Fehlermeldung beim Start von Windows RunDll Modul nicht gefunden

mamabear · 05.03.2014, 12:48

Hallo,
seit kurzen kommt folgendes wenn ich Windows starte
Probleme beim Starten von
C:\Program File (x86)\ Surf_Canyon\TBUpdater.dll
Das Angegeben Modul wurde nicht gefunden.
Ich habe Norton Antivirus laufen lassen der hat nichts gefunden.
Spybot hat etwas gefunden und wurde entfernt, aber es kommt immer noch.

M-K-D-B · 05.03.2014, 14:33

Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.

Bitte beachte folgende Hinweise:

Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support unterbrechen bis jegliche Art von illegaler Software vom Rechner entfernt wurde.
Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags.
Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
Solltest du mir nicht innerhalb von 4 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo.
Solltest du einmal länger abwesend sein, so gib mir bitte Bescheid!
Während der Bereinigung bitte nichts installieren oder deinstallieren, außer ich bitte dich darum!
Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort zu starten!
Ich kann Dir niemals eine Garantie geben, dass auch ich alles finde. Eine Formatierung ist meist der schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

mamabear · 05.03.2014, 15:47

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-03-2014
Ran by Bears (administrator) on BEARS-PC on 05-03-2014 16:42:39
Running from C:\Users\Bears\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(AMD) C:\windows\system32\atiesrxx.exe
(AMD) C:\windows\system32\atieclxx.exe
(Microsoft Corporation) C:\windows\system32\WLANExt.exe
(Taiwan Shui Mu Chih Ching Technology Limited.) C:\Program Files (x86)\WinZipper\winzipersvc.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIHJE.EXE
(Vimicro) C:\Program Files (x86)\USB Camera\VM331_STI.EXE
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(Lenovo) C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
() C:\Program Files (x86)\Download.am\download.am.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(COLDWELL AG) C:\Users\Bears\AppData\Local\Temp\~nsu.tmp\Au_.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2294568 2010-09-03] (Synaptics Incorporated)
HKLM\...\Run: [Lenovo EE Boot Optimizer] - C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe [114688 2012-02-20] (Lenovo)
HKLM\...\Run: [Energy Management] - C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [9753024 2012-02-20] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] - C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [5908928 2012-02-20] (Lenovo(beijing) Limited)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-08-10] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [331BigDog] - C:\Program Files (x86)\USB Camera\VM331_STI.EXE [536576 2010-01-15] (Vimicro)
HKLM-x32\...\Run: [UpdateP2GShortCut] - C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2010-07-26] (CyberLink Corp.)
HKLM-x32\...\Run: [YouCam Mirage] - C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2011-01-29] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] - C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe [228448 2011-01-29] (CyberLink Corp.)
HKLM-x32\...\Run: [VeriFaceManager] - C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe [329056 2012-02-20] (Lenovo)
HKLM-x32\...\Run: [UpdatePRCShortCut] - C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKLM-x32\...\Run: [SDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-06] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [Download.am] - C:\Program Files (x86)\Download.am\download.am.exe [143872 2013-11-26] ()
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-06] (Apple Inc.)
HKLM-x32\...\Runonce: [removeiMeshdatamngr] - cmd.exe /c RD /S /Q "C:\Program Files (x86)\Music Toolbar" [X]
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-1415361469-2693387662-4033486994-1002\...\Run: [EPLTarget\P0000000000000000] - C:\windows\system32\spool\DRIVERS\x64\3\E_IATIHJE.EXE [283232 2012-02-29] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1415361469-2693387662-4033486994-1002\...\RunOnce: [Application Restart #1] - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [859464 2014-03-02] (Google Inc.)
HKU\S-1-5-21-1415361469-2693387662-4033486994-1002\...\MountPoints2: {9f00e14f-358b-11e3-ab2d-dc0ea183af74} - E:\Startme.exe
AppInit_DLLs: c:\progra~2\musict~1\datamngr\x64\mgrldr.dll => c:\progra~2\musict~1\datamngr\x64\mgrldr.dll File Not Found
AppInit_DLLs-x32: c:\progra~2\musict~1\datamngr\mgrldr.dll => "c:\progra~2\musict~1\datamngr\mgrldr.dll" File Not Found
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.search.ask.com/?o=APN10653A&gct=hp&d=1-1487&v=n11551-277&t=4
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.awesomehp.com/web/?type=ds&ts=1393490916&from=tugs&uid=WDCXWD3200BPVT-24JJ5T0_WD-WXH1CB1R0110R0110&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1393490916&from=tugs&uid=WDCXWD3200BPVT-24JJ5T0_WD-WXH1CB1R0110R0110&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.awesomehp.com/?type=hp&ts=1393490916&from=tugs&uid=WDCXWD3200BPVT-24JJ5T0_WD-WXH1CB1R0110R0110
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.awesomehp.com/?type=hp&ts=1393490916&from=tugs&uid=WDCXWD3200BPVT-24JJ5T0_WD-WXH1CB1R0110R0110
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.awesomehp.com/web/?type=ds&ts=1393490916&from=tugs&uid=WDCXWD3200BPVT-24JJ5T0_WD-WXH1CB1R0110R0110&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1393490916&from=tugs&uid=WDCXWD3200BPVT-24JJ5T0_WD-WXH1CB1R0110R0110&q={searchTerms}
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1393490916&from=tugs&uid=WDCXWD3200BPVT-24JJ5T0_WD-WXH1CB1R0110R0110&q={searchTerms}
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2001} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=1487&systemid=1&v=n11551-277&apn_uid=5089400521264875&apn_dtid=IME001&o=APN10653&apn_ptnrs=AGE&q={searchTerms}
SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://search.certified-toolbar.com?si=75087&st=bs&tid=8679&ver=5.1&ts=1385123991366&tguid=75087-8679-1385123991366-5B53B2FADE3D86AA1C831F48F0A09F11&q={searchTerms}
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2001} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=1487&systemid=1&v=n11551-277&apn_uid=5089400521264875&apn_dtid=IME001&o=APN10653&apn_ptnrs=AGE&q={searchTerms}
SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=TuguuCR&co=TJ&userid=b94ebb61-fb9b-2eef-9ad7-49a4f887bb6d&searchtype=ds&q={searchTerms}&installDate=28/10/2013
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://search.certified-toolbar.com?si=75087&st=bs&tid=8679&ver=5.1&ts=1385123991366&tguid=75087-8679-1385123991366-5B53B2FADE3D86AA1C831F48F0A09F11&q={searchTerms}
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovigo.com/Results.aspx?gd=&ctid=CT3315513&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP4A64FDA2-09DB-405A-B080-ED08F4992254&q={searchTerms}&SSPV=
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENN_deDE547
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2001} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=1487&systemid=1&v=n11551-277&apn_uid=5089400521264875&apn_dtid=IME001&o=APN10653&apn_ptnrs=AGE&q={searchTerms}
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=TuguuCR&co=DE&userid=b94ebb61-fb9b-2eef-9ad7-49a4f887bb6d&searchtype=ds&q={searchTerms}&installDate=28/10/2013
BHO: Snap.DoEngine - {31ad400d-1b06-4e33-a59a-90c2c140cba0} - C:\windows\system32\mscoree.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM - Snap.Do - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\windows\system32\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Snap.Do - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\windows\SysWOW64\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

Chrome: 
=======
CHR HomePage: hxxp://www.search.ask.com/?o=APN10653A&gct=hp&d=1-1487&v=n11551-277&t=4
CHR DefaultSearchKeyword: ask.com
CHR DefaultSearchProvider: Ask.com
CHR DefaultSearchURL: hxxp://dts.search.ask.com/sr?src=crb&gct=ds&appid=1487&systemid=1&v=n11551-277&apn_uid=5089400521264875&apn_dtid=IME001&o=APN10653&apn_ptnrs=AGE&q={searchTerms}
CHR DefaultNewTabURL: 
CHR Extension: (Google Wallet) - C:\Users\Bears\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR HKLM-x32\...\Chrome\Extension: [bmfahkhfjbaengbjmokfjcipjjcncncm] - C:\Program Files (x86)\Surf_Canyon\chrome\Surf_Canyon.crx [2013-08-23]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\Exts\Chrome.crx [2014-02-02]
CHR HKLM-x32\...\Chrome\Extension: [pelmeidfhdlhlbjimpabfcbnnojbboma] - C:\Users\Bears\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv2.crx [2014-02-02]

==================== Services (Whitelisted) =================

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [365568 2011-08-10] (Advanced Micro Devices, Inc.)
R2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173192 2013-06-20] (Microsoft Corp.)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [123384 2014-01-22] (McAfee, Inc.)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation)
S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.)
R2 winzipersvc; C:\Program Files (x86)\WinZipper\winzipersvc.exe [424104 2013-10-30] (Taiwan Shui Mu Chih Ching Technology Limited.)

==================== Drivers (Whitelisted) ====================

R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\BASHDefs\20140214.001\BHDrvx64.sys [1526488 2013-12-18] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1404000.028\ccSetx64.sys [169048 2013-04-16] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2014-02-24] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-11-21] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\IPSDefs\20140303.001\IDSvia64.sys [521944 2014-01-21] (Symantec Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20140304.032\ENG64.SYS [126040 2014-02-24] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20140304.032\EX64.SYS [2099288 2014-02-24] (Symantec Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1404000.028\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1404000.028\SRTSPX64.SYS [36952 2013-03-05] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1404000.028\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1404000.028\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-10-12] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1404000.028\Ironx64.SYS [224416 2013-03-05] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1404000.028\SYMNETS.SYS [433752 2013-04-25] (Symantec Corporation)
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [228224 2010-10-21] (Vimicro Corporation)
R3 vmuvcflt; C:\Windows\System32\Drivers\vmuvcflt.sys [8320 2010-08-16] (Vimicro Corporation)
U3 BcmSqlStartupSvc; 
U2 CLKMSVC10_3A60B698; 
U2 CLKMSVC10_C3B3B687; 
U2 DriverService; 
U2 IAStorDataMgrSvc; 
U2 iATAgentService; 
U2 idealife Update Service; 
U3 IGRS; 
U2 IviRegMgr; 
U2 nvUpdatusService; 
U2 Oasis2Service; 
U2 PCCarerService; 
U2 ReadyComm.DirectRouter; 
U2 RichVideo; 
U2 RtLedService; 
U2 SeaPort; 
U2 SoftwareService; 
U3 SQLWriter; 
U2 Stereo Service; 

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-05 16:40 - 2014-03-05 16:42 - 00019398 _____ () C:\Users\Bears\Downloads\FRST.txt
2014-03-05 16:38 - 2014-03-05 16:42 - 00030847 _____ () C:\Users\Bears\Downloads\Addition.txt
2014-03-05 16:35 - 2014-03-05 16:42 - 00000000 ____D () C:\FRST
2014-03-05 16:31 - 2014-03-05 16:31 - 02157056 _____ (Farbar) C:\Users\Bears\Downloads\FRST64.exe
2014-03-05 16:27 - 2014-03-05 16:27 - 00000000 ____D () C:\Users\Bears\Documents\My Received Files
2014-03-05 16:27 - 2014-03-05 16:27 - 00000000 ____D () C:\Users\Bears\AppData\Roaming\MusicNet
2014-03-05 16:24 - 2014-03-05 16:24 - 00000000 ____D () C:\Program Files (x86)\Music Toolbar
2014-03-01 08:26 - 2014-03-01 08:25 - 00001133 _____ () C:\Users\Public\Desktop\Opera.lnk
2014-03-01 08:05 - 2014-01-09 03:22 - 05694464 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll
2014-03-01 08:05 - 2014-01-03 23:44 - 06574592 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2014-03-01 06:59 - 2013-10-02 02:10 - 00044544 _____ (Microsoft Corporation) C:\windows\system32\TsUsbGDCoInstaller.dll
2014-03-01 06:58 - 2013-10-02 03:22 - 00056832 _____ (Microsoft Corporation) C:\windows\system32\Drivers\TsUsbFlt.sys
2014-03-01 06:58 - 2013-10-02 03:11 - 00013824 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-03-01 06:58 - 2013-10-02 03:08 - 00012800 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-03-01 06:58 - 2013-10-02 02:48 - 00056832 _____ (Microsoft Corporation) C:\windows\system32\MsRdpWebAccess.dll
2014-03-01 06:58 - 2013-10-02 02:48 - 00018944 _____ (Microsoft Corporation) C:\windows\system32\wksprtPS.dll
2014-03-01 06:58 - 2013-10-02 02:29 - 00062976 _____ (Microsoft Corporation) C:\windows\system32\tsgqec.dll
2014-03-01 06:58 - 2013-10-02 01:15 - 01057280 _____ (Microsoft Corporation) C:\windows\system32\rdvidcrl.dll
2014-03-01 06:58 - 2013-10-02 01:14 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\MsRdpWebAccess.dll
2014-03-01 06:58 - 2013-10-02 01:14 - 00017920 _____ (Microsoft Corporation) C:\windows\SysWOW64\wksprtPS.dll
2014-03-01 06:58 - 2013-10-02 01:08 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe
2014-03-01 06:58 - 2013-10-02 01:01 - 00420864 _____ (Microsoft Corporation) C:\windows\system32\wksprt.exe
2014-03-01 06:58 - 2013-10-02 00:58 - 00053248 _____ (Microsoft Corporation) C:\windows\SysWOW64\tsgqec.dll
2014-03-01 06:58 - 2013-10-02 00:31 - 01147392 _____ (Microsoft Corporation) C:\windows\system32\mstsc.exe
2014-03-01 06:58 - 2013-10-02 00:08 - 00855552 _____ (Microsoft Corporation) C:\windows\SysWOW64\rdvidcrl.dll
2014-03-01 06:58 - 2013-10-01 23:34 - 01068544 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstsc.exe
2014-03-01 06:55 - 2013-09-25 03:23 - 01030144 _____ (Microsoft Corporation) C:\windows\system32\TSWorkspace.dll
2014-03-01 06:55 - 2013-09-25 02:57 - 00792576 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSWorkspace.dll
2014-02-28 13:06 - 2014-03-05 13:20 - 00000616 _____ () C:\windows\setupact.log
2014-02-28 13:06 - 2014-02-28 13:06 - 00023666 _____ () C:\windows\PFRO.log
2014-02-28 13:06 - 2014-02-28 13:06 - 00000000 _____ () C:\windows\setuperr.log
2014-02-27 13:15 - 2014-02-27 13:15 - 00009678 _____ () C:\Users\Bears\Documents\cc_20140227_131550.reg
2014-02-27 12:51 - 2014-02-27 12:51 - 00003116 _____ () C:\windows\System32\Tasks\{9986C780-BF52-417B-9C87-36F504F52919}
2014-02-27 12:49 - 2014-02-27 12:50 - 00000378 _____ () C:\windows\Tasks\APSnotifierCA.job
2014-02-27 12:49 - 2014-02-27 12:49 - 00003164 _____ () C:\windows\System32\Tasks\APSnotifierCA
2014-02-27 11:04 - 2014-03-05 16:34 - 00000282 _____ () C:\windows\Tasks\FF Watcher {229E15E0-45F2-4EEE-80C5-407282C3F3B2}.job
2014-02-27 11:04 - 2014-02-27 11:04 - 00003250 _____ () C:\windows\System32\Tasks\FF Watcher {229E15E0-45F2-4EEE-80C5-407282C3F3B2}
2014-02-27 11:03 - 2014-02-27 11:03 - 00000045 _____ () C:\user.js
2014-02-27 11:02 - 2014-02-27 11:02 - 00000000 ____D () C:\Users\Bears\Documents\PC Speed Maximizer
2014-02-27 10:56 - 2014-02-24 15:30 - 01122472 _____ (AnyProtect.com) C:\Users\Bears\AppData\Local\AnyProtectScannerSetup.exe
2014-02-27 10:06 - 2014-02-28 13:02 - 00000000 ____D () C:\Users\Bears\AppData\Roaming\SupTab
2014-02-27 10:06 - 2014-02-28 13:02 - 00000000 ____D () C:\Program Files (x86)\SupTab
2014-02-27 10:00 - 2014-02-27 12:53 - 00000000 ____D () C:\Users\Bears\AppData\Roaming\awesomehp
2014-02-27 09:56 - 2014-02-27 09:56 - 00000000 ____D () C:\Users\Bears\.android
2014-02-27 09:55 - 2014-02-27 10:06 - 00000000 ____D () C:\Users\Bears\AppData\Local\cache
2014-02-27 09:54 - 2014-02-28 13:02 - 00000000 ____D () C:\Users\Bears\AppData\Local\genienext
2014-02-27 09:53 - 2014-02-27 12:53 - 00000000 ____D () C:\Users\Bears\AppData\Local\Mobogenie
2014-02-27 09:53 - 2014-02-27 09:53 - 00000000 ____D () C:\Users\Bears\Documents\Mobogenie
2014-02-27 09:53 - 2014-02-27 09:53 - 00000000 _____ () C:\Users\Bears\daemonprocess.txt
2014-02-27 09:38 - 2014-02-27 09:38 - 00000000 _____ () C:\END
2014-02-27 06:31 - 2014-02-27 06:31 - 00000000 ____D () C:\Users\Bears\Downloads\Download.am
2014-02-26 12:38 - 2014-02-26 12:41 - 00000023 _____ () C:\Users\Bears\Documents\arbeitsspeicher.vbs.txt
2014-02-26 09:40 - 2014-02-26 09:40 - 00016062 _____ () C:\Users\Bears\Documents\cc_20140226_094031.reg
2014-02-26 09:31 - 2013-09-16 18:51 - 00447822 _____ () C:\windows\system32\Drivers\etc\hosts.20140226-093111.backup
2014-02-24 10:50 - 2014-02-24 10:51 - 00001089 _____ () C:\windows\wininit.ini
2014-02-24 09:47 - 2011-03-15 03:03 - 00083968 _____ (SEIKO EPSON CORPORATION) C:\windows\system32\E_ID4BHJE.DLL
2014-02-24 09:47 - 2007-04-10 01:06 - 00010752 _____ (SEIKO EPSON CORP.) C:\windows\system32\E_GCINST.DLL
2014-02-21 11:53 - 2014-02-27 13:12 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-02-19 21:19 - 2014-02-19 21:22 - 00000000 ____D () C:\Program Files\iTunes
2014-02-13 07:03 - 2013-12-21 10:53 - 00548864 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-02-13 07:03 - 2013-12-21 09:56 - 00454656 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-02-13 06:58 - 2014-02-06 12:30 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-02-13 06:58 - 2014-02-06 12:30 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-02-13 06:58 - 2014-02-06 11:57 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-02-13 06:58 - 2014-02-06 11:56 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-02-13 06:58 - 2014-02-06 11:52 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-02-13 06:58 - 2014-02-06 11:32 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-02-13 06:58 - 2014-02-06 11:20 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-02-13 06:58 - 2014-02-06 11:17 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-02-13 06:58 - 2014-02-06 10:57 - 00627200 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-02-13 06:58 - 2014-02-06 10:52 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-02-13 06:58 - 2014-02-06 10:49 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-02-13 06:58 - 2014-02-06 10:25 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-02-13 06:58 - 2014-02-06 10:13 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-02-13 06:57 - 2014-02-06 13:16 - 23170048 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-02-13 06:57 - 2014-02-06 12:12 - 02765824 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-02-13 06:57 - 2014-02-06 12:07 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-02-13 06:57 - 2014-02-06 12:06 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-02-13 06:57 - 2014-02-06 11:49 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-02-13 06:57 - 2014-02-06 11:48 - 00708608 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-02-13 06:57 - 2014-02-06 11:48 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-02-13 06:57 - 2014-02-06 11:38 - 17103872 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-02-13 06:57 - 2014-02-06 11:11 - 05768704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-02-13 06:57 - 2014-02-06 11:01 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-02-13 06:57 - 2014-02-06 11:00 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-02-13 06:57 - 2014-02-06 10:57 - 02168320 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-02-13 06:57 - 2014-02-06 10:52 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-02-13 06:57 - 2014-02-06 10:50 - 02041856 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-02-13 06:57 - 2014-02-06 10:47 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-02-13 06:57 - 2014-02-06 10:46 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-02-13 06:57 - 2014-02-06 10:25 - 04244480 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-02-13 06:57 - 2014-02-06 10:24 - 02334208 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-02-13 06:57 - 2014-02-06 10:22 - 13051392 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-02-13 06:57 - 2014-02-06 10:09 - 01964032 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-02-13 06:57 - 2014-02-06 10:03 - 11266048 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-02-13 06:57 - 2014-02-06 09:55 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-02-13 06:57 - 2014-02-06 09:41 - 01820160 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-02-13 06:57 - 2014-02-06 09:40 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-02-13 06:57 - 2014-02-06 09:36 - 01156096 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-02-13 06:57 - 2014-02-06 09:34 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-02-12 10:17 - 2014-01-01 00:05 - 00420008 _____ () C:\windows\SysWOW64\locale.nls
2014-02-12 10:17 - 2014-01-01 00:04 - 00420008 _____ () C:\windows\system32\locale.nls
2014-02-12 10:17 - 2013-12-25 00:09 - 01987584 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10warp.dll
2014-02-12 10:17 - 2013-12-24 23:48 - 02565120 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll
2014-02-12 10:17 - 2013-12-06 03:30 - 01882112 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2014-02-12 10:17 - 2013-12-06 03:30 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
2014-02-12 10:17 - 2013-12-06 03:02 - 01237504 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2014-02-12 10:17 - 2013-12-06 03:02 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll
2014-02-12 10:17 - 2013-12-04 03:27 - 00488448 _____ (Microsoft Corporation) C:\windows\system32\secproc.dll
2014-02-12 10:17 - 2013-12-04 03:27 - 00485888 _____ (Microsoft Corporation) C:\windows\system32\secproc_isv.dll
2014-02-12 10:17 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\windows\system32\secproc_ssp_isv.dll
2014-02-12 10:17 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\windows\system32\secproc_ssp.dll
2014-02-12 10:17 - 2013-12-04 03:26 - 00528384 _____ (Microsoft Corporation) C:\windows\system32\msdrm.dll
2014-02-12 10:17 - 2013-12-04 03:16 - 00658432 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_isv.exe
2014-02-12 10:17 - 2013-12-04 03:16 - 00626176 _____ (Microsoft Corporation) C:\windows\system32\RMActivate.exe
2014-02-12 10:17 - 2013-12-04 03:16 - 00553984 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_ssp.exe
2014-02-12 10:17 - 2013-12-04 03:16 - 00552960 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_ssp_isv.exe
2014-02-12 10:17 - 2013-12-04 03:03 - 00428032 _____ (Microsoft Corporation) C:\windows\SysWOW64\secproc.dll
2014-02-12 10:17 - 2013-12-04 03:03 - 00423936 _____ (Microsoft Corporation) C:\windows\SysWOW64\secproc_isv.dll
2014-02-12 10:17 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\windows\SysWOW64\secproc_ssp_isv.dll
2014-02-12 10:17 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\windows\SysWOW64\secproc_ssp.dll
2014-02-12 10:17 - 2013-12-04 03:02 - 00390144 _____ (Microsoft Corporation) C:\windows\SysWOW64\msdrm.dll
2014-02-12 10:17 - 2013-12-04 02:54 - 00594944 _____ (Microsoft Corporation) C:\windows\SysWOW64\RMActivate_isv.exe
2014-02-12 10:17 - 2013-12-04 02:54 - 00572416 _____ (Microsoft Corporation) C:\windows\SysWOW64\RMActivate.exe
2014-02-12 10:17 - 2013-12-04 02:54 - 00510976 _____ (Microsoft Corporation) C:\windows\SysWOW64\RMActivate_ssp.exe
2014-02-12 10:17 - 2013-12-04 02:54 - 00508928 _____ (Microsoft Corporation) C:\windows\SysWOW64\RMActivate_ssp_isv.exe
2014-02-12 10:17 - 2013-11-26 09:16 - 03419136 _____ (Microsoft Corporation) C:\windows\SysWOW64\d2d1.dll
2014-02-12 10:17 - 2013-11-22 23:48 - 03928064 _____ (Microsoft Corporation) C:\windows\system32\d2d1.dll
2014-02-10 07:24 - 2014-02-10 07:25 - 00000000 ____D () C:\Users\Bears\Downloads\Die.Eiskoenigin.Voellig.Unverfroren.2013.German.DVDSCR.MD.XviD-TOD

==================== One Month Modified Files and Folders =======

2014-03-05 16:42 - 2014-03-05 16:40 - 00019398 _____ () C:\Users\Bears\Downloads\FRST.txt
2014-03-05 16:42 - 2014-03-05 16:38 - 00030847 _____ () C:\Users\Bears\Downloads\Addition.txt
2014-03-05 16:42 - 2014-03-05 16:35 - 00000000 ____D () C:\FRST
2014-03-05 16:35 - 2009-07-14 05:45 - 00021072 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-05 16:35 - 2009-07-14 05:45 - 00021072 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-05 16:34 - 2014-02-27 11:04 - 00000282 _____ () C:\windows\Tasks\FF Watcher {229E15E0-45F2-4EEE-80C5-407282C3F3B2}.job
2014-03-05 16:31 - 2014-03-05 16:31 - 02157056 _____ (Farbar) C:\Users\Bears\Downloads\FRST64.exe
2014-03-05 16:27 - 2014-03-05 16:27 - 00000000 ____D () C:\Users\Bears\Documents\My Received Files
2014-03-05 16:27 - 2014-03-05 16:27 - 00000000 ____D () C:\Users\Bears\AppData\Roaming\MusicNet
2014-03-05 16:24 - 2014-03-05 16:24 - 00000000 ____D () C:\Program Files (x86)\Music Toolbar
2014-03-05 16:19 - 2012-02-20 18:08 - 00002387 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-05 16:19 - 2012-02-20 18:08 - 00001124 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-05 16:19 - 2012-02-20 08:47 - 00699682 _____ () C:\windows\system32\perfh007.dat
2014-03-05 16:19 - 2012-02-20 08:47 - 00149790 _____ () C:\windows\system32\perfc007.dat
2014-03-05 16:19 - 2009-07-14 06:13 - 01620684 _____ () C:\windows\system32\PerfStringBackup.INI
2014-03-05 16:18 - 2013-10-30 06:24 - 00000000 ____D () C:\Program Files (x86)\WinZipper
2014-03-05 16:18 - 2012-02-20 16:59 - 01773587 _____ () C:\windows\WindowsUpdate.log
2014-03-05 16:16 - 2012-02-20 17:57 - 01120632 _____ () C:\FaceProv.log
2014-03-05 16:16 - 2012-02-20 17:57 - 00000000 ____D () C:\ProgramData\VeriFace
2014-03-05 16:12 - 2013-07-31 18:20 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-03-05 13:22 - 2014-01-14 19:51 - 00000000 ____D () C:\Users\Bears\AppData\Local\download.am-data
2014-03-05 13:21 - 2012-02-20 18:10 - 00125651 _____ () C:\windows\system32\fastboot.set
2014-03-05 13:21 - 2012-02-20 18:08 - 00001120 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-05 13:20 - 2014-02-28 13:06 - 00000616 _____ () C:\windows\setupact.log
2014-03-05 13:20 - 2009-07-14 06:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-03-04 20:51 - 2009-07-14 06:32 - 00000000 ____D () C:\windows\system32\FxsTmp
2014-03-01 08:26 - 2013-08-30 08:34 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-03-01 08:25 - 2014-03-01 08:26 - 00001133 _____ () C:\Users\Public\Desktop\Opera.lnk
2014-02-28 13:38 - 2013-07-23 20:46 - 00000000 ___RD () C:\Users\Bears\Desktop\Sicherheit
2014-02-28 13:06 - 2014-02-28 13:06 - 00023666 _____ () C:\windows\PFRO.log
2014-02-28 13:06 - 2014-02-28 13:06 - 00000000 _____ () C:\windows\setuperr.log
2014-02-28 13:02 - 2014-02-27 10:06 - 00000000 ____D () C:\Users\Bears\AppData\Roaming\SupTab
2014-02-28 13:02 - 2014-02-27 10:06 - 00000000 ____D () C:\Program Files (x86)\SupTab
2014-02-28 13:02 - 2014-02-27 09:54 - 00000000 ____D () C:\Users\Bears\AppData\Local\genienext
2014-02-28 13:02 - 2013-11-22 13:41 - 00000000 ____D () C:\Users\Bears\AppData\Roaming\Surf_Canyon
2014-02-28 13:02 - 2013-10-30 06:24 - 00000000 ____D () C:\Users\Bears\AppData\Roaming\Omiga Plus
2014-02-27 13:24 - 2013-10-11 12:34 - 00000000 ____D () C:\Users\Bears\AppData\Local\CrashDumps
2014-02-27 13:15 - 2014-02-27 13:15 - 00009678 _____ () C:\Users\Bears\Documents\cc_20140227_131550.reg
2014-02-27 13:13 - 2013-07-23 20:43 - 00001425 _____ () C:\Users\Bears\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-02-27 13:12 - 2014-02-21 11:53 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-02-27 13:02 - 2013-07-23 20:43 - 00000000 ___RD () C:\Users\Bears\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-02-27 12:53 - 2014-02-27 10:00 - 00000000 ____D () C:\Users\Bears\AppData\Roaming\awesomehp
2014-02-27 12:53 - 2014-02-27 09:53 - 00000000 ____D () C:\Users\Bears\AppData\Local\Mobogenie
2014-02-27 12:52 - 2013-10-28 18:19 - 00002296 _____ () C:\Users\Bears\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-02-27 12:51 - 2014-02-27 12:51 - 00003116 _____ () C:\windows\System32\Tasks\{9986C780-BF52-417B-9C87-36F504F52919}
2014-02-27 12:50 - 2014-02-27 12:49 - 00000378 _____ () C:\windows\Tasks\APSnotifierCA.job
2014-02-27 12:49 - 2014-02-27 12:49 - 00003164 _____ () C:\windows\System32\Tasks\APSnotifierCA
2014-02-27 11:04 - 2014-02-27 11:04 - 00003250 _____ () C:\windows\System32\Tasks\FF Watcher {229E15E0-45F2-4EEE-80C5-407282C3F3B2}
2014-02-27 11:03 - 2014-02-27 11:03 - 00000045 _____ () C:\user.js
2014-02-27 11:02 - 2014-02-27 11:02 - 00000000 ____D () C:\Users\Bears\Documents\PC Speed Maximizer
2014-02-27 10:06 - 2014-02-27 09:55 - 00000000 ____D () C:\Users\Bears\AppData\Local\cache
2014-02-27 09:56 - 2014-02-27 09:56 - 00000000 ____D () C:\Users\Bears\.android
2014-02-27 09:56 - 2013-07-23 20:39 - 00000000 ____D () C:\Users\Bears
2014-02-27 09:53 - 2014-02-27 09:53 - 00000000 ____D () C:\Users\Bears\Documents\Mobogenie
2014-02-27 09:53 - 2014-02-27 09:53 - 00000000 _____ () C:\Users\Bears\daemonprocess.txt
2014-02-27 09:38 - 2014-02-27 09:38 - 00000000 _____ () C:\END
2014-02-27 06:31 - 2014-02-27 06:31 - 00000000 ____D () C:\Users\Bears\Downloads\Download.am
2014-02-26 13:17 - 2013-07-25 11:52 - 00000000 ____D () C:\Users\Bears\AppData\Local\Adobe
2014-02-26 12:41 - 2014-02-26 12:38 - 00000023 _____ () C:\Users\Bears\Documents\arbeitsspeicher.vbs.txt
2014-02-26 10:25 - 2013-07-23 20:51 - 00000000 ___RD () C:\Users\Bears\Desktop\Unterhaltung
2014-02-26 09:40 - 2014-02-26 09:40 - 00016062 _____ () C:\Users\Bears\Documents\cc_20140226_094031.reg
2014-02-24 15:30 - 2014-02-27 10:56 - 01122472 _____ (AnyProtect.com) C:\Users\Bears\AppData\Local\AnyProtectScannerSetup.exe
2014-02-24 10:51 - 2014-02-24 10:50 - 00001089 _____ () C:\windows\wininit.ini
2014-02-23 12:42 - 2013-07-31 18:20 - 00003822 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-02-23 12:40 - 2013-07-31 18:20 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-02-23 12:40 - 2013-07-31 18:20 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-21 11:53 - 2009-07-14 04:20 - 00000000 ___HD () C:\windows\system32\GroupPolicy
2014-02-21 11:53 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\SysWOW64\GroupPolicy
2014-02-19 21:22 - 2014-02-19 21:19 - 00000000 ____D () C:\Program Files\iTunes
2014-02-19 21:22 - 2013-09-24 14:57 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-02-19 21:22 - 2013-09-24 14:57 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-02-19 21:19 - 2013-09-24 14:57 - 00000000 ____D () C:\Program Files\iPod
2014-02-19 20:34 - 2013-09-17 13:37 - 00000000 ____D () C:\ProgramData\Apple
2014-02-17 13:35 - 2013-08-11 08:46 - 00000000 ____D () C:\windows\system32\MRT
2014-02-17 13:25 - 2013-08-02 11:18 - 88567024 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-02-14 07:14 - 2012-02-20 18:08 - 00004120 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-14 07:14 - 2012-02-20 18:08 - 00003868 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-13 07:20 - 2013-12-09 19:11 - 01594964 _____ () C:\windows\SysWOW64\PerfStringBackup.INI
2014-02-12 10:34 - 2012-02-20 17:44 - 00000000 ____D () C:\ProgramData\McAfee
2014-02-10 07:25 - 2014-02-10 07:24 - 00000000 ____D () C:\Users\Bears\Downloads\Die.Eiskoenigin.Voellig.Unverfroren.2013.German.DVDSCR.MD.XviD-TOD
2014-02-06 13:16 - 2014-02-13 06:57 - 23170048 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-02-06 12:30 - 2014-02-13 06:58 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-02-06 12:30 - 2014-02-13 06:58 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-02-06 12:12 - 2014-02-13 06:57 - 02765824 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-02-06 12:07 - 2014-02-13 06:57 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-02-06 12:06 - 2014-02-13 06:57 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-02-06 11:57 - 2014-02-13 06:58 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-02-06 11:56 - 2014-02-13 06:58 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-02-06 11:52 - 2014-02-13 06:58 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-02-06 11:49 - 2014-02-13 06:57 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-02-06 11:48 - 2014-02-13 06:57 - 00708608 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-02-06 11:48 - 2014-02-13 06:57 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-02-06 11:38 - 2014-02-13 06:57 - 17103872 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-02-06 11:32 - 2014-02-13 06:58 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-02-06 11:20 - 2014-02-13 06:58 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-02-06 11:17 - 2014-02-13 06:58 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-02-06 11:11 - 2014-02-13 06:57 - 05768704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-02-06 11:01 - 2014-02-13 06:57 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-02-06 11:00 - 2014-02-13 06:57 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-02-06 10:57 - 2014-02-13 06:58 - 00627200 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-02-06 10:57 - 2014-02-13 06:57 - 02168320 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-02-06 10:52 - 2014-02-13 06:58 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-02-06 10:52 - 2014-02-13 06:57 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-02-06 10:50 - 2014-02-13 06:57 - 02041856 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-02-06 10:49 - 2014-02-13 06:58 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-02-06 10:47 - 2014-02-13 06:57 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-02-06 10:46 - 2014-02-13 06:57 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-02-06 10:25 - 2014-02-13 06:58 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-02-06 10:25 - 2014-02-13 06:57 - 04244480 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-02-06 10:24 - 2014-02-13 06:57 - 02334208 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-02-06 10:22 - 2014-02-13 06:57 - 13051392 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-02-06 10:13 - 2014-02-13 06:58 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-02-06 10:09 - 2014-02-13 06:57 - 01964032 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-02-06 10:03 - 2014-02-13 06:57 - 11266048 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-02-06 09:55 - 2014-02-13 06:57 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-02-06 09:41 - 2014-02-13 06:57 - 01820160 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-02-06 09:40 - 2014-02-13 06:57 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-02-06 09:36 - 2014-02-13 06:57 - 01156096 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-02-06 09:34 - 2014-02-13 06:57 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-02-04 09:03 - 2009-07-14 06:08 - 00032640 _____ () C:\windows\Tasks\SCHEDLGU.TXT

Some content of TEMP:
====================
C:\Users\Bears\AppData\Local\Temp\pcspeedmaxsetup.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2011-02-22 12:19

==================== End Of Log ============================

--- --- ---

--- --- ---

FRST Additions Logfile:

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-03-2014
Ran by Bears at 2014-03-05 16:43:41
Running from C:\Users\Bears\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Norton Internet Security (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Disabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: Norton Internet Security (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

==================== Installed Programs ======================

Adobe Digital Editions 2.0 (HKLM-x32\...\Adobe Digital Editions 2.0) (Version: 2.0 - Adobe Systems Incorporated)
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.05) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.05 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)
AMD APP SDK Runtime (Version: 2.4.650.9 - Advanced Micro Devices Inc.) Hidden
AMD Fuel (Version: 2011.0810.604.8985 - Ihr Firmenname) Hidden
AMD Media Foundation Decoders (Version: 1.0.60810.0551 - ATI Technologies Inc.) Hidden
AMD VISION Engine Control Center (x32 Version: 2011.0810.604.8985 - Ihr Firmenname) Hidden
Apple Application Support (HKLM-x32\...\{21FC2093-6E43-460B-B9B0-5F5AA35BBB0F}) (Version: 3.0 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{FE86CB0C-FCB3-4358-B4B0-B0A41E33B3DD}) (Version: 7.1.0.32 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.33 - Atheros Communications Inc.)
ATI AVIVO64 Codecs (Version: 11.6.0.10810 - ATI Technologies Inc.) Hidden
ATI Catalyst Install Manager (HKLM\...\{42C76910-6CD4-EC68-FB78-0D3DE411AD63}) (Version: 3.0.829.0 - ATI Technologies, Inc.)
Benutzerhandbuch (x32 Version: 1.0.0.6 - Lenovo) Hidden
Bing-Desktop (HKLM-x32\...\{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}) (Version: 1.3.171.0 - Microsoft Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2011.0810.604.8985 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2011.0810.604.8985 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2011.0810.604.8985 - ATI) Hidden
Catalyst Control Center Profiles Mobile (x32 Version: 2011.0810.604.8985 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2011.0810.0603.8985 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2011.0810.0603.8985 - ATI) Hidden
CCC Help Czech (x32 Version: 2011.0810.0603.8985 - ATI) Hidden
CCC Help Danish (x32 Version: 2011.0810.0603.8985 - ATI) Hidden
CCC Help Dutch (x32 Version: 2011.0810.0603.8985 - ATI) Hidden
CCC Help English (x32 Version: 2011.0810.0603.8985 - ATI) Hidden
CCC Help Finnish (x32 Version: 2011.0810.0603.8985 - ATI) Hidden
CCC Help French (x32 Version: 2011.0810.0603.8985 - ATI) Hidden
CCC Help German (x32 Version: 2011.0810.0603.8985 - ATI) Hidden
CCC Help Greek (x32 Version: 2011.0810.0603.8985 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2011.0810.0603.8985 - ATI) Hidden
CCC Help Italian (x32 Version: 2011.0810.0603.8985 - ATI) Hidden
CCC Help Japanese (x32 Version: 2011.0810.0603.8985 - ATI) Hidden
CCC Help Korean (x32 Version: 2011.0810.0603.8985 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2011.0810.0603.8985 - ATI) Hidden
CCC Help Polish (x32 Version: 2011.0810.0603.8985 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2011.0810.0603.8985 - ATI) Hidden
CCC Help Russian (x32 Version: 2011.0810.0603.8985 - ATI) Hidden
CCC Help Spanish (x32 Version: 2011.0810.0603.8985 - ATI) Hidden
CCC Help Swedish (x32 Version: 2011.0810.0603.8985 - ATI) Hidden
CCC Help Thai (x32 Version: 2011.0810.0603.8985 - ATI) Hidden
CCC Help Turkish (x32 Version: 2011.0810.0603.8985 - ATI) Hidden
ccc-utility64 (Version: 2011.0810.604.8985 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.06 - Piriform)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.4.50 - Conexant)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Download.am (HKLM-x32\...\Download.am) (Version:  - )
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 6.0.2.0 - Lenovo)
Energy Management (x32 Version: 6.0.2.0 - Lenovo) Hidden
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON SX130 Series Printer Uninstall (HKLM\...\EPSON SX130 Series) (Version:  - SEIKO EPSON Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.146 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.4805.320 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
iTunes (HKLM\...\{96B53CA8-5ABB-49D8-96F1-F6C0D73A76C6}) (Version: 11.1.4.62 - Apple Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}) (Version: 13.10.1201.1 - Vimicro)
Lenovo EE Boot Optimizer (HKLM\...\Lenovo EE Boot Optimizer) (Version: 0.0.1.6 - Lenovo)
Lenovo Games Console (HKLM-x32\...\Lenovo Games Console) (Version: 1.2.6.436 - Oberon Media Inc.)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 7.0.1628 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 7.0.1628 - CyberLink Corp.) Hidden
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.3728 - CyberLink Corp.)
Lenovo YouCam (x32 Version: 3.1.3728 - CyberLink Corp.) Hidden
Lenovo_Wireless_Driver (HKLM-x32\...\{28ABE740-47F3-441B-9437-852F6A64EFF8}) (Version: 1.02.01 - Lenovo)
McAfee SiteAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.6.135 - McAfee, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Norton Internet Security (HKLM-x32\...\NIS) (Version: 20.4.0.40 - Symantec Corporation)
Opera Stable 19.0.1326.63 (HKLM-x32\...\Opera 19.0.1326.63) (Version: 19.0.1326.63 - Opera Software ASA)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.7303 - CyberLink Corp.)
PowerXpressHybrid (x32 Version: 1.00.0000 - ATI) Hidden
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Ravensburger tiptoi (HKLM-x32\...\Ravensburger tiptoi) (Version:  - )
Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 6.1.7600.10003 - Realtek Semiconductor Corp.)
Snap.Do (HKLM-x32\...\{9EA32328-5070-4EBC-A42D-460FD15E1424}) (Version: 1.138.1.12259 - ReSoft Ltd.) <==== ATTENTION
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.1.21 - Safer-Networking Ltd.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.1.12.0 - Synaptics Incorporated)
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.6 - Lenovo)
VeriFace (HKLM-x32\...\VeriFace) (Version: 4.0.0.1224 - Lenovo)
VLC media player 2.0.7 (HKLM\...\VLC media player) (Version: 2.0.7 - VideoLAN)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows-Treiberpaket - Lenovo (ACPIVPC) System  (12/02/2010 6.1.0.1) (HKLM\...\EA12B1FB53CE4E387C31A85236C41EF559B5E392) (Version: 12/02/2010 6.1.0.1 - Lenovo)
WinRAR 5.00 beta 7 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.7 - win.rar GmbH)
WinZipper (HKLM-x32\...\WinZipper) (Version: 1.4.8 - Taiwan Shui Mu Chih Ching Technology Limited.) <==== ATTENTION

==================== Restore Points  =========================

13-02-2014 14:58:18 Windows Update
17-02-2014 12:23:02 Windows Update
24-02-2014 08:48:12 Gerätetreiber-Paketinstallation: EPSON Drucker
27-02-2014 12:50:41 S
27-02-2014 12:59:16 S
01-03-2014 05:55:41 Windows Update
02-03-2014 05:12:34 Windows Update

==================== Hosts content: ==========================

2009-07-14 03:34 - 2013-09-16 18:51 - 00447822 ____N C:\windows\system32\Drivers\etc\hosts
127.0.0.1	www.007guard.com
127.0.0.1	007guard.com
127.0.0.1	008i.com
127.0.0.1	www.008k.com
127.0.0.1	008k.com
127.0.0.1	www.00hq.com
127.0.0.1	00hq.com
127.0.0.1	010402.com
127.0.0.1	www.032439.com
127.0.0.1	032439.com
127.0.0.1	www.0scan.com
127.0.0.1	0scan.com
127.0.0.1	1000gratisproben.com
127.0.0.1	www.1000gratisproben.com
127.0.0.1	1001namen.com
127.0.0.1	www.1001namen.com
127.0.0.1	100888290cs.com
127.0.0.1	www.100888290cs.com
127.0.0.1	www.100sexlinks.com
127.0.0.1	100sexlinks.com
127.0.0.1	10sek.com
127.0.0.1	www.10sek.com
127.0.0.1	www.1-2005-search.com
127.0.0.1	1-2005-search.com
127.0.0.1	123fporn.info
127.0.0.1	www.123fporn.info
127.0.0.1	123haustiereundmehr.com
127.0.0.1	www.123haustiereundmehr.com
127.0.0.1	123moviedownload.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

Task: {128628B2-1BC3-48E4-8BFF-664219D3F968} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {245CF997-ABC2-4B3D-8398-EDC9CAD04143} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\SymErr.exe [2013-06-04] (Symantec Corporation)
Task: {29D16331-2C2F-4500-9F3E-1F7B465B5864} - System32\Tasks\Browser Updater\Browser Updater => Rundll32.exe "C:\Program Files (x86)\Surf_Canyon\TBUpdater.dll",TBCheckForUpdate
Task: {3061847A-6752-4612-8115-98A21449B4ED} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\SymErr.exe [2013-06-04] (Symantec Corporation)
Task: {30AA31D6-4C32-46EB-A73F-C68C26FA5824} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2011-01-29] (CyberLink)
Task: {4275A705-4E24-445B-83A6-F17B4C1ED7E9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-02-20] (Google Inc.)
Task: {466A78EB-D757-4860-9959-BB756AC66A62} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\WSCStub.exe [2013-06-04] (Symantec Corporation)
Task: {61966F8D-4008-4F21-9608-9F821B0E2CFF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-09-19] (Piriform Ltd)
Task: {661587A3-D323-4310-B128-1E6A234F66A3} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-05-11] (Adobe Systems Incorporated)
Task: {67C94D98-EBD7-4322-93FD-244290623ACF} - System32\Tasks\APSnotifierCA => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe
Task: {6937F5AC-4539-43C5-A5A1-9ACBFA83BADF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-02-20] (Google Inc.)
Task: {703BE289-BDD7-41B4-9C10-558D29BDC134} - System32\Tasks\FF Watcher {229E15E0-45F2-4EEE-80C5-407282C3F3B2} => C:\Program Files\V-bates\PrefHelper.exe
Task: {786AFD2C-75AA-493E-B7F6-8F13837C0A5E} - System32\Tasks\Desk 365 RunAsStdUser => C:\Program Files (x86)\Desk 365\desk365.exe <==== ATTENTION
Task: {B33B5BF0-B424-4D26-903C-49D881272E80} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {B464ECCD-F301-4ABD-B852-1AD5BC9D7A7B} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-23] (Adobe Systems Incorporated)
Task: {BDFFE006-CD84-4654-A319-A13745D36ADF} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {C78A2B4D-8C0F-42F5-8B79-ADD7D4566241} - System32\Tasks\ProtectedSearch\Protected Search => C:\Program Files (x86)\Surf_Canyon\ProtectedSearch.exe <==== ATTENTION
Task: {E5769D52-567C-4642-BD19-C3AF3E3C42BA} - System32\Tasks\Omiga Plus RunAsStdUser => C:\Program Files (x86)\Omiga Plus\omigaplus.exe <==== ATTENTION
Task: {F8CAA2D3-76A1-462E-9AF3-A885D9F40B35} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\APSnotifierCA.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe
Task: C:\windows\Tasks\FF Watcher {229E15E0-45F2-4EEE-80C5-407282C3F3B2}.job => C:\Program Files\V-bates\PrefHelper.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2011-08-10 06:59 - 2011-08-10 06:59 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2008-12-20 04:20 - 2012-02-20 18:14 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\HookLib.dll
2008-12-20 04:20 - 2012-02-20 18:14 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\kbdhook.dll
2013-11-26 23:00 - 2013-11-26 23:00 - 00143872 _____ () C:\Program Files (x86)\Download.am\download.am.exe
2011-03-14 15:21 - 2011-03-14 15:21 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2011-08-10 07:02 - 2011-08-10 07:02 - 00243712 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2011-08-10 06:59 - 2011-08-10 06:59 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2012-02-20 17:57 - 2012-02-20 17:57 - 01508192 _____ () C:\windows\system32\IcnOvrly.dll
2013-10-30 06:24 - 2013-10-30 06:24 - 00612520 _____ () C:\Program Files (x86)\WinZipper\sqlite3.dll
2014-02-06 00:52 - 2014-02-06 00:52 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-06 00:52 - 2014-02-06 00:52 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-10-12 07:44 - 2012-05-30 07:51 - 00699280 ____R () C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\20.4.0.40\wincfi39.dll
2012-02-20 17:57 - 2012-02-20 17:57 - 00013664 _____ () C:\Program Files (x86)\Lenovo\VeriFace\ChooseLang.dll
2013-09-16 18:37 - 2013-05-16 09:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2013-09-16 18:37 - 2013-05-16 09:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2013-12-31 10:14 - 2013-12-31 10:14 - 00057856 _____ () C:\Users\Bears\AppData\Local\Temp\nss4EC0.tmp\~nsd7DA1.tmp
2014-03-05 16:19 - 2014-03-02 03:35 - 00051016 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\chrome_elf.dll
2014-03-05 16:19 - 2014-03-02 03:35 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\libglesv2.dll
2014-03-05 16:19 - 2014-03-02 03:35 - 00100168 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\libegl.dll
2014-03-05 16:19 - 2014-03-02 03:35 - 04061000 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\pdf.dll
2014-03-05 16:19 - 2014-03-02 03:35 - 00394568 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\ppGoogleNaClPluginChrome.dll
2014-03-05 16:19 - 2014-03-02 03:35 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\Temp:373E1720

==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/05/2014 01:21:59 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/04/2014 08:50:02 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/04/2014 01:07:47 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/03/2014 01:50:00 PM) (Source: Application Hang) (User: )
Description: Programm opera.exe, Version 19.0.1326.63 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: be8

Startzeit: 01cf36dbe3b13c24

Endzeit: 1199

Anwendungspfad: C:\Program Files (x86)\Opera\19.0.1326.63\opera.exe

Berichts-ID: 21c98e04-a2d2-11e3-b313-dc0ea183af74

Error: (03/03/2014 01:23:49 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/02/2014 01:47:15 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/02/2014 06:07:16 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/01/2014 09:11:45 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: Fuel.Service.exe, Version: 1.0.0.0, Zeitstempel: 0x4e425677
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521eaf24
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000004e4e4
ID des fehlerhaften Prozesses: 0x670
Startzeit der fehlerhaften Anwendung: 0xFuel.Service.exe0
Pfad der fehlerhaften Anwendung: Fuel.Service.exe1
Pfad des fehlerhaften Moduls: Fuel.Service.exe2
Berichtskennung: Fuel.Service.exe3

Error: (03/01/2014 08:13:21 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/01/2014 06:54:40 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (03/05/2014 04:25:19 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Datamngr Coordinator" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (03/05/2014 04:19:35 PM) (Source: cdrom) (User: )
Description: Das Gerät \Device\CdRom0 ist für den Zugriff noch nicht bereit.

Error: (03/05/2014 04:11:59 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst MMCSS erreicht.

Error: (03/05/2014 03:09:15 PM) (Source: Microsoft-Windows-Application-Experience) (User: NT-AUTORITÄT)
Description: Der Dienst "Programmkompatibilitäts-Assistent" konnte Phase 2 nicht initialisieren.

Error: (03/05/2014 01:25:01 PM) (Source: cdrom) (User: )
Description: Das Gerät \Device\CdRom0 ist für den Zugriff noch nicht bereit.

Error: (03/05/2014 01:22:29 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Spybot-S&D 2 Scanner Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (03/05/2014 01:22:29 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Spybot-S&D 2 Scanner Service erreicht.

Error: (03/05/2014 01:21:58 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Spybot-S&D 2 Updating Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (03/05/2014 01:21:58 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Spybot-S&D 2 Updating Service erreicht.

Error: (03/05/2014 01:21:26 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Spybot-S&D 2 Scanner Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053


Microsoft Office Sessions:
=========================
Error: (03/05/2014 01:21:59 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/04/2014 08:50:02 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/04/2014 01:07:47 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/03/2014 01:50:00 PM) (Source: Application Hang)(User: )
Description: opera.exe19.0.1326.63be801cf36dbe3b13c241199C:\Program Files (x86)\Opera\19.0.1326.63\opera.exe21c98e04-a2d2-11e3-b313-dc0ea183af74

Error: (03/03/2014 01:23:49 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/02/2014 01:47:15 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/02/2014 06:07:16 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/01/2014 09:11:45 PM) (Source: Application Error)(User: )
Description: Fuel.Service.exe1.0.0.04e425677ntdll.dll6.1.7601.18247521eaf24c0000005000000000004e4e467001cf35822a08257cC:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exeC:\windows\SYSTEM32\ntdll.dllb600296e-a17d-11e3-93ab-dc0ea183af74

Error: (03/01/2014 08:13:21 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/01/2014 06:54:40 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info =========================== 

Percentage of memory in use: 69%
Total physical RAM: 1642.9 MB
Available physical RAM: 499.91 MB
Total Pagefile: 4602.4 MB
Available Pagefile: 2914.5 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:254.14 GB) (Free:174.58 GB) NTFS
Drive d: (LENOVO) (Fixed) (Total:29 GB) (Free:0.57 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: FD22277B)

Partition: GPT Partition Type.

==================== End Of Log ============================

--- --- ---

M-K-D-B · 05.03.2014, 15:51

Servus,

du hast jede Menge an unerwünschte Software (Adware) auf dem Rechner. Wir kümmern uns darum und beginnen erst mal so:

Schritt 1
Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Schritt 2

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

Schritt 3
Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Schritt 4
Bitte lade dir zoek.exe von hier: http://hijackthis.nl/smeenk/

Bitte deaktiviere während des Scans alle Virenscanner, da sie das Ergebnis beeinflussen können.
Starte die zoek.exe mit einem Doppelklick.
Achtung: Das folgende Skript wurde nur für diesen speziellen Fall geschrieben und sollte nicht 1:1 auf andere Computer übernommen werden.
Kopiere den Text der folgenden Box in das Skriptfenster von zoek:
Code:
ATTFilter
```
FFdefaults;
CHRdefaults;
iedefaults;
emptyclsid;
autoclean;
         
```
Nun klicke auf "Run script" und sei geduldig bis das Skript durchgelaufen ist.
Wenn das Tool fertig ist, wird sich eine Logdatei öffnen (ggf. erst nach einem Neustart). Das Log befindet sich aber auch noch unter c:
Bitte poste mir das ZOEK-Log (möglichst in CODE-Tags - #-Symbol im Antwortfenster klicken)

Bitte poste mit deiner nächsten Antwort

die Logdatei von AdwCleaner,
die Logdatei von JRT,
die Logdatei von MBAM,
die Logdatei von Zoek.

mamabear · 05.03.2014, 19:01

AdwCleaner Logfile:

Code:

ATTFilter

# AdwCleaner v3.020 - Bericht erstellt am 05/03/2014 um 17:29:37
# Aktualisiert 27/02/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Bears - BEARS-PC
# Gestartet von : C:\Users\Bears\Downloads\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****

Dienst Gelöscht : winzipersvc

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\BitGuard
Ordner Gelöscht : C:\ProgramData\Browser Manager
Ordner Gelöscht : C:\ProgramData\BrowserProtect
Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZipper
Ordner Gelöscht : C:\Program Files (x86)\Music Toolbar
Ordner Gelöscht : C:\Program Files (x86)\Omiga Plus
Ordner Gelöscht : C:\Program Files (x86)\SupTab
Ordner Gelöscht : C:\Program Files (x86)\WinZipper
Ordner Gelöscht : C:\Users\Bears\AppData\Local\genienext
Ordner Gelöscht : C:\Users\Bears\AppData\Local\Mobogenie
Ordner Gelöscht : C:\Users\Bears\AppData\LocalLow\SimplyTech
Ordner Gelöscht : C:\Users\Bears\AppData\Roaming\337
Ordner Gelöscht : C:\Users\Bears\AppData\Roaming\awesomehp
Ordner Gelöscht : C:\Users\Bears\AppData\Roaming\Omiga Plus
Ordner Gelöscht : C:\Users\Bears\AppData\Roaming\SupTab
Ordner Gelöscht : C:\Users\Bears\AppData\Roaming\Surf_Canyon
Ordner Gelöscht : C:\Users\Bears\AppData\Roaming\WinZipper
Ordner Gelöscht : C:\Users\Bears\Documents\Mobogenie
Ordner Gelöscht : C:\Users\Bears\Documents\PC Speed Maximizer
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Users\Bears\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
Datei Gelöscht : C:\windows\System32\Tasks\Browser Updater
Datei Gelöscht : C:\windows\System32\Tasks\Desk 365 RunAsStdUser
Datei Gelöscht : C:\windows\System32\Tasks\Omiga Plus RunAsStdUser
Datei Gelöscht : C:\windows\System32\Tasks\ProtectedSearch

***** [ Verknüpfungen ] *****

Verknüpfung Desinfiziert : C:\Users\Public\Desktop\Google Chrome.lnk

***** [ Registrierungsdatenbank ] *****

Wert Gelöscht : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.bandobjectattribute
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.dockingpanel
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbarbandobject
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.smartbardisplaystate
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.smartbarmenuform
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iMesh.AudioCD
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\wtb.NotificationSource
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\wtb.NotificationSource.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\wtb.SourceSinkImpl
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\wtb.SourceSinkImpl.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsemngr.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsermngr.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bundlesweetimsetup.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cltmngsvc.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta babylon.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta tb.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta2.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltainstaller.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltasetup.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltatb.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltatb_2501-c733154b.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iminentsetup.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sweetimsetup.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tbdelta.exetoolbar783881609.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\omigaplussvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{3FC27B34-0C19-49DA-875E-1875DDD4A6B2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3BF72F68-72D8-461D-A884-329D936C5581}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{78E9D883-93CD-4072-BEF3-38EE581E2839}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{83AC1413-FCE4-4A46-9DD5-4F31F306E71F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A928E66C-F501-4E66-9953-855C712F93B2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A928E66C-F501-4E66-9953-855C712F93B2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B0E28FA0-DF07-44B6-95CE-48BE26DB9266}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E6B4EE8F-C38E-4994-BE28-229A3F92262C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FCA8936E-403A-4487-A966-70F80F1D5A6A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{C4C4F1F4-3074-4CB6-9FB8-0A64273166F0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{282B0E54-8981-49EB-9193-5910A1F6FD33}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4480AD00-E608-4D22-A592-751680DF3262}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4480AD00-E608-4D22-A592-751680DF3262}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{474597C5-AB09-49D6-A4D5-2E8D7341384E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{282B0E54-8981-49EB-9193-5910A1F6FD33}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7C3B01BC-53A5-48A0-A43B-0C67731134B9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0ABE0FED-50E7-4E42-A125-57C0A11DBCDE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{282B0E54-8981-49EB-9193-5910A1F6FD33}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CFD485F0-96BD-47CD-BB6D-CD7DDA95F102}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2001}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2001}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{8DA8B89E-0C65-403B-8231-AB22ECFA0687}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A928E66C-F501-4E66-9953-855C712F93B2}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{B0E28FA0-DF07-44B6-95CE-48BE26DB9266}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E6B4EE8F-C38E-4994-BE28-229A3F92262C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{FCA8936E-403A-4487-A966-70F80F1D5A6A}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Wert Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2001}
Schlüssel Gelöscht : HKCU\Software\Imesh
Schlüssel Gelöscht : HKCU\Software\Surf_Canyon
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\hdcode
Schlüssel Gelöscht : HKLM\Software\omigaplusSvc
Schlüssel Gelöscht : HKLM\Software\supTab
Schlüssel Gelöscht : HKLM\Software\supWPM
Schlüssel Gelöscht : HKLM\Software\winzipersvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\winzipper
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\DomaIQ
Daten Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~2\musict~1\datamngr\mgrldr.dll
Daten Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~2\musict~1\datamngr\x64\mgrldr.dll

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.16518

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [Search Bar]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [Search Page]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [(Default)]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

-\\ Google Chrome v33.0.1750.146

[ Datei : C:\Users\Bears\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [15039 octets] - [05/03/2014 17:28:06]
AdwCleaner[S0].txt - [12913 octets] - [05/03/2014 17:29:37]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [12974 octets] ##########

--- --- ---

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 7 Home Premium x64
Ran by Bears on 05.03.2014 at 17:56:36,05
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-1415361469-2693387662-4033486994-1002\Software\Microsoft\Internet Explorer\Main\\Start Page



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\Bears\appdata\local\{3362070C-383D-4553-B59A-3077224B44CB}
Successfully deleted: [Empty Folder] C:\Users\Bears\appdata\local\{38F5D75F-752B-46EE-9AF8-AB9E57FFB08C}
Successfully deleted: [Empty Folder] C:\Users\Bears\appdata\local\{6248A544-9603-406B-BDF6-35535678141D}



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 05.03.2014 at 18:14:50,23
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Code:

ATTFilter

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2014.03.05.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16518
Bears :: BEARS-PC [Administrator]

05.03.2014 18:28:11
mbam-log-2014-03-05 (18-28-11).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 212011
Laufzeit: 7 Minute(n), 40 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\$RECYCLE.BIN\S-1-5-21-1415361469-2693387662-4033486994-1002\$R0UAC9S.exe (PUP.Optional.Bandoo.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Code:

ATTFilter

Zoek.exe v5.0.0.0 Updated 02-March-2014
Tool run by Bears on 05.03.2014 at 18:45:34,69.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Bears\Downloads\zoek.exe [Scan all users] [Script inserted] 

==== System Restore Info ======================

05.03.2014 19:12:47 Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-1415361469-2693387662-4033486994-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32004B8A-44A9-43E7-84E9-808838809519} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Approved Extensions\{21EAF666-26B3-4a3c-ABD0-CA2F5A326744} deleted successfully
HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Approved Extensions\{21EAF666-26B3-4a3c-ABD0-CA2F5A326744} deleted successfully
HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Approved Extensions\{21EAF666-26B3-4a3c-ABD0-CA2F5A326744} deleted successfully

==== Deleting Services ======================


==== Deleting Files \ Folders ======================

C:\PROGRA~3\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} deleted
C:\PROGRA~3\OneKey Recovery deleted
C:\Users\Bears\daemonprocess.txt deleted
C:\Users\Bears\.android deleted
C:\PROGRA~2\GUT31A2.tmp deleted
C:\PROGRA~2\GUM3182.tmp deleted
C:\Program Files\Uninstaller deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\Bears\AppData\Local\cache deleted
C:\windows\SysNative\Tasks\Browser Updater deleted
C:\windows\wininit.ini deleted
C:\windows\SysNative\tasks\ProtectedSearch deleted
C:\windows\SysNative\tasks\APSnotifierCA deleted
C:\windows\tasks\APSnotifierCA.job deleted
C:\user.js deleted
C:\windows\Syswow64\RegistryHelperLM.ocx deleted
C:\Users\Bears\AppData\Local\AnyProtectScannerSetup.exe deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{BBDA0591-3099-440a-AA10-41764D9DB4DB}"="C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\IPSFF" [11.10.2013 12:16]

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
bmfahkhfjbaengbjmokfjcipjjcncncm - C:\Program Files (x86)\Surf_Canyon\chrome\Surf_Canyon.crx[]
fheoggkfdfchfphceeifdbepaooicaho - No path found[]
mkfokfffehpeedafpekjeddnmnjhmcmk - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\Exts\Chrome.crx[30.01.2014 18:24]
pelmeidfhdlhlbjimpabfcbnnojbboma - C:\Users\Bears\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv2.crx[]


==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://www.google.com"
"Default_Page_URL"="hxxp://www.google.com"
"Search Page"="hxxp://www.google.com"
"Default_Search_URL"="hxxp://www.google.com"
"Use Search Asst"="yes"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="hxxp://search.certified-toolbar.com?si=75087&tid=8679&ver=5.1&ts=1385123991366&tguid=75087-8679-1385123991366-5B53B2FADE3D86AA1C831F48F0A09F11&st=chrome&q="
"Search Bar"="hxxp://search.certified-toolbar.com?si=75087&tid=8679&ver=5.1&ts=1385123991366&tguid=75087-8679-1385123991366-5B53B2FADE3D86AA1C831F48F0A09F11&st=chrome&q="
"Search Page"="hxxp://search.certified-toolbar.com?si=75087&tid=8679&ver=5.1&ts=1385123991366&tguid=75087-8679-1385123991366-5B53B2FADE3D86AA1C831F48F0A09F11&st=chrome&q="
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="hxxp://search.certified-toolbar.com?si=75087&tid=8679&ver=5.1&ts=1385123991366&tguid=75087-8679-1385123991366-5B53B2FADE3D86AA1C831F48F0A09F11&st=chrome&q="
"Search Bar"="hxxp://search.certified-toolbar.com?si=75087&tid=8679&ver=5.1&ts=1385123991366&tguid=75087-8679-1385123991366-5B53B2FADE3D86AA1C831F48F0A09F11&st=chrome&q="
"Search Page"="hxxp://search.certified-toolbar.com?si=75087&tid=8679&ver=5.1&ts=1385123991366&tguid=75087-8679-1385123991366-5B53B2FADE3D86AA1C831F48F0A09F11&st=chrome&q="
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="hxxp://www.google.com"
"Default_Page_URL"="hxxp://www.google.com"
"Start Page"="hxxp://www.google.com"
"Search Page"="hxxp://www.google.com"
"Search Bar"="hxxp://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="hxxp://www.google.com"
"Default_Page_URL"="hxxp://www.google.com"
"Start Page"="hxxp://www.google.com"
"Search Page"="hxxp://www.google.com"
"Search Bar"="hxxp://www.google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchURI]
"(Default)"="hxxp://search.certified-toolbar.com?si=75087&st=bs&tid=8679&ver=5.1&ts=1385123991366&tguid=75087-8679-1385123991366-5B53B2FADE3D86AA1C831F48F0A09F11&q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchURI]
"(Default)"="hxxp://search.certified-toolbar.com?si=75087&st=bs&tid=8679&ver=5.1&ts=1385123991366&tguid=75087-8679-1385123991366-5B53B2FADE3D86AA1C831F48F0A09F11&q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="hxxp://search.certified-toolbar.com?si=75087&st=bs&tid=8679&ver=5.1&ts=1385123991366&tguid=75087-8679-1385123991366-5B53B2FADE3D86AA1C831F48F0A09F11&q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\SearchURI]
"(Default)"="hxxp://search.certified-toolbar.com?si=75087&st=bs&tid=8679&ver=5.1&ts=1385123991366&tguid=75087-8679-1385123991366-5B53B2FADE3D86AA1C831F48F0A09F11&q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="hxxp://search.certified-toolbar.com?si=75087&st=bs&tid=8679&ver=5.1&ts=1385123991366&tguid=75087-8679-1385123991366-5B53B2FADE3D86AA1C831F48F0A09F11&q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\SearchURI]
"(Default)"="hxxp://search.certified-toolbar.com?si=75087&st=bs&tid=8679&ver=5.1&ts=1385123991366&tguid=75087-8679-1385123991366-5B53B2FADE3D86AA1C831F48F0A09F11&q=%s"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"Default"="hxxp://www.google.com"
"(Default)"="hxxp://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl]
"Default"="hxxp://www.google.com"
"(Default)"="hxxp://www.google.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURI]
"(Default)"=""
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
@="hxxp://www.google.com/search?q=%s"
"Default"="hxxp://www.google.com"
"(Default)"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="hxxp://search.certified-toolbar.com?si=75087&tid=8679&ver=5.1&ts=1385123991366&tguid=75087-8679-1385123991366-5B53B2FADE3D86AA1C831F48F0A09F11&st=chrome&q="
"Search Bar"="hxxp://search.certified-toolbar.com?si=75087&tid=8679&ver=5.1&ts=1385123991366&tguid=75087-8679-1385123991366-5B53B2FADE3D86AA1C831F48F0A09F11&st=chrome&q="
"Search Page"="hxxp://search.certified-toolbar.com?si=75087&tid=8679&ver=5.1&ts=1385123991366&tguid=75087-8679-1385123991366-5B53B2FADE3D86AA1C831F48F0A09F11&st=chrome&q="
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="hxxp://search.certified-toolbar.com?si=75087&tid=8679&ver=5.1&ts=1385123991366&tguid=75087-8679-1385123991366-5B53B2FADE3D86AA1C831F48F0A09F11&st=chrome&q="
"Search Bar"="hxxp://search.certified-toolbar.com?si=75087&tid=8679&ver=5.1&ts=1385123991366&tguid=75087-8679-1385123991366-5B53B2FADE3D86AA1C831F48F0A09F11&st=chrome&q="
"Search Page"="hxxp://search.certified-toolbar.com?si=75087&tid=8679&ver=5.1&ts=1385123991366&tguid=75087-8679-1385123991366-5B53B2FADE3D86AA1C831F48F0A09F11&st=chrome&q="
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"CustomizeSearch"="hxxp://www.google.com"
"SearchAssistant"="hxxp://www.google.com"
"Default_Search_URL"="hxxp://www.google.com/"
"Search Bar"="hxxp://www.google.com"
"Search Page"="hxxp://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Search]
"CustomizeSearch"="hxxp://www.google.com"
"SearchAssistant"="hxxp://www.google.com"
"Default_Search_URL"="hxxp://www.google.com/"
"Search Bar"="hxxp://www.google.com"
"Search Page"="hxxp://www.google.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant"="hxxp://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Search_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="hxxp://www.google.com"
"Use Search Asst"="no"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchURI]
"(Default)"="hxxp://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchURI]
"(Default)"="hxxp://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="hxxp://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\SearchURI]
"(Default)"="hxxp://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="hxxp://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\SearchURI]
"(Default)"="hxxp://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="hxxp://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="hxxp://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURI]
"(Default)"="hxxp://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="hxxp://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"CustomizeSearch"="hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm"
"SearchAssistant"="hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"CustomizeSearch"="hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm"
"SearchAssistant"="hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant"="hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google  Url="hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Reset Google Chrome ======================

C:\Users\Bears\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Bears\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\bmfahkhfjbaengbjmokfjcipjjcncncm deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\fheoggkfdfchfphceeifdbepaooicaho deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9EA32328-5070-4EBC-A42D-460FD15E1424} deleted successfully
HKEY_CURRENT_USER\Software\Microsoft\Installer\Products\82323AE90705CBE44AD264F01DE54142 deleted successfully

==== Empty IE Cache ======================

C:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Bears\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Bears\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\Bears\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=85 folders=16 109136481 bytes)

==== Empty Temp Folders ======================

C:\Users\Bears\AppData\Local\Temp will be emptied at reboot
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\windows\Temp successfully emptied
C:\Users\Bears\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on 05.03.2014 at 19:46:25,43 ======================

M-K-D-B · 06.03.2014, 16:08

Servus,

Wir spüren die letzten Reste auf, damit wir sie später entfernen können:

Schritt 1
Kontrollscan mit FRST
Führe wie zuvor beschrieben einen Scan mit FRST aus.
Setze dazu einen Haken bei Addition.txt rechts unten und klicke auf Scan.
Es werden zwei Logdateien erzeugt. Poste mir diese.

Schritt 2
Lade dir die passende Version von SystemLook vom folgenden Spiegel herunter und speichere das Tool auf dem Desktop:
SystemLook (32 bit) | SystemLook (64 bit)

Doppelklicke auf die SystemLook.exe, um das Tool zu starten.

Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:

Code:

ATTFilter

:filefind
*WinZipper*
*Music Toolbar*
*Mobogenie*
*awesomehp*
*Surf_Canyon*

:folderfind
*WinZipper*
*Music Toolbar*
*Mobogenie*
*awesomehp*
*Surf_Canyon*

:regfind
WinZipper
Music Toolbar
Mobogenie
awesomehp
Surf_Canyon

Klicke nun auf den Button Look, um den Scan zu starten.
Der Suchlauf kann einige Zeit dauern.
Wenn der Suchlauf beendet ist, wird sich dein Editor mit den Ergebnissen öffnen, poste diese in deinen Thread.
Die Ergebnisse werden auch auf dem Desktop als SystemLook.txt gespeichert.

Gibt es noch Probleme mit Malware? Wenn ja, welche?
Wie läuft der Rechner derzeit?

Bitte poste mit deiner nächsten Antwort

die zwei Logdateien von FRST,
die Logdatei von SystemLook,
die Beantwortung der gestellten Fragen.

mamabear · 08.03.2014, 20:20

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-03-2014 01
Ran by Bears at 2014-03-08 21:16:10
Running from C:\Users\Bears\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Norton Internet Security (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Disabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: Norton Internet Security (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

==================== Installed Programs ======================

Adobe Digital Editions 2.0 (HKLM-x32\...\Adobe Digital Editions 2.0) (Version: 2.0 - Adobe Systems Incorporated)
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.05) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.05 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)
AMD APP SDK Runtime (Version: 2.4.650.9 - Advanced Micro Devices Inc.) Hidden
AMD Fuel (Version: 2011.0810.604.8985 - Ihr Firmenname) Hidden
AMD Media Foundation Decoders (Version: 1.0.60810.0551 - ATI Technologies Inc.) Hidden
AMD VISION Engine Control Center (x32 Version: 2011.0810.604.8985 - Ihr Firmenname) Hidden
Apple Application Support (HKLM-x32\...\{21FC2093-6E43-460B-B9B0-5F5AA35BBB0F}) (Version: 3.0 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{FE86CB0C-FCB3-4358-B4B0-B0A41E33B3DD}) (Version: 7.1.0.32 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.33 - Atheros Communications Inc.)
ATI AVIVO64 Codecs (Version: 11.6.0.10810 - ATI Technologies Inc.) Hidden
ATI Catalyst Install Manager (HKLM\...\{42C76910-6CD4-EC68-FB78-0D3DE411AD63}) (Version: 3.0.829.0 - ATI Technologies, Inc.)
Benutzerhandbuch (x32 Version: 1.0.0.6 - Lenovo) Hidden
Bing-Desktop (HKLM-x32\...\{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}) (Version: 1.3.171.0 - Microsoft Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2011.0810.604.8985 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2011.0810.604.8985 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2011.0810.604.8985 - ATI) Hidden
Catalyst Control Center Profiles Mobile (x32 Version: 2011.0810.604.8985 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2011.0810.0603.8985 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2011.0810.0603.8985 - ATI) Hidden
CCC Help Czech (x32 Version: 2011.0810.0603.8985 - ATI) Hidden
CCC Help Danish (x32 Version: 2011.0810.0603.8985 - ATI) Hidden
CCC Help Dutch (x32 Version: 2011.0810.0603.8985 - ATI) Hidden
CCC Help English (x32 Version: 2011.0810.0603.8985 - ATI) Hidden
CCC Help Finnish (x32 Version: 2011.0810.0603.8985 - ATI) Hidden
CCC Help French (x32 Version: 2011.0810.0603.8985 - ATI) Hidden
CCC Help German (x32 Version: 2011.0810.0603.8985 - ATI) Hidden
CCC Help Greek (x32 Version: 2011.0810.0603.8985 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2011.0810.0603.8985 - ATI) Hidden
CCC Help Italian (x32 Version: 2011.0810.0603.8985 - ATI) Hidden
CCC Help Japanese (x32 Version: 2011.0810.0603.8985 - ATI) Hidden
CCC Help Korean (x32 Version: 2011.0810.0603.8985 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2011.0810.0603.8985 - ATI) Hidden
CCC Help Polish (x32 Version: 2011.0810.0603.8985 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2011.0810.0603.8985 - ATI) Hidden
CCC Help Russian (x32 Version: 2011.0810.0603.8985 - ATI) Hidden
CCC Help Spanish (x32 Version: 2011.0810.0603.8985 - ATI) Hidden
CCC Help Swedish (x32 Version: 2011.0810.0603.8985 - ATI) Hidden
CCC Help Thai (x32 Version: 2011.0810.0603.8985 - ATI) Hidden
CCC Help Turkish (x32 Version: 2011.0810.0603.8985 - ATI) Hidden
ccc-utility64 (Version: 2011.0810.604.8985 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.06 - Piriform)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.4.50 - Conexant)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Download.am (HKLM-x32\...\Download.am) (Version:  - )
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 6.0.2.0 - Lenovo)
Energy Management (x32 Version: 6.0.2.0 - Lenovo) Hidden
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON SX130 Series Printer Uninstall (HKLM\...\EPSON SX130 Series) (Version:  - SEIKO EPSON Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.146 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.4805.320 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
iTunes (HKLM\...\{96B53CA8-5ABB-49D8-96F1-F6C0D73A76C6}) (Version: 11.1.4.62 - Apple Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}) (Version: 13.10.1201.1 - Vimicro)
Lenovo EE Boot Optimizer (HKLM\...\Lenovo EE Boot Optimizer) (Version: 0.0.1.6 - Lenovo)
Lenovo Games Console (HKLM-x32\...\Lenovo Games Console) (Version: 1.2.6.436 - Oberon Media Inc.)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 7.0.1628 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 7.0.1628 - CyberLink Corp.) Hidden
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.3728 - CyberLink Corp.)
Lenovo YouCam (x32 Version: 3.1.3728 - CyberLink Corp.) Hidden
Lenovo_Wireless_Driver (HKLM-x32\...\{28ABE740-47F3-441B-9437-852F6A64EFF8}) (Version: 1.02.01 - Lenovo)
Malwarebytes Anti-Malware Version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
McAfee SiteAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.6.135 - McAfee, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Norton Internet Security (HKLM-x32\...\NIS) (Version: 20.4.0.40 - Symantec Corporation)
Opera Stable 20.0.1387.64 (HKLM-x32\...\Opera 20.0.1387.64) (Version: 20.0.1387.64 - Opera Software ASA)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.7303 - CyberLink Corp.)
PowerXpressHybrid (x32 Version: 1.00.0000 - ATI) Hidden
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Ravensburger tiptoi (HKLM-x32\...\Ravensburger tiptoi) (Version:  - )
Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 6.1.7600.10003 - Realtek Semiconductor Corp.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.1.21 - Safer-Networking Ltd.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.1.12.0 - Synaptics Incorporated)
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.6 - Lenovo)
VeriFace (HKLM-x32\...\VeriFace) (Version: 4.0.0.1224 - Lenovo)
VLC media player 2.0.7 (HKLM\...\VLC media player) (Version: 2.0.7 - VideoLAN)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows-Treiberpaket - Lenovo (ACPIVPC) System  (12/02/2010 6.1.0.1) (HKLM\...\EA12B1FB53CE4E387C31A85236C41EF559B5E392) (Version: 12/02/2010 6.1.0.1 - Lenovo)
WinRAR 5.00 beta 7 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.7 - win.rar GmbH)

==================== Restore Points  =========================

17-02-2014 12:23:02 Windows Update
24-02-2014 08:48:12 Gerätetreiber-Paketinstallation: EPSON Drucker
27-02-2014 12:50:41 S
27-02-2014 12:59:16 S
01-03-2014 05:55:41 Windows Update
02-03-2014 05:12:34 Windows Update
05-03-2014 18:12:05 zoek.exe restore point

==================== Hosts content: ==========================

2009-07-14 03:34 - 2013-09-16 18:51 - 00447822 ____N C:\windows\system32\Drivers\etc\hosts
127.0.0.1	www.007guard.com
127.0.0.1	007guard.com
127.0.0.1	008i.com
127.0.0.1	www.008k.com
127.0.0.1	008k.com
127.0.0.1	www.00hq.com
127.0.0.1	00hq.com
127.0.0.1	010402.com
127.0.0.1	www.032439.com
127.0.0.1	032439.com
127.0.0.1	www.0scan.com
127.0.0.1	0scan.com
127.0.0.1	1000gratisproben.com
127.0.0.1	www.1000gratisproben.com
127.0.0.1	1001namen.com
127.0.0.1	www.1001namen.com
127.0.0.1	100888290cs.com
127.0.0.1	www.100888290cs.com
127.0.0.1	www.100sexlinks.com
127.0.0.1	100sexlinks.com
127.0.0.1	10sek.com
127.0.0.1	www.10sek.com
127.0.0.1	www.1-2005-search.com
127.0.0.1	1-2005-search.com
127.0.0.1	123fporn.info
127.0.0.1	www.123fporn.info
127.0.0.1	123haustiereundmehr.com
127.0.0.1	www.123haustiereundmehr.com
127.0.0.1	123moviedownload.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

Task: {128628B2-1BC3-48E4-8BFF-664219D3F968} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {245CF997-ABC2-4B3D-8398-EDC9CAD04143} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\SymErr.exe [2013-06-04] (Symantec Corporation)
Task: {29D16331-2C2F-4500-9F3E-1F7B465B5864} - \Browser Updater\Browser Updater No Task File
Task: {3061847A-6752-4612-8115-98A21449B4ED} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\SymErr.exe [2013-06-04] (Symantec Corporation)
Task: {30AA31D6-4C32-46EB-A73F-C68C26FA5824} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2011-01-29] (CyberLink)
Task: {4275A705-4E24-445B-83A6-F17B4C1ED7E9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-02-20] (Google Inc.)
Task: {466A78EB-D757-4860-9959-BB756AC66A62} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\WSCStub.exe [2013-06-04] (Symantec Corporation)
Task: {61966F8D-4008-4F21-9608-9F821B0E2CFF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-09-19] (Piriform Ltd)
Task: {661587A3-D323-4310-B128-1E6A234F66A3} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-05-11] (Adobe Systems Incorporated)
Task: {6937F5AC-4539-43C5-A5A1-9ACBFA83BADF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-02-20] (Google Inc.)
Task: {703BE289-BDD7-41B4-9C10-558D29BDC134} - System32\Tasks\FF Watcher {229E15E0-45F2-4EEE-80C5-407282C3F3B2} => C:\Program Files\V-bates\PrefHelper.exe
Task: {786AFD2C-75AA-493E-B7F6-8F13837C0A5E} - \Desk 365 RunAsStdUser No Task File
Task: {B33B5BF0-B424-4D26-903C-49D881272E80} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {B464ECCD-F301-4ABD-B852-1AD5BC9D7A7B} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-23] (Adobe Systems Incorporated)
Task: {BDFFE006-CD84-4654-A319-A13745D36ADF} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {C78A2B4D-8C0F-42F5-8B79-ADD7D4566241} - \ProtectedSearch\Protected Search No Task File
Task: {E5769D52-567C-4642-BD19-C3AF3E3C42BA} - \Omiga Plus RunAsStdUser No Task File
Task: {F8CAA2D3-76A1-462E-9AF3-A885D9F40B35} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\FF Watcher {229E15E0-45F2-4EEE-80C5-407282C3F3B2}.job => C:\Program Files\V-bates\PrefHelper.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2011-08-10 06:59 - 2011-08-10 06:59 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2012-02-20 17:57 - 2012-02-20 17:57 - 01508192 _____ () C:\windows\system32\IcnOvrly.dll
2008-12-20 04:20 - 2012-02-20 18:14 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\HookLib.dll
2008-12-20 04:20 - 2012-02-20 18:14 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\kbdhook.dll
2013-11-26 23:00 - 2013-11-26 23:00 - 00143872 _____ () C:\Program Files (x86)\Download.am\download.am.exe
2011-03-14 15:21 - 2011-03-14 15:21 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2011-08-10 06:59 - 2011-08-10 06:59 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2011-08-10 07:02 - 2011-08-10 07:02 - 00243712 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2014-02-06 00:52 - 2014-02-06 00:52 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-06 00:52 - 2014-02-06 00:52 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-02-20 17:57 - 2012-02-20 17:57 - 00013664 _____ () C:\Program Files (x86)\Lenovo\VeriFace\ChooseLang.dll
2013-09-16 18:37 - 2013-05-16 09:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2013-09-16 18:37 - 2013-05-16 09:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2013-10-12 07:44 - 2012-05-30 07:51 - 00699280 ____R () C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\20.4.0.40\wincfi39.dll
2014-03-05 16:19 - 2014-03-02 03:35 - 00051016 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\chrome_elf.dll
2014-03-05 16:19 - 2014-03-02 03:35 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\libglesv2.dll
2014-03-05 16:19 - 2014-03-02 03:35 - 00100168 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\libegl.dll
2014-03-05 16:19 - 2014-03-02 03:35 - 04061000 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\pdf.dll
2014-03-05 16:19 - 2014-03-02 03:35 - 00394568 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\ppGoogleNaClPluginChrome.dll
2014-03-05 16:19 - 2014-03-02 03:35 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\ffmpegsumo.dll
2014-03-05 16:19 - 2014-03-02 03:35 - 13632840 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\PepperFlash\pepflashplayer.dll
2013-09-16 18:37 - 2013-05-16 09:55 - 00161112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\Temp:373E1720

==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/08/2014 07:14:55 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/06/2014 01:09:42 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/05/2014 09:00:57 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: Fuel.Service.exe, Version: 1.0.0.0, Zeitstempel: 0x4e425677
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521eaf24
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000004e4e4
ID des fehlerhaften Prozesses: 0x638
Startzeit der fehlerhaften Anwendung: 0xFuel.Service.exe0
Pfad der fehlerhaften Anwendung: Fuel.Service.exe1
Pfad des fehlerhaften Moduls: Fuel.Service.exe2
Berichtskennung: Fuel.Service.exe3

Error: (03/05/2014 07:45:30 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/05/2014 06:40:02 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (03/08/2014 09:11:58 PM) (Source: cdrom) (User: )
Description: Das Gerät \Device\CdRom0 ist für den Zugriff noch nicht bereit.

Error: (03/08/2014 09:11:58 PM) (Source: cdrom) (User: )
Description: Das Gerät \Device\CdRom0 ist für den Zugriff noch nicht bereit.

Error: (03/08/2014 09:11:58 PM) (Source: cdrom) (User: )
Description: Das Gerät \Device\CdRom0 ist für den Zugriff noch nicht bereit.

Error: (03/08/2014 09:11:58 PM) (Source: cdrom) (User: )
Description: Das Gerät \Device\CdRom0 ist für den Zugriff noch nicht bereit.

Error: (03/08/2014 09:11:58 PM) (Source: cdrom) (User: )
Description: Das Gerät \Device\CdRom0 ist für den Zugriff noch nicht bereit.

Error: (03/08/2014 09:11:58 PM) (Source: cdrom) (User: )
Description: Das Gerät \Device\CdRom0 ist für den Zugriff noch nicht bereit.

Error: (03/08/2014 09:11:58 PM) (Source: cdrom) (User: )
Description: Das Gerät \Device\CdRom0 ist für den Zugriff noch nicht bereit.

Error: (03/08/2014 07:17:46 PM) (Source: cdrom) (User: )
Description: Das Gerät \Device\CdRom0 ist für den Zugriff noch nicht bereit.

Error: (03/08/2014 07:15:28 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Spybot-S&D 2 Scanner Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (03/08/2014 07:15:28 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Spybot-S&D 2 Scanner Service erreicht.


Microsoft Office Sessions:
=========================
Error: (03/08/2014 07:14:55 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/06/2014 01:09:42 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/05/2014 09:00:57 PM) (Source: Application Error)(User: )
Description: Fuel.Service.exe1.0.0.04e425677ntdll.dll6.1.7601.18247521eaf24c0000005000000000004e4e463801cf38a2eef0e38fC:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exeC:\windows\SYSTEM32\ntdll.dlldd3540ef-a4a0-11e3-94c1-dc0ea183af74

Error: (03/05/2014 07:45:30 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/05/2014 06:40:02 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info =========================== 

Percentage of memory in use: 90%
Total physical RAM: 1642.9 MB
Available physical RAM: 156.6 MB
Total Pagefile: 3285.8 MB
Available Pagefile: 515.41 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:254.14 GB) (Free:176.43 GB) NTFS
Drive d: (LENOVO) (Fixed) (Total:29 GB) (Free:0.57 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: FD22277B)

Partition: GPT Partition Type.

==================== End Of Log ============================

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-03-2014 01
Ran by Bears (administrator) on BEARS-PC on 08-03-2014 21:12:41
Running from C:\Users\Bears\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(AMD) C:\windows\system32\atiesrxx.exe
(AMD) C:\windows\system32\atieclxx.exe
(Microsoft Corporation) C:\windows\system32\WLANExt.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIHJE.EXE
(Vimicro) C:\Program Files (x86)\USB Camera\VM331_STI.EXE
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(Lenovo) C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
() C:\Program Files (x86)\Download.am\download.am.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler64.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2294568 2010-09-03] (Synaptics Incorporated)
HKLM\...\Run: [Lenovo EE Boot Optimizer] - C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe [114688 2012-02-20] (Lenovo)
HKLM\...\Run: [Energy Management] - C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [9753024 2012-02-20] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] - C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [5908928 2012-02-20] (Lenovo(beijing) Limited)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-08-10] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [331BigDog] - C:\Program Files (x86)\USB Camera\VM331_STI.EXE [536576 2010-01-15] (Vimicro)
HKLM-x32\...\Run: [UpdateP2GShortCut] - C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2010-07-26] (CyberLink Corp.)
HKLM-x32\...\Run: [YouCam Mirage] - C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2011-01-29] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] - C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe [228448 2011-01-29] (CyberLink Corp.)
HKLM-x32\...\Run: [VeriFaceManager] - C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe [329056 2012-02-20] (Lenovo)
HKLM-x32\...\Run: [UpdatePRCShortCut] - C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKLM-x32\...\Run: [SDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-06] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [Download.am] - C:\Program Files (x86)\Download.am\download.am.exe [143872 2013-11-26] ()
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-06] (Apple Inc.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-1415361469-2693387662-4033486994-1002\...\Run: [EPLTarget\P0000000000000000] - C:\windows\system32\spool\DRIVERS\x64\3\E_IATIHJE.EXE [283232 2012-02-29] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1415361469-2693387662-4033486994-1002\...\RunOnce: [Application Restart #1] - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [859464 2014-03-02] (Google Inc.)
HKU\S-1-5-21-1415361469-2693387662-4033486994-1002\...\MountPoints2: {9f00e14f-358b-11e3-ab2d-dc0ea183af74} - E:\Startme.exe
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\rjatydimofu.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

Chrome: 
=======
CHR Extension: (Google Docs) - C:\Users\Bears\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-05]
CHR Extension: (Google Drive) - C:\Users\Bears\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-05]
CHR Extension: (YouTube) - C:\Users\Bears\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-05]
CHR Extension: (Google-Suche) - C:\Users\Bears\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-05]
CHR Extension: (Google Wallet) - C:\Users\Bears\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Google Mail) - C:\Users\Bears\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-05]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\Exts\Chrome.crx [2014-02-02]

==================== Services (Whitelisted) =================

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [365568 2011-08-10] (Advanced Micro Devices, Inc.)
R2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173192 2013-06-20] (Microsoft Corp.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [123384 2014-01-22] (McAfee, Inc.)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation)
S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.)

==================== Drivers (Whitelisted) ====================

R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\BASHDefs\20140214.001\BHDrvx64.sys [1526488 2013-12-18] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1404000.028\ccSetx64.sys [169048 2013-04-16] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2014-02-24] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-11-21] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\IPSDefs\20140307.001\IDSvia64.sys [524504 2014-03-06] (Symantec Corporation)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20140307.023\ENG64.SYS [126040 2014-02-24] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20140307.023\EX64.SYS [2099288 2014-02-24] (Symantec Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1404000.028\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1404000.028\SRTSPX64.SYS [36952 2013-03-05] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1404000.028\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1404000.028\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-10-12] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1404000.028\Ironx64.SYS [224416 2013-03-05] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1404000.028\SYMNETS.SYS [433752 2013-04-25] (Symantec Corporation)
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [228224 2010-10-21] (Vimicro Corporation)
R3 vmuvcflt; C:\Windows\System32\Drivers\vmuvcflt.sys [8320 2010-08-16] (Vimicro Corporation)
U3 BcmSqlStartupSvc; 
U2 CLKMSVC10_3A60B698; 
U2 CLKMSVC10_C3B3B687; 
U2 DriverService; 
U2 IAStorDataMgrSvc; 
U2 iATAgentService; 
U2 idealife Update Service; 
U3 IGRS; 
U2 IviRegMgr; 
U2 nvUpdatusService; 
U2 Oasis2Service; 
U2 PCCarerService; 
U2 ReadyComm.DirectRouter; 
U2 RichVideo; 
U2 RtLedService; 
U2 SeaPort; 
U2 SoftwareService; 
U3 SQLWriter; 
U2 Stereo Service; 

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-08 21:14 - 2014-03-08 21:14 - 00165376 _____ () C:\Users\Bears\Downloads\SystemLook_x64.exe
2014-03-08 21:12 - 2014-03-08 21:14 - 00015802 _____ () C:\Users\Bears\Desktop\FRST.txt
2014-03-08 21:12 - 2014-03-08 21:12 - 00000000 ____D () C:\Users\Bears\Desktop\FRST-OlderVersion
2014-03-08 19:52 - 2014-03-08 20:05 - 119022672 _____ () C:\Users\Bears\Downloads\KP_PDE_UMHQ.zip
2014-03-06 14:35 - 2014-03-06 14:36 - 15079274 _____ () C:\Users\Bears\Downloads\251Cole.rar
2014-03-05 19:38 - 2014-03-05 18:45 - 00024064 _____ () C:\windows\zoek-delete.exe
2014-03-05 19:12 - 2014-03-05 19:46 - 00017068 _____ () C:\zoek-results.log
2014-03-05 18:45 - 2014-03-05 19:33 - 00000000 ____D () C:\zoek_backup
2014-03-05 18:17 - 2014-03-05 18:17 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-05 18:17 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-03-05 18:16 - 2014-03-05 18:16 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Bears\Downloads\mbam-setup-1.75.0.1300.exe
2014-03-05 17:56 - 2014-03-05 17:56 - 00000000 ____D () C:\windows\ERUNT
2014-03-05 17:28 - 2014-03-05 17:30 - 00000000 ____D () C:\AdwCleaner
2014-03-05 16:40 - 2014-03-05 16:44 - 00046595 _____ () C:\Users\Bears\Downloads\FRST.txt
2014-03-05 16:38 - 2014-03-05 16:44 - 00030755 _____ () C:\Users\Bears\Downloads\Addition.txt
2014-03-05 16:35 - 2014-03-08 21:12 - 00000000 ____D () C:\FRST
2014-03-05 16:31 - 2014-03-08 21:12 - 02156544 _____ (Farbar) C:\Users\Bears\Desktop\FRST64.exe
2014-03-05 16:27 - 2014-03-05 16:27 - 00000000 ____D () C:\Users\Bears\Documents\My Received Files
2014-03-05 16:27 - 2014-03-05 16:27 - 00000000 ____D () C:\Users\Bears\AppData\Roaming\MusicNet
2014-03-01 08:05 - 2014-01-09 03:22 - 05694464 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll
2014-03-01 08:05 - 2014-01-03 23:44 - 06574592 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2014-03-01 06:59 - 2013-10-02 02:10 - 00044544 _____ (Microsoft Corporation) C:\windows\system32\TsUsbGDCoInstaller.dll
2014-03-01 06:58 - 2013-10-02 03:22 - 00056832 _____ (Microsoft Corporation) C:\windows\system32\Drivers\TsUsbFlt.sys
2014-03-01 06:58 - 2013-10-02 03:11 - 00013824 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-03-01 06:58 - 2013-10-02 03:08 - 00012800 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-03-01 06:58 - 2013-10-02 02:48 - 00056832 _____ (Microsoft Corporation) C:\windows\system32\MsRdpWebAccess.dll
2014-03-01 06:58 - 2013-10-02 02:48 - 00018944 _____ (Microsoft Corporation) C:\windows\system32\wksprtPS.dll
2014-03-01 06:58 - 2013-10-02 02:29 - 00062976 _____ (Microsoft Corporation) C:\windows\system32\tsgqec.dll
2014-03-01 06:58 - 2013-10-02 01:15 - 01057280 _____ (Microsoft Corporation) C:\windows\system32\rdvidcrl.dll
2014-03-01 06:58 - 2013-10-02 01:14 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\MsRdpWebAccess.dll
2014-03-01 06:58 - 2013-10-02 01:14 - 00017920 _____ (Microsoft Corporation) C:\windows\SysWOW64\wksprtPS.dll
2014-03-01 06:58 - 2013-10-02 01:08 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe
2014-03-01 06:58 - 2013-10-02 01:01 - 00420864 _____ (Microsoft Corporation) C:\windows\system32\wksprt.exe
2014-03-01 06:58 - 2013-10-02 00:58 - 00053248 _____ (Microsoft Corporation) C:\windows\SysWOW64\tsgqec.dll
2014-03-01 06:58 - 2013-10-02 00:31 - 01147392 _____ (Microsoft Corporation) C:\windows\system32\mstsc.exe
2014-03-01 06:58 - 2013-10-02 00:08 - 00855552 _____ (Microsoft Corporation) C:\windows\SysWOW64\rdvidcrl.dll
2014-03-01 06:58 - 2013-10-01 23:34 - 01068544 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstsc.exe
2014-03-01 06:55 - 2013-09-25 03:23 - 01030144 _____ (Microsoft Corporation) C:\windows\system32\TSWorkspace.dll
2014-03-01 06:55 - 2013-09-25 02:57 - 00792576 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSWorkspace.dll
2014-02-28 13:06 - 2014-03-08 19:13 - 00000896 _____ () C:\windows\setupact.log
2014-02-28 13:06 - 2014-03-05 19:44 - 00027712 _____ () C:\windows\PFRO.log
2014-02-28 13:06 - 2014-02-28 13:06 - 00000000 _____ () C:\windows\setuperr.log
2014-02-27 13:15 - 2014-02-27 13:15 - 00009678 _____ () C:\Users\Bears\Documents\cc_20140227_131550.reg
2014-02-27 12:51 - 2014-02-27 12:51 - 00003116 _____ () C:\windows\System32\Tasks\{9986C780-BF52-417B-9C87-36F504F52919}
2014-02-27 11:04 - 2014-03-08 21:11 - 00000282 _____ () C:\windows\Tasks\FF Watcher {229E15E0-45F2-4EEE-80C5-407282C3F3B2}.job
2014-02-27 11:04 - 2014-02-27 11:04 - 00003250 _____ () C:\windows\System32\Tasks\FF Watcher {229E15E0-45F2-4EEE-80C5-407282C3F3B2}
2014-02-27 06:31 - 2014-02-27 06:31 - 00000000 ____D () C:\Users\Bears\Downloads\Download.am
2014-02-26 12:38 - 2014-02-26 12:41 - 00000023 _____ () C:\Users\Bears\Documents\arbeitsspeicher.vbs.txt
2014-02-26 09:40 - 2014-02-26 09:40 - 00016062 _____ () C:\Users\Bears\Documents\cc_20140226_094031.reg
2014-02-26 09:31 - 2013-09-16 18:51 - 00447822 _____ () C:\windows\system32\Drivers\etc\hosts.20140226-093111.backup
2014-02-24 09:47 - 2011-03-15 03:03 - 00083968 _____ (SEIKO EPSON CORPORATION) C:\windows\system32\E_ID4BHJE.DLL
2014-02-24 09:47 - 2007-04-10 01:06 - 00010752 _____ (SEIKO EPSON CORP.) C:\windows\system32\E_GCINST.DLL
2014-02-21 11:53 - 2014-02-27 13:12 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-02-19 21:19 - 2014-02-19 21:22 - 00000000 ____D () C:\Program Files\iTunes
2014-02-13 07:03 - 2013-12-21 10:53 - 00548864 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-02-13 07:03 - 2013-12-21 09:56 - 00454656 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-02-13 06:58 - 2014-02-06 12:30 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-02-13 06:58 - 2014-02-06 12:30 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-02-13 06:58 - 2014-02-06 11:57 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-02-13 06:58 - 2014-02-06 11:56 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-02-13 06:58 - 2014-02-06 11:52 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-02-13 06:58 - 2014-02-06 11:32 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-02-13 06:58 - 2014-02-06 11:20 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-02-13 06:58 - 2014-02-06 11:17 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-02-13 06:58 - 2014-02-06 10:57 - 00627200 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-02-13 06:58 - 2014-02-06 10:52 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-02-13 06:58 - 2014-02-06 10:49 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-02-13 06:58 - 2014-02-06 10:25 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-02-13 06:58 - 2014-02-06 10:13 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-02-13 06:57 - 2014-02-06 13:16 - 23170048 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-02-13 06:57 - 2014-02-06 12:12 - 02765824 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-02-13 06:57 - 2014-02-06 12:07 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-02-13 06:57 - 2014-02-06 12:06 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-02-13 06:57 - 2014-02-06 11:49 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-02-13 06:57 - 2014-02-06 11:48 - 00708608 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-02-13 06:57 - 2014-02-06 11:48 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-02-13 06:57 - 2014-02-06 11:38 - 17103872 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-02-13 06:57 - 2014-02-06 11:11 - 05768704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-02-13 06:57 - 2014-02-06 11:01 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-02-13 06:57 - 2014-02-06 11:00 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-02-13 06:57 - 2014-02-06 10:57 - 02168320 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-02-13 06:57 - 2014-02-06 10:52 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-02-13 06:57 - 2014-02-06 10:50 - 02041856 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-02-13 06:57 - 2014-02-06 10:47 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-02-13 06:57 - 2014-02-06 10:46 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-02-13 06:57 - 2014-02-06 10:25 - 04244480 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-02-13 06:57 - 2014-02-06 10:24 - 02334208 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-02-13 06:57 - 2014-02-06 10:22 - 13051392 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-02-13 06:57 - 2014-02-06 10:09 - 01964032 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-02-13 06:57 - 2014-02-06 10:03 - 11266048 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-02-13 06:57 - 2014-02-06 09:55 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-02-13 06:57 - 2014-02-06 09:41 - 01820160 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-02-13 06:57 - 2014-02-06 09:40 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-02-13 06:57 - 2014-02-06 09:36 - 01156096 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-02-13 06:57 - 2014-02-06 09:34 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-02-12 10:17 - 2014-01-01 00:05 - 00420008 _____ () C:\windows\SysWOW64\locale.nls
2014-02-12 10:17 - 2014-01-01 00:04 - 00420008 _____ () C:\windows\system32\locale.nls
2014-02-12 10:17 - 2013-12-25 00:09 - 01987584 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10warp.dll
2014-02-12 10:17 - 2013-12-24 23:48 - 02565120 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll
2014-02-12 10:17 - 2013-12-06 03:30 - 01882112 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2014-02-12 10:17 - 2013-12-06 03:30 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
2014-02-12 10:17 - 2013-12-06 03:02 - 01237504 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2014-02-12 10:17 - 2013-12-06 03:02 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll
2014-02-12 10:17 - 2013-12-04 03:27 - 00488448 _____ (Microsoft Corporation) C:\windows\system32\secproc.dll
2014-02-12 10:17 - 2013-12-04 03:27 - 00485888 _____ (Microsoft Corporation) C:\windows\system32\secproc_isv.dll
2014-02-12 10:17 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\windows\system32\secproc_ssp_isv.dll
2014-02-12 10:17 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\windows\system32\secproc_ssp.dll
2014-02-12 10:17 - 2013-12-04 03:26 - 00528384 _____ (Microsoft Corporation) C:\windows\system32\msdrm.dll
2014-02-12 10:17 - 2013-12-04 03:16 - 00658432 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_isv.exe
2014-02-12 10:17 - 2013-12-04 03:16 - 00626176 _____ (Microsoft Corporation) C:\windows\system32\RMActivate.exe
2014-02-12 10:17 - 2013-12-04 03:16 - 00553984 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_ssp.exe
2014-02-12 10:17 - 2013-12-04 03:16 - 00552960 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_ssp_isv.exe
2014-02-12 10:17 - 2013-12-04 03:03 - 00428032 _____ (Microsoft Corporation) C:\windows\SysWOW64\secproc.dll
2014-02-12 10:17 - 2013-12-04 03:03 - 00423936 _____ (Microsoft Corporation) C:\windows\SysWOW64\secproc_isv.dll
2014-02-12 10:17 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\windows\SysWOW64\secproc_ssp_isv.dll
2014-02-12 10:17 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\windows\SysWOW64\secproc_ssp.dll
2014-02-12 10:17 - 2013-12-04 03:02 - 00390144 _____ (Microsoft Corporation) C:\windows\SysWOW64\msdrm.dll
2014-02-12 10:17 - 2013-12-04 02:54 - 00594944 _____ (Microsoft Corporation) C:\windows\SysWOW64\RMActivate_isv.exe
2014-02-12 10:17 - 2013-12-04 02:54 - 00572416 _____ (Microsoft Corporation) C:\windows\SysWOW64\RMActivate.exe
2014-02-12 10:17 - 2013-12-04 02:54 - 00510976 _____ (Microsoft Corporation) C:\windows\SysWOW64\RMActivate_ssp.exe
2014-02-12 10:17 - 2013-12-04 02:54 - 00508928 _____ (Microsoft Corporation) C:\windows\SysWOW64\RMActivate_ssp_isv.exe
2014-02-12 10:17 - 2013-11-26 09:16 - 03419136 _____ (Microsoft Corporation) C:\windows\SysWOW64\d2d1.dll
2014-02-12 10:17 - 2013-11-22 23:48 - 03928064 _____ (Microsoft Corporation) C:\windows\system32\d2d1.dll
2014-02-10 07:24 - 2014-02-10 07:25 - 00000000 ____D () C:\Users\Bears\Downloads\Die.Eiskoenigin.Voellig.Unverfroren.2013.German.DVDSCR.MD.XviD-TOD

==================== One Month Modified Files and Folders =======

2014-03-08 21:14 - 2014-03-08 21:14 - 00165376 _____ () C:\Users\Bears\Downloads\SystemLook_x64.exe
2014-03-08 21:14 - 2014-03-08 21:12 - 00015802 _____ () C:\Users\Bears\Desktop\FRST.txt
2014-03-08 21:12 - 2014-03-08 21:12 - 00000000 ____D () C:\Users\Bears\Desktop\FRST-OlderVersion
2014-03-08 21:12 - 2014-03-05 16:35 - 00000000 ____D () C:\FRST
2014-03-08 21:12 - 2014-03-05 16:31 - 02156544 _____ (Farbar) C:\Users\Bears\Desktop\FRST64.exe
2014-03-08 21:11 - 2014-02-27 11:04 - 00000282 _____ () C:\windows\Tasks\FF Watcher {229E15E0-45F2-4EEE-80C5-407282C3F3B2}.job
2014-03-08 21:11 - 2013-07-31 18:20 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-03-08 21:11 - 2012-02-20 18:08 - 00001124 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-08 21:11 - 2012-02-20 17:57 - 01135859 _____ () C:\FaceProv.log
2014-03-08 21:11 - 2012-02-20 17:57 - 00000000 ____D () C:\ProgramData\VeriFace
2014-03-08 21:11 - 2012-02-20 16:59 - 01821841 _____ () C:\windows\WindowsUpdate.log
2014-03-08 20:05 - 2014-03-08 19:52 - 119022672 _____ () C:\Users\Bears\Downloads\KP_PDE_UMHQ.zip
2014-03-08 19:23 - 2009-07-14 05:45 - 00021072 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-08 19:23 - 2009-07-14 05:45 - 00021072 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-08 19:20 - 2014-01-14 19:51 - 00000000 ____D () C:\Users\Bears\AppData\Local\download.am-data
2014-03-08 19:20 - 2012-02-20 08:47 - 00699682 _____ () C:\windows\system32\perfh007.dat
2014-03-08 19:20 - 2012-02-20 08:47 - 00149790 _____ () C:\windows\system32\perfc007.dat
2014-03-08 19:20 - 2009-07-14 06:13 - 01620684 _____ () C:\windows\system32\PerfStringBackup.INI
2014-03-08 19:15 - 2009-07-14 06:32 - 00000000 ____D () C:\windows\system32\FxsTmp
2014-03-08 19:14 - 2012-02-20 18:10 - 00130731 _____ () C:\windows\system32\fastboot.set
2014-03-08 19:14 - 2012-02-20 18:08 - 00001120 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-08 19:13 - 2014-02-28 13:06 - 00000896 _____ () C:\windows\setupact.log
2014-03-08 19:13 - 2009-07-14 06:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-03-06 14:36 - 2014-03-06 14:35 - 15079274 _____ () C:\Users\Bears\Downloads\251Cole.rar
2014-03-05 19:46 - 2014-03-05 19:12 - 00017068 _____ () C:\zoek-results.log
2014-03-05 19:44 - 2014-02-28 13:06 - 00027712 _____ () C:\windows\PFRO.log
2014-03-05 19:33 - 2014-03-05 18:45 - 00000000 ____D () C:\zoek_backup
2014-03-05 19:33 - 2013-07-23 20:39 - 00000000 ____D () C:\Users\Bears
2014-03-05 18:45 - 2014-03-05 19:38 - 00024064 _____ () C:\windows\zoek-delete.exe
2014-03-05 18:17 - 2014-03-05 18:17 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-05 18:16 - 2014-03-05 18:16 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Bears\Downloads\mbam-setup-1.75.0.1300.exe
2014-03-05 18:16 - 2013-08-30 08:34 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-03-05 17:56 - 2014-03-05 17:56 - 00000000 ____D () C:\windows\ERUNT
2014-03-05 17:30 - 2014-03-05 17:28 - 00000000 ____D () C:\AdwCleaner
2014-03-05 17:30 - 2012-02-20 18:08 - 00001282 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-05 16:44 - 2014-03-05 16:40 - 00046595 _____ () C:\Users\Bears\Downloads\FRST.txt
2014-03-05 16:44 - 2014-03-05 16:38 - 00030755 _____ () C:\Users\Bears\Downloads\Addition.txt
2014-03-05 16:27 - 2014-03-05 16:27 - 00000000 ____D () C:\Users\Bears\Documents\My Received Files
2014-03-05 16:27 - 2014-03-05 16:27 - 00000000 ____D () C:\Users\Bears\AppData\Roaming\MusicNet
2014-02-28 13:38 - 2013-07-23 20:46 - 00000000 ___RD () C:\Users\Bears\Desktop\Sicherheit
2014-02-28 13:06 - 2014-02-28 13:06 - 00000000 _____ () C:\windows\setuperr.log
2014-02-27 13:24 - 2013-10-11 12:34 - 00000000 ____D () C:\Users\Bears\AppData\Local\CrashDumps
2014-02-27 13:15 - 2014-02-27 13:15 - 00009678 _____ () C:\Users\Bears\Documents\cc_20140227_131550.reg
2014-02-27 13:13 - 2013-07-23 20:43 - 00001425 _____ () C:\Users\Bears\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-02-27 13:12 - 2014-02-21 11:53 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-02-27 13:02 - 2013-07-23 20:43 - 00000000 ___RD () C:\Users\Bears\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-02-27 12:51 - 2014-02-27 12:51 - 00003116 _____ () C:\windows\System32\Tasks\{9986C780-BF52-417B-9C87-36F504F52919}
2014-02-27 11:04 - 2014-02-27 11:04 - 00003250 _____ () C:\windows\System32\Tasks\FF Watcher {229E15E0-45F2-4EEE-80C5-407282C3F3B2}
2014-02-27 06:31 - 2014-02-27 06:31 - 00000000 ____D () C:\Users\Bears\Downloads\Download.am
2014-02-26 13:17 - 2013-07-25 11:52 - 00000000 ____D () C:\Users\Bears\AppData\Local\Adobe
2014-02-26 12:41 - 2014-02-26 12:38 - 00000023 _____ () C:\Users\Bears\Documents\arbeitsspeicher.vbs.txt
2014-02-26 10:25 - 2013-07-23 20:51 - 00000000 ___RD () C:\Users\Bears\Desktop\Unterhaltung
2014-02-26 09:40 - 2014-02-26 09:40 - 00016062 _____ () C:\Users\Bears\Documents\cc_20140226_094031.reg
2014-02-23 12:42 - 2013-07-31 18:20 - 00003822 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-02-23 12:40 - 2013-07-31 18:20 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-02-23 12:40 - 2013-07-31 18:20 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-21 11:53 - 2009-07-14 04:20 - 00000000 ___HD () C:\windows\system32\GroupPolicy
2014-02-21 11:53 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\SysWOW64\GroupPolicy
2014-02-19 21:22 - 2014-02-19 21:19 - 00000000 ____D () C:\Program Files\iTunes
2014-02-19 21:22 - 2013-09-24 14:57 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-02-19 21:22 - 2013-09-24 14:57 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-02-19 21:19 - 2013-09-24 14:57 - 00000000 ____D () C:\Program Files\iPod
2014-02-19 20:34 - 2013-09-17 13:37 - 00000000 ____D () C:\ProgramData\Apple
2014-02-17 13:35 - 2013-08-11 08:46 - 00000000 ____D () C:\windows\system32\MRT
2014-02-17 13:25 - 2013-08-02 11:18 - 88567024 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-02-14 07:14 - 2012-02-20 18:08 - 00004120 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-14 07:14 - 2012-02-20 18:08 - 00003868 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-13 07:20 - 2013-12-09 19:11 - 01594964 _____ () C:\windows\SysWOW64\PerfStringBackup.INI
2014-02-12 10:34 - 2012-02-20 17:44 - 00000000 ____D () C:\ProgramData\McAfee
2014-02-10 07:25 - 2014-02-10 07:24 - 00000000 ____D () C:\Users\Bears\Downloads\Die.Eiskoenigin.Voellig.Unverfroren.2013.German.DVDSCR.MD.XviD-TOD
2014-02-06 13:16 - 2014-02-13 06:57 - 23170048 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-02-06 12:30 - 2014-02-13 06:58 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-02-06 12:30 - 2014-02-13 06:58 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-02-06 12:12 - 2014-02-13 06:57 - 02765824 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-02-06 12:07 - 2014-02-13 06:57 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-02-06 12:06 - 2014-02-13 06:57 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-02-06 11:57 - 2014-02-13 06:58 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-02-06 11:56 - 2014-02-13 06:58 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-02-06 11:52 - 2014-02-13 06:58 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-02-06 11:49 - 2014-02-13 06:57 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-02-06 11:48 - 2014-02-13 06:57 - 00708608 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-02-06 11:48 - 2014-02-13 06:57 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-02-06 11:38 - 2014-02-13 06:57 - 17103872 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-02-06 11:32 - 2014-02-13 06:58 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-02-06 11:20 - 2014-02-13 06:58 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-02-06 11:17 - 2014-02-13 06:58 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-02-06 11:11 - 2014-02-13 06:57 - 05768704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-02-06 11:01 - 2014-02-13 06:57 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-02-06 11:00 - 2014-02-13 06:57 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-02-06 10:57 - 2014-02-13 06:58 - 00627200 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-02-06 10:57 - 2014-02-13 06:57 - 02168320 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-02-06 10:52 - 2014-02-13 06:58 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-02-06 10:52 - 2014-02-13 06:57 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-02-06 10:50 - 2014-02-13 06:57 - 02041856 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-02-06 10:49 - 2014-02-13 06:58 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-02-06 10:47 - 2014-02-13 06:57 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-02-06 10:46 - 2014-02-13 06:57 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-02-06 10:25 - 2014-02-13 06:58 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-02-06 10:25 - 2014-02-13 06:57 - 04244480 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-02-06 10:24 - 2014-02-13 06:57 - 02334208 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-02-06 10:22 - 2014-02-13 06:57 - 13051392 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-02-06 10:13 - 2014-02-13 06:58 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-02-06 10:09 - 2014-02-13 06:57 - 01964032 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-02-06 10:03 - 2014-02-13 06:57 - 11266048 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-02-06 09:55 - 2014-02-13 06:57 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-02-06 09:41 - 2014-02-13 06:57 - 01820160 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-02-06 09:40 - 2014-02-13 06:57 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-02-06 09:36 - 2014-02-13 06:57 - 01156096 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-02-06 09:34 - 2014-02-13 06:57 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2011-02-22 12:19

==================== End Of Log ============================

--- --- ---

--- --- ---

M-K-D-B · 09.03.2014, 11:00

Servus,

fehlt noch die Logdatei von SystemLook sowie die Beantwortung meiner Fragen, dann kann es weitergehen.

mamabear · 10.03.2014, 09:51

Code:

ATTFilter

SystemLook 30.07.11 by jpshortstuff
Log created at 07:56 on 09/03/2014 by Bears
Administrator - Elevation successful

========== filefind ==========

Searching for "*WinZipper*"
C:\AdwCleaner\Quarantine\C\Program Files (x86)\WinZipper\WinZipper.exe.vir	--a---- 504488 bytes	[05:24 30/10/2013]	[05:24 30/10/2013] 33F04DBCFBED9C0C85B5E2597DDA3FCE
C:\ProgramData\MAGIX\PC_Check_Tuning_Free_2011\softupdate\WinZipper.png	--a---- 4399 bytes	[18:07 25/11/2013]	[18:07 25/11/2013] 522E940B1C69BFDA73405DF716AB2E85
C:\Users\All Users\MAGIX\PC_Check_Tuning_Free_2011\softupdate\WinZipper.png	--a---- 4399 bytes	[18:07 25/11/2013]	[18:07 25/11/2013] 522E940B1C69BFDA73405DF716AB2E85

Searching for "*Music Toolbar*"
No files found.

Searching for "*Mobogenie*"
C:\AdwCleaner\Quarantine\C\Users\Bears\AppData\Local\Mobogenie\Data\mobogenie_u_user_dl.mg.vir	--a---- 3072 bytes	[08:54 27/02/2014]	[08:54 27/02/2014] EBEE736AEC90A4F5D1E115F145FD8956
C:\AdwCleaner\Quarantine\C\Users\Bears\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\mobogenie.apk.vir	--a---- 2225289 bytes	[09:05 27/02/2014]	[09:02 27/02/2014] 6DC0D27550D3C7E4A2A64555228D57D9
C:\AdwCleaner\Quarantine\C\Users\Bears\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\Mobogenie.exe.vir	--a---- 6012096 bytes	[09:05 27/02/2014]	[09:02 27/02/2014] E8151DF865B44BBCF4BA8587AF8F9DB1
C:\AdwCleaner\Quarantine\C\Users\Bears\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\Mobogenie.url.vir	--a---- 48 bytes	[09:05 27/02/2014]	[09:02 27/02/2014] 9060A9B337D5EC342CE6018E104F5A4D
C:\AdwCleaner\Quarantine\C\Users\Bears\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\New_UpdateMoboGenie.exe.vir	--a---- 665280 bytes	[09:06 27/02/2014]	[09:04 27/02/2014] 1CDD2CC030CFB1D260680CE36AC74D4E
C:\AdwCleaner\Quarantine\C\Users\Bears\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\mobogenie_load.gif.vir	--a---- 2273 bytes	[09:06 27/02/2014]	[09:03 27/02/2014] 7776A82915F60FDDDBCB5F35DC7E680C
C:\AdwCleaner\Quarantine\C\Users\Bears\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\mobogenie_load_img.gif.vir	--a---- 3834 bytes	[09:06 27/02/2014]	[09:03 27/02/2014] 8A503292468E11CCAC1A7925613E22D0

Searching for "*awesomehp*"
No files found.

Searching for "*Surf_Canyon*"
No files found.

========== folderfind ==========

Searching for "*WinZipper*"
C:\AdwCleaner\Quarantine\C\Program Files (x86)\WinZipper	d------	[16:29 05/03/2014]
C:\AdwCleaner\Quarantine\C\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZipper	d------	[16:29 05/03/2014]
C:\AdwCleaner\Quarantine\C\Users\Bears\AppData\Roaming\WinZipper	d------	[16:30 05/03/2014]

Searching for "*Music Toolbar*"
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Music Toolbar	d------	[16:29 05/03/2014]

Searching for "*Mobogenie*"
C:\AdwCleaner\Quarantine\C\Users\Bears\AppData\Local\Mobogenie	d------	[16:29 05/03/2014]
C:\AdwCleaner\Quarantine\C\Users\Bears\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie	d------	[16:29 05/03/2014]
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_Mobogenie.exe_3a533ea43feed4231082674baf89a92d985b11d6_a3b161c2	d----c-	[09:00 27/02/2014]
C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppHang_Mobogenie.exe_3a533ea43feed4231082674baf89a92d985b11d6_a3b161c2	d----c-	[09:00 27/02/2014]

Searching for "*awesomehp*"
No folders found.

Searching for "*Surf_Canyon*"
No folders found.

========== regfind ==========

Searching for "WinZipper"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rar\OpenWithList]
"a"="WinZipper.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\WinZipper]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.001]
@="WinZipper.001"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.7z]
@="WinZipper.7z"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.arj]
@="WinZipper.arj"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.bz2]
@="WinZipper.bz2"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.bzip2]
@="WinZipper.bzip2"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.cab]
@="WinZipper.cab"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.cpio]
@="WinZipper.cpio"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.deb]
@="WinZipper.deb"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.dmg]
@="WinZipper.dmg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.fat]
@="WinZipper.fat"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.gz]
@="WinZipper.gz"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.gzip]
@="WinZipper.gzip"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.hfs]
@="WinZipper.hfs"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.iso]
@="WinZipper.iso"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.lha]
@="WinZipper.lha"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.lzh]
@="WinZipper.lzh"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.lzma]
@="WinZipper.lzma"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.ntfs]
@="WinZipper.ntfs"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.rar]
@="WinZipper.rar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.rpm]
@="WinZipper.rpm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.squashfs]
@="WinZipper.squashfs"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.swm]
@="WinZipper.swm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.tar]
@="WinZipper.tar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.taz]
@="WinZipper.taz"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.tbz]
@="WinZipper.tbz"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.tbz2]
@="WinZipper.tbz2"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.tgz]
@="WinZipper.tgz"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.tpz]
@="WinZipper.tpz"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.txz]
@="WinZipper.txz"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.vhd]
@="WinZipper.vhd"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.wim]
@="WinZipper.wim"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.xar]
@="WinZipper.xar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.xz]
@="WinZipper.xz"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.z]
@="WinZipper.z"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.zip]
@="WinZipper.zip"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4F622628-7632-4B28-B184-D7BA0CA3273B}\InprocServer32]
@="C:\Program Files (x86)\WinZipper\eshellctx64.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZipper]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\ShellEx\ContextMenuHandlers\WinZipper]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinZipper]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinZipper.001]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinZipper.001]
@="WinZipper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinZipper.001\DefaultIcon]
@="C:\Program Files (x86)\WinZipper\WinZipper.exe,0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinZipper.001\shell\open\command]
@=""C:\Program Files (x86)\WinZipper\WinZipper.exe" "o" "%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinZipper.7z]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinZipper.7z]
@="WinZipper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinZipper.7z\DefaultIcon]
@="C:\Program Files (x86)\WinZipper\WinZipper.exe,0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinZipper.7z\shell\open\command]
@=""C:\Program Files (x86)\WinZipper\WinZipper.exe" "o" "%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinZipper.arj]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinZipper.arj]
@="WinZipper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinZipper.arj\DefaultIcon]
@="C:\Program Files (x86)\WinZipper\WinZipper.exe,0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinZipper.arj\shell\open\command]
@=""C:\Program Files (x86)\WinZipper\WinZipper.exe" "o" "%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinZipper.bz2]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinZipper.bz2]
@="WinZipper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinZipper.bz2\DefaultIcon]
@="C:\Program Files (x86)\WinZipper\WinZipper.exe,0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinZipper.bz2\shell\open\command]
@=""C:\Program Files (x86)\WinZipper\WinZipper.exe" "o" "%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinZipper.bzip2]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinZipper.bzip2]
@="WinZipper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinZipper.bzip2\DefaultIcon]
@="C:\Program Files (x86)\WinZipper\WinZipper.exe,0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinZipper.bzip2\shell\open\command]
@=""C:\Program Files (x86)\WinZipper\WinZipper.exe" "o" "%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinZipper.cab]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinZipper.cab]
@="WinZipper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinZipper.cab\DefaultIcon]
@="C:\Program Files (x86)\WinZipper\WinZipper.exe,0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinZipper.cab\shell\open\command]
@=""C:\Program Files (x86)\WinZipper\WinZipper.exe" "o" "%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinZipper.cpio]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinZipper.cpio]
@="WinZipper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinZipper.cpio\DefaultIcon]
@="C:\Program Files (x86)\WinZipper\WinZipper.exe,0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinZipper.cpio\shell\open\command]
@=""C:\Program Files (x86)\WinZipper\WinZipper.exe" "o" "%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinZipper.deb]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinZipper.deb]
@="WinZipper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinZipper.deb\DefaultIcon]
@="C:\Program Files (x86)\WinZipper\WinZipper.exe,0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinZipper.deb\shell\open\command]
@=""C:\Program Files (x86)\WinZipper\WinZipper.exe" "o" "%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinZipper.dmg]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinZipper.dmg]
@="WinZipper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinZipper.dmg\DefaultIcon]
@="C:\Program Files (x86)\WinZipper\WinZipper.exe,0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinZipper.dmg\shell\open\command]
@=""C:\Program Files (x86)\WinZipper\WinZipper.exe" "o" "%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinZipper.fat]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinZipper.fat]
@="WinZipper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinZipper.fat\DefaultIcon]
@="C:\Program Files (x86)\WinZipper\WinZipper.exe,0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinZipper.fat\shell\open\command]
@=""C:\Program Files (x86)\WinZipper\WinZipper.exe" "o" "%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinZipper.gz]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinZipper.gz]
@="WinZipper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinZipper.gz\DefaultIcon]
@="C:\Program Files (x86)\WinZipper\WinZipper.exe,0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinZipper.gz\shell\open\command]
@=""C:\Program Files (x86)\WinZipper\WinZipper.exe" "o" "%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinZipper.gzip]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinZipper.gzip]
@="WinZipper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinZipper.gzip\DefaultIcon]
@="C:\Program Files (x86)\WinZipper\WinZipper.exe,0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinZipper.gzip\shell\open\command]
@=""C:\Program Files (x86)\WinZipper\WinZipper.exe" "o" "%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinZipper.hfs]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinZipper.hfs]
@="WinZipper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinZipper.hfs\DefaultIcon]
@="C:\Program Files (x86)\WinZipper\WinZipper.exe,0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinZipper.hfs\shell\open\command]
@=""C:\Program Files (x86)\WinZipper\WinZipper.exe" "o" "%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinZipper.iso]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinZipper.iso]
@="WinZipper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinZipper.iso\DefaultIcon]
@="C:\Program Files (x86)\WinZipper\WinZipper.exe,0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinZipper.iso\shell\open\command]
@=""C:\Program Files (x86)\WinZipper\WinZipper.exe" "o" "%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinZipper.lha]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinZipper.lha]
@="WinZipper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinZipper.lha\DefaultIcon]
@="C:\Program Files (x86)\WinZipper\WinZipper.exe,0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinZipper.lha\shell\open\command]
@=""C:\Program Files (x86)\WinZipper\WinZipper.exe" "o" "%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinZipper.lzh]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinZipper.lzh]
@="WinZipper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinZipper.lzh\DefaultIcon]
@="C:\Program Files (x86)\WinZipper\WinZipper.exe,0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinZipper.lzh\shell\open\command]
@=""C:\Program Files (x86)\WinZipper\WinZipper.exe" "o" "%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinZipper.lzma]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinZipper.lzma]
@="WinZipper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinZipper.lzma\DefaultIcon]
@="C:\Program Files (x86)\WinZipper\WinZipper.exe,0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinZipper.lzma\shell\open\command]
@=""C:\Program Files (x86)\WinZipper\WinZipper.exe" "o" "%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinZipper.ntfs]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinZipper.ntfs]
@="WinZipper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinZipper.ntfs\DefaultIcon]
@="C:\Program Files (x86)\WinZipper\WinZipper.exe,0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinZipper.ntfs\shell\open\command]
@=""C:\Program Files (x86)\WinZipper\WinZipper.exe" "o" "%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinZipper.rar]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinZipper.rar]
@="WinZipper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinZipper.rar\DefaultIcon]
@="C:\Program Files (x86)\WinZipper\WinZipper.exe,0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinZipper.rar\shell\open\command]
@=""C:\Program Files (x86)\WinZipper\WinZipper.exe" "o" "%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinZipper.rpm]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinZipper.rpm]
@="WinZipper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinZipper.rpm\DefaultIcon]
@="C:\Program Files (x86)\WinZipper\WinZipper.exe,0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinZipper.rpm\shell\open\command]
@=""C:\Program Files (x86)\WinZipper\WinZipper.exe" "o" "%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinZipper.squashfs]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinZipper.squashfs]
@="WinZipper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinZipper.squashfs\DefaultIcon]
@="C:\Program Files (x86)\WinZipper\WinZipper.exe,0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinZipper.squashfs\shell\open\command]
@=""C:\Program Files (x86)\WinZipper\WinZipper.exe" "o" "%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinZipper.swm]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinZipper.swm]
@="WinZipper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinZipper.swm\DefaultIcon]
@="C:\Program Files (x86)\WinZipper\WinZipper.exe,0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinZipper.swm\shell\open\command]
@=""C:\Program Files (x86)\WinZipper\WinZipper.exe" "o" "%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinZipper.tar]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinZipper.tar]
@="WinZipper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinZipper.tar\DefaultIcon]
@="C:\Program Files (x86)\WinZipper\WinZipper.exe,0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinZipper.tar\shell\open\command]
@=""C:\Program Files (x86)\WinZipper\WinZipper.exe" "o" "%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinZipper.taz]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinZipper.taz]
@="WinZipper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinZipper.taz\DefaultIcon]
@="C:\Program Files (x86)\WinZipper\WinZipper.exe,0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinZipper.taz\shell\open\command]
@=""C:\Program Files (x86)\WinZipper\WinZipper.exe" "o" "%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinZipper.tbz]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinZipper.tbz]
@="WinZipper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinZipper.tbz\DefaultIcon]
@="C:\Program Files (x86)\WinZipper\WinZipper.exe,0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinZipper.tbz\shell\open\command]
@=""C:\Program Files (x86)\WinZipper\WinZipper.exe" "o" "%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinZipper.tbz2]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinZipper.tbz2]
@="WinZipper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinZipper.tbz2\DefaultIcon]
@="C:\Program Files (x86)\WinZipper\WinZipper.exe,0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinZipper.tbz2\shell\open\command]
@=""C:\Program Files (x86)\WinZipper\WinZipper.exe" "o" "%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinZipper.tgz]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinZipper.tgz]
@="WinZipper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinZipper.tgz\DefaultIcon]
@="C:\Program Files (x86)\WinZipper\WinZipper.exe,0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinZipper.tgz\shell\open\command]
@=""C:\Program Files (x86)\WinZipper\WinZipper.exe" "o" "%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinZipper.tpz]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinZipper.tpz]
@="WinZipper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinZipper.tpz\DefaultIcon]
@="C:\Program Files (x86)\WinZipper\WinZipper.exe,0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinZipper.tpz\shell\open\command]
@=""C:\Program Files (x86)\WinZipper\WinZipper.exe" "o" "%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinZipper.txz]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinZipper.txz]
@="WinZipper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinZipper.txz\DefaultIcon]
@="C:\Program Files (x86)\WinZipper\WinZipper.exe,0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinZipper.txz\shell\open\command]
@=""C:\Program Files (x86)\WinZipper\WinZipper.exe" "o" "%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinZipper.vhd]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinZipper.vhd]
@="WinZipper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinZipper.vhd\DefaultIcon]
@="C:\Program Files (x86)\WinZipper\WinZipper.exe,0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinZipper.vhd\shell\open\command]
@=""C:\Program Files (x86)\WinZipper\WinZipper.exe" "o" "%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinZipper.wim]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinZipper.wim]
@="WinZipper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinZipper.wim\DefaultIcon]
@="C:\Program Files (x86)\WinZipper\WinZipper.exe,0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinZipper.wim\shell\open\command]
@=""C:\Program Files (x86)\WinZipper\WinZipper.exe" "o" "%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinZipper.xar]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinZipper.xar]
@="WinZipper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinZipper.xar\DefaultIcon]
@="C:\Program Files (x86)\WinZipper\WinZipper.exe,0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinZipper.xar\shell\open\command]
@=""C:\Program Files (x86)\WinZipper\WinZipper.exe" "o" "%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinZipper.xz]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinZipper.xz]
@="WinZipper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinZipper.xz\DefaultIcon]
@="C:\Program Files (x86)\WinZipper\WinZipper.exe,0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinZipper.xz\shell\open\command]
@=""C:\Program Files (x86)\WinZipper\WinZipper.exe" "o" "%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinZipper.z]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinZipper.z]
@="WinZipper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinZipper.z\DefaultIcon]
@="C:\Program Files (x86)\WinZipper\WinZipper.exe,0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinZipper.z\shell\open\command]
@=""C:\Program Files (x86)\WinZipper\WinZipper.exe" "o" "%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinZipper.zip]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinZipper.zip]
@="WinZipper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinZipper.zip\DefaultIcon]
@="C:\Program Files (x86)\WinZipper\WinZipper.exe,0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinZipper.zip\shell\open\command]
@=""C:\Program Files (x86)\WinZipper\WinZipper.exe" "o" "%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{4F622628-7632-4B28-B184-D7BA0CA3273B}"="WinZipper Shell Extension"
[HKEY_USERS\S-1-5-21-1415361469-2693387662-4033486994-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rar\OpenWithList]
"a"="WinZipper.exe"

Searching for "Music Toolbar"
No data found.

Searching for "Mobogenie"
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Program Files (x86)\Mobogenie]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QSqlDriverFactoryInterface:\C:\Program Files (x86)\Mobogenie]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.8.false\C:\Program Files (x86)\Mobogenie]
[HKEY_USERS\S-1-5-21-1415361469-2693387662-4033486994-1002\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Program Files (x86)\Mobogenie]
[HKEY_USERS\S-1-5-21-1415361469-2693387662-4033486994-1002\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QSqlDriverFactoryInterface:\C:\Program Files (x86)\Mobogenie]
[HKEY_USERS\S-1-5-21-1415361469-2693387662-4033486994-1002\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.8.false\C:\Program Files (x86)\Mobogenie]

Searching for "awesomehp"
No data found.

Searching for "Surf_Canyon"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\Surf_Canyon.DLL]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{840fabe4-8aec-486c-b494-08229d0cf14e}\InprocServer32]
@="C:\Users\Bears\AppData\Roaming\Surf_Canyon\Surf_Canyon.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ef959822-87e6-455f-ab20-c8009fffa0f8}\InprocServer32]
@="C:\Users\Bears\AppData\Roaming\Surf_Canyon\Surf_Canyon.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\Surf_Canyon.DLL]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Surf_Canyon_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Surf_Canyon_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{840fabe4-8aec-486c-b494-08229d0cf14e}\InprocServer32]
@="C:\Users\Bears\AppData\Roaming\Surf_Canyon\Surf_Canyon.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{ef959822-87e6-455f-ab20-c8009fffa0f8}\InprocServer32]
@="C:\Users\Bears\AppData\Roaming\Surf_Canyon\Surf_Canyon.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\Surf_Canyon.DLL]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3817E183-7CDD-49DE-B408-FC9A49423A93}"="v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\Surf_Canyon\ProtectedSearch.exe|Name=Protected Search|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{336ABE02-878D-4248-AD74-ED4B42B275CC}"="v2.10|Action=Allow|Active=TRUE|Dir=Out|App=C:\Program Files (x86)\Surf_Canyon\ProtectedSearch.exe|Name=Protected Search|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{F8DB972B-A0B1-4F79-9961-AB3DA38DF15A}"="v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\Surf_Canyon\TBUpdater.dll|Name=Browser Updater|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C9C80CF-5C84-4ED1-A7E2-1758CB602A47}"="v2.10|Action=Allow|Active=TRUE|Dir=Out|App=C:\Program Files (x86)\Surf_Canyon\TBUpdater.dll|Name=Browser Updater|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3817E183-7CDD-49DE-B408-FC9A49423A93}"="v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\Surf_Canyon\ProtectedSearch.exe|Name=Protected Search|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{336ABE02-878D-4248-AD74-ED4B42B275CC}"="v2.10|Action=Allow|Active=TRUE|Dir=Out|App=C:\Program Files (x86)\Surf_Canyon\ProtectedSearch.exe|Name=Protected Search|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{F8DB972B-A0B1-4F79-9961-AB3DA38DF15A}"="v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\Surf_Canyon\TBUpdater.dll|Name=Browser Updater|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C9C80CF-5C84-4ED1-A7E2-1758CB602A47}"="v2.10|Action=Allow|Active=TRUE|Dir=Out|App=C:\Program Files (x86)\Surf_Canyon\TBUpdater.dll|Name=Browser Updater|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3817E183-7CDD-49DE-B408-FC9A49423A93}"="v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\Surf_Canyon\ProtectedSearch.exe|Name=Protected Search|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{336ABE02-878D-4248-AD74-ED4B42B275CC}"="v2.10|Action=Allow|Active=TRUE|Dir=Out|App=C:\Program Files (x86)\Surf_Canyon\ProtectedSearch.exe|Name=Protected Search|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{F8DB972B-A0B1-4F79-9961-AB3DA38DF15A}"="v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\Surf_Canyon\TBUpdater.dll|Name=Browser Updater|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C9C80CF-5C84-4ED1-A7E2-1758CB602A47}"="v2.10|Action=Allow|Active=TRUE|Dir=Out|App=C:\Program Files (x86)\Surf_Canyon\TBUpdater.dll|Name=Browser Updater|"

Searching for "         "
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\Games\{5A6B03E2-CA9D-442D-8639-C6EE579790F7}]
"RatingsInfo"="<Ratings xmlns="urn:schemas-microsoft-com:GameDescription.v1">
            <Rating ratingSystemID="{768BD93D-63BE-46A9-8994-0B53C4B5248F}" ratingID="{7A53B0BE-B92D-4e8a-A11F-8E6F9F3C575B}"/>
        </Ratings>"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Plugin\Microsoft.PowerShell]
"ConfigXML"="             <PlugInConfiguration xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Name="microsoft.powershell" Filename="%windir%\system32\pwrshplugin.dll" SDKVersion="1" XmlRenderingType="text" >                 <InitializationParameters>                     <Param Name="PSVersion" Value="2.0"/>                 </InitializationParameters>                 <Resources>                     <Resource ResourceUri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell" SupportsOptions="true" ExactMatch="true">                         <Security xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Uri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell" ExactMatch="true" Sddl="O:NSG:BAD:P(A;;GA;;;BA)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)"/>                         <Capability Type="Shell"/>                     </Resource>                 </Res
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\WSMAN\Plugin\Microsoft.PowerShell32]
"ConfigXML"="<PlugInConfiguration xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Name="microsoft.powershell32" Filename="%windir%\system32\pwrshplugin.dll" SDKVersion="1" XmlRenderingType="text" Architecture="32" >                         <InitializationParameters>                             <Param Name="PSVersion" Value="2.0"/>                         </InitializationParameters>                         <Resources>                             <Resource ResourceUri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell32" SupportsOptions="true" ExactMatch="true">                                 <Security xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Uri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell32" ExactMatch="true" Sddl="O:NSG:BAD:P(A;;GA;;;BA)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)"/>                                
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows Live\Common]
"PCModel"="4383                            "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_&PROD_&REV_8.07#11090514010946&0#]
"DeviceDesc"="                "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_APPLE&PROD_IPOD&REV_2.70#000A27002372527A&0#]
"DeviceDesc"="iPod            "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_INTENSO&PROD_PREMIUM&REV_0.00#09081000016439&0#]
"DeviceDesc"="Premium         "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_&PROD_&REV_8.07#11090514010946&0#]
"DeviceDesc"="                "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_APPLE&PROD_IPOD&REV_2.70#000A27002372527A&0#]
"DeviceDesc"="iPod            "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_INTENSO&PROD_PREMIUM&REV_0.00#09081000016439&0#]
"DeviceDesc"="Premium         "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_&PROD_&REV_8.07#11090514010946&0#]
"DeviceDesc"="                "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_APPLE&PROD_IPOD&REV_2.70#000A27002372527A&0#]
"DeviceDesc"="iPod            "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_INTENSO&PROD_PREMIUM&REV_0.00#09081000016439&0#]
"DeviceDesc"="Premium         "

-= EOF =-

Hallo,
ich bekommen soweit keine Fehlermeldungen mehr.
Windows läuft aber allgemein langsamer und egal was ich gerade öffne (Explorer, Crome oder irgend ein anderes Programm) so dauert es länger bis es geladen ist und nach einer weile kommt immer Keine Rückmeldung.

M-K-D-B · 10.03.2014, 17:18

Servus,

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

mamabear · 11.03.2014, 11:36

Combofix Logfile:

Code:

ATTFilter

ComboFix 14-03-10.01 - Bears 11.03.2014  10:51:19.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.1643.705 [GMT 1:00]
ausgeführt von:: c:\users\Bears\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Spybot - Search and Destroy *Disabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\s.bat
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-02-11 bis 2014-03-11  ))))))))))))))))))))))))))))))
.
.
2014-03-11 10:06 . 2014-03-11 10:06	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-03-05 18:38 . 2014-03-05 17:45	24064	----a-w-	c:\windows\zoek-delete.exe
2014-03-05 18:38 . 2014-03-11 10:14	--------	d-----w-	c:\users\Bears\AppData\Local\Temp
2014-03-05 17:45 . 2014-03-05 18:33	--------	d-----w-	C:\zoek_backup
2014-03-05 16:56 . 2014-03-05 16:56	--------	d-----w-	c:\windows\ERUNT
2014-03-05 16:28 . 2014-03-05 16:30	--------	d-----w-	C:\AdwCleaner
2014-03-05 15:35 . 2014-03-08 20:19	--------	d-----w-	C:\FRST
2014-03-05 15:27 . 2014-03-05 15:27	--------	d-----w-	c:\users\Bears\AppData\Roaming\MusicNet
2014-03-01 07:05 . 2014-01-09 02:22	5694464	----a-w-	c:\windows\SysWow64\mstscax.dll
2014-03-01 07:05 . 2014-01-03 22:44	6574592	----a-w-	c:\windows\system32\mstscax.dll
2014-03-01 05:59 . 2013-10-02 01:10	44544	----a-w-	c:\windows\system32\TsUsbGDCoInstaller.dll
2014-03-01 05:59 . 2013-10-02 04:51	3584	----a-w-	c:\windows\system32\drivers\de-DE\tsusbflt.sys.mui
2014-03-01 05:55 . 2013-09-25 02:23	1030144	----a-w-	c:\windows\system32\TSWorkspace.dll
2014-03-01 05:55 . 2013-09-25 01:57	792576	----a-w-	c:\windows\SysWow64\TSWorkspace.dll
2014-02-24 08:47 . 2007-04-10 00:06	10752	----a-w-	c:\windows\system32\E_GCINST.DLL
2014-02-24 08:47 . 2011-03-15 02:03	83968	----a-w-	c:\windows\system32\E_ID4BHJE.DLL
2014-02-19 20:19 . 2014-02-19 20:22	--------	d-----w-	c:\program files\iTunes
2014-02-13 06:03 . 2013-12-21 09:53	548864	----a-w-	c:\windows\system32\vbscript.dll
2014-02-13 06:03 . 2013-12-21 08:56	454656	----a-w-	c:\windows\SysWow64\vbscript.dll
2014-02-13 05:57 . 2014-02-06 10:49	139264	----a-w-	c:\windows\system32\ieUnatt.exe
2014-02-12 09:17 . 2013-12-06 02:30	2048	----a-w-	c:\windows\system32\msxml3r.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-23 11:40 . 2013-07-31 17:20	692616	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2014-02-23 11:40 . 2013-07-31 17:20	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-17 12:25 . 2013-08-02 10:18	88567024	----a-w-	c:\windows\system32\MRT.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPLTarget\P0000000000000000"="c:\windows\system32\spool\DRIVERS\x64\3\E_IATIHJE.EXE" [2012-02-29 283232]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-08-10 336384]
"331BigDog"="c:\program files (x86)\USB Camera\VM331_STI.EXE" [2010-01-15 536576]
"UpdateP2GShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2010-07-26 222504]
"YouCam Mirage"="c:\program files (x86)\Lenovo\YouCam\YCMMirage.exe" [2011-01-28 136488]
"YouCam Tray"="c:\program files (x86)\Lenovo\YouCam\YouCam.exe" [2011-01-28 228448]
"VeriFaceManager"="c:\program files (x86)\Lenovo\VeriFace\PManage.exe" [2012-02-20 329056]
"UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-13 222504]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2013-07-25 5624784]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-02-05 43848]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"Download.am"="c:\program files (x86)\Download.am\download.am.exe" [2013-11-26 143872]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-02-06 152392]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"BingDesktop"=c:\program files (x86)\Microsoft\BingDesktop\BingDesktop.exe /fromkey
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys;c:\windows\SYSNATIVE\DRIVERS\wsvd.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]
S0 fbfmon;fbfmon;c:\windows\system32\drivers\fbfmon.sys;c:\windows\SYSNATIVE\drivers\fbfmon.sys [x]
S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys;c:\windows\SYSNATIVE\DRIVERS\LhdX64.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1404000.028\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1404000.028\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1404000.028\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1404000.028\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\BASHDefs\20140214.001\BHDrvx64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\BASHDefs\20140214.001\BHDrvx64.sys [x]
S1 BPntDrv;BPntDrv;c:\windows\system32\drivers\BPntDrv.sys;c:\windows\SYSNATIVE\drivers\BPntDrv.sys [x]
S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1404000.028\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NISx64\1404000.028\ccSetx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\IPSDefs\20140307.001\IDSvia64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\IPSDefs\20140307.001\IDSvia64.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1404000.028\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1404000.028\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1404000.028\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\NISx64\1404000.028\SYMNETS.SYS [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 BingDesktopUpdate;Bing Desktop Update service;c:\program files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe;c:\program files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [x]
S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [x]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\McSACore.exe;c:\progra~2\mcafee\SITEAD~1\McSACore.exe [x]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe;c:\program files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe [x]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys;c:\windows\SYSNATIVE\DRIVERS\AcpiVpc.sys [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
S3 vm331avs;Digital Camera 1;c:\windows\system32\Drivers\vm331avs.sys;c:\windows\SYSNATIVE\Drivers\vm331avs.sys [x]
S3 vmuvcflt;Vimicro USB Camera Filter;c:\windows\system32\Drivers\vmuvcflt.sys;c:\windows\SYSNATIVE\Drivers\vmuvcflt.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-03-05 13:21	1150280	----a-w-	c:\program files (x86)\Google\Chrome\Application\33.0.1750.146\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-03-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-31 11:42]
.
2014-03-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-20 17:07]
.
2014-03-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-20 17:07]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]
@="{771C7324-DA80-49D3-8017-753B0AF60951}"
[HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]
2012-02-20 16:57	1508192	----a-w-	c:\windows\System32\IcnOvrly.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Lenovo EE Boot Optimizer"="c:\program files (x86)\Lenovo\Boot Optimizer\PopWnd.exe" [2012-02-20 114688]
"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2012-02-20 9753024]
"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\Utility.exe" [2012-02-20 5908928]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
Notify-SDWinLogon - SDWinLogon.dll
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{95716cce-fc71-413f-8ad5-56c2892d4b3a} - c:\programdata\Package Cache\{95716cce-fc71-413f-8ad5-56c2892d4b3a}\vcredist_x86.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\20.4.0.40\diMaster.dll\" /prefetch:1"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_70_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_70_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_70_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_70_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.12"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exe
c:\windows\SysWOW64\rundll32.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-03-11  11:21:18 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2014-03-11 10:21
.
Vor Suchlauf: 9 Verzeichnis(se), 190.962.466.816 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 190.176.645.120 Bytes frei
.
- - End Of File - - 3345EF588B762DD653088481F42EC052

--- --- ---
A36C5E4F47E84449FF07ED3517B43A31
[/CODE]

Code:

ATTFilter

Combofix Logfile:

	Code: 

 ATTFilter

  
	ComboFix 14-03-10.01 - Bears 11.03.2014  10:51:19.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.1643.705 [GMT 1:00]
ausgeführt von:: c:\users\Bears\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Spybot - Search and Destroy *Disabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\s.bat
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-02-11 bis 2014-03-11  ))))))))))))))))))))))))))))))
.
.
2014-03-11 10:06 . 2014-03-11 10:06	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-03-05 18:38 . 2014-03-05 17:45	24064	----a-w-	c:\windows\zoek-delete.exe
2014-03-05 18:38 . 2014-03-11 10:14	--------	d-----w-	c:\users\Bears\AppData\Local\Temp
2014-03-05 17:45 . 2014-03-05 18:33	--------	d-----w-	C:\zoek_backup
2014-03-05 16:56 . 2014-03-05 16:56	--------	d-----w-	c:\windows\ERUNT
2014-03-05 16:28 . 2014-03-05 16:30	--------	d-----w-	C:\AdwCleaner
2014-03-05 15:35 . 2014-03-08 20:19	--------	d-----w-	C:\FRST
2014-03-05 15:27 . 2014-03-05 15:27	--------	d-----w-	c:\users\Bears\AppData\Roaming\MusicNet
2014-03-01 07:05 . 2014-01-09 02:22	5694464	----a-w-	c:\windows\SysWow64\mstscax.dll
2014-03-01 07:05 . 2014-01-03 22:44	6574592	----a-w-	c:\windows\system32\mstscax.dll
2014-03-01 05:59 . 2013-10-02 01:10	44544	----a-w-	c:\windows\system32\TsUsbGDCoInstaller.dll
2014-03-01 05:59 . 2013-10-02 04:51	3584	----a-w-	c:\windows\system32\drivers\de-DE\tsusbflt.sys.mui
2014-03-01 05:55 . 2013-09-25 02:23	1030144	----a-w-	c:\windows\system32\TSWorkspace.dll
2014-03-01 05:55 . 2013-09-25 01:57	792576	----a-w-	c:\windows\SysWow64\TSWorkspace.dll
2014-02-24 08:47 . 2007-04-10 00:06	10752	----a-w-	c:\windows\system32\E_GCINST.DLL
2014-02-24 08:47 . 2011-03-15 02:03	83968	----a-w-	c:\windows\system32\E_ID4BHJE.DLL
2014-02-19 20:19 . 2014-02-19 20:22	--------	d-----w-	c:\program files\iTunes
2014-02-13 06:03 . 2013-12-21 09:53	548864	----a-w-	c:\windows\system32\vbscript.dll
2014-02-13 06:03 . 2013-12-21 08:56	454656	----a-w-	c:\windows\SysWow64\vbscript.dll
2014-02-13 05:57 . 2014-02-06 10:49	139264	----a-w-	c:\windows\system32\ieUnatt.exe
2014-02-12 09:17 . 2013-12-06 02:30	2048	----a-w-	c:\windows\system32\msxml3r.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-23 11:40 . 2013-07-31 17:20	692616	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2014-02-23 11:40 . 2013-07-31 17:20	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-17 12:25 . 2013-08-02 10:18	88567024	----a-w-	c:\windows\system32\MRT.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPLTarget\P0000000000000000"="c:\windows\system32\spool\DRIVERS\x64\3\E_IATIHJE.EXE" [2012-02-29 283232]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-08-10 336384]
"331BigDog"="c:\program files (x86)\USB Camera\VM331_STI.EXE" [2010-01-15 536576]
"UpdateP2GShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2010-07-26 222504]
"YouCam Mirage"="c:\program files (x86)\Lenovo\YouCam\YCMMirage.exe" [2011-01-28 136488]
"YouCam Tray"="c:\program files (x86)\Lenovo\YouCam\YouCam.exe" [2011-01-28 228448]
"VeriFaceManager"="c:\program files (x86)\Lenovo\VeriFace\PManage.exe" [2012-02-20 329056]
"UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-13 222504]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2013-07-25 5624784]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-02-05 43848]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"Download.am"="c:\program files (x86)\Download.am\download.am.exe" [2013-11-26 143872]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-02-06 152392]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"BingDesktop"=c:\program files (x86)\Microsoft\BingDesktop\BingDesktop.exe /fromkey
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys;c:\windows\SYSNATIVE\DRIVERS\wsvd.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]
S0 fbfmon;fbfmon;c:\windows\system32\drivers\fbfmon.sys;c:\windows\SYSNATIVE\drivers\fbfmon.sys [x]
S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys;c:\windows\SYSNATIVE\DRIVERS\LhdX64.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1404000.028\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1404000.028\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1404000.028\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1404000.028\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\BASHDefs\20140214.001\BHDrvx64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\BASHDefs\20140214.001\BHDrvx64.sys [x]
S1 BPntDrv;BPntDrv;c:\windows\system32\drivers\BPntDrv.sys;c:\windows\SYSNATIVE\drivers\BPntDrv.sys [x]
S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1404000.028\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NISx64\1404000.028\ccSetx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\IPSDefs\20140307.001\IDSvia64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\IPSDefs\20140307.001\IDSvia64.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1404000.028\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1404000.028\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1404000.028\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\NISx64\1404000.028\SYMNETS.SYS [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 BingDesktopUpdate;Bing Desktop Update service;c:\program files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe;c:\program files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [x]
S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [x]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\McSACore.exe;c:\progra~2\mcafee\SITEAD~1\McSACore.exe [x]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe;c:\program files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe [x]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys;c:\windows\SYSNATIVE\DRIVERS\AcpiVpc.sys [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
S3 vm331avs;Digital Camera 1;c:\windows\system32\Drivers\vm331avs.sys;c:\windows\SYSNATIVE\Drivers\vm331avs.sys [x]
S3 vmuvcflt;Vimicro USB Camera Filter;c:\windows\system32\Drivers\vmuvcflt.sys;c:\windows\SYSNATIVE\Drivers\vmuvcflt.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-03-05 13:21	1150280	----a-w-	c:\program files (x86)\Google\Chrome\Application\33.0.1750.146\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-03-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-31 11:42]
.
2014-03-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-20 17:07]
.
2014-03-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-20 17:07]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]
@="{771C7324-DA80-49D3-8017-753B0AF60951}"
[HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]
2012-02-20 16:57	1508192	----a-w-	c:\windows\System32\IcnOvrly.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Lenovo EE Boot Optimizer"="c:\program files (x86)\Lenovo\Boot Optimizer\PopWnd.exe" [2012-02-20 114688]
"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2012-02-20 9753024]
"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\Utility.exe" [2012-02-20 5908928]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
Notify-SDWinLogon - SDWinLogon.dll
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{95716cce-fc71-413f-8ad5-56c2892d4b3a} - c:\programdata\Package Cache\{95716cce-fc71-413f-8ad5-56c2892d4b3a}\vcredist_x86.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\20.4.0.40\diMaster.dll\" /prefetch:1"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_70_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_70_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_70_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_70_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.12"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exe
c:\windows\SysWOW64\rundll32.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-03-11  11:21:18 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2014-03-11 10:21
.
Vor Suchlauf: 9 Verzeichnis(se), 190.962.466.816 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 190.176.645.120 Bytes frei
.
- - End Of File - - 3345EF588B762DD653088481F42EC052
         
 --- --- ---
A36C5E4F47E84449FF07ED3517B43A31

M-K-D-B · 11.03.2014, 13:58

Servus,

Wir entfernen die letzten Reste und kontrollieren nochmal alles. ESET kann länger (> 2 h) dauern.
Im Anschluss daran räumen wir auf und ich gebe dir noch ein paar Tipps mit auf den Weg.

Schritt 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

start
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\rjatydimofu.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
Task: {29D16331-2C2F-4500-9F3E-1F7B465B5864} - \Browser Updater\Browser Updater No Task File
Task: {703BE289-BDD7-41B4-9C10-558D29BDC134} - System32\Tasks\FF Watcher {229E15E0-45F2-4EEE-80C5-407282C3F3B2} => C:\Program Files\V-bates\PrefHelper.exe
Task: {786AFD2C-75AA-493E-B7F6-8F13837C0A5E} - \Desk 365 RunAsStdUser No Task File
C:\Program Files\V-bates
Task: {C78A2B4D-8C0F-42F5-8B79-ADD7D4566241} - \ProtectedSearch\Protected Search No Task File
Task: {E5769D52-567C-4642-BD19-C3AF3E3C42BA} - \Omiga Plus RunAsStdUser No Task File
Task: C:\windows\Tasks\FF Watcher {229E15E0-45F2-4EEE-80C5-407282C3F3B2}.job => C:\Program Files\V-bates\PrefHelper.exe
AlternateDataStreams: C:\ProgramData\Temp:373E1720
end

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Schritt 2
Downloade dir die passende Version von HitmanPro auf deinen Desktop: HitmanPro - 32 Bit | HitmanPro - 64 Bit.

Starte die HitmanPro.exe
Klicke auf
Entferne den Haken bei
Klicke auf
und
Akzeptiere die Lizenzbedingungen und klicke auf
Klicke auf

und auf
Wenn der Scan beendet wurde, nichts löschen lassen etc. sondern wähle unten links auf der Button-Leiste
und speichere die Logdatei auf Deinem Desktop.
Schließe HitmanPro und poste mir das Log.

Schritt 3

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Schritt 4
Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

Bitte poste mit deiner nächsten Antwort

die Logdatei von FRST,
die Logdatei von HitmanPro,
die Logdatei von ESET,
die Logdatei von SecurityCheck.

mamabear · 12.03.2014, 13:53

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2014
Ran by Bears at 2014-03-12 09:02:18 Run:1
Running from C:\Users\Bears\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\rjatydimofu.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
Task: {29D16331-2C2F-4500-9F3E-1F7B465B5864} - \Browser Updater\Browser Updater No Task File
Task: {703BE289-BDD7-41B4-9C10-558D29BDC134} - System32\Tasks\FF Watcher {229E15E0-45F2-4EEE-80C5-407282C3F3B2} => C:\Program Files\V-bates\PrefHelper.exe
Task: {786AFD2C-75AA-493E-B7F6-8F13837C0A5E} - \Desk 365 RunAsStdUser No Task File
C:\Program Files\V-bates
Task: {C78A2B4D-8C0F-42F5-8B79-ADD7D4566241} - \ProtectedSearch\Protected Search No Task File
Task: {E5769D52-567C-4642-BD19-C3AF3E3C42BA} - \Omiga Plus RunAsStdUser No Task File
Task: C:\windows\Tasks\FF Watcher {229E15E0-45F2-4EEE-80C5-407282C3F3B2}.job => C:\Program Files\V-bates\PrefHelper.exe
AlternateDataStreams: C:\ProgramData\Temp:373E1720
end
*****************

HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bpsvc.exe => Key not found.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browsersafeguard.exe => Key not found.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\dprotectsvc.exe => Key not found.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\protectedsearch.exe => Key not found.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\rjatydimofu.exe => Key not found.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchprotection.exe => Key not found.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchprotector.exe => Key not found.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\snapdo.exe => Key not found.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\stinst32.exe => Key not found.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\stinst64.exe => Key not found.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\utiljumpflip.exe => Key not found.
C:\windows\system32\GroupPolicy\Machine => Moved successfully.
C:\windows\system32\GroupPolicy\GPT.ini => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{29D16331-2C2F-4500-9F3E-1F7B465B5864} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{29D16331-2C2F-4500-9F3E-1F7B465B5864} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Browser Updater\Browser Updater => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{703BE289-BDD7-41B4-9C10-558D29BDC134} => Key not found.
C:\Windows\System32\Tasks\FF Watcher {229E15E0-45F2-4EEE-80C5-407282C3F3B2} not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FF Watcher {229E15E0-45F2-4EEE-80C5-407282C3F3B2} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{786AFD2C-75AA-493E-B7F6-8F13837C0A5E} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{786AFD2C-75AA-493E-B7F6-8F13837C0A5E} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Desk 365 RunAsStdUser => Key deleted successfully.
"C:\Program Files\V-bates" => File/Directory not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C78A2B4D-8C0F-42F5-8B79-ADD7D4566241} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C78A2B4D-8C0F-42F5-8B79-ADD7D4566241} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ProtectedSearch\Protected Search => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E5769D52-567C-4642-BD19-C3AF3E3C42BA} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E5769D52-567C-4642-BD19-C3AF3E3C42BA} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Omiga Plus RunAsStdUser => Key deleted successfully.
C:\windows\Tasks\FF Watcher {229E15E0-45F2-4EEE-80C5-407282C3F3B2}.job not found.
C:\ProgramData\Temp => ":373E1720" ADS removed successfully.


The system needed a reboot. 

==== End of Fixlog ====

Code:

ATTFilter


	Code: 

 ATTFilter

  
	HitmanPro 3.7.9.212
www.hitmanpro.com

   Computer name . . . . : BEARS-PC
   Windows . . . . . . . : 6.1.1.7601.X64/2
   User name . . . . . . : Bears-PC\Bears
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Trial (30 days left)

   Scan date . . . . . . : 2014-03-12 09:11:28
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 28m 42s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 0
   Traces  . . . . . . . : 64

   Objects scanned . . . : 1.851.759
   Files scanned . . . . : 20.284
   Remnants scanned  . . : 241.997 files / 1.589.478 keys

Potential Unwanted Programs _________________________________________________

   HKLM\SOFTWARE\Classes\Record\{2009AF2F-5786-3067-8799-B97F7832FDD6}\ (FLV Player) -> Deleted
   HKLM\SOFTWARE\Classes\Record\{425E7597-03A2-338D-B72A-0E51FFE77A7E}\ (FLV Player) -> Deleted
   HKLM\SOFTWARE\Classes\Record\{915BB7D5-082E-3B91-B1E0-45B5FDE01F24}\ (FLV Player) -> Deleted
   HKLM\SOFTWARE\Classes\Record\{FB2E65F4-5687-33EF-9BBF-4E3C9C98D3B9}\ (FLV Player) -> Deleted
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\5E8031606EB60A64C882918F8FF38DD4\ (FLV Player) -> Deleted
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964\ (FLV Player) -> Deleted
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467\ (FLV Player) -> Deleted
   HKU\S-1-5-21-1415361469-2693387662-4033486994-1002\Software\Microsoft\Installer\UpgradeCodes\5E8031606EB60A64C882918F8FF38DD4\ (FLV Player) -> Deleted
   HKU\S-1-5-21-1415361469-2693387662-4033486994-1002\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\SnapDo.exe (FLV Player) -> Deleted

Cookies _____________________________________________________________________

   C:\Users\Bears\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.360yield.com
   C:\Users\Bears\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.ad-srv.net
   C:\Users\Bears\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.adnet.de
   C:\Users\Bears\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.dyntracker.com
   C:\Users\Bears\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.dyntracker.de
   C:\Users\Bears\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.movad.net
   C:\Users\Bears\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.propellerads.com
   C:\Users\Bears\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.zanox.com
   C:\Users\Bears\AppData\Local\Google\Chrome\User Data\Default\Cookies:adinterax.com
   C:\Users\Bears\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.1a-infosysteme.de
   C:\Users\Bears\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.ad-center.com
   C:\Users\Bears\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.adk2.com
   C:\Users\Bears\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.adrivo.com
   C:\Users\Bears\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.creative-serving.com
   C:\Users\Bears\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.escinteractive.com
   C:\Users\Bears\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.p161.net
   C:\Users\Bears\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.pubmatic.com
   C:\Users\Bears\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.stickyadstv.com
   C:\Users\Bears\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.yahoo.com
   C:\Users\Bears\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtech.de
   C:\Users\Bears\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtechus.com
   C:\Users\Bears\AppData\Local\Google\Chrome\User Data\Default\Cookies:advertising.com
   C:\Users\Bears\AppData\Local\Google\Chrome\User Data\Default\Cookies:advertizenet.rotator.hadj7.adjuggler.net
   C:\Users\Bears\AppData\Local\Google\Chrome\User Data\Default\Cookies:apmebf.com
   C:\Users\Bears\AppData\Local\Google\Chrome\User Data\Default\Cookies:atdmt.com
   C:\Users\Bears\AppData\Local\Google\Chrome\User Data\Default\Cookies:bs.serving-sys.com
   C:\Users\Bears\AppData\Local\Google\Chrome\User Data\Default\Cookies:burstnet.com
   C:\Users\Bears\AppData\Local\Google\Chrome\User Data\Default\Cookies:casalemedia.com
   C:\Users\Bears\AppData\Local\Google\Chrome\User Data\Default\Cookies:conrad.122.2o7.net
   C:\Users\Bears\AppData\Local\Google\Chrome\User Data\Default\Cookies:de.sitestat.com
   C:\Users\Bears\AppData\Local\Google\Chrome\User Data\Default\Cookies:deutschepostag.112.2o7.net
   C:\Users\Bears\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
   C:\Users\Bears\AppData\Local\Google\Chrome\User Data\Default\Cookies:eas.apm.emediate.eu
   C:\Users\Bears\AppData\Local\Google\Chrome\User Data\Default\Cookies:emjcd.com
   C:\Users\Bears\AppData\Local\Google\Chrome\User Data\Default\Cookies:exoclick.com
   C:\Users\Bears\AppData\Local\Google\Chrome\User Data\Default\Cookies:fastclick.net
   C:\Users\Bears\AppData\Local\Google\Chrome\User Data\Default\Cookies:interclick.com
   C:\Users\Bears\AppData\Local\Google\Chrome\User Data\Default\Cookies:media6degrees.com
   C:\Users\Bears\AppData\Local\Google\Chrome\User Data\Default\Cookies:mediaplex.com
   C:\Users\Bears\AppData\Local\Google\Chrome\User Data\Default\Cookies:revsci.net
   C:\Users\Bears\AppData\Local\Google\Chrome\User Data\Default\Cookies:ru4.com
   C:\Users\Bears\AppData\Local\Google\Chrome\User Data\Default\Cookies:serving-sys.com
   C:\Users\Bears\AppData\Local\Google\Chrome\User Data\Default\Cookies:smartadserver.com
   C:\Users\Bears\AppData\Local\Google\Chrome\User Data\Default\Cookies:statcounter.com
   C:\Users\Bears\AppData\Local\Google\Chrome\User Data\Default\Cookies:superrtl.122.2o7.net
   C:\Users\Bears\AppData\Local\Google\Chrome\User Data\Default\Cookies:track.adform.net
   C:\Users\Bears\AppData\Local\Google\Chrome\User Data\Default\Cookies:track.effiliation.com
   C:\Users\Bears\AppData\Local\Google\Chrome\User Data\Default\Cookies:tradedoubler.com
   C:\Users\Bears\AppData\Local\Google\Chrome\User Data\Default\Cookies:uk.at.atwola.com
   C:\Users\Bears\AppData\Local\Google\Chrome\User Data\Default\Cookies:ww251.smartadserver.com
   C:\Users\Bears\AppData\Local\Google\Chrome\User Data\Default\Cookies:ww400.smartadserver.com
   C:\Users\Bears\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.burstnet.com
   C:\Users\Bears\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.etracker.de
   C:\Users\Bears\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.googleadservices.com
   C:\Users\Bears\AppData\Local\Google\Chrome\User Data\Default\Cookies:xiti.com

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=6eb4c5e7f883474899c6e81227b0869f
# engine=17406
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-03-12 12:23:32
# local_time=2014-03-12 01:23:32 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=2047 16777215 0 0 0 0 0 0
# compatibility_mode=3591 16777213 100 91 3129490 157223597 0 0
# compatibility_mode=5893 16776574 100 94 13225812 146256862 0 0
# scanned=150009
# found=1
# cleaned=0
# scan_time=12188
sh=432AFF6E7E0878D361D0294B8CC7FDFC6A2C3286 ft=0 fh=0000000000000000 vn="Win32/StartPage.OPH trojan" ac=I fn="D:\BEARS-PC\Backup Set 2012-05-03 161935\Backup Files 2012-05-06 193858\Backup files 4.zip"

Code:

ATTFilter

 Results of screen317's Security Check version 0.99.80  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Norton Internet Security   
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Spybot - Search & Destroy 
 McAfee SiteAdvisor    
 Adobe Flash Player 12.0.0.70  
 Adobe Reader XI  
 Google Chrome 33.0.1750.117  
 Google Chrome 33.0.1750.146  
````````Process Check: objlist.exe by Laurent````````  
 Norton ccSvcHst.exe 
 Spybot Teatimer.exe is disabled! 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````

M-K-D-B · 12.03.2014, 15:01

Servus,

wie läuft der Rechner momentan?
Treten noch Fehlermeldung auf? Wenn ja, welche?
Treten noch Probleme mit Browsern (IE, Firefox, Chrome) auf? Wenn ja, welche?

Kontrollscan mit FRST
Führe wie zuvor beschrieben einen Scan mit FRST aus.
Setze dazu einen Haken bei Addition.txt rechts unten und klicke auf Scan.
Es werden zwei Logdateien erzeugt. Poste mir diese.

mamabear · 13.03.2014, 10:50

Hallo,
der Rechner läuft soweit gut, nur der Browser Funktioniert immer noch nicht richtig. Egal welchen ich benutze nach einer weile kommt immer Keine Rückmeldung. Manchmal dauert es einen kurzen Moment und er geht wieder, aber meistens muss ich den Browser beenden und neu starten.

FRST Additions Logfile:

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by Bears at 2014-03-13 11:44:25
Running from C:\Users\Bears\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Norton Internet Security (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: Norton Internet Security (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

==================== Installed Programs ======================

Adobe Digital Editions 2.0 (HKLM-x32\...\Adobe Digital Editions 2.0) (Version: 2.0 - Adobe Systems Incorporated)
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.05) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.05 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)
AMD APP SDK Runtime (Version: 2.4.650.9 - Advanced Micro Devices Inc.) Hidden
AMD Fuel (Version: 2011.0810.604.8985 - Ihr Firmenname) Hidden
AMD Media Foundation Decoders (Version: 1.0.60810.0551 - ATI Technologies Inc.) Hidden
AMD VISION Engine Control Center (x32 Version: 2011.0810.604.8985 - Ihr Firmenname) Hidden
Apple Application Support (HKLM-x32\...\{21FC2093-6E43-460B-B9B0-5F5AA35BBB0F}) (Version: 3.0 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{FE86CB0C-FCB3-4358-B4B0-B0A41E33B3DD}) (Version: 7.1.0.32 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.33 - Atheros Communications Inc.)
ATI AVIVO64 Codecs (Version: 11.6.0.10810 - ATI Technologies Inc.) Hidden
ATI Catalyst Install Manager (HKLM\...\{42C76910-6CD4-EC68-FB78-0D3DE411AD63}) (Version: 3.0.829.0 - ATI Technologies, Inc.)
Benutzerhandbuch (x32 Version: 1.0.0.6 - Lenovo) Hidden
Bing-Desktop (HKLM-x32\...\{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}) (Version: 1.3.171.0 - Microsoft Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2011.0810.604.8985 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2011.0810.604.8985 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2011.0810.604.8985 - ATI) Hidden
Catalyst Control Center Profiles Mobile (x32 Version: 2011.0810.604.8985 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2011.0810.0603.8985 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2011.0810.0603.8985 - ATI) Hidden
CCC Help Czech (x32 Version: 2011.0810.0603.8985 - ATI) Hidden
CCC Help Danish (x32 Version: 2011.0810.0603.8985 - ATI) Hidden
CCC Help Dutch (x32 Version: 2011.0810.0603.8985 - ATI) Hidden
CCC Help English (x32 Version: 2011.0810.0603.8985 - ATI) Hidden
CCC Help Finnish (x32 Version: 2011.0810.0603.8985 - ATI) Hidden
CCC Help French (x32 Version: 2011.0810.0603.8985 - ATI) Hidden
CCC Help German (x32 Version: 2011.0810.0603.8985 - ATI) Hidden
CCC Help Greek (x32 Version: 2011.0810.0603.8985 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2011.0810.0603.8985 - ATI) Hidden
CCC Help Italian (x32 Version: 2011.0810.0603.8985 - ATI) Hidden
CCC Help Japanese (x32 Version: 2011.0810.0603.8985 - ATI) Hidden
CCC Help Korean (x32 Version: 2011.0810.0603.8985 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2011.0810.0603.8985 - ATI) Hidden
CCC Help Polish (x32 Version: 2011.0810.0603.8985 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2011.0810.0603.8985 - ATI) Hidden
CCC Help Russian (x32 Version: 2011.0810.0603.8985 - ATI) Hidden
CCC Help Spanish (x32 Version: 2011.0810.0603.8985 - ATI) Hidden
CCC Help Swedish (x32 Version: 2011.0810.0603.8985 - ATI) Hidden
CCC Help Thai (x32 Version: 2011.0810.0603.8985 - ATI) Hidden
CCC Help Turkish (x32 Version: 2011.0810.0603.8985 - ATI) Hidden
ccc-utility64 (Version: 2011.0810.604.8985 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.06 - Piriform)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.4.50 - Conexant)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Download.am (HKLM-x32\...\Download.am) (Version:  - )
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 6.0.2.0 - Lenovo)
Energy Management (x32 Version: 6.0.2.0 - Lenovo) Hidden
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON SX130 Series Printer Uninstall (HKLM\...\EPSON SX130 Series) (Version:  - SEIKO EPSON Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.146 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.4805.320 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
iTunes (HKLM\...\{96B53CA8-5ABB-49D8-96F1-F6C0D73A76C6}) (Version: 11.1.4.62 - Apple Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}) (Version: 13.10.1201.1 - Vimicro)
Lenovo EE Boot Optimizer (HKLM\...\Lenovo EE Boot Optimizer) (Version: 0.0.1.6 - Lenovo)
Lenovo Games Console (HKLM-x32\...\Lenovo Games Console) (Version: 1.2.6.436 - Oberon Media Inc.)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 7.0.1628 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 7.0.1628 - CyberLink Corp.) Hidden
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.3728 - CyberLink Corp.)
Lenovo YouCam (x32 Version: 3.1.3728 - CyberLink Corp.) Hidden
Lenovo_Wireless_Driver (HKLM-x32\...\{28ABE740-47F3-441B-9437-852F6A64EFF8}) (Version: 1.02.01 - Lenovo)
McAfee SiteAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.6.135 - McAfee, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Norton Internet Security (HKLM-x32\...\NIS) (Version: 20.4.0.40 - Symantec Corporation)
Opera Stable 20.0.1387.64 (HKLM-x32\...\Opera 20.0.1387.64) (Version: 20.0.1387.64 - Opera Software ASA)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.7303 - CyberLink Corp.)
PowerXpressHybrid (x32 Version: 1.00.0000 - ATI) Hidden
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Ravensburger tiptoi (HKLM-x32\...\Ravensburger tiptoi) (Version:  - )
Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 6.1.7600.10003 - Realtek Semiconductor Corp.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.1.21 - Safer-Networking Ltd.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.1.12.0 - Synaptics Incorporated)
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.6 - Lenovo)
VeriFace (HKLM-x32\...\VeriFace) (Version: 4.0.0.1224 - Lenovo)
VLC media player 2.0.7 (HKLM\...\VLC media player) (Version: 2.0.7 - VideoLAN)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows-Treiberpaket - Lenovo (ACPIVPC) System  (12/02/2010 6.1.0.1) (HKLM\...\EA12B1FB53CE4E387C31A85236C41EF559B5E392) (Version: 12/02/2010 6.1.0.1 - Lenovo)
WinRAR 5.00 beta 7 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.7 - win.rar GmbH)

==================== Restore Points  =========================

24-02-2014 08:48:12 Gerätetreiber-Paketinstallation: EPSON Drucker
27-02-2014 12:50:41 S
27-02-2014 12:59:16 S
01-03-2014 05:55:41 Windows Update
02-03-2014 05:12:34 Windows Update
05-03-2014 18:12:05 zoek.exe restore point
11-03-2014 09:47:16 ComboFix created restore point
13-03-2014 10:09:48 Windows Update

==================== Hosts content: ==========================

2009-07-14 03:34 - 2014-03-11 11:13 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {128628B2-1BC3-48E4-8BFF-664219D3F968} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {245CF997-ABC2-4B3D-8398-EDC9CAD04143} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\SymErr.exe [2013-06-04] (Symantec Corporation)
Task: {3061847A-6752-4612-8115-98A21449B4ED} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\SymErr.exe [2013-06-04] (Symantec Corporation)
Task: {30AA31D6-4C32-46EB-A73F-C68C26FA5824} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2011-01-29] (CyberLink)
Task: {4275A705-4E24-445B-83A6-F17B4C1ED7E9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-02-20] (Google Inc.)
Task: {466A78EB-D757-4860-9959-BB756AC66A62} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\WSCStub.exe [2013-06-04] (Symantec Corporation)
Task: {61966F8D-4008-4F21-9608-9F821B0E2CFF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-09-19] (Piriform Ltd)
Task: {661587A3-D323-4310-B128-1E6A234F66A3} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-05-11] (Adobe Systems Incorporated)
Task: {6937F5AC-4539-43C5-A5A1-9ACBFA83BADF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-02-20] (Google Inc.)
Task: {B33B5BF0-B424-4D26-903C-49D881272E80} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {B464ECCD-F301-4ABD-B852-1AD5BC9D7A7B} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-13] (Adobe Systems Incorporated)
Task: {BDFFE006-CD84-4654-A319-A13745D36ADF} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {F8CAA2D3-76A1-462E-9AF3-A885D9F40B35} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2011-08-10 06:59 - 2011-08-10 06:59 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2012-02-20 17:57 - 2012-02-20 17:57 - 01508192 _____ () C:\windows\system32\IcnOvrly.dll
2008-12-20 04:20 - 2012-02-20 18:14 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\HookLib.dll
2008-12-20 04:20 - 2012-02-20 18:14 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\kbdhook.dll
2013-11-26 23:00 - 2013-11-26 23:00 - 00143872 _____ () C:\Program Files (x86)\Download.am\download.am.exe
2011-08-10 06:59 - 2011-08-10 06:59 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2011-03-14 15:21 - 2011-03-14 15:21 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2011-08-10 07:02 - 2011-08-10 07:02 - 00243712 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2014-02-06 00:52 - 2014-02-06 00:52 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-06 00:52 - 2014-02-06 00:52 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-09-16 18:37 - 2013-05-16 09:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2013-09-16 18:37 - 2013-05-16 09:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2013-09-16 18:37 - 2013-05-16 09:55 - 00161112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2013-09-16 18:37 - 2012-08-23 09:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2013-09-16 18:37 - 2012-04-03 16:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2013-10-12 07:44 - 2012-05-30 07:51 - 00699280 ____R () C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\20.4.0.40\wincfi39.dll
2012-02-20 17:57 - 2012-02-20 17:57 - 00013664 _____ () C:\Program Files (x86)\Lenovo\VeriFace\ChooseLang.dll
2014-03-05 18:16 - 2014-02-27 14:57 - 00908640 _____ () C:\Program Files (x86)\Opera\20.0.1387.64\libglesv2.dll
2014-03-05 18:16 - 2014-02-27 14:57 - 00108896 _____ () C:\Program Files (x86)\Opera\20.0.1387.64\libegl.dll
2014-03-05 18:16 - 2014-02-27 14:57 - 00895328 _____ () C:\Program Files (x86)\Opera\20.0.1387.64\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/13/2014 10:53:44 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/12/2014 01:54:19 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/12/2014 01:47:59 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: SDUpdate.exe, Version: 2.1.18.91, Zeitstempel: 0x51949fc0
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18229, Zeitstempel: 0x51fb1116
Ausnahmecode: 0x0eedfade
Fehleroffset: 0x0000c41f
ID des fehlerhaften Prozesses: 0xb50
Startzeit der fehlerhaften Anwendung: 0xSDUpdate.exe0
Pfad der fehlerhaften Anwendung: SDUpdate.exe1
Pfad des fehlerhaften Moduls: SDUpdate.exe2
Berichtskennung: SDUpdate.exe3

Error: (03/12/2014 01:42:59 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: SDUpdate.exe, Version: 2.1.18.91, Zeitstempel: 0x51949fc0
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18229, Zeitstempel: 0x51fb1116
Ausnahmecode: 0x0eedfade
Fehleroffset: 0x0000c41f
ID des fehlerhaften Prozesses: 0xfc8
Startzeit der fehlerhaften Anwendung: 0xSDUpdate.exe0
Pfad der fehlerhaften Anwendung: SDUpdate.exe1
Pfad des fehlerhaften Moduls: SDUpdate.exe2
Berichtskennung: SDUpdate.exe3

Error: (03/12/2014 01:37:59 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: SDUpdate.exe, Version: 2.1.18.91, Zeitstempel: 0x51949fc0
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18229, Zeitstempel: 0x51fb1116
Ausnahmecode: 0x0eedfade
Fehleroffset: 0x0000c41f
ID des fehlerhaften Prozesses: 0xe34
Startzeit der fehlerhaften Anwendung: 0xSDUpdate.exe0
Pfad der fehlerhaften Anwendung: SDUpdate.exe1
Pfad des fehlerhaften Moduls: SDUpdate.exe2
Berichtskennung: SDUpdate.exe3

Error: (03/12/2014 01:35:04 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (03/12/2014 01:33:40 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: ccSvcHst.exe, Version: 12.3.3.2, Zeitstempel: 0x519ab0d3
Name des fehlerhaften Moduls: ccL120U.dll, Version: 12.3.3.2, Zeitstempel: 0x519abdac
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0006c2ca
ID des fehlerhaften Prozesses: 0x13bc
Startzeit der fehlerhaften Anwendung: 0xccSvcHst.exe0
Pfad der fehlerhaften Anwendung: ccSvcHst.exe1
Pfad des fehlerhaften Moduls: ccSvcHst.exe2
Berichtskennung: ccSvcHst.exe3

Error: (03/12/2014 01:33:35 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: SDUpdate.exe, Version: 2.1.18.91, Zeitstempel: 0x51949fc0
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18229, Zeitstempel: 0x51fb1116
Ausnahmecode: 0x0eedfade
Fehleroffset: 0x0000c41f
ID des fehlerhaften Prozesses: 0xc48
Startzeit der fehlerhaften Anwendung: 0xSDUpdate.exe0
Pfad der fehlerhaften Anwendung: SDUpdate.exe1
Pfad des fehlerhaften Moduls: SDUpdate.exe2
Berichtskennung: SDUpdate.exe3

Error: (03/12/2014 01:27:59 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: SDUpdate.exe, Version: 2.1.18.91, Zeitstempel: 0x51949fc0
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18229, Zeitstempel: 0x51fb1116
Ausnahmecode: 0x0eedfade
Fehleroffset: 0x0000c41f
ID des fehlerhaften Prozesses: 0xf8c
Startzeit der fehlerhaften Anwendung: 0xSDUpdate.exe0
Pfad der fehlerhaften Anwendung: SDUpdate.exe1
Pfad des fehlerhaften Moduls: SDUpdate.exe2
Berichtskennung: SDUpdate.exe3

Error: (03/12/2014 01:23:03 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: SDUpdate.exe, Version: 2.1.18.91, Zeitstempel: 0x51949fc0
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18229, Zeitstempel: 0x51fb1116
Ausnahmecode: 0x0eedfade
Fehleroffset: 0x0000c41f
ID des fehlerhaften Prozesses: 0xa38
Startzeit der fehlerhaften Anwendung: 0xSDUpdate.exe0
Pfad der fehlerhaften Anwendung: SDUpdate.exe1
Pfad des fehlerhaften Moduls: SDUpdate.exe2
Berichtskennung: SDUpdate.exe3


System errors:
=============
Error: (03/13/2014 11:09:05 AM) (Source: DCOM) (User: )
Description: 1053VSS{0B5A2C52-3EB9-470A-96E2-6C6D4570E40F}

Error: (03/13/2014 11:09:01 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Volumeschattenkopie" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (03/13/2014 11:09:01 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Volumeschattenkopie erreicht.

Error: (03/13/2014 10:59:30 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst ShellHWDetection erreicht.

Error: (03/13/2014 10:59:17 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Update" wurde nicht richtig gestartet.

Error: (03/13/2014 10:59:00 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst LanmanServer erreicht.

Error: (03/13/2014 10:58:30 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst ShellHWDetection erreicht.

Error: (03/13/2014 10:57:59 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst ShellHWDetection erreicht.

Error: (03/13/2014 10:57:48 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Presentation Foundation-Schriftartcache 3.0.0.0" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (03/13/2014 10:57:48 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Presentation Foundation-Schriftartcache 3.0.0.0 erreicht.


Microsoft Office Sessions:
=========================
Error: (03/13/2014 10:53:44 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/12/2014 01:54:19 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/12/2014 01:47:59 PM) (Source: Application Error)(User: )
Description: SDUpdate.exe2.1.18.9151949fc0KERNELBASE.dll6.1.7601.1822951fb11160eedfade0000c41fb5001cf3df14bdde1dfC:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exeC:\windows\syswow64\KERNELBASE.dll89cd1346-a9e4-11e3-a66f-dc0ea183af74

Error: (03/12/2014 01:42:59 PM) (Source: Application Error)(User: )
Description: SDUpdate.exe2.1.18.9151949fc0KERNELBASE.dll6.1.7601.1822951fb11160eedfade0000c41ffc801cf3df0990bca85C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exeC:\windows\syswow64\KERNELBASE.dlld725d4b1-a9e3-11e3-a66f-dc0ea183af74

Error: (03/12/2014 01:37:59 PM) (Source: Application Error)(User: )
Description: SDUpdate.exe2.1.18.9151949fc0KERNELBASE.dll6.1.7601.1822951fb11160eedfade0000c41fe3401cf3defe63dbe16C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exeC:\windows\syswow64\KERNELBASE.dll24561453-a9e3-11e3-a66f-dc0ea183af74

Error: (03/12/2014 01:35:04 PM) (Source: SideBySide)(User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (03/12/2014 01:33:40 PM) (Source: Application Error)(User: )
Description: ccSvcHst.exe12.3.3.2519ab0d3ccL120U.dll12.3.3.2519abdacc00000050006c2ca13bc01cf3dd10a1f3586C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exeC:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccL120U.dll89c78c63-a9e2-11e3-a66f-dc0ea183af74

Error: (03/12/2014 01:33:35 PM) (Source: Application Error)(User: )
Description: SDUpdate.exe2.1.18.9151949fc0KERNELBASE.dll6.1.7601.1822951fb11160eedfade0000c41fc4801cf3def338d7648C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exeC:\windows\syswow64\KERNELBASE.dll86f51262-a9e2-11e3-a66f-dc0ea183af74

Error: (03/12/2014 01:27:59 PM) (Source: Application Error)(User: )
Description: SDUpdate.exe2.1.18.9151949fc0KERNELBASE.dll6.1.7601.1822951fb11160eedfade0000c41ff8c01cf3dee8099de97C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exeC:\windows\syswow64\KERNELBASE.dllbec6f3c6-a9e1-11e3-a66f-dc0ea183af74

Error: (03/12/2014 01:23:03 PM) (Source: Application Error)(User: )
Description: SDUpdate.exe2.1.18.9151949fc0KERNELBASE.dll6.1.7601.1822951fb11160eedfade0000c41fa3801cf3dedcdd850a6C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exeC:\windows\syswow64\KERNELBASE.dll0e241f93-a9e1-11e3-a66f-dc0ea183af74


CodeIntegrity Errors:
===================================
  Date: 2014-03-11 11:03:52.685
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-03-11 11:03:52.295
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Percentage of memory in use: 78%
Total physical RAM: 1642.9 MB
Available physical RAM: 357.62 MB
Total Pagefile: 3853.66 MB
Available Pagefile: 1887.76 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:254.14 GB) (Free:178.63 GB) NTFS
Drive d: (LENOVO) (Fixed) (Total:29 GB) (Free:0.57 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: FD22277B)

Partition: GPT Partition Type.

==================== End Of Log ============================

--- --- ---

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Bears (administrator) on BEARS-PC on 13-03-2014 11:38:45
Running from C:\Users\Bears\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(AMD) C:\windows\system32\atiesrxx.exe
(AMD) C:\windows\system32\atieclxx.exe
(Microsoft Corporation) C:\windows\system32\WLANExt.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIHJE.EXE
(Vimicro) C:\Program Files (x86)\USB Camera\VM331_STI.EXE
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Lenovo) C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Program Files (x86)\Download.am\download.am.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\windows\System32\sdclt.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
(Opera Software) C:\Program Files (x86)\Opera\20.0.1387.64\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\20.0.1387.64\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\20.0.1387.64\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\20.0.1387.64\opera.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2294568 2010-09-03] (Synaptics Incorporated)
HKLM\...\Run: [Lenovo EE Boot Optimizer] - C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe [114688 2012-02-20] (Lenovo)
HKLM\...\Run: [Energy Management] - C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [9753024 2012-02-20] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] - C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [5908928 2012-02-20] (Lenovo(beijing) Limited)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-08-10] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [331BigDog] - C:\Program Files (x86)\USB Camera\VM331_STI.EXE [536576 2010-01-15] (Vimicro)
HKLM-x32\...\Run: [UpdateP2GShortCut] - C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2010-07-26] (CyberLink Corp.)
HKLM-x32\...\Run: [YouCam Mirage] - C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2011-01-29] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] - C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe [228448 2011-01-29] (CyberLink Corp.)
HKLM-x32\...\Run: [VeriFaceManager] - C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe [329056 2012-02-20] (Lenovo)
HKLM-x32\...\Run: [UpdatePRCShortCut] - C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKLM-x32\...\Run: [SDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-06] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [Download.am] - C:\Program Files (x86)\Download.am\download.am.exe [143872 2013-11-26] ()
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-06] (Apple Inc.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-1415361469-2693387662-4033486994-1002\...\Run: [EPLTarget\P0000000000000000] - C:\windows\system32\spool\DRIVERS\x64\3\E_IATIHJE.EXE [283232 2012-02-29] (SEIKO EPSON CORPORATION)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

Chrome: 
=======
CHR Extension: (Google Docs) - C:\Users\Bears\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-05]
CHR Extension: (Google Drive) - C:\Users\Bears\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-05]
CHR Extension: (YouTube) - C:\Users\Bears\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-05]
CHR Extension: (Google-Suche) - C:\Users\Bears\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-05]
CHR Extension: (Google Wallet) - C:\Users\Bears\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Google Mail) - C:\Users\Bears\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-05]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\Exts\Chrome.crx [2014-02-02]

==================== Services (Whitelisted) =================

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [365568 2011-08-10] (Advanced Micro Devices, Inc.)
R2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173192 2013-06-20] (Microsoft Corp.)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [123384 2014-01-22] (McAfee, Inc.)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.)

==================== Drivers (Whitelisted) ====================

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\BASHDefs\20140214.001\BHDrvx64.sys [1526488 2013-12-18] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1404000.028\ccSetx64.sys [169048 2013-04-16] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2014-02-24] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-11-21] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\IPSDefs\20140312.001\IDSvia64.sys [524504 2014-03-06] (Symantec Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20140312.037\ENG64.SYS [126040 2014-03-12] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20140312.037\EX64.SYS [2099288 2014-03-12] (Symantec Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1404000.028\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1404000.028\SRTSPX64.SYS [36952 2013-03-05] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1404000.028\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1404000.028\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-10-12] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1404000.028\Ironx64.SYS [224416 2013-03-05] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1404000.028\SYMNETS.SYS [433752 2013-04-25] (Symantec Corporation)
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [228224 2010-10-21] (Vimicro Corporation)
R3 vmuvcflt; C:\Windows\System32\Drivers\vmuvcflt.sys [8320 2010-08-16] (Vimicro Corporation)
U3 BcmSqlStartupSvc; 
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U2 CLKMSVC10_3A60B698; 
U2 CLKMSVC10_C3B3B687; 
U2 DriverService; 
U2 IAStorDataMgrSvc; 
U2 iATAgentService; 
U2 idealife Update Service; 
U3 IGRS; 
U2 IviRegMgr; 
U2 nvUpdatusService; 
U2 Oasis2Service; 
U2 PCCarerService; 
U2 ReadyComm.DirectRouter; 
U2 RichVideo; 
U2 RtLedService; 
U2 SeaPort; 
U2 SoftwareService; 
U3 SQLWriter; 
U2 Stereo Service; 

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-13 11:38 - 2014-03-13 11:42 - 00014881 _____ () C:\Users\Bears\Desktop\FRST.txt
2014-03-13 11:30 - 2014-03-13 11:31 - 02157056 _____ (Farbar) C:\Users\Bears\Desktop\FRST64.exe
2014-03-12 09:10 - 2014-03-12 09:48 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-03-11 11:21 - 2014-03-11 11:21 - 00020001 _____ () C:\ComboFix.txt
2014-03-11 10:47 - 2011-06-26 07:45 - 00256000 _____ () C:\windows\PEV.exe
2014-03-11 10:47 - 2010-11-07 18:20 - 00208896 _____ () C:\windows\MBR.exe
2014-03-11 10:47 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2014-03-11 10:47 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2014-03-11 10:47 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2014-03-11 10:47 - 2000-08-31 01:00 - 00098816 _____ () C:\windows\sed.exe
2014-03-11 10:47 - 2000-08-31 01:00 - 00080412 _____ () C:\windows\grep.exe
2014-03-11 10:47 - 2000-08-31 01:00 - 00068096 _____ () C:\windows\zip.exe
2014-03-11 10:46 - 2014-03-11 11:21 - 00000000 ____D () C:\Qoobox
2014-03-11 10:45 - 2014-03-11 11:17 - 00000000 ____D () C:\windows\erdnt
2014-03-08 19:52 - 2014-03-08 20:05 - 119022672 _____ () C:\Users\Bears\Downloads\KP_PDE_UMHQ.zip
2014-03-06 14:35 - 2014-03-06 14:36 - 15079274 _____ () C:\Users\Bears\Downloads\251Cole.rar
2014-03-05 19:38 - 2014-03-05 18:45 - 00024064 _____ () C:\windows\zoek-delete.exe
2014-03-05 19:12 - 2014-03-05 19:46 - 00017068 _____ () C:\zoek-results.log
2014-03-05 18:45 - 2014-03-05 19:33 - 00000000 ____D () C:\zoek_backup
2014-03-05 18:16 - 2014-03-05 18:16 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Bears\Downloads\mbam-setup-1.75.0.1300.exe
2014-03-05 17:56 - 2014-03-05 17:56 - 00000000 ____D () C:\windows\ERUNT
2014-03-05 17:28 - 2014-03-05 17:30 - 00000000 ____D () C:\AdwCleaner
2014-03-05 16:35 - 2014-03-13 11:38 - 00000000 ____D () C:\FRST
2014-03-05 16:27 - 2014-03-05 16:27 - 00000000 ____D () C:\Users\Bears\Documents\My Received Files
2014-03-05 16:27 - 2014-03-05 16:27 - 00000000 ____D () C:\Users\Bears\AppData\Roaming\MusicNet
2014-03-01 08:05 - 2014-01-09 03:22 - 05694464 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll
2014-03-01 08:05 - 2014-01-03 23:44 - 06574592 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2014-03-01 06:59 - 2013-10-02 02:10 - 00044544 _____ (Microsoft Corporation) C:\windows\system32\TsUsbGDCoInstaller.dll
2014-03-01 06:58 - 2013-10-02 03:22 - 00056832 _____ (Microsoft Corporation) C:\windows\system32\Drivers\TsUsbFlt.sys
2014-03-01 06:58 - 2013-10-02 03:11 - 00013824 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-03-01 06:58 - 2013-10-02 03:08 - 00012800 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-03-01 06:58 - 2013-10-02 02:48 - 00056832 _____ (Microsoft Corporation) C:\windows\system32\MsRdpWebAccess.dll
2014-03-01 06:58 - 2013-10-02 02:48 - 00018944 _____ (Microsoft Corporation) C:\windows\system32\wksprtPS.dll
2014-03-01 06:58 - 2013-10-02 02:29 - 00062976 _____ (Microsoft Corporation) C:\windows\system32\tsgqec.dll
2014-03-01 06:58 - 2013-10-02 01:15 - 01057280 _____ (Microsoft Corporation) C:\windows\system32\rdvidcrl.dll
2014-03-01 06:58 - 2013-10-02 01:14 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\MsRdpWebAccess.dll
2014-03-01 06:58 - 2013-10-02 01:14 - 00017920 _____ (Microsoft Corporation) C:\windows\SysWOW64\wksprtPS.dll
2014-03-01 06:58 - 2013-10-02 01:08 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe
2014-03-01 06:58 - 2013-10-02 01:01 - 00420864 _____ (Microsoft Corporation) C:\windows\system32\wksprt.exe
2014-03-01 06:58 - 2013-10-02 00:58 - 00053248 _____ (Microsoft Corporation) C:\windows\SysWOW64\tsgqec.dll
2014-03-01 06:58 - 2013-10-02 00:31 - 01147392 _____ (Microsoft Corporation) C:\windows\system32\mstsc.exe
2014-03-01 06:58 - 2013-10-02 00:08 - 00855552 _____ (Microsoft Corporation) C:\windows\SysWOW64\rdvidcrl.dll
2014-03-01 06:58 - 2013-10-01 23:34 - 01068544 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstsc.exe
2014-03-01 06:55 - 2013-09-25 03:23 - 01030144 _____ (Microsoft Corporation) C:\windows\system32\TSWorkspace.dll
2014-03-01 06:55 - 2013-09-25 02:57 - 00792576 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSWorkspace.dll
2014-02-28 13:06 - 2014-03-13 10:53 - 00001344 _____ () C:\windows\setupact.log
2014-02-28 13:06 - 2014-03-12 13:53 - 00029098 _____ () C:\windows\PFRO.log
2014-02-28 13:06 - 2014-02-28 13:06 - 00000000 _____ () C:\windows\setuperr.log
2014-02-27 13:15 - 2014-02-27 13:15 - 00009678 _____ () C:\Users\Bears\Documents\cc_20140227_131550.reg
2014-02-27 12:51 - 2014-02-27 12:51 - 00003116 _____ () C:\windows\System32\Tasks\{9986C780-BF52-417B-9C87-36F504F52919}
2014-02-27 06:31 - 2014-02-27 06:31 - 00000000 ____D () C:\Users\Bears\Downloads\Download.am
2014-02-26 12:38 - 2014-02-26 12:41 - 00000023 _____ () C:\Users\Bears\Documents\arbeitsspeicher.vbs.txt
2014-02-26 09:40 - 2014-02-26 09:40 - 00016062 _____ () C:\Users\Bears\Documents\cc_20140226_094031.reg
2014-02-26 09:31 - 2013-09-16 18:51 - 00447822 _____ () C:\windows\system32\Drivers\etc\hosts.20140226-093111.backup
2014-02-24 09:47 - 2011-03-15 03:03 - 00083968 _____ (SEIKO EPSON CORPORATION) C:\windows\system32\E_ID4BHJE.DLL
2014-02-24 09:47 - 2007-04-10 01:06 - 00010752 _____ (SEIKO EPSON CORP.) C:\windows\system32\E_GCINST.DLL
2014-02-21 11:53 - 2014-03-12 09:06 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-02-19 21:19 - 2014-02-19 21:22 - 00000000 ____D () C:\Program Files\iTunes
2014-02-13 07:03 - 2013-12-21 10:53 - 00548864 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-02-13 07:03 - 2013-12-21 09:56 - 00454656 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-02-13 06:58 - 2014-02-06 12:30 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-02-13 06:58 - 2014-02-06 12:30 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-02-13 06:58 - 2014-02-06 11:57 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-02-13 06:58 - 2014-02-06 11:56 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-02-13 06:58 - 2014-02-06 11:52 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-02-13 06:58 - 2014-02-06 11:32 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-02-13 06:58 - 2014-02-06 11:20 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-02-13 06:58 - 2014-02-06 11:17 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-02-13 06:58 - 2014-02-06 10:57 - 00627200 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-02-13 06:58 - 2014-02-06 10:52 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-02-13 06:58 - 2014-02-06 10:49 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-02-13 06:58 - 2014-02-06 10:25 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-02-13 06:58 - 2014-02-06 10:13 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-02-13 06:57 - 2014-02-06 13:16 - 23170048 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-02-13 06:57 - 2014-02-06 12:12 - 02765824 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-02-13 06:57 - 2014-02-06 12:07 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-02-13 06:57 - 2014-02-06 12:06 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-02-13 06:57 - 2014-02-06 11:49 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-02-13 06:57 - 2014-02-06 11:48 - 00708608 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-02-13 06:57 - 2014-02-06 11:48 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-02-13 06:57 - 2014-02-06 11:38 - 17103872 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-02-13 06:57 - 2014-02-06 11:11 - 05768704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-02-13 06:57 - 2014-02-06 11:01 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-02-13 06:57 - 2014-02-06 11:00 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-02-13 06:57 - 2014-02-06 10:57 - 02168320 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-02-13 06:57 - 2014-02-06 10:52 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-02-13 06:57 - 2014-02-06 10:50 - 02041856 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-02-13 06:57 - 2014-02-06 10:47 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-02-13 06:57 - 2014-02-06 10:46 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-02-13 06:57 - 2014-02-06 10:25 - 04244480 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-02-13 06:57 - 2014-02-06 10:24 - 02334208 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-02-13 06:57 - 2014-02-06 10:22 - 13051392 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-02-13 06:57 - 2014-02-06 10:09 - 01964032 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-02-13 06:57 - 2014-02-06 10:03 - 11266048 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-02-13 06:57 - 2014-02-06 09:55 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-02-13 06:57 - 2014-02-06 09:41 - 01820160 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-02-13 06:57 - 2014-02-06 09:40 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-02-13 06:57 - 2014-02-06 09:36 - 01156096 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-02-13 06:57 - 2014-02-06 09:34 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-02-12 10:17 - 2014-01-01 00:05 - 00420008 _____ () C:\windows\SysWOW64\locale.nls
2014-02-12 10:17 - 2014-01-01 00:04 - 00420008 _____ () C:\windows\system32\locale.nls
2014-02-12 10:17 - 2013-12-25 00:09 - 01987584 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10warp.dll
2014-02-12 10:17 - 2013-12-24 23:48 - 02565120 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll
2014-02-12 10:17 - 2013-12-06 03:30 - 01882112 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2014-02-12 10:17 - 2013-12-06 03:30 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
2014-02-12 10:17 - 2013-12-06 03:02 - 01237504 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2014-02-12 10:17 - 2013-12-06 03:02 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll
2014-02-12 10:17 - 2013-12-04 03:27 - 00488448 _____ (Microsoft Corporation) C:\windows\system32\secproc.dll
2014-02-12 10:17 - 2013-12-04 03:27 - 00485888 _____ (Microsoft Corporation) C:\windows\system32\secproc_isv.dll
2014-02-12 10:17 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\windows\system32\secproc_ssp_isv.dll
2014-02-12 10:17 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\windows\system32\secproc_ssp.dll
2014-02-12 10:17 - 2013-12-04 03:26 - 00528384 _____ (Microsoft Corporation) C:\windows\system32\msdrm.dll
2014-02-12 10:17 - 2013-12-04 03:16 - 00658432 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_isv.exe
2014-02-12 10:17 - 2013-12-04 03:16 - 00626176 _____ (Microsoft Corporation) C:\windows\system32\RMActivate.exe
2014-02-12 10:17 - 2013-12-04 03:16 - 00553984 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_ssp.exe
2014-02-12 10:17 - 2013-12-04 03:16 - 00552960 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_ssp_isv.exe
2014-02-12 10:17 - 2013-12-04 03:03 - 00428032 _____ (Microsoft Corporation) C:\windows\SysWOW64\secproc.dll
2014-02-12 10:17 - 2013-12-04 03:03 - 00423936 _____ (Microsoft Corporation) C:\windows\SysWOW64\secproc_isv.dll
2014-02-12 10:17 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\windows\SysWOW64\secproc_ssp_isv.dll
2014-02-12 10:17 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\windows\SysWOW64\secproc_ssp.dll
2014-02-12 10:17 - 2013-12-04 03:02 - 00390144 _____ (Microsoft Corporation) C:\windows\SysWOW64\msdrm.dll
2014-02-12 10:17 - 2013-12-04 02:54 - 00594944 _____ (Microsoft Corporation) C:\windows\SysWOW64\RMActivate_isv.exe
2014-02-12 10:17 - 2013-12-04 02:54 - 00572416 _____ (Microsoft Corporation) C:\windows\SysWOW64\RMActivate.exe
2014-02-12 10:17 - 2013-12-04 02:54 - 00510976 _____ (Microsoft Corporation) C:\windows\SysWOW64\RMActivate_ssp.exe
2014-02-12 10:17 - 2013-12-04 02:54 - 00508928 _____ (Microsoft Corporation) C:\windows\SysWOW64\RMActivate_ssp_isv.exe
2014-02-12 10:17 - 2013-11-26 09:16 - 03419136 _____ (Microsoft Corporation) C:\windows\SysWOW64\d2d1.dll
2014-02-12 10:17 - 2013-11-22 23:48 - 03928064 _____ (Microsoft Corporation) C:\windows\system32\d2d1.dll

==================== One Month Modified Files and Folders =======

2014-03-13 11:44 - 2012-02-20 18:08 - 00001124 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-13 11:42 - 2014-03-13 11:38 - 00014881 _____ () C:\Users\Bears\Desktop\FRST.txt
2014-03-13 11:42 - 2012-02-20 16:59 - 02055925 _____ () C:\windows\WindowsUpdate.log
2014-03-13 11:38 - 2014-03-05 16:35 - 00000000 ____D () C:\FRST
2014-03-13 11:37 - 2013-07-31 18:20 - 00003822 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-03-13 11:37 - 2013-07-31 18:20 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-03-13 11:36 - 2013-07-31 18:20 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-03-13 11:36 - 2013-07-31 18:20 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-13 11:31 - 2014-03-13 11:30 - 02157056 _____ (Farbar) C:\Users\Bears\Desktop\FRST64.exe
2014-03-13 11:07 - 2012-02-20 08:47 - 00699682 _____ () C:\windows\system32\perfh007.dat
2014-03-13 11:07 - 2012-02-20 08:47 - 00149790 _____ () C:\windows\system32\perfc007.dat
2014-03-13 11:07 - 2009-07-14 06:13 - 01620684 _____ () C:\windows\system32\PerfStringBackup.INI
2014-03-13 10:55 - 2014-01-14 19:51 - 00000000 ____D () C:\Users\Bears\AppData\Local\download.am-data
2014-03-13 10:54 - 2012-02-20 18:10 - 00152777 _____ () C:\windows\system32\fastboot.set
2014-03-13 10:53 - 2014-02-28 13:06 - 00001344 _____ () C:\windows\setupact.log
2014-03-13 10:53 - 2012-02-20 18:08 - 00001120 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-13 10:53 - 2012-02-20 17:57 - 01166125 _____ () C:\FaceProv.log
2014-03-13 10:53 - 2012-02-20 17:57 - 00000000 ____D () C:\ProgramData\VeriFace
2014-03-13 10:53 - 2009-07-14 06:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-03-12 14:03 - 2009-07-14 05:45 - 00021072 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-12 14:03 - 2009-07-14 05:45 - 00021072 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-12 13:53 - 2014-02-28 13:06 - 00029098 _____ () C:\windows\PFRO.log
2014-03-12 13:50 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\system32\NDF
2014-03-12 11:07 - 2009-07-14 06:32 - 00000000 ____D () C:\windows\system32\FxsTmp
2014-03-12 09:56 - 2013-10-11 12:34 - 00000000 ____D () C:\Users\Bears\AppData\Local\CrashDumps
2014-03-12 09:48 - 2014-03-12 09:10 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-03-12 09:06 - 2014-02-21 11:53 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-03-12 09:02 - 2009-07-14 04:20 - 00000000 ___HD () C:\windows\system32\GroupPolicy
2014-03-11 11:21 - 2014-03-11 11:21 - 00020001 _____ () C:\ComboFix.txt
2014-03-11 11:21 - 2014-03-11 10:46 - 00000000 ____D () C:\Qoobox
2014-03-11 11:21 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2014-03-11 11:17 - 2014-03-11 10:45 - 00000000 ____D () C:\windows\erdnt
2014-03-11 11:14 - 2009-07-14 03:34 - 00000215 _____ () C:\windows\system.ini
2014-03-08 20:05 - 2014-03-08 19:52 - 119022672 _____ () C:\Users\Bears\Downloads\KP_PDE_UMHQ.zip
2014-03-06 14:36 - 2014-03-06 14:35 - 15079274 _____ () C:\Users\Bears\Downloads\251Cole.rar
2014-03-05 19:46 - 2014-03-05 19:12 - 00017068 _____ () C:\zoek-results.log
2014-03-05 19:33 - 2014-03-05 18:45 - 00000000 ____D () C:\zoek_backup
2014-03-05 19:33 - 2013-07-23 20:39 - 00000000 ____D () C:\Users\Bears
2014-03-05 18:45 - 2014-03-05 19:38 - 00024064 _____ () C:\windows\zoek-delete.exe
2014-03-05 18:16 - 2014-03-05 18:16 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Bears\Downloads\mbam-setup-1.75.0.1300.exe
2014-03-05 18:16 - 2013-08-30 08:34 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-03-05 17:56 - 2014-03-05 17:56 - 00000000 ____D () C:\windows\ERUNT
2014-03-05 17:30 - 2014-03-05 17:28 - 00000000 ____D () C:\AdwCleaner
2014-03-05 17:30 - 2012-02-20 18:08 - 00001282 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-05 16:27 - 2014-03-05 16:27 - 00000000 ____D () C:\Users\Bears\Documents\My Received Files
2014-03-05 16:27 - 2014-03-05 16:27 - 00000000 ____D () C:\Users\Bears\AppData\Roaming\MusicNet
2014-02-28 13:38 - 2013-07-23 20:46 - 00000000 ___RD () C:\Users\Bears\Desktop\Sicherheit
2014-02-28 13:06 - 2014-02-28 13:06 - 00000000 _____ () C:\windows\setuperr.log
2014-02-27 13:15 - 2014-02-27 13:15 - 00009678 _____ () C:\Users\Bears\Documents\cc_20140227_131550.reg
2014-02-27 13:13 - 2013-07-23 20:43 - 00001425 _____ () C:\Users\Bears\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-02-27 13:02 - 2013-07-23 20:43 - 00000000 ___RD () C:\Users\Bears\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-02-27 12:51 - 2014-02-27 12:51 - 00003116 _____ () C:\windows\System32\Tasks\{9986C780-BF52-417B-9C87-36F504F52919}
2014-02-27 06:31 - 2014-02-27 06:31 - 00000000 ____D () C:\Users\Bears\Downloads\Download.am
2014-02-26 13:17 - 2013-07-25 11:52 - 00000000 ____D () C:\Users\Bears\AppData\Local\Adobe
2014-02-26 12:41 - 2014-02-26 12:38 - 00000023 _____ () C:\Users\Bears\Documents\arbeitsspeicher.vbs.txt
2014-02-26 10:25 - 2013-07-23 20:51 - 00000000 ___RD () C:\Users\Bears\Desktop\Unterhaltung
2014-02-26 09:40 - 2014-02-26 09:40 - 00016062 _____ () C:\Users\Bears\Documents\cc_20140226_094031.reg
2014-02-21 11:53 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\SysWOW64\GroupPolicy
2014-02-19 21:22 - 2014-02-19 21:19 - 00000000 ____D () C:\Program Files\iTunes
2014-02-19 21:22 - 2013-09-24 14:57 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-02-19 21:22 - 2013-09-24 14:57 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-02-19 21:19 - 2013-09-24 14:57 - 00000000 ____D () C:\Program Files\iPod
2014-02-19 20:34 - 2013-09-17 13:37 - 00000000 ____D () C:\ProgramData\Apple
2014-02-17 13:35 - 2013-08-11 08:46 - 00000000 ____D () C:\windows\system32\MRT
2014-02-17 13:25 - 2013-08-02 11:18 - 88567024 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-02-14 07:14 - 2012-02-20 18:08 - 00004120 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-14 07:14 - 2012-02-20 18:08 - 00003868 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-13 07:20 - 2013-12-09 19:11 - 01594964 _____ () C:\windows\SysWOW64\PerfStringBackup.INI
2014-02-12 10:34 - 2012-02-20 17:44 - 00000000 ____D () C:\ProgramData\McAfee

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2011-02-22 12:19

==================== End Of Log ============================

--- --- ---

--- --- ---

09.03.2014, 11:00	#8
M-K-D-B /// TB-Ausbilder	Fehlermeldung beim Start von Windows RunDll Modul nicht gefunden Servus, fehlt noch die Logdatei von SystemLook sowie die Beantwortung meiner Fragen, dann kann es weitergehen. __________________ Das Trojaner-Board unterstützen

Fehlermeldung beim Start von Windows RunDll Modul nicht gefunden

Plagegeister aller Art und deren Bekämpfung: Fehlermeldung beim Start von Windows RunDll Modul nicht gefunden