AppData\Roaming\Microsoft\Windows\Start Menu\Uninstall Programs.lnk

2013-12-06 14:55 - 2013-12-06 14:54 - 00000000 ____D C:\Program Files\iTunes

2013-12-06 14:54 - 2013-12-06 14:54 - 00000000 ____D C:\Program Files\iPod

2013-12-06 14:54 - 2011-03-15 19:14 - 00000000 ____D C:\ProgramData\Apple Computer

2013-12-06 14:54 - 2011-03-15 19:09 - 00000000 ____D C:\Program Files\Common Files\Apple

2013-12-05 19:23 - 2011-08-23 17:37 - 00002629 _____ C:\Users\Joerg\BT747SettingsJ2SE.pdb

2013-12-05 17:31 - 2011-08-22 12:27 - 00000000 ____D C:\Users\Joerg\Documents\ezTour_Workspace

2013-12-05 17:00 - 2007-10-09 15:23 - 00000000 ___HD C:\Program Files\InstallShield Installation Information

2013-12-04 18:23 - 2011-10-03 14:52 - 00000000 ____D C:\Users\Joerg\AppData\Local\Eye-Fi

2013-12-04 18:10 - 2011-10-03 14:52 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\Eye-Fi

2013-11-27 15:54 - 2008-04-20 15:17 - 00000000 ____D C:\Users\Carmen\Documents\Eigene Dokumente

2013-11-26 18:24 - 2013-11-24 15:02 - 00000000 ____D C:\ProgramData\Updater

2013-11-26 17:32 - 2013-11-26 17:32 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\Malwarebytes

2013-11-26 17:31 - 2013-11-26 17:31 - 00000000 ____D C:\ProgramData\Malwarebytes

2013-11-26 17:16 - 2011-04-25 08:44 - 00002078 _____ C:\Windows\system32\OSSService.log

2013-11-26 17:08 - 2008-03-11 19:33 - 00000000 ____D C:\Program Files\Online

2013-11-26 16:59 - 2013-11-26 16:58 - 00000000 ____D C:\Program Files\IObit

2013-11-26 16:48 - 2013-11-26 16:48 - 00000953 _____ C:\Users\Joerg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

2013-11-26 16:48 - 2013-11-12 16:57 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\Opera Software

2013-11-26 16:48 - 2013-11-12 16:57 - 00000000 ____D C:\Users\Joerg\AppData\Local\Opera Software

2013-11-26 16:41 - 2010-05-19 17:19 - 00000000 ____D C:\Program Files\Garmin

2013-11-26 16:28 - 2013-11-26 16:28 - 32823600 _____ (DVDVideoSoft Ltd.                                           ) C:\Users\Joerg\Downloads\FreeAVIVideoConverter (1).exe

2013-11-24 15:02 - 2013-11-24 15:01 - 00000000 ____D C:\Users\Joerg\AppData\Local\Mobogenie

2013-11-24 15:02 - 2013-11-24 15:00 - 00000000 ____D C:\Program Files\Mobogenie

2013-11-24 15:01 - 2013-11-24 15:01 - 00000000 ____D C:\Users\Joerg\Documents\Mobogenie

2013-11-24 15:01 - 2013-11-24 15:01 - 00000000 ____D C:\Users\Joerg\AppData\Local\cache

2013-11-24 15:01 - 2013-11-24 15:01 - 00000000 _____ C:\Users\Joerg\daemonprocess.txt

2013-11-24 10:23 - 2013-11-24 10:23 - 28289104 _____ (Any-Video-Converter.com                                     ) C:\Users\Joerg\Downloads\avc-free.exe

2013-11-24 10:21 - 2013-11-24 10:21 - 00000000 ____D C:\Users\Joerg\Documents\Any Video Converter

ZeroAccess:

C:\Program Files\Google\Desktop\Install
 

==================== Bamital & volsnap Check =================
 

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 

LastRegBack: 2013-12-24 14:56
 

==================== End Of Log ============================

--- --- ---

Fixlog sieht wie folgt aus:

Code:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 23-12-2013

Ran by Joerg at 2013-12-24 14:49:23 Run:1

Running from C:\Users\Joerg\Desktop

Boot Mode: Normal
 

==============================================
 

Content of fixlist:

*****************

ZeroAccess:

C:\Users\Joerg\AppData\Local\Google\Desktop\Install

ZeroAccess:

C:\Program Files\Google\Desktop\Install

*****************
 
 

"C:\Users\Joerg\AppData\Local\Google\Desktop\Install" directory move:
 

Could not move "C:\Users\Joerg\AppData\Local\Google\Desktop\Install" directory. => Scheduled to move on reboot.
 
 

"C:\Program Files\Google\Desktop\Install" directory move:
 

Could not move "C:\Program Files\Google\Desktop\Install" directory. => Scheduled to move on reboot.
 
 

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2013-12-24 14:52:01)<=
 

C:\Users\Joerg\AppData\Local\Google\Desktop\Install => Is moved successfully.

"C:\Program Files\Google\Desktop\Install" => Directory could not move.
 

==== End of Fixlog ====

Eine Sache ist noch aufällig: nachdem der die Datei Fixlog.txt erstellt wurde, ist auf meinem Desktop ein Ordner mit chinesischen(ß) Zeichen/Buchstaben sichtbar.
Kannst Du Dir hierauf einen Reim machen?

Vielen Dank und ein paar erholsame Tage wünscht Dir

Jörg

Zeig mal bitte einen Screenshot davon. Das FRST Log wurde nach dem Fix erstellt?

Hallo Schrauber,

was die Erstellung der Textdateien angeht, habe ich mich exakt an die von Dir vorgegebene Reihenfolge gehalten, d. h.
als erstes die Fixlog und neun Minuten später war die FRST fertig.

Die Screenshots vom Desktop füge ich als PDF an:

Danke.

Jörg

Lösche bitte Adwcleaner und lade ihn neu. Suchen und Löschen lassen, dann bitte ein frisches FRST log. Ordner einfach löschen geht nit?

Hallo Schrauber,

nein, den Ordner kann man unter Windows nicht löschen. Ich habe es mit einer Linux-Live CD (Knoppix) versucht. Hier lies sich der Ordner problemlos löschen.

Und hier wieder eine FRST.txt

FRST Logfile:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 25-12-2013

Ran by Joerg (administrator) on DESKTOP on 27-12-2013 11:04:15

Running from C:\Users\Joerg\Desktop

Microsoft® Windows Vista™ Home Premium  Service Pack 1 (X86) OS Language: German Standard

Internet Explorer Version 7

Boot Mode: Normal
 

==================== Processes (Whitelisted) ===================
 

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(B.H.A Corporation) C:\Windows\System32\bgsvcgen.exe

(REINER SCT) C:\Windows\System32\cjpcsc.exe

(devolo AG) C:\Program Files\devolo\dlan\devolonetsvc.exe

(Microsoft Corporation) C:\Windows\ehome\ehrecvr.exe

(Microsoft Corporation) C:\Windows\ehome\ehsched.exe

(IObit) C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe

(BUFFALO INC.) C:\Program Files\BUFFALO\NASNAVI\nassvc.exe

(TuneUp Software) C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe

(X10) C:\Program Files\Common Files\X10\Common\X10nets.exe

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

(TuneUp Software) C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe

(Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 10.0\Reader\reader_sl.exe
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [11430504 2011-10-17] (Realtek Semiconductor)

HKLM\...\Run: [AppleSyncNotifier] - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-10-06] (Apple Inc.)

HKLM\...\Run: [NUSB3MON] - C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [115048 2011-09-16] (Renesas Electronics Corporation)

HKLM\...\Run: [RUSB3MON] - C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe [115048 2011-09-20] (Renesas Electronics Corporation)

HKLM\...\Run: [Kernel and Hardware Abstraction Layer] - KHALMNPR.EXE                                                                                                                                                                                                                                                             

HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)

HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-09] (Avira Operations GmbH & Co. KG)

HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)

HKLM\...\Policies\Explorer: [ShowDriveLettersFirst] 4

HKCU\...\Run: [SyncService] - C:\Program Files\SYNCING.NET\bin\SyncService.exe [1730144 2013-08-20] (ASBYTE)

HKCU\...\Policies\system: [LogonHoursAction] 2

HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 1

HKCU\...\Policies\Explorer: [TaskbarNoNotification] 1

HKCU\...\Policies\Explorer: [CDRAutoRun] 0

HKU\Carmen\...\Run: [ehTray.exe] - C:\Windows\ehome\ehtray.exe [ 2008-01-18] (Microsoft Corporation)

HKU\Carmen\...\Run: [SyncService] - I:\Program Files\SYNCING.NET\SYNCING.NET\bin\SyncService.exe [ 2009-07-20] (SYNCING.NET Technologies GmbH)

HKU\Carmen\...\Run: [Updater] - C:\ProgramData\Updater\updater.exe

HKU\Carmen\...\Policies\system: [LogonHoursAction] 2

HKU\Carmen\...\Policies\system: [DontDisplayLogonHoursWarnings] 1

HKU\Catherine-Sophie\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter

HKU\Catherine-Sophie\...\Run: [SyncService] - "C:\Program Files\SYNCING.NET Technologies\SYNCING.NET\bin\SyncService.exe" /silent

HKU\Catherine-Sophie\...\Run: [AusweisApp] - I:\Program Files\AusweisApp\siqBootLoader.exe                                                                                                                                                                                                                            

HKU\Catherine-Sophie\...\Run: [ANT Agent] - C:\Program Files\Garmin\ANT Agent\ANT Agent.exe [ 2013-02-15] (GARMIN Corp.)

HKU\Catherine-Sophie\...\Run: [dualmonitor] - C:\Program Files\Dual Monitor\DualMonitor.exe                                                                                                                                                                                                                            

HKU\Catherine-Sophie\...\Run: [ehTray.exe] - C:\Windows\ehome\ehtray.exe [ 2008-01-18] (Microsoft Corporation)

HKU\Catherine-Sophie\...\Policies\system: [LogonHoursAction] 2

HKU\Catherine-Sophie\...\Policies\system: [DontDisplayLogonHoursWarnings] 1

HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter

HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter

HKU\DEG\...\Run: [SyncService] - "C:\Program Files\SYNCING.NET Technologies\SYNCING.NET\bin\SyncService.exe" /silent

HKU\DEG\...\Run: [dualmonitor] - C:\Program Files\Dual Monitor\DualMonitor.exe                                                                                                                                                                                                                            

HKU\DEG\...\Run: [ehTray.exe] - C:\Windows\ehome\ehtray.exe [ 2008-01-18] (Microsoft Corporation)

HKU\DEG\...\Policies\system: [LogonHoursAction] 2

HKU\DEG\...\Policies\system: [DontDisplayLogonHoursWarnings] 1

HKU\Dominik\...\Run: [ehTray.exe] - C:\Windows\ehome\ehtray.exe [ 2008-01-18] (Microsoft Corporation)

HKU\Dominik\...\Run: [SyncService] - I:\Program Files\SYNCING.NET\SYNCING.NET\bin\SyncService.exe [ 2009-07-20] (SYNCING.NET Technologies GmbH)

HKU\Dominik\...\Run: [LightScribe Control Panel] - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden                                                                                                                                                                                            

HKU\Dominik\...\Run: [ANT Agent] - C:\Program Files\Garmin\ANT Agent\ANT Agent.exe [ 2013-02-15] (GARMIN Corp.)

HKU\Dominik\...\Run: [dualmonitor] - C:\Program Files\Dual Monitor\DualMonitor.exe                                                                                                                                                                                                                            

HKU\Dominik\...\RunOnce: [Shockwave Updater] - C:\Windows\system32\Adobe\Shockwave 11\SwHelper_1150600.exe -Update -1150600 -"Mozilla/5.0_(Windows;_U;_Windows_NT_6.0;_de;_rv:1.9.1.2)_Gecko/20090729_Firefox/3.5.2_(.NET_CLR_3.5.30729)" -"hxxp://www.nordsee-club24.de/blog/urlaub/kinder-und-jugendreisen/campus-nordsee-gaestehaus.html"

HKU\Dominik\...\Policies\system: [LogonHoursAction] 2

HKU\Dominik\...\Policies\system: [DontDisplayLogonHoursWarnings] 1

HKU\Gast\...\Run: [BullGuard] - "C:\Program Files\BullGuard Software\BullGuard\BullGuard.exe"

HKU\Gast\...\Run: [ehTray.exe] - C:\Windows\ehome\ehtray.exe [ 2008-01-18] (Microsoft Corporation)

HKU\Gast\...\Run: [SyncService] - I:\Program Files\SYNCING.NET\SYNCING.NET\bin\SyncService.exe [ 2009-07-20] (SYNCING.NET Technologies GmbH)

HKU\Gast\...\Run: [AusweisApp] - I:\Program Files\AusweisApp\siqBootLoader.exe                                                                                                                                                                                                                            

HKU\Gast\...\Run: [ANT Agent] - C:\Program Files\Garmin\ANT Agent\ANT Agent.exe [ 2013-02-15] (GARMIN Corp.)

HKU\Gast\...\Run: [dualmonitor] - C:\Program Files\Dual Monitor\DualMonitor.exe                                                                                                                                                                                                                            

HKU\Gast\...\RunOnce: [Shockwave Updater] - C:\Windows\system32\Adobe\Shockwave 11\SwHelper_1150600.exe -Update -1150600 -"Mozilla/5.0_(Windows;_U;_Windows_NT_6.0;_de;_rv:1.9.1.2)_Gecko/20090729_Firefox/3.5.2_(.NET_CLR_3.5.30729)" -"hxxp://www.nordsee-club24.de/blog/urlaub/kinder-und-jugendreisen/campus-nordsee-gaestehaus.html"

HKU\Gast\...\Policies\system: [LogonHoursAction] 2

HKU\Gast\...\Policies\system: [DontDisplayLogonHoursWarnings] 1

HKU\UpdatusUser\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter

HKU\UpdatusUser\...\Run: [SyncService] - "C:\Program Files\SYNCING.NET Technologies\SYNCING.NET\bin\SyncService.exe" /silent

HKU\UpdatusUser\...\Run: [AusweisApp] - I:\Program Files\AusweisApp\siqBootLoader.exe                                                                                                                                                                                                                            

HKU\UpdatusUser\...\Run: [ANT Agent] - C:\Program Files\Garmin\ANT Agent\ANT Agent.exe [ 2013-02-15] (GARMIN Corp.)

HKU\UpdatusUser\...\Run: [dualmonitor] - C:\Program Files\Dual Monitor\DualMonitor.exe                                                                                                                                                                                                                            

HKU\UpdatusUser\...\Run: [ehTray.exe] - C:\Windows\ehome\ehtray.exe [ 2008-01-18] (Microsoft Corporation)

HKU\UpdatusUser\...\Policies\system: [LogonHoursAction] 2

HKU\UpdatusUser\...\Policies\system: [DontDisplayLogonHoursWarnings] 1

Lsa: [Authentication Packages] msv1_0 relog_ap

Startup: C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk

ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
 

==================== Internet (Whitelisted) ====================
 

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/

HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie

SearchScopes: HKLM - DefaultScope value is missing.

BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} -  No File

BHO: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll (IObit)

BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

BHO: AusweisApp 1.8.0.0 - {C9EE92B7-EDD5-4ad9-8029-2EC6818E653A} - C:\Program Files\AusweisApp\siqeCardClient.ols (OpenLimit SignCubes AG)

BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO: SmartSelect Class - {F4971EE7-DAAD8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

Toolbar: HKLM - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} -  No File

Toolbar: HKCU - No Name - {968631B6-4729-440D-9BF4-251F5593EC9A} -  No File

Toolbar: HKCU - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {CAFEEFAC--ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)

Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

ShellExecuteHooks: CExecuteHook Object - {7B0E5486-E11D-437f-AC8B-7901C7D3FCCB} - C:\Program Files\SYNCING.NET\bin\ShellUI.dll [1198176 2013-08-20] (ASBYTE)

Winsock: Catalog5 01 %SystemRoot%\System32\mswsock.dll [223232] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)

Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9 03 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9 04 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9 05 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9 06 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9 07 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9 08 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9 19 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)

Tcpip\..\Interfaces\{5D24B219-8B75-42F7-B0E3-E3BA710ACB43}: [NameServer]192.168.0.1
 

FireFox:

========

FF ProfilePath: C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887

FF Homepage: hxxp://www.ighome.com/?t=336956

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()

FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.)

FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin: @canon.com/MycameraPlugin - C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)

FF Plugin: @garmin.com/GpsControl - C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)

FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin: @google.com/npPicasa3,version=3.0.0 - I:\Program Files\Picasa3\npPicasa3.dll (Google, Inc.)

FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF Plugin: @photodex.com/PhotodexPresenter - C:\Program Files\Photodex Presenter\npPxPlay.dll ( )

FF Plugin: @reiner-sct.com/OWOK,version=2.0.0.4 - C:\Program Files\REINER SCT\OWOK\NPAPI-20\nprsct_owok_npapi-2004.dll (REINER Kartengeräte GmbH und Co. KG.)

FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @videolan.org/vlc,version=2.1.0 - C:\Program Files\Multimedia\VLC\npvlc.dll (VideoLAN)

FF Plugin: Adobe Acrobat - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)

FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin: yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 - C:\Program Files\Yahoo!\Common\npyaxmpb.dll No File

FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Joerg\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Joerg\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101714.dll (Amazon.com, Inc.)

FF Extension: Разпознаване на устройство Logitech - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\DeviceDetection@logitech.com

FF Extension: FRITZ!Box AddOn - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\fb_add_on@avm.de

FF Extension: Foxdie - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\Foxdie@tanjihay.com

FF Extension: Foxdie (Graphite) - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\FoxdieGraphite@tanjihay.com

FF Extension: Geolocater - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\geolocater@3liz.com

FF Extension: KeeFox - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\keefox@chris.tomlinson

FF Extension: Youtube MP3 Podcaster - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\youtubemp3podcaster@jeremy.d.gregorio.com

FF Extension: Forecastfox - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}

FF Extension: Garmin Communicator - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}

FF Extension: Universal Print - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\{BE2100B3-1D80-48eb-ACCF-D26750644378}

FF Extension: Bitdefender QuickScan - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360}

FF Extension: Adblock Plus Pop-up Addon - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\adblockpopups@jessehakanen.net.xpi

FF Extension: NASA Night Launch - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\nasanightlaunch@example.com.xpi

FF Extension: 1-Click YouTube Video Downloader - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\YoutubeDownloader@PeterOlayev.com.xpi

FF Extension: TweakTube - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\{15e67a59-bd3d-49ae-90dd-b3d3fd14c2ed}.xpi

FF Extension: Integrated Inbox for Gmail &amp; Google Apps - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\{28197867-b1ef-4140-8e3b-55c45b9c8460}.xpi

FF Extension: X-notifier - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\{37fa1426-b82d-11db-8314-0800200c9a66}.xpi

FF Extension: AddonFox - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\{ad48108d-92a6-4eb9-87e4-978aca1dbae4}.xpi

FF Extension: Adblock Plus - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

FF Extension: DownThemAll! - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi

FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

FF HKLM\...\Firefox\Extensions: [{4F3D26C8-9907-48ff-BC74-B8C572D317BF}] - C:\Program Files\AusweisApp\mozilla\eCardClientExt_FFxx_Win

FF Extension: AusweisApp - C:\Program Files\AusweisApp\mozilla\eCardClientExt_FFxx_Win

FF HKLM\...\Firefox\Extensions: [{4F0963A3-1658-4fde-9585-23A25CC288BF}] - C:\Program Files\AusweisApp\mozilla\eCardClientPIn_FFxx_Win

FF Extension: AusweisApp - C:\Program Files\AusweisApp\mozilla\eCardClientPIn_FFxx_Win

FF HKCU\...\Firefox\Extensions: [{a3490cb9-8f1a-4bc5-b1a7-6c2bc4b83424}] - C:\Program Files\Show-Password\136.xpi

FF StartMenuInternet: FIREFOX.EXE - C:\Program Files\Online\Mozilla Firefox\firefox.exe
 

Chrome: 

=======

CHR DefaultSearchURL: hxxp://www.google.com/search?q={searchTerms}&ie=utf-8&oe=utf-8&aq=t

CHR DefaultNewTabURL: 

CHR Plugin: (Photodex Presenter Plugin) - C:\Program Files\Photodex Presenter\npPxPlay.dll ( )

CHR Extension: (Amazon-Icon) - C:\Users\Joerg\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkcedibhemacmilmkpndpkoidlnmgngg\1.0_0

CHR Extension: (DVDVideoSoft Browser Extension) - C:\Users\Joerg\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_1

CHR Extension: (Google Wallet) - C:\Users\Joerg\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0

CHR HKLM\...\Chrome\Extension: [logekkkdbdidmmcgkonmmonclldogceg] - C:\Program Files\Show-Password\136.crx

CHR HKLM\...\Chrome\Extension: [mkcedibhemacmilmkpndpkoidlnmgngg] - C:\Users\Joerg\ChromeExtensions\mkcedibhemacmilmkpndpkoidlnmgngg\amazon.crx

CHR StartMenuInternet: Google Chrome - C:\Users\Joerg\AppData\Local\Google\Chrome\Application\chrome.exe

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 

========================== Services (Whitelisted) =================
 

S4 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [427288 2007-08-31] (Acronis)

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440376 2013-12-09] (Avira Operations GmbH & Co. KG)

R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440376 2013-12-09] (Avira Operations GmbH & Co. KG)

S4 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1011768 2013-12-09] (Avira Operations GmbH & Co. KG)

R2 bgsvcgen; C:\Windows\System32\bgsvcgen.exe [145504 2007-06-15] (B.H.A Corporation)

S4 BotkindSyncService; I:\Program Files\Allway Sync\Bin\SyncService.exe [182784 2013-12-12] ()

R2 cjpcsc; C:\Windows\system32\cjpcsc.exe [514128 2012-03-19] (REINER SCT)

S4 CVPND; N:\Program Files\DEG\Cisco Systems\VPN Client\cvpnd.exe [1528616 2010-09-27] (Cisco Systems, Inc.)

R2 DevoloNetworkService; C:\Program Files\devolo\dlan\devolonetsvc.exe [3526136 2013-08-27] (devolo AG)

S4 gupdate1c98625899d211c; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2009-02-03] (Google Inc.)

S3 LBTServ; C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe [121360 2009-07-20] (Logitech, Inc.)

R2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2151744 2013-11-26] (IObit)

R2 NasPmService; C:\Program Files\BUFFALO\NASNAVI\nassvc.exe [251184 2008-07-11] (BUFFALO INC.)

S4 Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero\Nero8\Nero BackItUp\NBService.exe [853288 2007-09-20] (Nero AG)

S4 PMBDeviceInfoProvider; N:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [479840 2012-11-27] (Sony Corporation)

S4 RemoteAccess; C:\Windows\system32\svchost.exe [21504 2008-01-18] (Microsoft Corporation)

S4 Rohos Disk; C:\Program Files\Rohos\agent.exe [813400 2012-08-24] (Tesline-Service SRL)

S4 SN_Service; C:\Program Files\SYNCING.NET\bin\SN_Service.exe [32768 2013-05-03] (ASBYTE)

S4 StarMoney 8.0 OnlineUpdate; C:\Program Files\StarMoney 8.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe [699680 2012-12-21] (Star Finanz - Software Entwicklung und Vertriebs GmbH)

S4 TryAndDecideService; C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe [498872 2007-08-31] ()

R2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe [1729336 2013-10-11] (TuneUp Software)

S3 TwonkyProxy; C:\Program Files\Twonky\TwonkyServer\twonkyproxy.exe [545608 2012-05-03] ()

S3 TwonkyServer; C:\Program Files\Twonky\TwonkyServer\twonkystarter.exe [541512 2012-05-03] (PacketVideo)

S3 TwonkyWebDav; C:\Program Files\Twonky\TwonkyServer\twonkywebdav.exe [271176 2012-05-03] ()

R2 x10nets; C:\Program Files\Common Files\X10\Common\X10nets.exe [20480 2001-11-12] (X10)
 

==================== Drivers (Whitelisted) ====================
 

R3 3xHybrid; C:\Windows\System32\DRIVERS\3xHybrid.sys [1006816 2009-09-24] (NXP Semiconductors Germany GmbH)

R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [281760 2011-02-26] ()

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-09] (Avira Operations GmbH & Co. KG)

R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2013-12-09] (Avira Operations GmbH & Co. KG)

R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-12-09] (Avira Operations GmbH & Co. KG)

R1 bizVSerial; C:\Windows\System32\drivers\bizVSerialNT.sys [14949 2007-05-31] (franson.biz)

S3 camvid20; C:\Windows\System32\DRIVERS\camdrv21.sys [253909 2004-05-19] (Philips Components BU Imaging Solutions)

R1 cdrbsdrv; C:\Windows\System32\Drivers\cdrbsdrv.sys [33408 2006-02-20] (B.H.A Corporation)

S3 cjusb; C:\Windows\System32\DRIVERS\cjusb.sys [28144 2011-03-29] (REINER SCT)

S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)

R2 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [308859 2010-09-27] (Cisco Systems, Inc.)

R3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [131984 2008-11-16] (Deterministic Networks, Inc.)

S3 FETNDIS; C:\Windows\System32\DRIVERS\fetnd5.sys [45568 2006-11-02] (VIA Technologies, Inc.              )

S3 FNETTHJM; C:\Windows\System32\drivers\fnetthjm.sys [23936 2010-09-07] (FNet Co., Ltd.)

S3 grmnusb; C:\Windows\System32\drivers\grmnusb.sys [15720 2012-04-18] (GARMIN Corp.)

S3 IntelDH; C:\Windows\System32\Drivers\IntelDH.sys [5632 2007-10-15] (Intel Corporation)

R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25888 2009-11-24] ()

S3 MHIKEY10; C:\Windows\System32\Drivers\MHIKEY10.sys [50560 2008-05-27] (Generic USB smartcard reader)

R3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [554496 2007-09-21] (Ralink Technology Corp.)

R2 NPF_devolo; C:\Windows\system32\drivers\npf_devolo.sys [35840 2013-08-27] (CACE Technologies)

R1 prodrv06; C:\Windows\System32\drivers\prodrv06.sys [77184 2004-03-09] (Protection Technology)

R0 prohlp02; C:\Windows\System32\drivers\prohlp02.sys [65504 2004-03-09] (Protection Technology)

R0 prosync1; C:\Windows\System32\drivers\prosync1.sys [6944 2003-09-06] (Protection Technology)

S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [15576 2013-07-01] ()

S3 pwdspio; C:\Windows\system32\pwdspio.sys [10200 2013-07-01] ()

R2 RHDISK; C:\Program Files\Rohos\RHDISK.SYS [40960 2012-08-23] (Tesline-Service SRL)

R3 rusb3hub; C:\Windows\System32\DRIVERS\rusb3hub.sys [80896 2012-05-10] (Renesas Electronics Corporation)

R3 rusb3xhc; C:\Windows\System32\DRIVERS\rusb3xhc.sys [172032 2012-05-10] (Renesas Electronics Corporation)

R0 sfhlp01; C:\Windows\System32\drivers\sfhlp01.sys [4832 2003-12-01] (Protection Technology)

R0 sfvfs02; C:\Windows\System32\drivers\sfvfs02.sys [83320 2007-02-08] (Protection Technology (StarForce))

S3 silabenm; C:\Windows\System32\DRIVERS\silabenm.sys [47176 2011-01-27] (Silicon Laboratories)

S3 silabser; C:\Windows\System32\DRIVERS\silabser.sys [58496 2011-01-27] (Silicon Laboratories)

S3 SIUSBXP; C:\Windows\System32\drivers\SiUSBXp.sys [14848 2009-03-09] (Silicon Laboratories)

R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-12-09] (Avira GmbH)

S3 StarOpen; C:\Windows\System32\Drivers\StarOpen.sys [7168 2009-09-28] ()

S3 StMp3Rec; C:\Windows\System32\Drivers\StMp3Rec.sys [19840 2007-06-15] (Generic)

S3 tbhsd; C:\Windows\System32\drivers\tbhsd.sys [27936 2008-07-15] (RapidSolution Software AG)

R0 tdrpman; C:\Windows\System32\DRIVERS\tdrpman.sys [368736 2008-03-29] (Acronis)

R2 tifsfilter; C:\Windows\System32\DRIVERS\tifsfilt.sys [44416 2008-03-29] (Acronis)

R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys [10088 2012-08-28] (TuneUp Software)

S3 USBTINSP; C:\Windows\System32\DRIVERS\tinspusb.sys [122752 2010-07-07] (Texas Instruments)

R3 X10Hid; C:\Windows\System32\Drivers\x10hid.sys [13976 2006-11-17] (X10 Wireless Technology, Inc.)

R3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [27416 2006-11-30] (X10 Wireless Technology, Inc.)

S2 adfs; No ImagePath

U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-18] (Microsoft Corporation)

S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x]

S3 catchme; \??\C:\ComboFix\catchme.sys [x]

S3 GigasetGenericUSB; system32\DRIVERS\GigasetGenericUSB.sys [x]

S3 IpInIp; system32\DRIVERS\ipinip.sys [x]

S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]

S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]

S3 PalmUSBD; system32\drivers\PalmUSBD.sys [x]

S0 PxHelp20; System32\Drivers\PxHelp20.sys [x]

S3 TSHWMDTCP; \??\C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys [x]
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2013-12-27 11:: _____ C:\Users\Joerg\Desktop\FRST.txt

2013-12-27 10:58 - 2013-12-27 10:58 - 00003706 _____ C:\Users\Joerg\Desktop\AdwCleaner[S1].txt

2013-12-27 10:52 - 2013-12-27 10:44 - 01233962 _____ C:\Users\Joerg\Desktop\adwcleaner.exe

2013-12-26 09:19 - 2013-12-26 09:19 - 00000000 ____D C:\Users\Joerg\Desktop\Teleskopsteuerung

2013-12-26 09:19 - 2013-12-26 09:19 - 00000000 ____D C:\Users\Joerg\Desktop\Astronomie

2013-12-24 16:41 - 2013-12-24 18:16 - 00002480 _____ C:\Windows\logboot_24.12.2013.tureg.log

2013-12-24 16:15 - 2013-12-24 16:15 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\Avira

2013-12-24 16:13 - 2013-12-24 16:13 - 00000000 ____D C:\ProgramData\Avira

2013-12-24 16:13 - 2013-12-24 16:13 - 00000000 ____D C:\Program Files\Avira

2013-12-24 16:13 - 2013-12-09 11:37 - 00135648 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys

2013-12-24 16:13 - 2013-12-09 11:37 - 00090400 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys

2013-12-24 16:13 - 2013-12-09 11:37 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys

2013-12-24 16:13 - 2013-12-09 11:37 - 00028520 _____ (Avira GmbH) C:\Windows\system32\Drivers\ssmdrv.sys

2013-12-23 08:59 - 2013-12-23 08:59 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\CalculatedFieldsPlugin

2013-12-22 17:24 - 2013-12-22 17:24 - 00000031 _____ C:\fcStart.ini

2013-12-21 20:13 - 2013-12-21 20:13 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\Macromedia

2013-12-21 15:: ____D C:\Program Files\Windows Resource Kits

2013-12-21 09:30 - 2013-12-24 16: ____D C:\Program Files\Norton Internet Security CBE

2013-12-20 18:16 - 2009-08-19 22:50 - 00022872 _____ (Adobe Systems Inc.) C:\Windows\system32\AdobePDFUI.dll

2013-12-19 20:27 - 2013-12-19 20:27 - 00000000 ____D C:\ProgramData\WindowsSearch

2013-12-19 13:53 - 2013-12-19 13:49 - 00891200 _____ C:\Users\Joerg\Desktop\SecurityCheck.exe

2013-12-19 13:53 - 2013-12-19 13:48 - 02347384 _____ (ESET) C:\Users\Joerg\Desktop\esetsmartinstaller_enu.exe

2013-12-18 17:51 - 2013-12-27 11: ___RD C:\Users\Public\Recorded TV

2013-12-18 17:34 - 2013-12-23 09:44 - 00181064 _____ (Sysinternals) C:\Windows\PSEXESVC.EXE

2013-12-18 17:34 - 2013-12-18 17:34 - 00000207 _____ C:\Windows\tweaking.com-regbackup-DESKTOP-Microsoft®-Windows-Vista™-Home-Premium-(32-bit).dat

2013-12-18 17:32 - 2013-12-18 17:32 - 00000000 ____D C:\RegBackup

2013-12-18 16:: ____D C:\Windows\ERUNT

2013-12-18 15:45 - 2013-12-27 11: ____D C:\AdwCleaner

2013-12-18 15:26 - 2013-12-18 15:26 - 00000618 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-12-18 15:25 - 2013-12-18 15:24 - 01034531 _____ (Thisisu) C:\Users\Joerg\Desktop\JRT.exe

2013-12-17 18:14 - 2013-12-17 18:14 - 00027224 _____ C:\ComboFix.txt

2013-12-17 17:49 - 2013-12-22 15:25 - 00000000 ____D C:\ComboFix

2013-12-17 17:34 - 2013-12-17 18:13 - 00000000 ____D C:\Qoobox

2013-12-17 17:30 - 2013-12-17 16: ____R (Swearware) C:\Users\Joerg\Desktop\ComboFix.exe

2013-12-17 16:17 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe

2013-12-17 16:17 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe

2013-12-17 16:17 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe

2013-12-17 16:17 - 2000-08-31 01: _____ (SteelWerX) C:\Windows\SWREG.exe

2013-12-17 16:17 - 2000-08-31 01: _____ (SteelWerX) C:\Windows\SWSC.exe

2013-12-17 16:17 - 2000-08-31 01: _____ C:\Windows\sed.exe

2013-12-17 16:17 - 2000-08-31 01: _____ C:\Windows\grep.exe

2013-12-17 16:17 - 2000-08-31 01: _____ C:\Windows\zip.exe

2013-12-17 16:14 - 2013-12-17 18:11 - 00000000 ____D C:\Windows\erdnt

2013-12-16 16:10 - 2013-12-27 11: _____ (Farbar) C:\Users\Joerg\Desktop\FRST.exe

2013-12-16 16:10 - 2013-12-27 11: ____D C:\FRST

2013-12-15 19:28 - 2013-12-24 15:20 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\QuickScan

2013-12-15 19:14 - 2013-12-15 19:43 - 3133878462 _____ C:\avenger.txt

2013-12-15 09:58 - 2013-12-15 10:57 - 00001912 _____ C:\Windows\epplauncher.mif

2013-12-15 09:45 - 2013-12-21 21: ____H C:\Windows\Tasks\User_Feed_Synchronization-{792C0784-4E0D-417A-B5F3-2D5B5D6A4312}.job

2013-12-12 19:16 - 2013-12-12 19:15 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe

2013-12-12 19:16 - 2013-12-12 19:15 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe

2013-12-12 19:16 - 2013-12-12 19:15 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe

2013-12-12 19:16 - 2013-12-12 19:15 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll

2013-12-06 14:54 - 2013-12-22 15:26 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1

2013-12-06 14:54 - 2013-12-06 14:55 - 00000000 ____D C:\Program Files\iTunes

2013-12-06 14:54 - 2013-12-06 14:54 - 00000000 ____D C:\Program Files\iPod
 

==================== One Month Modified Files and Folders =======
 

2013-12-27 11:: _____ C:\Users\Joerg\Desktop\FRST.txt

2013-12-27 11::10 - 01061649 _____ (Farbar) C:\Users\Joerg\Desktop\FRST.exe

2013-12-27 11::10 - 00000000 ____D C:\FRST

2013-12-27 11::51 - 00000000 ___RD C:\Users\Public\Recorded TV

2013-12-27 11:: ____H C:\Windows\Tasks\SA.DAT

2013-12-27 11::47 - 00003344 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

2013-12-27 11::47 - 00003344 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

2013-12-27 11::45 - 00000000 ____D C:\AdwCleaner

2013-12-27 11::42 - 01268642 _____ C:\Windows\WindowsUpdate.log

2013-12-27 11:: _____ C:\Windows\Tasks\SCHEDLGU.TXT

2013-12-27 10:58 - 2013-12-27 10:58 - 00003706 _____ C:\Users\Joerg\Desktop\AdwCleaner[S1].txt

2013-12-27 10:44 - 2013-12-27 10:52 - 01233962 _____ C:\Users\Joerg\Desktop\adwcleaner.exe

2013-12-26 09:31 - 2008-03-11 19:17 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\Adobe

2013-12-26 09:19 - 2013-12-26 09:19 - 00000000 ____D C:\Users\Joerg\Desktop\Teleskopsteuerung

2013-12-26 09:19 - 2013-12-26 09:19 - 00000000 ____D C:\Users\Joerg\Desktop\Astronomie

2013-12-26 09:18 - 2013-11-26 16:58 - 00000000 ____D C:\ProgramData\ProductData

2013-12-24 18:18 - 2008-03-11 18:55 - 00000000 ____D C:\Users\Joerg

2013-12-24 18:16 - 2013-12-24 16:41 - 00002480 _____ C:\Windows\logboot_24.12.2013.tureg.log

2013-12-24 18:16 - 2006-11-02 11:22 - 83886080 _____ C:\Windows\system32\config\SOFTWARE_tureg_old

2013-12-24 18:16 - 2006-11-02 11:22 - 53739520 _____ C:\Windows\system32\config\SYSTEM_tureg_old

2013-12-24 18:16 - 2006-11-02 11:22 - 36438016 _____ C:\Windows\system32\config\COMPONENTS_tureg_old

2013-12-24 18:16 - 2006-11-02 11:22 - 00524288 _____ C:\Windows\system32\config\DEFAULT_tureg_old

2013-12-24 18:16 - 2006-11-02 11:22 - 00028672 _____ C:\Windows\system32\config\SECURITY_tureg_old

2013-12-24 16:39 - 2006-11-02 11:22 - 00204800 _____ C:\Windows\system32\config\SAM_tureg_old

2013-12-24 16:27 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\system32\LogFiles

2013-12-24 16:17 - 2008-03-11 19:22 - 00000000 ___RD C:\Users\Joerg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Util

2013-12-24 16:15 - 2013-12-24 16:15 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\Avira

2013-12-24 16:13 - 2013-12-24 16:13 - 00000000 ____D C:\ProgramData\Avira

2013-12-24 16:13 - 2013-12-24 16:13 - 00000000 ____D C:\Program Files\Avira

2013-12-24 16::30 - 00000000 ____D C:\Program Files\Norton Internet Security CBE

2013-12-24 16::38 - 00000000 ____D C:\ProgramData\Norton

2013-12-24 15:20 - 2013-12-15 19:28 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\QuickScan

2013-12-23 19:35 - 2012-12-29 20:47 - 00000000 ____D C:\Users\Joerg\AppData\Local\CrashDumps

2013-12-23 10:21 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\Microsoft.NET

2013-12-23 10:18 - 2006-11-02 11:33 - 01592432 _____ C:\Windows\system32\PerfStringBackup.INI

2013-12-23 09:54 - 2012-06-11 11:39 - 02438576 _____ C:\Windows\system32\FNTCACHE.DAT

2013-12-23 09:44 - 2013-12-18 17:34 - 00181064 _____ (Sysinternals) C:\Windows\PSEXESVC.EXE

2013-12-23 09:42 - 2012-06-10 09:36 - 00142992 _____ C:\Users\Joerg\AppData\Local\GDIPFONTCACHEV1.DAT

2013-12-23 09:23 - 2009-05-31 16:17 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\KeePass

2013-12-23 09:23 - 2008-03-14 17:51 - 00000000 ____D C:\Users\Joerg\Documents\Sonstiges

2013-12-23 08:59 - 2013-12-23 08:59 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\CalculatedFieldsPlugin

2013-12-22 17:24 - 2013-12-22 17:24 - 00000031 _____ C:\fcStart.ini

2013-12-22 17:18 - 2013-02-07 19:30 - 00000000 ____D C:\Program Files\MSXML 4.0

2013-12-22 17::15 - 00000000 ____D C:\Windows\pss

2013-12-22 15:27 - 2013-11-26 16:58 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\IObit

2013-12-22 15:27 - 2013-11-24 17:11 - 00000000 ____D C:\Users\Joerg\Documents\StreamTransport

2013-12-22 15:27 - 2013-09-25 13:20 - 00000000 ____D C:\Users\Joerg\Documents\FotoMorph Data

2013-12-22 15:27 - 2013-07-27 13:32 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\ContactConversionWizard

2013-12-22 15:27 - 2013-07-06 14:31 - 00000000 ____D C:\Users\Joerg\AppData\Local\Temp8409436aa8c8fe2607f46d888894a0a2

2013-12-22 15:27 - 2013-07-06 14:31 - 00000000 ____D C:\Users\Joerg\AppData\Local\Temp57e798956ff6945e831cb73b3f5ebe6d

2013-12-22 15:27 - 2013-04-28 16: ____D C:\Users\Joerg\AppData\Roaming\MyPhoneExplorer

2013-12-22 15:27 - 2013-04-01 08:49 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\mp3DirectCut

2013-12-22 15:27 - 2013-03-10 10:28 - 00000000 ___RD C:\Users\Joerg\Desktop\Fotografie

2013-12-22 15:27 - 2012-08-21 18:41 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\PhotoFiltre 7

2013-12-22 15:27 - 2012-06-08 17:55 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\TwonkyServer

2013-12-22 15:27 - 2012-05-21 16:49 - 00000000 ___SD C:\Users\Joerg\Google Drive

2013-12-22 15:27 - 2012-04-17 14:30 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\DVDVideoSoft

2013-12-22 15:27 - 2012-02-27 20:10 - 00000000 ____D C:\Users\Joerg\XnViewPortable

2013-12-22 15:27 - 2012-01-02 20: ____D C:\Users\Joerg\AppData\Roaming\Chipcardmaster

2013-12-22 15:27 - 2011-12-25 11:53 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\SmartLine

2013-12-22 15:27 - 2011-12-05 19:51 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\MediaMonkey

2013-12-22 15:27 - 2011-12-03 11:34 - 00000000 ___RD C:\Users\Joerg\Documents\Dropbox

2013-12-22 15:27 - 2011-05-03 18:56 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\gtk-2.0

2013-12-22 15:27 - 2011-05-03 15:20 - 00000000 ____D C:\Users\Joerg\Gpredict

2013-12-22 15:27 - 2011-02-05 21:11 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\PhotoScape

2013-12-22 15:27 - 2010-10-28 09:42 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\DynaGeo

2013-12-22 15:27 - 2010-10-28 09:32 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\Notepad++

2013-12-22 15:27 - 2010-09-19 11:16 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\Ahnenblatt

2013-12-22 15:27 - 2010-06-21 17:23 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\GeoSetter

2013-12-22 15:27 - 2010-05-29 20:55 - 00000000 ___RD C:\Users\Joerg\Desktop\Sport

2013-12-22 15:27 - 2009-09-23 19: ____D C:\Users\Joerg\AppData\Roaming\EQMOD

2013-12-22 15:27 - 2009-09-04 18: ____D C:\Users\Joerg\AppData\Roaming\Nvu

2013-12-22 15:27 - 2009-08-12 19:33 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\dvdcss

2013-12-22 15:27 - 2009-08-03 08:56 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\vlc

2013-12-22 15:27 - 2009-02-19 14:20 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\skychart

2013-12-22 15:27 - 2008-06-13 18:42 - 00000000 ___RD C:\Users\Joerg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games

2013-12-22 15:27 - 2008-05-01 10:21 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\Skype

2013-12-22 15:27 - 2008-04-20 09:29 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\Thunderbird

2013-12-22 15:27 - 2008-04-17 18:39 - 00000000 ____D C:\Users\Joerg\Documents\TrackMania

2013-12-22 15:27 - 2008-03-22 14:22 - 00000000 ___RD C:\Users\Joerg\Desktop\Games

2013-12-22 15:27 - 2008-03-14 18:54 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\Synchronizer

2013-12-22 15:27 - 2008-03-14 18:38 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\Stellarium

2013-12-22 15:27 - 2008-03-14 17:45 - 00000000 ___SD C:\Users\Joerg\Documents\Meine Shapes

2013-12-22 15:27 - 2008-03-14 17:45 - 00000000 ____D C:\Users\Joerg\Documents\Navigation

2013-12-22 15:27 - 2008-03-14 17:41 - 00000000 ____D C:\Users\Joerg\Documents\MediaShows

2013-12-22 15:27 - 2008-03-14 17:40 - 00000000 ____D C:\Users\Joerg\Documents\Cartes du Ciel

2013-12-22 15:27 - 2008-03-14 17:40 - 00000000 ____D C:\Users\Joerg\Documents\Astronomie

2013-12-22 15:27 - 2008-03-11 19:23 - 00000000 ___RD C:\Users\Joerg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Online

2013-12-22 15:27 - 2008-03-11 19:21 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Anwendung

2013-12-22 15:27 - 2008-03-11 18:56 - 00000000 ____D C:\Users\Joerg\AppData\Local\TVEnhance

2013-12-22 15:27 - 2008-03-11 18:55 - 00000000 ___RD C:\Users\Joerg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories

2013-12-22 15:27 - 2006-11-02 13:37 - 00000000 ____D C:\Program Files\Windows Defender

2013-12-22 15:27 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\system32\spool

2013-12-22 15:27 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\system32\Msdtc

2013-12-22 15:27 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\system

2013-12-22 15:26 - 2013-12-06 14:54 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1

2013-12-22 15:26 - 2013-07-06 14:31 - 00000000 ____D C:\Users\Joerg\AppData\Local\Temp4195a7306b30f4fd47dce8db05cd6580

2013-12-22 15:26 - 2012-04-17 14:31 - 00000000 ____D C:\Program Files\Common Files\DVDVideoSoft

2013-12-22 15:26 - 2010-10-29 21:53 - 00000000 ____D C:\ProgramData\FLEXnet

2013-12-22 15:26 - 2010-10-29 20:10 - 00000000 ____D C:\Program Files\Common Files\Adobe

2013-12-22 15:26 - 2010-02-13 10:44 - 00000000 ____D C:\Users\Joerg\.jskat

2013-12-22 15:26 - 2009-08-30 09:41 - 00000000 ____D C:\Program Files\Common Files\PX Storage Engine

2013-12-22 15:26 - 2009-02-19 14:25 - 00000000 ____D C:\Users\Joerg\AppData\Local\Skychart

2013-12-22 15:26 - 2008-04-26 09:14 - 00000000 ____D C:\Users\Joerg\AppData\Local\MediaMonkey

2013-12-22 15:26 - 2007-10-10 12: ____D C:\Program Files\Adobe

2013-12-22 15:25 - 2013-12-17 17:49 - 00000000 ____D C:\ComboFix

2013-12-22 15:24 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\registration

2013-12-22 10:43 - 2006-11-02 11:22 - 83099648 _____ C:\Windows\system32\config\software_previous

2013-12-22 10:43 - 2006-11-02 11:22 - 53739520 _____ C:\Windows\system32\config\system_previous

2013-12-22 10:43 - 2006-11-02 11:22 - 36438016 _____ C:\Windows\system32\config\components_previous

2013-12-22 10:43 - 2006-11-02 11:22 - 00319488 _____ C:\Windows\system32\config\default_previous

2013-12-22 10:43 - 2006-11-02 11:22 - 00204800 _____ C:\Windows\system32\config\sam_previous

2013-12-22 10:43 - 2006-11-02 11:22 - 00028672 _____ C:\Windows\system32\config\security_previous

2013-12-22 10:24 - 2012-09-03 15:56 - 00000000 ____D C:\Users\DEG

2013-12-22 10:24 - 2010-11-10 16:29 - 00000000 ____D C:\Users\Catherine-Sophie

2013-12-22 10:24 - 2008-04-20 10:13 - 00000000 ____D C:\Users\Dominik

2013-12-22 10:24 - 2008-03-13 19: ____D C:\Users\Gast

2013-12-21 21::45 - 00000392 ____H C:\Windows\Tasks\User_Feed_Synchronization-{792C0784-4E0D-417A-B5F3-2D5B5D6A4312}.job

2013-12-21 20:16 - 2006-11-02 11:22 - 83361792 _____ C:\Windows\system32\config\software.old

2013-12-21 20:16 - 2006-11-02 11:22 - 53739520 _____ C:\Windows\system32\config\system.old

2013-12-21 20:16 - 2006-11-02 11:22 - 36438016 _____ C:\Windows\system32\config\components.old

2013-12-21 20:16 - 2006-11-02 11:22 - 00524288 _____ C:\Windows\system32\config\default.old

2013-12-21 20:16 - 2006-11-02 11:22 - 00204800 _____ C:\Windows\system32\config\sam.old

2013-12-21 20:16 - 2006-11-02 11:22 - 00028672 _____ C:\Windows\system32\config\security.old

2013-12-21 20:13 - 2013-12-21 20:13 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\Macromedia

2013-12-21 17:20 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\system32\de-DE

2013-12-21 16:45 - 2013-10-09 09:49 - 00000000 ____D C:\Users\Carmen\AppData\Roaming\JFritz

2013-12-21 16:40 - 2008-03-21 20:28 - 00142992 _____ C:\Users\Carmen\AppData\Local\GDIPFONTCACHEV1.DAT

2013-12-21 15:17 - 2010-05-22 16:49 - 00000000 ____D C:\Users\Joerg\AppData\Local\FixItCenter

2013-12-21 15:: ____D C:\Program Files\Windows Resource Kits

2013-12-21 10:: ____D C:\Program Files\Chipcardmaster

2013-12-21 09:45 - 2013-03-27 17: ____D C:\Program Files\AusweisApp

2013-12-21 09:41 - 2012-02-21 16:36 - 00000000 ____D C:\Users\Joerg\.ausweisapp

2013-12-20 18:43 - 2007-10-10 12: ____D C:\ProgramData\Adobe

2013-12-19 20:27 - 2013-12-19 20:27 - 00000000 ____D C:\ProgramData\WindowsSearch

2013-12-19 13:49 - 2013-12-19 13:53 - 00891200 _____ C:\Users\Joerg\Desktop\SecurityCheck.exe

2013-12-19 13:48 - 2013-12-19 13:53 - 02347384 _____ (ESET) C:\Users\Joerg\Desktop\esetsmartinstaller_enu.exe

2013-12-18 17:51 - 2006-11-02 12:18 - 00000000 ___RD C:\Users\Public

2013-12-18 17:45 - 2006-11-02 11:23 - 00000855 _____ C:\Windows\system32\Drivers\etc\hosts_bak_676

2013-12-18 17:34 - 2013-12-18 17:34 - 00000207 _____ C:\Windows\tweaking.com-regbackup-DESKTOP-Microsoft®-Windows-Vista™-Home-Premium-(32-bit).dat

2013-12-18 17:32 - 2013-12-18 17:32 - 00000000 ____D C:\RegBackup

2013-12-18 16:: ____D C:\Windows\ERUNT

2013-12-18 15:26 - 2013-12-18 15:26 - 00000618 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-12-18 15:24 - 2013-12-18 15:25 - 01034531 _____ (Thisisu) C:\Users\Joerg\Desktop\JRT.exe

2013-12-17 18:14 - 2013-12-17 18:14 - 00027224 _____ C:\ComboFix.txt

2013-12-17 18:13 - 2013-12-17 17:34 - 00000000 ____D C:\Qoobox

2013-12-17 18:11 - 2013-12-17 16:14 - 00000000 ____D C:\Windows\erdnt

2013-12-17 18::23 - 00000215 _____ C:\Windows\system.ini

2013-12-17 18::23 - 00000027 _____ C:\Windows\system32\Drivers\etc\hosts_bak_663

2013-12-17 16::58 - 00000000 ____D C:\ProgramData\IObit

2013-12-17 16::30 - 05155004 ____R (Swearware) C:\Users\Joerg\Desktop\ComboFix.exe

2013-12-15 19:43 - 2013-12-15 19:14 - 3133878462 _____ C:\avenger.txt

2013-12-15 19:14 - 2011-01-26 19:37 - 00000000 ____D C:\Windows\Sun

2013-12-15 18::27 - 00000000 ____D C:\Program Files\TuneUp Utilities 2013

2013-12-15 17:22 - 2012-06-17 18: _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe

2013-12-15 17:22 - 2011-06-23 09:17 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

2013-12-15 17:22 - 2008-04-05 17: ____D C:\Program Files\Google

2013-12-15 10:57 - 2013-12-15 09:58 - 00001912 _____ C:\Windows\epplauncher.mif

2013-12-15 09:32 - 2010-05-28 19:30 - 01056768 _____ C:\Windows\system32\defltbase.sdb

2013-12-13 20:20 - 2009-09-06 21:26 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\Media Player Classic

2013-12-13 19:22 - 2008-04-23 18:40 - 00050688 _____ C:\Users\Joerg\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2013-12-12 19:32 - 2008-03-12 20:38 - 00000000 ____D C:\Users\Joerg\AppData\Local\Adobe

2013-12-12 19:17 - 2013-10-04 19:25 - 00000000 ____D C:\ProgramData\Oracle

2013-12-12 19:15 - 2013-12-12 19:16 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe

2013-12-12 19:15 - 2013-12-12 19:16 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe

2013-12-12 19:15 - 2013-12-12 19:16 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe

2013-12-12 19:15 - 2013-12-12 19:16 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll

2013-12-12 18::41 - 00000000 ____D C:\Program Files\StarMoney 8.0 S-Edition

2013-12-12 17:49 - 2012-10-10 17:57 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service

2013-12-11 17:47 - 2007-10-10 11:37 - 00000000 ____D C:\ProgramData\Microsoft Help

2013-12-11 17:44 - 2013-07-23 19:59 - 00000000 ____D C:\Windows\system32\MRT

2013-12-11 17:40 - 2006-11-02 11:24 - 88123800 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe

2013-12-09 11:37 - 2013-12-24 16:13 - 00135648 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys

2013-12-09 11:37 - 2013-12-24 16:13 - 00090400 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys

2013-12-09 11:37 - 2013-12-24 16:13 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys

2013-12-09 11:37 - 2013-12-24 16:13 - 00028520 _____ (Avira GmbH) C:\Windows\system32\Drivers\ssmdrv.sys

2013-12-08 15:24 - 2012-11-18 18:24 - 00000000 ____D C:\Users\Joerg\AppData\Local\Rohos

2013-12-08 10::52 - 00000000 ____D C:\Program Files\Astronomie

2013-12-08 09:56 - 2008-05-01 10:20 - 00000000 ____D C:\ProgramData\Skype

2013-12-06 17:24 - 2013-11-26 16:58 - 00001166 _____ C:\Users\Joerg\AppData\Roaming\Microsoft\Windows\Start Menu\Uninstall Programs.lnk

2013-12-06 14:55 - 2013-12-06 14:54 - 00000000 ____D C:\Program Files\iTunes

2013-12-06 14:54 - 2013-12-06 14:54 - 00000000 ____D C:\Program Files\iPod

2013-12-06 14:54 - 2011-03-15 19:14 - 00000000 ____D C:\ProgramData\Apple Computer

2013-12-06 14:54 - 2011-03-15 19: ____D C:\Program Files\Common Files\Apple

2013-12-05 19:23 - 2011-08-23 17:37 - 00002629 _____ C:\Users\Joerg\BT747SettingsJ2SE.pdb

2013-12-05 17:31 - 2011-08-22 12:27 - 00000000 ____D C:\Users\Joerg\Documents\ezTour_Workspace

2013-12-05 17::23 - 00000000 ___HD C:\Program Files\InstallShield Installation Information

2013-12-04 18:23 - 2011-10-03 14:52 - 00000000 ____D C:\Users\Joerg\AppData\Local\Eye-Fi

2013-12-04 18:10 - 2011-10-03 14:52 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\Eye-Fi

2013-11-27 15:54 - 2008-04-20 15:17 - 00000000 ____D C:\Users\Carmen\Documents\Eigene Dokumente

ZeroAccess:

C:\Program Files\Google\Desktop\Install
 

Some content of TEMP:

====================

C:\Users\Joerg\AppData\Local\temp\avgnt.exe

C:\Users\Joerg\AppData\Local\temp\Quarantine.exe
 
 

==================== Bamital & volsnap Check =================
 

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 

LastRegBack: 2013-12-27 10:55
 

==================== End Of Log ============================

--- --- ---

--- --- ---

Danke und Tschüß

Jörg

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ZeroAccess:

C:\Program Files\Google\Desktop\Install

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Guten Tag Schrauber,

hier die Fixlog:

Code:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 27-12-2013 01

Ran by Joerg at 2013-12-28 09:21:40 Run:2

Running from C:\Users\Joerg\Desktop

Boot Mode: Normal
 

==============================================
 

Content of fixlist:

*****************

ZeroAccess:

C:\Program Files\Google\Desktop\Install

*****************
 
 

"C:\Program Files\Google\Desktop\Install" directory move:
 

Could not move "C:\Program Files\Google\Desktop\Install" directory. => Scheduled to move on reboot.
 
 

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2013-12-28 09:25:23)<=
 

C:\Program Files\Google\Desktop\Install => Is moved successfully.
 

==== End of Fixlog ====

Noch etwas: der Ordner mit den chinesischen Zeichen ist schon wieder nach dem Erstellen von Fixlog.txt auf dem Desktop.

Ich wünsche Dir noch ein schönes "Restwochenende".

Jörg

Zippe den Ordner bitte mal und hänge ihn an. Bitte noch ein frisches FRST log.

Guten Abend,

beim "zippen" des Ordners kam es zu einer Meldung (Details siehe PDF). Ich musste den Ordner umbenennen ("Ominöser Ordner) damit ich ihn zippen konnte.

Das Hochladen des gezippten Ordner geht leider nicht (weil er 0 Bytes groß ist oder weil ich einen Fehler mache). :confused:

Und nochmal eine neue FRST.txt

FRST Logfile:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-12-2013 01

Ran by Joerg (administrator) on DESKTOP on 28-12-2013 20:44:11

Running from C:\Users\Joerg\Desktop

Microsoft® Windows Vista™ Home Premium  Service Pack 1 (X86) OS Language: German Standard

Internet Explorer Version 7

Boot Mode: Normal
 

==================== Processes (Whitelisted) ===================
 

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(B.H.A Corporation) C:\Windows\System32\bgsvcgen.exe

(REINER SCT) C:\Windows\System32\cjpcsc.exe

(devolo AG) C:\Program Files\devolo\dlan\devolonetsvc.exe

(Microsoft Corporation) C:\Windows\ehome\ehrecvr.exe

(Microsoft Corporation) C:\Windows\ehome\ehsched.exe

(IObit) C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe

(BUFFALO INC.) C:\Program Files\BUFFALO\NASNAVI\nassvc.exe

(TuneUp Software) C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe

(X10) C:\Program Files\Common Files\X10\Common\X10nets.exe

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

(TuneUp Software) C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe

(Microsoft Corporation) C:\Windows\System32\mobsync.exe

(Mozilla Corporation) C:\Program Files\Online\Mozilla Firefox\firefox.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\WINWORD.EXE

(Marek Jasinski - www.FreeCommander.com) C:\Program Files\Util\FreeCommander\FreeCommander.exe
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [11430504 2011-10-17] (Realtek Semiconductor)

HKLM\...\Run: [AppleSyncNotifier] - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-10-06] (Apple Inc.)

HKLM\...\Run: [NUSB3MON] - C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [115048 2011-09-16] (Renesas Electronics Corporation)

HKLM\...\Run: [RUSB3MON] - C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe [115048 2011-09-20] (Renesas Electronics Corporation)

HKLM\...\Run: [Kernel and Hardware Abstraction Layer] - KHALMNPR.EXE                                                                                                                                                                                                                                                             

HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)

HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-09] (Avira Operations GmbH & Co. KG)

HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)

HKLM\...\Policies\Explorer: [ShowDriveLettersFirst] 4

HKCU\...\Run: [SyncService] - C:\Program Files\SYNCING.NET\bin\SyncService.exe [1730144 2013-08-20] (ASBYTE)

HKCU\...\Policies\system: [LogonHoursAction] 2

HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 1

HKCU\...\Policies\Explorer: [TaskbarNoNotification] 1

HKCU\...\Policies\Explorer: [CDRAutoRun] 0

HKU\Carmen\...\Run: [ehTray.exe] - C:\Windows\ehome\ehtray.exe [ 2008-01-18] (Microsoft Corporation)

HKU\Carmen\...\Run: [SyncService] - I:\Program Files\SYNCING.NET\SYNCING.NET\bin\SyncService.exe [ 2009-07-20] (SYNCING.NET Technologies GmbH)

HKU\Carmen\...\Run: [Updater] - C:\ProgramData\Updater\updater.exe

HKU\Carmen\...\Policies\system: [LogonHoursAction] 2

HKU\Carmen\...\Policies\system: [DontDisplayLogonHoursWarnings] 1

HKU\Catherine-Sophie\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter

HKU\Catherine-Sophie\...\Run: [SyncService] - "C:\Program Files\SYNCING.NET Technologies\SYNCING.NET\bin\SyncService.exe" /silent

HKU\Catherine-Sophie\...\Run: [AusweisApp] - I:\Program Files\AusweisApp\siqBootLoader.exe                                                                                                                                                                                                                            

HKU\Catherine-Sophie\...\Run: [ANT Agent] - C:\Program Files\Garmin\ANT Agent\ANT Agent.exe [ 2013-02-15] (GARMIN Corp.)

HKU\Catherine-Sophie\...\Run: [dualmonitor] - C:\Program Files\Dual Monitor\DualMonitor.exe                                                                                                                                                                                                                            

HKU\Catherine-Sophie\...\Run: [ehTray.exe] - C:\Windows\ehome\ehtray.exe [ 2008-01-18] (Microsoft Corporation)

HKU\Catherine-Sophie\...\Policies\system: [LogonHoursAction] 2

HKU\Catherine-Sophie\...\Policies\system: [DontDisplayLogonHoursWarnings] 1

HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter

HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter

HKU\DEG\...\Run: [SyncService] - "C:\Program Files\SYNCING.NET Technologies\SYNCING.NET\bin\SyncService.exe" /silent

HKU\DEG\...\Run: [dualmonitor] - C:\Program Files\Dual Monitor\DualMonitor.exe                                                                                                                                                                                                                            

HKU\DEG\...\Run: [ehTray.exe] - C:\Windows\ehome\ehtray.exe [ 2008-01-18] (Microsoft Corporation)

HKU\DEG\...\Policies\system: [LogonHoursAction] 2

HKU\DEG\...\Policies\system: [DontDisplayLogonHoursWarnings] 1

HKU\Dominik\...\Run: [ehTray.exe] - C:\Windows\ehome\ehtray.exe [ 2008-01-18] (Microsoft Corporation)

HKU\Dominik\...\Run: [SyncService] - I:\Program Files\SYNCING.NET\SYNCING.NET\bin\SyncService.exe [ 2009-07-20] (SYNCING.NET Technologies GmbH)

HKU\Dominik\...\Run: [LightScribe Control Panel] - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden                                                                                                                                                                                            

HKU\Dominik\...\Run: [ANT Agent] - C:\Program Files\Garmin\ANT Agent\ANT Agent.exe [ 2013-02-15] (GARMIN Corp.)

HKU\Dominik\...\Run: [dualmonitor] - C:\Program Files\Dual Monitor\DualMonitor.exe                                                                                                                                                                                                                            

HKU\Dominik\...\RunOnce: [Shockwave Updater] - C:\Windows\system32\Adobe\Shockwave 11\SwHelper_1150600.exe -Update -1150600 -"Mozilla/5.0_(Windows;_U;_Windows_NT_6.0;_de;_rv:1.9.1.2)_Gecko/20090729_Firefox/3.5.2_(.NET_CLR_3.5.30729)" -"hxxp://www.nordsee-club24.de/blog/urlaub/kinder-und-jugendreisen/campus-nordsee-gaestehaus.html"

HKU\Dominik\...\Policies\system: [LogonHoursAction] 2

HKU\Dominik\...\Policies\system: [DontDisplayLogonHoursWarnings] 1

HKU\Gast\...\Run: [BullGuard] - "C:\Program Files\BullGuard Software\BullGuard\BullGuard.exe"

HKU\Gast\...\Run: [ehTray.exe] - C:\Windows\ehome\ehtray.exe [ 2008-01-18] (Microsoft Corporation)

HKU\Gast\...\Run: [SyncService] - I:\Program Files\SYNCING.NET\SYNCING.NET\bin\SyncService.exe [ 2009-07-20] (SYNCING.NET Technologies GmbH)

HKU\Gast\...\Run: [AusweisApp] - I:\Program Files\AusweisApp\siqBootLoader.exe                                                                                                                                                                                                                            

HKU\Gast\...\Run: [ANT Agent] - C:\Program Files\Garmin\ANT Agent\ANT Agent.exe [ 2013-02-15] (GARMIN Corp.)

HKU\Gast\...\Run: [dualmonitor] - C:\Program Files\Dual Monitor\DualMonitor.exe                                                                                                                                                                                                                            

HKU\Gast\...\RunOnce: [Shockwave Updater] - C:\Windows\system32\Adobe\Shockwave 11\SwHelper_1150600.exe -Update -1150600 -"Mozilla/5.0_(Windows;_U;_Windows_NT_6.0;_de;_rv:1.9.1.2)_Gecko/20090729_Firefox/3.5.2_(.NET_CLR_3.5.30729)" -"hxxp://www.nordsee-club24.de/blog/urlaub/kinder-und-jugendreisen/campus-nordsee-gaestehaus.html"

HKU\Gast\...\Policies\system: [LogonHoursAction] 2

HKU\Gast\...\Policies\system: [DontDisplayLogonHoursWarnings] 1

HKU\UpdatusUser\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter

HKU\UpdatusUser\...\Run: [SyncService] - "C:\Program Files\SYNCING.NET Technologies\SYNCING.NET\bin\SyncService.exe" /silent

HKU\UpdatusUser\...\Run: [AusweisApp] - I:\Program Files\AusweisApp\siqBootLoader.exe                                                                                                                                                                                                                            

HKU\UpdatusUser\...\Run: [ANT Agent] - C:\Program Files\Garmin\ANT Agent\ANT Agent.exe [ 2013-02-15] (GARMIN Corp.)

HKU\UpdatusUser\...\Run: [dualmonitor] - C:\Program Files\Dual Monitor\DualMonitor.exe                                                                                                                                                                                                                            

HKU\UpdatusUser\...\Run: [ehTray.exe] - C:\Windows\ehome\ehtray.exe [ 2008-01-18] (Microsoft Corporation)

HKU\UpdatusUser\...\Policies\system: [LogonHoursAction] 2

HKU\UpdatusUser\...\Policies\system: [DontDisplayLogonHoursWarnings] 1

Lsa: [Authentication Packages] msv1_0 relog_ap

Startup: C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk

ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
 

==================== Internet (Whitelisted) ====================
 

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/

HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie

SearchScopes: HKLM - DefaultScope value is missing.

BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} -  No File

BHO: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll (IObit)

BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

BHO: AusweisApp 1.8.0.0 - {C9EE92B7-EDD5-4ad9-8029-2EC6818E653A} - C:\Program Files\AusweisApp\siqeCardClient.ols (OpenLimit SignCubes AG)

BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

Toolbar: HKLM - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} -  No File

Toolbar: HKCU - No Name - {968631B6-4729-440D-9BF4-251F5593EC9A} -  No File

Toolbar: HKCU - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)

Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

ShellExecuteHooks: CExecuteHook Object - {7B0E5486-E11D-437f-AC8B-7901C7D3FCCB} - C:\Program Files\SYNCING.NET\bin\ShellUI.dll [1198176 2013-08-20] (ASBYTE)

Winsock: Catalog5 01 %SystemRoot%\System32\mswsock.dll [223232] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)

Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9 03 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9 04 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9 05 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9 06 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9 07 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9 08 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9 19 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)

Tcpip\..\Interfaces\{5D24B219-8B75-42F7-B0E3-E3BA710ACB43}: [NameServer]192.168.0.1
 

FireFox:

========

FF ProfilePath: C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887

FF Homepage: hxxp://www.ighome.com/?t=336956

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()

FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.)

FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin: @canon.com/MycameraPlugin - C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)

FF Plugin: @garmin.com/GpsControl - C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)

FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin: @google.com/npPicasa3,version=3.0.0 - I:\Program Files\Picasa3\npPicasa3.dll (Google, Inc.)

FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF Plugin: @photodex.com/PhotodexPresenter - C:\Program Files\Photodex Presenter\npPxPlay.dll ( )

FF Plugin: @reiner-sct.com/OWOK,version=2.0.0.4 - C:\Program Files\REINER SCT\OWOK\NPAPI-20\nprsct_owok_npapi-2004.dll (REINER Kartengeräte GmbH und Co. KG.)

FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @videolan.org/vlc,version=2.1.0 - C:\Program Files\Multimedia\VLC\npvlc.dll (VideoLAN)

FF Plugin: Adobe Acrobat - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)

FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin: yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 - C:\Program Files\Yahoo!\Common\npyaxmpb.dll No File

FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Joerg\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Joerg\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101714.dll (Amazon.com, Inc.)

FF Extension: Разпознаване на устройство Logitech - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\DeviceDetection@logitech.com

FF Extension: FRITZ!Box AddOn - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\fb_add_on@avm.de

FF Extension: Foxdie - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\Foxdie@tanjihay.com

FF Extension: Foxdie (Graphite) - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\FoxdieGraphite@tanjihay.com

FF Extension: Geolocater - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\geolocater@3liz.com

FF Extension: KeeFox - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\keefox@chris.tomlinson

FF Extension: Youtube MP3 Podcaster - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\youtubemp3podcaster@jeremy.d.gregorio.com

FF Extension: Forecastfox - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}

FF Extension: Garmin Communicator - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}

FF Extension: Universal Print - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\{BE2100B3-1D80-48eb-ACCF-D26750644378}

FF Extension: Bitdefender QuickScan - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360}

FF Extension: Adblock Plus Pop-up Addon - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\adblockpopups@jessehakanen.net.xpi

FF Extension: FireJump - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\firejump@firejump.net.xpi

FF Extension: NASA Night Launch - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\nasanightlaunch@example.com.xpi

FF Extension: 1-Click YouTube Video Downloader - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\YoutubeDownloader@PeterOlayev.com.xpi

FF Extension: TweakTube - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\{15e67a59-bd3d-49ae-90dd-b3d3fd14c2ed}.xpi

FF Extension: Integrated Inbox for Gmail &amp; Google Apps - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\{28197867-b1ef-4140-8e3b-55c45b9c8460}.xpi

FF Extension: X-notifier - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\{37fa1426-b82d-11db-8314-0800200c9a66}.xpi

FF Extension: AddonFox - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\{ad48108d-92a6-4eb9-87e4-978aca1dbae4}.xpi

FF Extension: Adblock Plus - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

FF Extension: DownThemAll! - C:\Users\Joerg\AppData\Roaming\Mozilla\Firefox\Profiles\uocka9x6.default-1385483017887\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi

FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

FF HKLM\...\Firefox\Extensions: [{4F3D26C8-9907-48ff-BC74-B8C572D317BF}] - C:\Program Files\AusweisApp\mozilla\eCardClientExt_FFxx_Win

FF Extension: AusweisApp - C:\Program Files\AusweisApp\mozilla\eCardClientExt_FFxx_Win

FF HKLM\...\Firefox\Extensions: [{4F0963A3-1658-4fde-9585-23A25CC288BF}] - C:\Program Files\AusweisApp\mozilla\eCardClientPIn_FFxx_Win

FF Extension: AusweisApp - C:\Program Files\AusweisApp\mozilla\eCardClientPIn_FFxx_Win

FF HKCU\...\Firefox\Extensions: [{a3490cb9-8f1a-4bc5-b1a7-6c2bc4b83424}] - C:\Program Files\Show-Password\136.xpi

FF StartMenuInternet: FIREFOX.EXE - C:\Program Files\Online\Mozilla Firefox\firefox.exe
 

Chrome: 

=======

CHR DefaultSearchURL: hxxp://www.google.com/search?q={searchTerms}&ie=utf-8&oe=utf-8&aq=t

CHR DefaultNewTabURL: 

CHR Plugin: (Photodex Presenter Plugin) - C:\Program Files\Photodex Presenter\npPxPlay.dll ( )

CHR Extension: (Amazon-Icon) - C:\Users\Joerg\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkcedibhemacmilmkpndpkoidlnmgngg\1.0_0

CHR Extension: (DVDVideoSoft Browser Extension) - C:\Users\Joerg\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_1

CHR Extension: (Google Wallet) - C:\Users\Joerg\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0

CHR HKLM\...\Chrome\Extension: [logekkkdbdidmmcgkonmmonclldogceg] - C:\Program Files\Show-Password\136.crx

CHR HKLM\...\Chrome\Extension: [mkcedibhemacmilmkpndpkoidlnmgngg] - C:\Users\Joerg\ChromeExtensions\mkcedibhemacmilmkpndpkoidlnmgngg\amazon.crx

CHR StartMenuInternet: Google Chrome - C:\Users\Joerg\AppData\Local\Google\Chrome\Application\chrome.exe

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 

========================== Services (Whitelisted) =================
 

S4 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [427288 2007-08-31] (Acronis)

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440376 2013-12-09] (Avira Operations GmbH & Co. KG)

R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440376 2013-12-09] (Avira Operations GmbH & Co. KG)

S4 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1011768 2013-12-09] (Avira Operations GmbH & Co. KG)

R2 bgsvcgen; C:\Windows\System32\bgsvcgen.exe [145504 2007-06-15] (B.H.A Corporation)

S4 BotkindSyncService; I:\Program Files\Allway Sync\Bin\SyncService.exe [182784 2013-12-12] ()

R2 cjpcsc; C:\Windows\system32\cjpcsc.exe [514128 2012-03-19] (REINER SCT)

S4 CVPND; N:\Program Files\DEG\Cisco Systems\VPN Client\cvpnd.exe [1528616 2010-09-27] (Cisco Systems, Inc.)

R2 DevoloNetworkService; C:\Program Files\devolo\dlan\devolonetsvc.exe [3526136 2013-08-27] (devolo AG)

S4 gupdate1c98625899d211c; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2009-02-03] (Google Inc.)

S3 LBTServ; C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe [121360 2009-07-20] (Logitech, Inc.)

R2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2151744 2013-11-26] (IObit)

R2 NasPmService; C:\Program Files\BUFFALO\NASNAVI\nassvc.exe [251184 2008-07-11] (BUFFALO INC.)

S4 Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero\Nero8\Nero BackItUp\NBService.exe [853288 2007-09-20] (Nero AG)

S4 PMBDeviceInfoProvider; N:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [479840 2012-11-27] (Sony Corporation)

S4 RemoteAccess; C:\Windows\system32\svchost.exe [21504 2008-01-18] (Microsoft Corporation)

S4 Rohos Disk; C:\Program Files\Rohos\agent.exe [813400 2012-08-24] (Tesline-Service SRL)

S4 SN_Service; C:\Program Files\SYNCING.NET\bin\SN_Service.exe [32768 2013-05-03] (ASBYTE)

S4 StarMoney 8.0 OnlineUpdate; C:\Program Files\StarMoney 8.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe [699680 2012-12-21] (Star Finanz - Software Entwicklung und Vertriebs GmbH)

S4 TryAndDecideService; C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe [498872 2007-08-31] ()

R2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe [1729336 2013-10-11] (TuneUp Software)

S3 TwonkyProxy; C:\Program Files\Twonky\TwonkyServer\twonkyproxy.exe [545608 2012-05-03] ()

S3 TwonkyServer; C:\Program Files\Twonky\TwonkyServer\twonkystarter.exe [541512 2012-05-03] (PacketVideo)

S3 TwonkyWebDav; C:\Program Files\Twonky\TwonkyServer\twonkywebdav.exe [271176 2012-05-03] ()

R2 x10nets; C:\Program Files\Common Files\X10\Common\X10nets.exe [20480 2001-11-12] (X10)
 

==================== Drivers (Whitelisted) ====================
 

R3 3xHybrid; C:\Windows\System32\DRIVERS\3xHybrid.sys [1006816 2009-09-24] (NXP Semiconductors Germany GmbH)

R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [281760 2011-02-26] ()

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-09] (Avira Operations GmbH & Co. KG)

R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2013-12-09] (Avira Operations GmbH & Co. KG)

R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-12-09] (Avira Operations GmbH & Co. KG)

R1 bizVSerial; C:\Windows\System32\drivers\bizVSerialNT.sys [14949 2007-05-31] (franson.biz)

S3 camvid20; C:\Windows\System32\DRIVERS\camdrv21.sys [253909 2004-05-19] (Philips Components BU Imaging Solutions)

R1 cdrbsdrv; C:\Windows\System32\Drivers\cdrbsdrv.sys [33408 2006-02-20] (B.H.A Corporation)

S3 cjusb; C:\Windows\System32\DRIVERS\cjusb.sys [28144 2011-03-29] (REINER SCT)

S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)

R2 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [308859 2010-09-27] (Cisco Systems, Inc.)

R3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [131984 2008-11-16] (Deterministic Networks, Inc.)

S3 FETNDIS; C:\Windows\System32\DRIVERS\fetnd5.sys [45568 2006-11-02] (VIA Technologies, Inc.              )

S3 FNETTHJM; C:\Windows\System32\drivers\fnetthjm.sys [23936 2010-09-07] (FNet Co., Ltd.)

S3 grmnusb; C:\Windows\System32\drivers\grmnusb.sys [15720 2012-04-18] (GARMIN Corp.)

S3 IntelDH; C:\Windows\System32\Drivers\IntelDH.sys [5632 2007-10-15] (Intel Corporation)

R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25888 2009-11-24] ()

S3 MHIKEY10; C:\Windows\System32\Drivers\MHIKEY10.sys [50560 2008-05-27] (Generic USB smartcard reader)

R3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [554496 2007-09-21] (Ralink Technology Corp.)

R2 NPF_devolo; C:\Windows\system32\drivers\npf_devolo.sys [35840 2013-08-27] (CACE Technologies)

R1 prodrv06; C:\Windows\System32\drivers\prodrv06.sys [77184 2004-03-09] (Protection Technology)

R0 prohlp02; C:\Windows\System32\drivers\prohlp02.sys [65504 2004-03-09] (Protection Technology)

R0 prosync1; C:\Windows\System32\drivers\prosync1.sys [6944 2003-09-06] (Protection Technology)

S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [15576 2013-07-01] ()

S3 pwdspio; C:\Windows\system32\pwdspio.sys [10200 2013-07-01] ()

R2 RHDISK; C:\Program Files\Rohos\RHDISK.SYS [40960 2012-08-23] (Tesline-Service SRL)

R3 rusb3hub; C:\Windows\System32\DRIVERS\rusb3hub.sys [80896 2012-05-10] (Renesas Electronics Corporation)

R3 rusb3xhc; C:\Windows\System32\DRIVERS\rusb3xhc.sys [172032 2012-05-10] (Renesas Electronics Corporation)

R0 sfhlp01; C:\Windows\System32\drivers\sfhlp01.sys [4832 2003-12-01] (Protection Technology)

R0 sfvfs02; C:\Windows\System32\drivers\sfvfs02.sys [83320 2007-02-08] (Protection Technology (StarForce))

S3 silabenm; C:\Windows\System32\DRIVERS\silabenm.sys [47176 2011-01-27] (Silicon Laboratories)

S3 silabser; C:\Windows\System32\DRIVERS\silabser.sys [58496 2011-01-27] (Silicon Laboratories)

S3 SIUSBXP; C:\Windows\System32\drivers\SiUSBXp.sys [14848 2009-03-09] (Silicon Laboratories)

R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-12-09] (Avira GmbH)

S3 StarOpen; C:\Windows\System32\Drivers\StarOpen.sys [7168 2009-09-28] ()

S3 StMp3Rec; C:\Windows\System32\Drivers\StMp3Rec.sys [19840 2007-06-15] (Generic)

S3 tbhsd; C:\Windows\System32\drivers\tbhsd.sys [27936 2008-07-15] (RapidSolution Software AG)

R0 tdrpman; C:\Windows\System32\DRIVERS\tdrpman.sys [368736 2008-03-29] (Acronis)

R2 tifsfilter; C:\Windows\System32\DRIVERS\tifsfilt.sys [44416 2008-03-29] (Acronis)

R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys [10088 2012-08-28] (TuneUp Software)

S3 USBTINSP; C:\Windows\System32\DRIVERS\tinspusb.sys [122752 2010-07-07] (Texas Instruments)

R3 X10Hid; C:\Windows\System32\Drivers\x10hid.sys [13976 2006-11-17] (X10 Wireless Technology, Inc.)

R3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [27416 2006-11-30] (X10 Wireless Technology, Inc.)

S2 adfs; No ImagePath

U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-18] (Microsoft Corporation)

S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x]

S3 catchme; \??\C:\ComboFix\catchme.sys [x]

S3 GigasetGenericUSB; system32\DRIVERS\GigasetGenericUSB.sys [x]

S3 IpInIp; system32\DRIVERS\ipinip.sys [x]

S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]

S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]

S3 PalmUSBD; system32\drivers\PalmUSBD.sys [x]

S0 PxHelp20; System32\Drivers\PxHelp20.sys [x]

S3 TSHWMDTCP; \??\C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys [x]
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2013-12-28 20:44 - 2013-12-28 20:44 - 00033400 _____ C:\Users\Joerg\Desktop\FRST.txt

2013-12-28 20:44 - 2013-12-28 20:44 - 00000000 ____D C:\Users\Joerg\Desktop\FRST-OlderVersion

2013-12-28 20:39 - 2013-12-28 20:39 - 00000000 _____ C:\Users\Joerg\Desktop\Ominöser Ordner.zip

2013-12-27 10:52 - 2013-12-27 10:44 - 01233962 _____ C:\Users\Joerg\Desktop\adwcleaner.exe

2013-12-26 09:19 - 2013-12-26 09:19 - 00000000 ____D C:\Users\Joerg\Desktop\Teleskopsteuerung

2013-12-26 09:19 - 2013-12-26 09:19 - 00000000 ____D C:\Users\Joerg\Desktop\Astronomie

2013-12-24 16:41 - 2013-12-24 18:16 - 00002480 _____ C:\Windows\logboot_24.12.2013.tureg.log

2013-12-24 16:15 - 2013-12-24 16:15 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\Avira

2013-12-24 16:13 - 2013-12-24 16:13 - 00000000 ____D C:\ProgramData\Avira

2013-12-24 16:13 - 2013-12-24 16:13 - 00000000 ____D C:\Program Files\Avira

2013-12-24 16:13 - 2013-12-09 11:37 - 00135648 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys

2013-12-24 16:13 - 2013-12-09 11:37 - 00090400 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys

2013-12-24 16:13 - 2013-12-09 11:37 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys

2013-12-24 16:13 - 2013-12-09 11:37 - 00028520 _____ (Avira GmbH) C:\Windows\system32\Drivers\ssmdrv.sys

2013-12-23 08:59 - 2013-12-23 08:59 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\CalculatedFieldsPlugin

2013-12-22 17:24 - 2013-12-22 17:24 - 00000031 _____ C:\fcStart.ini

2013-12-21 20:13 - 2013-12-21 20:13 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\Macromedia

2013-12-21 15:03 - 2013-12-21 15:03 - 00000000 ____D C:\Program Files\Windows Resource Kits

2013-12-21 09:30 - 2013-12-24 16:09 - 00000000 ____D C:\Program Files\Norton Internet Security CBE

2013-12-20 18:16 - 2009-08-19 22:50 - 00022872 _____ (Adobe Systems Inc.) C:\Windows\system32\AdobePDFUI.dll

2013-12-19 20:27 - 2013-12-19 20:27 - 00000000 ____D C:\ProgramData\WindowsSearch

2013-12-19 13:53 - 2013-12-19 13:49 - 00891200 _____ C:\Users\Joerg\Desktop\SecurityCheck.exe

2013-12-19 13:53 - 2013-12-19 13:48 - 02347384 _____ (ESET) C:\Users\Joerg\Desktop\esetsmartinstaller_enu.exe

2013-12-18 17:51 - 2013-12-28 14:25 - 00000000 ___RD C:\Users\Public\Recorded TV

2013-12-18 17:34 - 2013-12-23 09:44 - 00181064 _____ (Sysinternals) C:\Windows\PSEXESVC.EXE

2013-12-18 17:34 - 2013-12-18 17:34 - 00000207 _____ C:\Windows\tweaking.com-regbackup-DESKTOP-Microsoft®-Windows-Vista™-Home-Premium-(32-bit).dat

2013-12-18 17:32 - 2013-12-18 17:32 - 00000000 ____D C:\RegBackup

2013-12-18 16:00 - 2013-12-18 16:00 - 00000000 ____D C:\Windows\ERUNT

2013-12-18 15:45 - 2013-12-27 11:00 - 00000000 ____D C:\AdwCleaner

2013-12-18 15:26 - 2013-12-18 15:26 - 00000618 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-12-18 15:25 - 2013-12-18 15:24 - 01034531 _____ (Thisisu) C:\Users\Joerg\Desktop\JRT.exe

2013-12-17 18:14 - 2013-12-17 18:14 - 00027224 _____ C:\ComboFix.txt

2013-12-17 17:49 - 2013-12-22 15:25 - 00000000 ____D C:\ComboFix

2013-12-17 17:34 - 2013-12-17 18:13 - 00000000 ____D C:\Qoobox

2013-12-17 17:30 - 2013-12-17 16:04 - 05155004 ____R (Swearware) C:\Users\Joerg\Desktop\ComboFix.exe

2013-12-17 16:17 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe

2013-12-17 16:17 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe

2013-12-17 16:17 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe

2013-12-17 16:17 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe

2013-12-17 16:17 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe

2013-12-17 16:17 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe

2013-12-17 16:17 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe

2013-12-17 16:17 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe

2013-12-17 16:14 - 2013-12-17 18:11 - 00000000 ____D C:\Windows\erdnt

2013-12-16 16:10 - 2013-12-28 20:44 - 01064037 _____ (Farbar) C:\Users\Joerg\Desktop\FRST.exe

2013-12-16 16:10 - 2013-12-28 20:44 - 00000000 ____D C:\FRST

2013-12-15 19:28 - 2013-12-27 11:12 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\QuickScan

2013-12-15 19:14 - 2013-12-15 19:43 - 3133878462 _____ C:\avenger.txt

2013-12-15 17:22 - 2013-12-15 17:22 - 00000000 ____D C:\Users\Joerg\Desktop\Ominöser Ordner

2013-12-15 09:58 - 2013-12-15 10:57 - 00001912 _____ C:\Windows\epplauncher.mif

2013-12-15 09:45 - 2013-12-21 21:01 - 00000392 ____H C:\Windows\Tasks\User_Feed_Synchronization-{792C0784-4E0D-417A-B5F3-2D5B5D6A4312}.job

2013-12-12 19:16 - 2013-12-12 19:15 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe

2013-12-12 19:16 - 2013-12-12 19:15 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe

2013-12-12 19:16 - 2013-12-12 19:15 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe

2013-12-12 19:16 - 2013-12-12 19:15 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll

2013-12-06 14:54 - 2013-12-22 15:26 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1

2013-12-06 14:54 - 2013-12-06 14:55 - 00000000 ____D C:\Program Files\iTunes

2013-12-06 14:54 - 2013-12-06 14:54 - 00000000 ____D C:\Program Files\iPod
 

==================== One Month Modified Files and Folders =======
 

2013-12-28 20:45 - 2013-12-28 20:44 - 00033400 _____ C:\Users\Joerg\Desktop\FRST.txt

2013-12-28 20:44 - 2013-12-28 20:44 - 00000000 ____D C:\Users\Joerg\Desktop\FRST-OlderVersion

2013-12-28 20:44 - 2013-12-16 16:10 - 01064037 _____ (Farbar) C:\Users\Joerg\Desktop\FRST.exe

2013-12-28 20:44 - 2013-12-16 16:10 - 00000000 ____D C:\FRST

2013-12-28 20:40 - 2012-12-29 20:47 - 00000000 ____D C:\Users\Joerg\AppData\Local\CrashDumps

2013-12-28 20:39 - 2013-12-28 20:39 - 00000000 _____ C:\Users\Joerg\Desktop\Ominöser Ordner.zip

2013-12-28 20:24 - 2012-06-11 11:42 - 01294266 _____ C:\Windows\WindowsUpdate.log

2013-12-28 14:25 - 2013-12-18 17:51 - 00000000 ___RD C:\Users\Public\Recorded TV

2013-12-28 14:25 - 2006-11-02 14:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2013-12-28 14:25 - 2006-11-02 13:47 - 00003344 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

2013-12-28 14:25 - 2006-11-02 13:47 - 00003344 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

2013-12-28 09:22 - 2006-11-02 14:01 - 00032610 _____ C:\Windows\Tasks\SCHEDLGU.TXT

2013-12-27 11:12 - 2013-12-15 19:28 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\QuickScan

2013-12-27 11:00 - 2013-12-18 15:45 - 00000000 ____D C:\AdwCleaner

2013-12-27 10:44 - 2013-12-27 10:52 - 01233962 _____ C:\Users\Joerg\Desktop\adwcleaner.exe

2013-12-26 09:31 - 2008-03-11 19:17 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\Adobe

2013-12-26 09:19 - 2013-12-26 09:19 - 00000000 ____D C:\Users\Joerg\Desktop\Teleskopsteuerung

2013-12-26 09:19 - 2013-12-26 09:19 - 00000000 ____D C:\Users\Joerg\Desktop\Astronomie

2013-12-26 09:18 - 2013-11-26 16:58 - 00000000 ____D C:\ProgramData\ProductData

2013-12-24 18:18 - 2008-03-11 18:55 - 00000000 ____D C:\Users\Joerg

2013-12-24 18:16 - 2013-12-24 16:41 - 00002480 _____ C:\Windows\logboot_24.12.2013.tureg.log

2013-12-24 18:16 - 2006-11-02 11:22 - 83886080 _____ C:\Windows\system32\config\SOFTWARE_tureg_old

2013-12-24 18:16 - 2006-11-02 11:22 - 53739520 _____ C:\Windows\system32\config\SYSTEM_tureg_old

2013-12-24 18:16 - 2006-11-02 11:22 - 36438016 _____ C:\Windows\system32\config\COMPONENTS_tureg_old

2013-12-24 18:16 - 2006-11-02 11:22 - 00524288 _____ C:\Windows\system32\config\DEFAULT_tureg_old

2013-12-24 18:16 - 2006-11-02 11:22 - 00028672 _____ C:\Windows\system32\config\SECURITY_tureg_old

2013-12-24 16:39 - 2006-11-02 11:22 - 00204800 _____ C:\Windows\system32\config\SAM_tureg_old

2013-12-24 16:27 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\system32\LogFiles

2013-12-24 16:17 - 2008-03-11 19:22 - 00000000 ___RD C:\Users\Joerg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Util

2013-12-24 16:15 - 2013-12-24 16:15 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\Avira

2013-12-24 16:13 - 2013-12-24 16:13 - 00000000 ____D C:\ProgramData\Avira

2013-12-24 16:13 - 2013-12-24 16:13 - 00000000 ____D C:\Program Files\Avira

2013-12-24 16:09 - 2013-12-21 09:30 - 00000000 ____D C:\Program Files\Norton Internet Security CBE

2013-12-24 16:09 - 2012-11-25 09:38 - 00000000 ____D C:\ProgramData\Norton

2013-12-23 10:21 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\Microsoft.NET

2013-12-23 10:18 - 2006-11-02 11:33 - 01592432 _____ C:\Windows\system32\PerfStringBackup.INI

2013-12-23 09:54 - 2012-06-11 11:39 - 02438576 _____ C:\Windows\system32\FNTCACHE.DAT

2013-12-23 09:44 - 2013-12-18 17:34 - 00181064 _____ (Sysinternals) C:\Windows\PSEXESVC.EXE

2013-12-23 09:42 - 2012-06-10 09:36 - 00142992 _____ C:\Users\Joerg\AppData\Local\GDIPFONTCACHEV1.DAT

2013-12-23 09:23 - 2009-05-31 16:17 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\KeePass

2013-12-23 09:23 - 2008-03-14 17:51 - 00000000 ____D C:\Users\Joerg\Documents\Sonstiges

2013-12-23 08:59 - 2013-12-23 08:59 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\CalculatedFieldsPlugin

2013-12-22 17:24 - 2013-12-22 17:24 - 00000031 _____ C:\fcStart.ini

2013-12-22 17:18 - 2013-02-07 19:30 - 00000000 ____D C:\Program Files\MSXML 4.0

2013-12-22 17:01 - 2009-09-05 19:15 - 00000000 ____D C:\Windows\pss

2013-12-22 15:27 - 2013-11-26 16:58 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\IObit

2013-12-22 15:27 - 2013-11-24 17:11 - 00000000 ____D C:\Users\Joerg\Documents\StreamTransport

2013-12-22 15:27 - 2013-09-25 13:20 - 00000000 ____D C:\Users\Joerg\Documents\FotoMorph Data

2013-12-22 15:27 - 2013-07-27 13:32 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\ContactConversionWizard

2013-12-22 15:27 - 2013-07-06 14:31 - 00000000 ____D C:\Users\Joerg\AppData\Local\Temp8409436aa8c8fe2607f46d888894a0a2

2013-12-22 15:27 - 2013-07-06 14:31 - 00000000 ____D C:\Users\Joerg\AppData\Local\Temp57e798956ff6945e831cb73b3f5ebe6d

2013-12-22 15:27 - 2013-04-28 16:02 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\MyPhoneExplorer

2013-12-22 15:27 - 2013-04-01 08:49 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\mp3DirectCut

2013-12-22 15:27 - 2013-03-10 10:28 - 00000000 ___RD C:\Users\Joerg\Desktop\Fotografie

2013-12-22 15:27 - 2012-08-21 18:41 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\PhotoFiltre 7

2013-12-22 15:27 - 2012-06-08 17:55 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\TwonkyServer

2013-12-22 15:27 - 2012-05-21 16:49 - 00000000 ___SD C:\Users\Joerg\Google Drive

2013-12-22 15:27 - 2012-04-17 14:30 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\DVDVideoSoft

2013-12-22 15:27 - 2012-02-27 20:10 - 00000000 ____D C:\Users\Joerg\XnViewPortable

2013-12-22 15:27 - 2012-01-02 20:00 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\Chipcardmaster

2013-12-22 15:27 - 2011-12-25 11:53 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\SmartLine

2013-12-22 15:27 - 2011-12-05 19:51 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\MediaMonkey

2013-12-22 15:27 - 2011-12-03 11:34 - 00000000 ___RD C:\Users\Joerg\Documents\Dropbox

2013-12-22 15:27 - 2011-05-03 18:56 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\gtk-2.0

2013-12-22 15:27 - 2011-05-03 15:20 - 00000000 ____D C:\Users\Joerg\Gpredict

2013-12-22 15:27 - 2011-02-05 21:11 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\PhotoScape

2013-12-22 15:27 - 2010-10-28 09:42 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\DynaGeo

2013-12-22 15:27 - 2010-10-28 09:32 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\Notepad++

2013-12-22 15:27 - 2010-09-19 11:16 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\Ahnenblatt

2013-12-22 15:27 - 2010-06-21 17:23 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\GeoSetter

2013-12-22 15:27 - 2010-05-29 20:55 - 00000000 ___RD C:\Users\Joerg\Desktop\Sport

2013-12-22 15:27 - 2009-09-23 19:02 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\EQMOD

2013-12-22 15:27 - 2009-09-04 18:01 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\Nvu

2013-12-22 15:27 - 2009-08-12 19:33 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\dvdcss

2013-12-22 15:27 - 2009-08-03 08:56 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\vlc

2013-12-22 15:27 - 2009-02-19 14:20 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\skychart

2013-12-22 15:27 - 2008-06-13 18:42 - 00000000 ___RD C:\Users\Joerg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games

2013-12-22 15:27 - 2008-05-01 10:21 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\Skype

2013-12-22 15:27 - 2008-04-20 09:29 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\Thunderbird

2013-12-22 15:27 - 2008-04-17 18:39 - 00000000 ____D C:\Users\Joerg\Documents\TrackMania

2013-12-22 15:27 - 2008-03-22 14:22 - 00000000 ___RD C:\Users\Joerg\Desktop\Games

2013-12-22 15:27 - 2008-03-14 18:54 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\Synchronizer

2013-12-22 15:27 - 2008-03-14 18:38 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\Stellarium

2013-12-22 15:27 - 2008-03-14 17:45 - 00000000 ___SD C:\Users\Joerg\Documents\Meine Shapes

2013-12-22 15:27 - 2008-03-14 17:45 - 00000000 ____D C:\Users\Joerg\Documents\Navigation

2013-12-22 15:27 - 2008-03-14 17:41 - 00000000 ____D C:\Users\Joerg\Documents\MediaShows

2013-12-22 15:27 - 2008-03-14 17:40 - 00000000 ____D C:\Users\Joerg\Documents\Cartes du Ciel

2013-12-22 15:27 - 2008-03-14 17:40 - 00000000 ____D C:\Users\Joerg\Documents\Astronomie

2013-12-22 15:27 - 2008-03-11 19:23 - 00000000 ___RD C:\Users\Joerg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Online

2013-12-22 15:27 - 2008-03-11 19:21 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Anwendung

2013-12-22 15:27 - 2008-03-11 18:56 - 00000000 ____D C:\Users\Joerg\AppData\Local\TVEnhance

2013-12-22 15:27 - 2008-03-11 18:55 - 00000000 ___RD C:\Users\Joerg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories

2013-12-22 15:27 - 2006-11-02 13:37 - 00000000 ____D C:\Program Files\Windows Defender

2013-12-22 15:27 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\system32\spool

2013-12-22 15:27 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\system32\Msdtc

2013-12-22 15:27 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\system

2013-12-22 15:26 - 2013-12-06 14:54 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1

2013-12-22 15:26 - 2013-07-06 14:31 - 00000000 ____D C:\Users\Joerg\AppData\Local\Temp4195a7306b30f4fd47dce8db05cd6580

2013-12-22 15:26 - 2012-04-17 14:31 - 00000000 ____D C:\Program Files\Common Files\DVDVideoSoft

2013-12-22 15:26 - 2010-10-29 21:53 - 00000000 ____D C:\ProgramData\FLEXnet

2013-12-22 15:26 - 2010-10-29 20:10 - 00000000 ____D C:\Program Files\Common Files\Adobe

2013-12-22 15:26 - 2010-02-13 10:44 - 00000000 ____D C:\Users\Joerg\.jskat

2013-12-22 15:26 - 2009-08-30 09:41 - 00000000 ____D C:\Program Files\Common Files\PX Storage Engine

2013-12-22 15:26 - 2009-02-19 14:25 - 00000000 ____D C:\Users\Joerg\AppData\Local\Skychart

2013-12-22 15:26 - 2008-04-26 09:14 - 00000000 ____D C:\Users\Joerg\AppData\Local\MediaMonkey

2013-12-22 15:26 - 2007-10-10 12:05 - 00000000 ____D C:\Program Files\Adobe

2013-12-22 15:25 - 2013-12-17 17:49 - 00000000 ____D C:\ComboFix

2013-12-22 15:24 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\registration

2013-12-22 10:43 - 2006-11-02 11:22 - 83099648 _____ C:\Windows\system32\config\software_previous

2013-12-22 10:43 - 2006-11-02 11:22 - 53739520 _____ C:\Windows\system32\config\system_previous

2013-12-22 10:43 - 2006-11-02 11:22 - 36438016 _____ C:\Windows\system32\config\components_previous

2013-12-22 10:43 - 2006-11-02 11:22 - 00319488 _____ C:\Windows\system32\config\default_previous

2013-12-22 10:43 - 2006-11-02 11:22 - 00204800 _____ C:\Windows\system32\config\sam_previous

2013-12-22 10:43 - 2006-11-02 11:22 - 00028672 _____ C:\Windows\system32\config\security_previous

2013-12-22 10:24 - 2012-09-03 15:56 - 00000000 ____D C:\Users\DEG

2013-12-22 10:24 - 2010-11-10 16:29 - 00000000 ____D C:\Users\Catherine-Sophie

2013-12-22 10:24 - 2008-04-20 10:13 - 00000000 ____D C:\Users\Dominik

2013-12-22 10:24 - 2008-03-13 19:00 - 00000000 ____D C:\Users\Gast

2013-12-21 21:01 - 2013-12-15 09:45 - 00000392 ____H C:\Windows\Tasks\User_Feed_Synchronization-{792C0784-4E0D-417A-B5F3-2D5B5D6A4312}.job

2013-12-21 20:16 - 2006-11-02 11:22 - 83361792 _____ C:\Windows\system32\config\software.old

2013-12-21 20:16 - 2006-11-02 11:22 - 53739520 _____ C:\Windows\system32\config\system.old

2013-12-21 20:16 - 2006-11-02 11:22 - 36438016 _____ C:\Windows\system32\config\components.old

2013-12-21 20:16 - 2006-11-02 11:22 - 00524288 _____ C:\Windows\system32\config\default.old

2013-12-21 20:16 - 2006-11-02 11:22 - 00204800 _____ C:\Windows\system32\config\sam.old

2013-12-21 20:16 - 2006-11-02 11:22 - 00028672 _____ C:\Windows\system32\config\security.old

2013-12-21 20:13 - 2013-12-21 20:13 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\Macromedia

2013-12-21 17:20 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\system32\de-DE

2013-12-21 16:45 - 2013-10-09 09:49 - 00000000 ____D C:\Users\Carmen\AppData\Roaming\JFritz

2013-12-21 16:40 - 2008-03-21 20:28 - 00142992 _____ C:\Users\Carmen\AppData\Local\GDIPFONTCACHEV1.DAT

2013-12-21 15:17 - 2010-05-22 16:49 - 00000000 ____D C:\Users\Joerg\AppData\Local\FixItCenter

2013-12-21 15:03 - 2013-12-21 15:03 - 00000000 ____D C:\Program Files\Windows Resource Kits

2013-12-21 10:08 - 2012-01-02 20:00 - 00000000 ____D C:\Program Files\Chipcardmaster

2013-12-21 09:45 - 2013-03-27 17:03 - 00000000 ____D C:\Program Files\AusweisApp

2013-12-21 09:41 - 2012-02-21 16:36 - 00000000 ____D C:\Users\Joerg\.ausweisapp

2013-12-20 18:43 - 2007-10-10 12:06 - 00000000 ____D C:\ProgramData\Adobe

2013-12-19 20:27 - 2013-12-19 20:27 - 00000000 ____D C:\ProgramData\WindowsSearch

2013-12-19 13:49 - 2013-12-19 13:53 - 00891200 _____ C:\Users\Joerg\Desktop\SecurityCheck.exe

2013-12-19 13:48 - 2013-12-19 13:53 - 02347384 _____ (ESET) C:\Users\Joerg\Desktop\esetsmartinstaller_enu.exe

2013-12-18 17:51 - 2006-11-02 12:18 - 00000000 ___RD C:\Users\Public

2013-12-18 17:45 - 2006-11-02 11:23 - 00000855 _____ C:\Windows\system32\Drivers\etc\hosts_bak_676

2013-12-18 17:34 - 2013-12-18 17:34 - 00000207 _____ C:\Windows\tweaking.com-regbackup-DESKTOP-Microsoft®-Windows-Vista™-Home-Premium-(32-bit).dat

2013-12-18 17:32 - 2013-12-18 17:32 - 00000000 ____D C:\RegBackup

2013-12-18 16:00 - 2013-12-18 16:00 - 00000000 ____D C:\Windows\ERUNT

2013-12-18 15:26 - 2013-12-18 15:26 - 00000618 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-12-18 15:24 - 2013-12-18 15:25 - 01034531 _____ (Thisisu) C:\Users\Joerg\Desktop\JRT.exe

2013-12-17 18:14 - 2013-12-17 18:14 - 00027224 _____ C:\ComboFix.txt

2013-12-17 18:13 - 2013-12-17 17:34 - 00000000 ____D C:\Qoobox

2013-12-17 18:11 - 2013-12-17 16:14 - 00000000 ____D C:\Windows\erdnt

2013-12-17 18:07 - 2006-11-02 11:23 - 00000215 _____ C:\Windows\system.ini

2013-12-17 18:07 - 2006-11-02 11:23 - 00000027 _____ C:\Windows\system32\Drivers\etc\hosts_bak_663

2013-12-17 16:05 - 2013-11-26 16:58 - 00000000 ____D C:\ProgramData\IObit

2013-12-17 16:04 - 2013-12-17 17:30 - 05155004 ____R (Swearware) C:\Users\Joerg\Desktop\ComboFix.exe

2013-12-15 19:43 - 2013-12-15 19:14 - 3133878462 _____ C:\avenger.txt

2013-12-15 19:14 - 2011-01-26 19:37 - 00000000 ____D C:\Windows\Sun

2013-12-15 18:05 - 2012-09-20 13:27 - 00000000 ____D C:\Program Files\TuneUp Utilities 2013

2013-12-15 17:22 - 2013-12-15 17:22 - 00000000 ____D C:\Users\Joerg\Desktop\Ominöser Ordner

2013-12-15 17:22 - 2012-06-17 18:09 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe

2013-12-15 17:22 - 2011-06-23 09:17 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

2013-12-15 17:22 - 2008-04-05 17:05 - 00000000 ____D C:\Program Files\Google

2013-12-15 10:57 - 2013-12-15 09:58 - 00001912 _____ C:\Windows\epplauncher.mif

2013-12-15 09:32 - 2010-05-28 19:30 - 01056768 _____ C:\Windows\system32\defltbase.sdb

2013-12-13 20:20 - 2009-09-06 21:26 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\Media Player Classic

2013-12-13 19:22 - 2008-04-23 18:40 - 00050688 _____ C:\Users\Joerg\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2013-12-12 19:32 - 2008-03-12 20:38 - 00000000 ____D C:\Users\Joerg\AppData\Local\Adobe

2013-12-12 19:17 - 2013-10-04 19:25 - 00000000 ____D C:\ProgramData\Oracle

2013-12-12 19:15 - 2013-12-12 19:16 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe

2013-12-12 19:15 - 2013-12-12 19:16 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe

2013-12-12 19:15 - 2013-12-12 19:16 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe

2013-12-12 19:15 - 2013-12-12 19:16 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll

2013-12-12 18:01 - 2012-07-10 08:41 - 00000000 ____D C:\Program Files\StarMoney 8.0 S-Edition

2013-12-12 17:49 - 2012-10-10 17:57 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service

2013-12-11 17:47 - 2007-10-10 11:37 - 00000000 ____D C:\ProgramData\Microsoft Help

2013-12-11 17:44 - 2013-07-23 19:59 - 00000000 ____D C:\Windows\system32\MRT

2013-12-11 17:40 - 2006-11-02 11:24 - 88123800 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe

2013-12-09 11:37 - 2013-12-24 16:13 - 00135648 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys

2013-12-09 11:37 - 2013-12-24 16:13 - 00090400 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys

2013-12-09 11:37 - 2013-12-24 16:13 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys

2013-12-09 11:37 - 2013-12-24 16:13 - 00028520 _____ (Avira GmbH) C:\Windows\system32\Drivers\ssmdrv.sys

2013-12-08 15:24 - 2012-11-18 18:24 - 00000000 ____D C:\Users\Joerg\AppData\Local\Rohos

2013-12-08 10:07 - 2008-03-12 18:52 - 00000000 ____D C:\Program Files\Astronomie

2013-12-08 09:56 - 2008-05-01 10:20 - 00000000 ____D C:\ProgramData\Skype

2013-12-06 17:24 - 2013-11-26 16:58 - 00001166 _____ C:\Users\Joerg\AppData\Roaming\Microsoft\Windows\Start Menu\Uninstall Programs.lnk

2013-12-06 14:55 - 2013-12-06 14:54 - 00000000 ____D C:\Program Files\iTunes

2013-12-06 14:54 - 2013-12-06 14:54 - 00000000 ____D C:\Program Files\iPod

2013-12-06 14:54 - 2011-03-15 19:14 - 00000000 ____D C:\ProgramData\Apple Computer

2013-12-06 14:54 - 2011-03-15 19:09 - 00000000 ____D C:\Program Files\Common Files\Apple

2013-12-05 19:23 - 2011-08-23 17:37 - 00002629 _____ C:\Users\Joerg\BT747SettingsJ2SE.pdb

2013-12-05 17:31 - 2011-08-22 12:27 - 00000000 ____D C:\Users\Joerg\Documents\ezTour_Workspace

2013-12-05 17:00 - 2007-10-09 15:23 - 00000000 ___HD C:\Program Files\InstallShield Installation Information

2013-12-04 18:23 - 2011-10-03 14:52 - 00000000 ____D C:\Users\Joerg\AppData\Local\Eye-Fi

2013-12-04 18:10 - 2011-10-03 14:52 - 00000000 ____D C:\Users\Joerg\AppData\Roaming\Eye-Fi
 

Some content of TEMP:

====================

C:\Users\Joerg\AppData\Local\temp\avgnt.exe

C:\Users\Joerg\AppData\Local\temp\Quarantine.exe
 
 

==================== Bamital & volsnap Check =================
 

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 

LastRegBack: 2013-12-28 14:31
 

==================== End Of Log ============================

--- --- ---

Danke und bis bald.

Jörg

Du hast den Ordner schon mal per Linux gelöscht? Bitte nochmal, auch diesen Ordner:

C:\Program Files\Google\Desktop\Install