Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Sicherheitssperre Ihres Postfachs

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 10.04.2014, 15:38   #1
bl4cky
 
Sicherheitssperre Ihres Postfachs - Standard

Sicherheitssperre Ihres Postfachs



hey zusammen,
ich habe heute morgen folgende email bekommen:

"GMX Kundenmanagement
Sicherheitssperre Ihres Postfachs
Lieber GMX Nutzer,

mit diesem Sicherheitshinweis möchten wir Sie über einen Fall von Identitätsdiebstahl informieren, von dem auch Sie betroffen sind. Nach Angaben des Bundesamts für Sicherheit in der Informationstechnik (BSI) wurden Zugangsdaten für Online-Dienste gekapert. Die Datensätze enthalten E-Mail-Adresse und Passwort, dies bedeutet jedoch nicht, dass lediglich E-Mail-Konten betroffen sind. Mithilfe des vom BSI eingerichteten Sicherheitstest unter https://www.sicherheitstest.bsi.de/, können Sie dies noch einmal verifizieren."

hab dann erstmal den sicherheitstest vom bsi gemacht (nicht über link sondern die seite im browser aufgerufen) und unerfreulicherweise ne bestätigungsemail erhalten..

dann mit kaspersky kurzfristig "untersuchung wichtiger bereiche" gestartet aber keine meldung bekommen. eine komplett untersuchung steht, da diese seehr lange dauert, noch aus.

nun würd ich mich sehr dadrüber freuen wenn ihr mir helfen könntet die schädlinge die mich ausspioniert haben zu beseitigen,damit ich nach einer kennwortänderung wieder sicher bin!

mfg

Alt 10.04.2014, 15:48   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Sicherheitssperre Ihres Postfachs - Standard

Sicherheitssperre Ihres Postfachs



hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 10.04.2014, 23:46   #3
bl4cky
 
Sicherheitssperre Ihres Postfachs - Standard

Sicherheitssperre Ihres Postfachs



FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014 (ATTENTION: ====> FRST version is 28 days old and could be outdated)
Ran by *******_2 (ATTENTION: The logged in user is not administrator) on DAVESHAVE on 10-04-2014 15:52:54
Running from C:\Users\*******_2\Downloads
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Mozilla Corporation) C:\Software\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Software\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\klwtblfs.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [BCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [amd_dc_opt] - C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [AVP] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356128 2013-10-16] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [iolo Startup] - C:\Program Files (x86)\iolo\Common\Lib\ioloLManager.exe [606392 2011-08-25] (iolo technologies, LLC)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\RunOnce: [*WerKernelReporting] - %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq [415232 2009-07-14] (Microsoft Corporation)
HKLM\...\Runonce: [MSPCLOCK] - rundll32.exe streamci,StreamingDeviceSetup {97ebaacc-95bd-11d0-a3ea-00a0c9223196},{53172480-4791-11D0-A5D6-28DB04C10000},{53172480-4791-11D0-A5D6-28DB04C10000}
HKLM\...\Runonce: [MSPQM] - rundll32.exe streamci,StreamingDeviceSetup {DDF4358E-BB2C-11D0-A42F-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196}
HKLM\...\Runonce: [MSKSSRV] - rundll32.exe streamci,StreamingDeviceSetup {96E080C7-143C-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196}
HKLM\...\Runonce: [MSTEE.CxTransform] - rundll32.exe streamci,StreamingDeviceSetup {cfd669f1-9bc2-11d0-8299-0000f822fe8a},{CF1DDA2C-9743-11D0-A3EE-00A0C9223196},{CF1DDA2C-9743-11D0-A3EE-00A0C9223196},C:\Windows\inf\ksfilter.inf,MSTEE.Interface.Install
HKLM\...\Runonce: [MSTEE.Splitter] - rundll32.exe streamci,StreamingDeviceSetup {cfd669f1-9bc2-11d0-8299-0000f822fe8a},{0A4252A0-7E70-11D0-A5D6-28DB04C10000},{0A4252A0-7E70-11D0-A5D6-28DB04C10000},C:\Windows\inf\ksfilter.inf,MSTEE.Interface.Install
HKLM\...\Runonce: [WDM_DRMKAUD] - rundll32.exe streamci,StreamingDeviceSetup {EEC12DB6-AD9C-4168-8658-B03DAEF417FE},{ABD61E00-9350-47e2-A632-4438B90C6641},{FFBB6E3F-CCFE-4D84-90D9-421418B03A8E},C:\Windows\inf\WDMAUDIO.inf,WDM_DRMKAUD.Interface.Install
HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\Direct3DVideoOutput.dll] - "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\Direct3DVideoOutput.dll",DllRegisterServer [503808 2010-08-06] (DivX, Inc.)
HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DivXDeinterlaceFilter.dll] - "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DivXDeinterlaceFilter.dll",DllRegisterServer [31232 2010-08-06] (DivX, Inc.)
HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DivXPlaybackModule.dll] - "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DivXPlaybackModule.dll",DllRegisterServer [1966080 2010-08-18] (DivX, Inc.)
HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXBannerAdPlugin.dll] - "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXBannerAdPlugin.dll",DllRegisterServer [86016 2010-08-19] ()
HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXDownloadManagerPlugin.dll] - "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXDownloadManagerPlugin.dll",DllRegisterServer [63488 2010-08-19] ()
HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXMediaManagerPlugin.dll] - "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXMediaManagerPlugin.dll",DllRegisterServer [319488 2010-08-19] ()
HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXPlayerPlugin.dll] - "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXPlayerPlugin.dll",DllRegisterServer [1085440 2010-08-19] ()
HKLM-x32\...\Runonce: [SMRequiresRestart] -  [X]
HKU\S-1-5-21-4199886456-4071215553-3698710090-1003\...\Run: [msnmsgr] - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [3872080 2010-04-16] (Microsoft Corporation)
HKU\S-1-5-21-4199886456-4071215553-3698710090-1003\...\Run: [Steam] - C:\Software\Steam\steam.exe [1821888 2014-02-25] (Valve Corporation)
HKU\S-1-5-21-4199886456-4071215553-3698710090-1003\...\Run: [AnyDVD] - C:\Software\SlySoft\AnyDVD\AnyDVDtray.exe [6377120 2012-09-20] (SlySoft, Inc.)
HKU\S-1-5-21-4199886456-4071215553-3698710090-1003\...\Run: [Akamai NetSession Interface] - "C:\Users\*******_2\AppData\Local\Akamai\netsession_win.exe"
HKU\S-1-5-21-4199886456-4071215553-3698710090-1003\...\MountPoints2: {f24ec682-31f7-11df-a962-806e6f6e6963} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL P:\liesmich.html
Startup: C:\Users\*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\setup_9.0.0.722_07.10.2012_06-07.lnk
ShortcutTarget: setup_9.0.0.722_07.10.2012_06-07.lnk -> C:\Software\DE-Cleaner powered by Kaspersky\setup_9.0.0.722_07.10.2012_06-07\startup.exe ()
Startup: C:\Users\*******_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
ShortcutTarget: OpenOffice.org 3.2.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xEAB7F67A320DCD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO-x32: Kaspersky Passsword Manager Toolbar - {215BA832-75A3-426E-A4FC-7C5B58CE6A10} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\Kaspersky Password Manager\spIEBho.dll (Kaspersky Lab)
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKLM-x32 - Kaspersky Passsword Manager Toolbar - {215BA832-75A3-426E-A4FC-7C5B58CE6A10} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\Kaspersky Password Manager\spIEBho.dll (Kaspersky Lab)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\..\Interfaces\{46311A8E-493C-41C3-8C14-3C01BC5EFF93}: [NameServer]192.168.1.2

FireFox:
========
FF ProfilePath: C:\Users\*******_2\AppData\Roaming\Mozilla\Firefox\Profiles\sqijtagj.default
FF user.js: detected! => C:\Users\*******_2\AppData\Roaming\Mozilla\Firefox\Profiles\sqijtagj.default\user.js
FF Homepage: google.com
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @pages.tvunetworks.com/WebPlayer - C:\Windows\system32\TVUAx\npTVUAx.dll No File
FF Plugin-x32: @real.com/nppl3260;version=6.0.12.732 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=1.0.3.732 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=1.0.0.0 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.732 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
FF Extension: YouTube Unblocker - C:\Users\*******_2\AppData\Roaming\Mozilla\Firefox\Profiles\sqijtagj.default\Extensions\youtubeunblocker@unblocker.yt [2014-03-14]
FF Extension: DownloadHelper - C:\Users\*******_2\AppData\Roaming\Mozilla\Firefox\Profiles\sqijtagj.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-03-26]
FF Extension: AntiGameOrigin - C:\Users\*******_2\AppData\Roaming\Mozilla\Firefox\Profiles\sqijtagj.default\Extensions\antigameorigin@antigame.de.xpi [2014-01-23]
FF Extension: Show Quit Warning - C:\Users\*******_2\AppData\Roaming\Mozilla\Firefox\Profiles\sqijtagj.default\Extensions\gremek@connectpc.pl.xpi [2012-11-08]
FF Extension: ZIP File Wizard Light - C:\Users\*******_2\AppData\Roaming\Mozilla\Firefox\Profiles\sqijtagj.default\Extensions\{c14244c1-7f5f-4c3a-8c60-b4ea17b590d3}.xpi [2013-11-06]
FF Extension: Fox!Box - C:\Users\*******_2\AppData\Roaming\Mozilla\Firefox\Profiles\sqijtagj.default\Extensions\{df4e4df5-5cb7-46b0-9aef-6c784c3249f8}.xpi [2013-04-21]
FF Extension: {e1b808a3-6474-42b1-9507-69a0d08a3e5b} - C:\Users\*******_2\AppData\Roaming\Mozilla\Firefox\Profiles\sqijtagj.default\Extensions\{e1b808a3-6474-42b1-9507-69a0d08a3e5b}.xpi [2013-10-30]
FF Extension: Greasemonkey - C:\Users\*******_2\AppData\Roaming\Mozilla\Firefox\Profiles\sqijtagj.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2014-01-23]
FF HKLM\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - C:\Program Files\Web Assistant\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010-03-24]
FF HKLM-x32\...\Firefox\Extensions:  - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com [2013-05-27]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com [2013-05-27]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com
FF Extension: Content Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com [2013-05-27]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com [2013-05-27]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com [2013-05-27]
FF StartMenuInternet: FIREFOX.EXE - C:\Software\Mozilla Firefox\firefox.exe

Chrome: 
=======
CHR HomePage: 
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll ()
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\*******_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\plugin/npUrlAdvisor.dll No File
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\*******_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\plugin/npVKPlugin.dll No File
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\*******_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\plugin/npABPlugin.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.270.7) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U27) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Software\Mozilla Firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealJukebox NS Plugin) - C:\Software\Mozilla Firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - C:\Software\Mozilla Firefox\plugins\nprpjplug.dll (RealNetworks, Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (DivX Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (Uplay PC) - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll No File
CHR Plugin: (TVU Web Player for FireFox) - C:\Windows\system32\TVUAx\npTVUAx.dll No File
CHR Extension: (Google Drive) - C:\Users\*******_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-01-04]
CHR Extension: (YouTube) - C:\Users\*******_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-01-04]
CHR Extension: (Image Downloader) - C:\Users\*******_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnpniohnfphhjihaiiggeabnkjhpaldj [2013-01-04]
CHR Extension: (Google-Suche) - C:\Users\*******_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-01-04]
CHR Extension: (Modul zur Link-Untersuchung) - C:\Users\*******_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2013-01-04]
CHR Extension: (Cr!Box) - C:\Users\*******_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjodchcocbnbhfkjeapbdoflbiibnapp [2013-04-21]
CHR Extension: (Sicherer Zahlungsverkehr) - C:\Users\*******_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh [2013-05-29]
CHR Extension: (Content Blocker) - C:\Users\*******_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail [2013-10-28]
CHR Extension: (Virtual Keyboard) - C:\Users\*******_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh [2013-01-04]
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\*******_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2013-01-04]
CHR Extension: (FVD Downloader) - C:\Users\*******_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfmhcpmkbdkbgbmkjoiopeeegenkdikp [2013-01-04]
CHR Extension: (Google Wallet) - C:\Users\*******_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-02]
CHR Extension: (Google Mail) - C:\Users\*******_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-01-04]
CHR Extension: (Anti-Banner) - C:\Users\*******_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2013-01-04]
CHR HKLM\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\Web Assistant\source.crx [2013-01-04]
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\urladvisor.crx [2012-12-28]
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\online_banking_chrome.crx [2012-12-28]
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\content_blocker_chrome.crx [2012-12-28]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\virtkbd.crx [2012-12-28]
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2010-03-24]
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\ab.crx [2012-12-28]

==================== Services (Whitelisted) =================

R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356128 2013-10-16] (Kaspersky Lab ZAO)
S4 Brother XP spl Service; C:\Windows\SysWOW64\brsvc01a.exe [57344 2004-06-14] (brother Industries Ltd)
S4 CLKMSVC10_9EC60124; C:\Program Files (x86)\Cyberlink\PowerDVD9\NavFilter\kmsvc.exe [240112 2010-11-23] (CyberLink)
R2 CSObjectsSrv; C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [819040 2012-12-21] (Infowatch)
R2 ioloSystemService; C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [722616 2011-08-25] (iolo technologies, LLC)
R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S4 NETGEARGenieDaemon; C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [231752 2012-09-25] (NETGEAR)
R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [66872 2011-08-17] ()
S4 RichVideo; C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe [244904 2010-03-02] ()
S4 Sony Ericsson PCCompanion; C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [155344 2011-06-29] (Avanquest Software)
S2 WinDefend; %ProgramFiles(x86)%\Windows Defender\mpsvc.dll [X]

==================== Drivers (Whitelisted) ====================

R1 46094261; C:\Windows\System32\DRIVERS\46094261.sys [157712 2009-09-25] (Kaspersky Lab)
R0 46094262; C:\Windows\System32\DRIVERS\46094262.sys [40464 2009-10-22] (Kaspersky Lab)
R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [138400 2012-08-26] (SlySoft, Inc.)
R3 AnyDVD; C:\Windows\SysWOW64\Drivers\AnyDVD.sys [138400 2012-08-26] (SlySoft, Inc.)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2012-04-27] ()
R1 CLBStor; C:\Windows\System32\DRIVERS\CLBStor.sys [24560 2009-10-07] (Cyberlink Co.,Ltd.)
R2 CLBUDF; C:\Windows\System32\Drivers\CLBUDF.sys [376304 2009-10-07] (CyberLink Corporation.)
R0 CSCrySec; C:\Windows\System32\DRIVERS\CSCrySec.sys [84536 2011-06-02] (Infowatch)
R1 CSVirtualDiskDrv; C:\Windows\System32\DRIVERS\CSVirtualDiskDrv.sys [66616 2011-06-02] (Infowatch)
R3 ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [40648 2007-02-16] (SlySoft, Inc.)
R3 ElbyCDFL; C:\Windows\SysWOW64\Drivers\ElbyCDFL.sys [40648 2007-02-16] (SlySoft, Inc.)
R1 ElRawDisk; C:\Windows\system32\drivers\ElRawDsk.sys [23464 2008-12-09] (EldoS Corporation)
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-04-02] (Kaspersky Lab ZAO)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [90208 2013-10-16] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [626272 2013-10-16] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2014-04-02] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2013-10-16] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-16] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-07-15] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178448 2013-07-15] (Kaspersky Lab ZAO)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2012-04-27] ()
R3 NetgearUDSMBus; C:\Windows\SysWow64\Drivers\NetgearUDSMBus.sys [105608 2012-05-17] (Windows (R) Codename Longhorn DDK provider)
S3 NetgearUDSTcpBus; C:\Windows\SysWow64\Drivers\NetgearUDSTcpBus.sys [181896 2012-05-17] (Windows (R) Codename Longhorn DDK provider)
R2 NPF; C:\Windows\system32\drivers\npf.sys [35344 2012-12-22] (CACE Technologies, Inc.)
S3 s1018bus; C:\Windows\System32\DRIVERS\s1018bus.sys [113704 2009-03-25] (MCCI Corporation)
S3 s1018mgmt; C:\Windows\System32\DRIVERS\s1018mgmt.sys [133160 2009-03-25] (MCCI Corporation)
S3 s1018nd5; C:\Windows\System32\DRIVERS\s1018nd5.sys [34856 2009-03-25] (MCCI Corporation)
S3 s1018unic; C:\Windows\System32\DRIVERS\s1018unic.sys [146472 2009-03-25] (MCCI Corporation)
R3 seehcri; C:\Windows\System32\DRIVERS\seehcri.sys [34032 2011-09-03] (Sony Ericsson Mobile Communications)
R0 snapman380; C:\Windows\System32\DRIVERS\snman380.sys [237600 2010-10-20] (Acronis)
R0 tdrpman174; C:\Windows\System32\DRIVERS\tdrpm174.sys [1581088 2010-10-20] (Acronis)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-10 15:52 - 2014-04-10 15:53 - 00029452 _____ () C:\Users\*******_2\Downloads\FRST.txt
2014-04-10 15:52 - 2014-04-10 15:52 - 00000000 ____D () C:\FRST
2014-04-10 15:51 - 2014-04-10 15:52 - 02157056 _____ (Farbar) C:\Users\*******_2\Downloads\FRST64.exe
2014-04-02 02:02 - 2014-04-02 02:02 - 00000000 ____D () C:\Users\*******_2\AppData\Local\Skype
2014-04-02 02:01 - 2014-04-02 02:01 - 00002699 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-04-02 02:01 - 2014-04-02 02:01 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-04-01 16:39 - 2014-04-01 16:39 - 13835269 _____ () C:\Users\*******_2\Desktop\Elizabeth Mitchell - You Are My Sunshine.mp4
2014-03-31 20:39 - 2014-03-31 20:40 - 00000000 ____D () C:\Users\*******_2\Desktop\kusnt2
2014-03-31 01:08 - 2014-03-31 01:09 - 10505239 _____ () C:\Users\*******_2\Desktop\Bobby _Blue_ Bland - Ain_t No Love In The Heart Of The City.flv
2014-03-28 14:35 - 2014-04-05 14:47 - 01597772 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-03-26 01:42 - 2014-02-23 09:12 - 17847808 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-26 01:42 - 2014-02-23 08:54 - 02334720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-26 01:42 - 2014-02-23 08:52 - 10926592 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-26 01:42 - 2014-02-23 08:48 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-26 01:42 - 2014-02-23 08:48 - 01347072 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-26 01:42 - 2014-02-23 08:46 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-26 01:42 - 2014-02-23 08:46 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-03-26 01:42 - 2014-02-23 08:46 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-26 01:42 - 2014-02-23 08:45 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-03-26 01:42 - 2014-02-23 08:45 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-03-26 01:42 - 2014-02-23 08:45 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-26 01:42 - 2014-02-23 08:44 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-26 01:42 - 2014-02-23 08:44 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-26 01:42 - 2014-02-23 08:44 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-26 01:42 - 2014-02-23 08:44 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-03-26 01:42 - 2014-02-23 08:43 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-26 01:42 - 2014-02-23 07:50 - 12347904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-26 01:42 - 2014-02-23 07:47 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-26 01:42 - 2014-02-23 07:43 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-26 01:42 - 2014-02-23 07:41 - 01105408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-26 01:42 - 2014-02-23 07:40 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-26 01:42 - 2014-02-23 07:39 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-26 01:42 - 2014-02-23 07:38 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-03-26 01:42 - 2014-02-23 07:38 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-26 01:42 - 2014-02-23 07:38 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-26 01:42 - 2014-02-23 07:37 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-26 01:42 - 2014-02-23 07:37 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-03-26 01:42 - 2014-02-23 07:37 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-26 01:42 - 2014-02-23 07:37 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-03-26 01:42 - 2014-02-23 07:36 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-26 01:42 - 2014-02-23 07:36 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-03-26 01:42 - 2014-02-23 07:35 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-26 01:29 - 2014-01-29 04:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-26 01:29 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-26 01:29 - 2014-01-01 01:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-03-26 01:29 - 2014-01-01 01:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-03-26 01:28 - 2014-02-07 03:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-26 01:28 - 2014-02-04 04:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-26 01:28 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-26 01:28 - 2014-01-28 04:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-26 01:28 - 2014-01-09 04:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-03-26 01:28 - 2014-01-04 00:44 - 06574592 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-03-26 01:28 - 2013-12-25 01:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-03-26 01:28 - 2013-12-25 00:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-03-26 01:28 - 2013-12-06 04:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-03-26 01:28 - 2013-12-06 04:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-03-26 01:28 - 2013-12-06 04:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-03-26 01:28 - 2013-12-06 04:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-03-26 01:28 - 2013-12-04 04:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-03-26 01:28 - 2013-12-04 04:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-03-26 01:28 - 2013-12-04 04:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-03-26 01:28 - 2013-12-04 04:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-03-26 01:28 - 2013-12-04 04:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-03-26 01:28 - 2013-12-04 04:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-03-26 01:28 - 2013-12-04 04:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-03-26 01:28 - 2013-12-04 04:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-03-26 01:28 - 2013-12-04 04:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-03-26 01:28 - 2013-12-04 04:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-03-26 01:28 - 2013-12-04 04:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-03-26 01:28 - 2013-12-04 04:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-03-26 01:28 - 2013-12-04 04:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-03-26 01:28 - 2013-12-04 04:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-03-26 01:28 - 2013-12-04 03:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-03-26 01:28 - 2013-12-04 03:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-03-26 01:28 - 2013-12-04 03:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-03-26 01:28 - 2013-12-04 03:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-03-26 01:28 - 2013-11-26 10:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-03-26 01:28 - 2013-11-23 00:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-03-26 01:25 - 2014-02-04 04:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-26 01:25 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll

==================== One Month Modified Files and Folders =======

2014-04-10 15:53 - 2014-04-10 15:52 - 00029452 _____ () C:\Users\*******_2\Downloads\FRST.txt
2014-04-10 15:53 - 2010-03-20 14:41 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-04-10 15:52 - 2014-04-10 15:52 - 00000000 ____D () C:\FRST
2014-04-10 15:52 - 2014-04-10 15:51 - 02157056 _____ (Farbar) C:\Users\*******_2\Downloads\FRST64.exe
2014-04-10 15:26 - 2013-01-04 17:45 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-10 14:20 - 2013-11-25 22:45 - 01670907 _____ () C:\Windows\WindowsUpdate.log
2014-04-10 14:20 - 2013-01-04 17:45 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-10 14:20 - 2010-03-31 19:50 - 00000000 ____D () C:\Users\*******_2\Tracing
2014-04-10 13:38 - 2009-07-14 19:58 - 00701326 _____ () C:\Windows\system32\perfh007.dat
2014-04-10 13:38 - 2009-07-14 19:58 - 00150226 _____ () C:\Windows\system32\perfc007.dat
2014-04-10 13:38 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-10 13:38 - 2009-07-14 06:45 - 00015184 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-10 13:38 - 2009-07-14 06:45 - 00015184 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-10 13:31 - 2013-11-25 22:43 - 00008456 _____ () C:\Windows\setupact.log
2014-04-10 13:31 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-10 06:10 - 2010-05-03 17:46 - 00000000 ____D () C:\Users\*******_2\AppData\Roaming\Skype
2014-04-08 00:47 - 2013-11-12 18:49 - 00000000 ____D () C:\Users\*******_2\Downloads\Isthor-721
2014-04-05 14:47 - 2014-03-28 14:35 - 01597772 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-04-02 13:11 - 2012-08-02 15:09 - 00029792 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klim6.sys
2014-04-02 13:11 - 2012-06-19 17:28 - 00458336 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kl1.sys
2014-04-02 02:02 - 2014-04-02 02:02 - 00000000 ____D () C:\Users\*******_2\AppData\Local\Skype
2014-04-02 02:01 - 2014-04-02 02:01 - 00002699 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-04-02 02:01 - 2014-04-02 02:01 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-04-02 02:01 - 2010-05-03 17:46 - 00000000 ____D () C:\ProgramData\Skype
2014-04-01 16:39 - 2014-04-01 16:39 - 13835269 _____ () C:\Users\*******_2\Desktop\Elizabeth Mitchell - You Are My Sunshine.mp4
2014-03-31 20:40 - 2014-03-31 20:39 - 00000000 ____D () C:\Users\*******_2\Desktop\kusnt2
2014-03-31 09:35 - 2010-03-19 20:49 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-03-31 01:09 - 2014-03-31 01:08 - 10505239 _____ () C:\Users\*******_2\Desktop\Bobby _Blue_ Bland - Ain_t No Love In The Heart Of The City.flv
2014-03-29 15:38 - 2012-05-23 16:17 - 00128230 _____ () C:\Windows\PFRO.log
2014-03-29 04:13 - 2009-03-28 12:04 - 00000000 ____D () C:\Software
2014-03-28 14:30 - 2013-07-18 18:36 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-28 14:26 - 2010-03-20 14:19 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-26 15:51 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-03-26 02:03 - 2010-03-17 21:40 - 00000000 ____D () C:\Users\*******
2014-03-26 02:02 - 2009-07-14 06:45 - 05015448 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-26 02:01 - 2013-03-14 00:19 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-26 02:01 - 2013-03-14 00:19 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-26 01:58 - 2010-04-20 23:00 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-25 00:40 - 2014-02-25 18:19 - 00000000 ____D () C:\Users\*******_2\Desktop\Neuer Ordner (2)
2014-03-20 18:50 - 2014-03-06 18:53 - 00000000 ____D () C:\Users\*******_2\AppData\Local\dxhr
2014-03-13 17:15 - 2013-09-23 02:03 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-13 17:15 - 2013-08-24 00:34 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

Some content of TEMP:
====================
C:\Users\*******\AppData\Local\Temp\CmdLineExt02.dll
C:\Users\*******\AppData\Local\Temp\SIntf16.dll
C:\Users\*******\AppData\Local\Temp\SIntf32.dll
C:\Users\*******\AppData\Local\Temp\SIntfNT.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---


FRST Additions Logfile:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by *******_2 at 2014-04-10 15:54:22
Running from C:\Users\*******_2\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Kaspersky PURE 3.0 (Enabled - Up to date) {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
AS: Kaspersky PURE 3.0 (Enabled - Up to date) {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky PURE 3.0 (Enabled) {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}

==================== Installed Programs ======================

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.0.3.13070 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 2.0.3.13070 - Adobe Systems Inc.) Hidden
Adobe Anchor Service CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Anchor Service x64 CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Bridge CS4 (x32 Version: 3 - Adobe Systems Incorporated) Hidden
Adobe CMaps CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe CMaps x64 CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color - Photoshop Specific CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color EU Recommended Settings CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color JA Extra Settings CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color NA Extra Settings CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color Video Profiles CS CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Community Help (x32 Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe CSI CS4 (x32 Version: 1 - Adobe Systems Incorporated) Hidden
Adobe CSI CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Default Language CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Drive CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe ExtendScript Toolkit CS4 (x32 Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Fonts All (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Fonts All x64 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Linguistics CS4 (x32 Version: 4.0.0 - Adobe Systems Incorporated) Hidden
Adobe Linguistics CS4 x64 (Version: 4.0.0 - Adobe Systems Incorporated) Hidden
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Media Player (x32 Version: 1.8 - Adobe Systems Incorporated) Hidden
Adobe Output Module (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe PDF Library Files CS4 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe PDF Library Files x64 CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS4 (64 Bit) (Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS4 (HKLM-x32\...\Adobe_faf656ef605427ee2f42989c3ad31b8) (Version: 11.0 - Adobe Systems Incorporated)
Adobe Photoshop CS4 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS4 Support (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Reader 9.5.4 - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-A95000000001}) (Version: 9.5.4 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Adobe Search for Help (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Service Manager Extension (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Setup (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Type Support CS4 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Type Support x64 CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Update Manager CS4 (x32 Version: 6.0.0 - Adobe Systems Incorporated) Hidden
Adobe WinSoft Linguistics Plugin (x32 Version: 1.1 - Adobe Systems Incorporated) Hidden
Adobe WinSoft Linguistics Plugin x64 (Version: 1.1 - Adobe Systems Incorporated) Hidden
Adobe XMP Panels CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
AdobeColorCommonSetCMYK (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
AdobeColorCommonSetRGB (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
AMD Drag and Drop Transcoding (Version: 2.00.0000 - ATI Technologies Inc.) Hidden
AnyDVD (HKLM-x32\...\AnyDVD) (Version: 7.0.9.0 - SlySoft)
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Application Profiles (HKLM-x32\...\{BBB7F293-12A9-821C-9409-013CD8E824EC}) (Version: 2.0.3904.33816 - Ihr Firmenname)
Assassin's Creed II (HKLM-x32\...\{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}) (Version: 1.01 - Ubisoft)
ATI AVIVO64 Codecs (Version: 11.6.0.50825 - ATI Technologies Inc.) Hidden
ATI Catalyst Install Manager (HKLM\...\{70DFF8B2-44A3-2C2C-FB21-783E8291265F}) (Version: 3.0.790.0 - ATI Technologies, Inc.)
Auslogics Disk Defrag (HKLM-x32\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: version 3.4 - Auslogics Software Pty Ltd)
Battlefield 2(TM) (HKLM-x32\...\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}) (Version:  - )
Beyond Compare Version 2.5.2 (HKLM-x32\...\BC2_is1) (Version:  - Scooter Software)
BlackArmor Backup (HKLM-x32\...\{9DF6EC22-733E-4EDC-AC88-54CAD4BF4E7B}) (Version: 12.1.9799 - Seagate)
BlackArmor Discovery (HKLM-x32\...\InstallShield_{B52480BF-CCED-4DD4-8DC2-28BB750D703E}) (Version: 1.20.0931.004 - Seagate)
BlackArmor Discovery (x32 Version: 1.20.0931.004 - Seagate) Hidden
BlueJ 3.0.4 (HKCU\...\BlueJ_is1) (Version:  - La Trobe University)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Call of Duty(R) - World at War(TM) 1.1 Patch (x32 Version:  - ) Hidden
Call of Duty(R) - World at War(TM) 1.1 Patch (x32 Version: 1.1 - Activision) Hidden
Call of Duty(R) - World at War(TM) 1.2 Patch (x32 Version:  - ) Hidden
Call of Duty(R) - World at War(TM) 1.2 Patch (x32 Version: 1.2 - Activision) Hidden
Call of Duty(R) - World at War(TM) 1.3 Patch (x32 Version:  - ) Hidden
Call of Duty(R) - World at War(TM) 1.3 Patch (x32 Version: 1.3 - Activision) Hidden
Call of Duty(R) - World at War(TM) 1.4 Patch (x32 Version:  - ) Hidden
Call of Duty(R) - World at War(TM) 1.4 Patch (x32 Version: 1.4 - Activision) Hidden
Call of Duty(R) - World at War(TM) 1.5 Patch (x32 Version:  - ) Hidden
Call of Duty(R) - World at War(TM) 1.5 Patch (x32 Version: 1.5 - Activision) Hidden
Call of Duty: Modern Warfare 2 - Multiplayer (HKLM-x32\...\Steam App 10190) (Version:  - Infinity Ward)
Call of Duty: Modern Warfare 2 (HKLM-x32\...\Steam App 10180) (Version:  - Infinity Ward)
Call of Duty: Modern Warfare 3 - Multiplayer (HKLM-x32\...\Steam App 42690) (Version:  - Infinity Ward - Sledgehammer Games)
Call of Duty: Modern Warfare 3 (HKLM-x32\...\Steam App 42680) (Version:  - Infinity Ward - Sledgehammer Games)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2010.0825.2146.37182 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0825.2146.37182 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2010.0825.2146.37182 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2010.0825.2146.37182 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2010.0825.2145.37182 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2010.0825.2145.37182 - ATI) Hidden
CCC Help Czech (x32 Version: 2010.0825.2145.37182 - ATI) Hidden
CCC Help Danish (x32 Version: 2010.0825.2145.37182 - ATI) Hidden
CCC Help Dutch (x32 Version: 2010.0825.2145.37182 - ATI) Hidden
CCC Help English (x32 Version: 2010.0825.2145.37182 - ATI) Hidden
CCC Help Finnish (x32 Version: 2010.0825.2145.37182 - ATI) Hidden
CCC Help French (x32 Version: 2010.0825.2145.37182 - ATI) Hidden
CCC Help German (x32 Version: 2010.0825.2145.37182 - ATI) Hidden
CCC Help Greek (x32 Version: 2010.0825.2145.37182 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2010.0825.2145.37182 - ATI) Hidden
CCC Help Italian (x32 Version: 2010.0825.2145.37182 - ATI) Hidden
CCC Help Japanese (x32 Version: 2010.0825.2145.37182 - ATI) Hidden
CCC Help Korean (x32 Version: 2010.0825.2145.37182 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2010.0825.2145.37182 - ATI) Hidden
CCC Help Polish (x32 Version: 2010.0825.2145.37182 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2010.0825.2145.37182 - ATI) Hidden
CCC Help Russian (x32 Version: 2010.0825.2145.37182 - ATI) Hidden
CCC Help Spanish (x32 Version: 2010.0825.2145.37182 - ATI) Hidden
CCC Help Swedish (x32 Version: 2010.0825.2145.37182 - ATI) Hidden
CCC Help Thai (x32 Version: 2010.0825.2145.37182 - ATI) Hidden
CCC Help Turkish (x32 Version: 2010.0825.2145.37182 - ATI) Hidden
ccc-core-static (x32 Version: 2010.0825.2146.37182 - Ihr Firmenname) Hidden
ccc-utility64 (Version: 2010.0825.2146.37182 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.01 - Piriform)
CloneCD (HKLM-x32\...\CloneCD) (Version:  - SlySoft)
CloneDVD2 (HKLM-x32\...\CloneDVD2) (Version: 2.9.3.0 - Elaborate Bytes)
Connect (x32 Version: 1.0.0.1 - Adobe Systems Incorporated) Hidden
CoreAVC Pro 1.8.5.0 (HKLM-x32\...\coreavc_is1) (Version: 1.8.5.0 - )
CyberLink BD_3D Advisor 2.0 (HKLM-x32\...\{2D2D8FE2-605C-4D3C-B706-36E981E7EEF0}) (Version:  - )
CyberLink InstantBurn (HKLM-x32\...\{19C64880-BBCA-11D4-9EEE-0004ACDDDB3B}) (Version: 5.0.6210 - CyberLink Corp.)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3418 - CyberLink Corp.)
CyberLink LabelPrint (x32 Version: 2.5.3418 - CyberLink Corp.) Hidden
CyberLink PowerBackup (HKLM-x32\...\{ADD5DB49-72CF-11D8-9D75-000129760D75}) (Version: 2.5.6023 - CyberLink Corp.)
CyberLink PowerDVD 9 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.3530.52 - CyberLink Corp.)
CyberLink PowerDVD 9 (x32 Version: 9.0.3530.52 - CyberLink Corp.) Hidden
CyberLink PowerProducer (HKLM-x32\...\InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 5.0.2.2429 - CyberLink Corp.)
CyberLink PowerProducer (x32 Version: 5.0.2.2429 - CyberLink Corp.) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{DC4BC0CC-A928-4C48-BA40-AC24784F46E5}) (Version:  - Microsoft)
DivX-Setup (HKLM-x32\...\DivX Setup.divx.com) (Version: 2.0.4.2 - DivX, Inc. )
Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
EE-ZDE (HKLM-x32\...\{B49C924C-A651-4378-94F6-5D9BF44A959F}) (Version:  - )
Empire Earth (HKLM-x32\...\{2447500B-22D7-47BD-9B13-1A927F43A267}) (Version:  - )
Far Cry 2 (HKLM-x32\...\{F2835483-37F2-4123-B4FE-0E77D58447F2}) (Version: 1.00.00 - Ubisoft)
FIFA 12 (HKLM-x32\...\{EA8ADAA9-6671-4839-A51E-0C6792B78F3E}) (Version: 1.0.0.0 - Electronic Arts)
FL Studio 9 (HKLM-x32\...\FL Studio 9) (Version:  - Image-Line)
Free FLV Converter V 7.6.1 (HKLM-x32\...\Free FLV Converter_is1) (Version: 7.6.1.0 - Koyote Lab Inc.)
FUSSBALL MANAGER 10 (HKLM-x32\...\FUSSBALL MANAGER 10) (Version: 2.0.0.7 - Electronic Arts)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.116 - Google Inc.)
Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
Gothic II (HKLM-x32\...\Gothic II) (Version:  - JoWooD Productions Software AG)
Greenfoot (HKLM-x32\...\{8C838B70-3A71-41E8-91A6-4ADCF2E483D0}) (Version: 2.2.1 - Greenfoot Team)
Hardcore (HKLM-x32\...\Hardcore) (Version:  - Image-Line)
Hitman: Absolution (HKLM-x32\...\Steam App 203140) (Version:  - IO Interactive)
HydraVision (x32 Version: 4.2.180.0 - ATI Technologies Inc.) Hidden
IL Download Manager (HKLM-x32\...\IL Download Manager) (Version:  - Image-Line)
iolo technologies' System Mechanic (HKLM-x32\...\{55FD1D5A-7AEF-4DA3-8FAF-A71B2A52FFC7}_is1) (Version: 10.5.4 - iolo technologies, LLC)
iTunes (HKLM\...\{76FF0F03-B707-4332-B5D1-A56C8303514E}) (Version: 11.0.4.4 - Apple Inc.)
Java 7 Update 21 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417021FF}) (Version: 7.0.210 - Oracle)
Java 7 Update 21 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217021FF}) (Version: 7.0.210 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.5 - Sun Microsystems, Inc.) Hidden
Java-Editor 9.14h (HKLM-x32\...\{65FBA21B-7F80-4E4E-B275-0958D2648F94}_is1) (Version:  - Gerhard Röhner)
Kaspersky PURE 3.0 (HKLM-x32\...\InstallWIX_{D0702EE9-9DE4-419A-9C6C-4730B1C985BA}) (Version: 13.0.2.558 - Kaspersky Lab)
Kaspersky PURE 3.0 (x32 Version: 13.0.2.558 - Kaspersky Lab) Hidden
kuler (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Logitech Gaming Software (HKLM-x32\...\{B9242864-2841-4ADE-86E0-8F90F91B04DD}) (Version: 4.40 - )
Media Player Classic - Home Cinema 1.6.1.4235 x64 (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.6.1.4235 - MPC-HC Team)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Age of Empires (HKLM-x32\...\Age of Empires) (Version:  - )
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}) (Version: 3.1.99.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office Access MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 32-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Mozilla Firefox 17.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 17.0 (x86 de)) (Version: 17.0 - Mozilla)
Mozilla Firefox 28.0 (x86 de) (HKCU\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla)
Mozilla Thunderbird (3.0.11) (HKCU\...\Mozilla Thunderbird (3.0.11)) (Version: 3.0.11 (de) - Mozilla)
Mozilla Thunderbird (3.0.3) (HKLM-x32\...\Mozilla Thunderbird (3.0.3)) (Version: 3.0.3 (de) - Mozilla)
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.2 - F.J. Wechselberger)
NETGEAR Genie (HKLM-x32\...\NETGEAR Genie) (Version: 2.2.27.1  - NETGEAR Inc.)
NETGEAR USB Control Center   (HKLM-x32\...\{CE79625A-8E53-41F6-8EC1-FCADAD0F130F}) (Version: 1.27 - NETGEAR)
NETGEAR WG111v3 wireless USB 2.0 adapter (HKLM-x32\...\InstallShield_{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}) (Version: 1.01.10 - NETGEAR)
NETGEAR WG111v3 wireless USB 2.0 adapter (x32 Version: 1.01.10 - NETGEAR) Hidden
NVIDIA PhysX (HKLM-x32\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA Corporation)
OpenOffice.org 3.2 (HKLM-x32\...\{8D1E61D1-1395-4E97-997F-D002DB3A5074}) (Version: 3.2.9502 - OpenOffice.org)
Origin (HKLM-x32\...\Origin) (Version: 8.5.1.15 - Electronic Arts, Inc.)
PDF Settings CS4 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
Photoshop Camera Raw (x32 Version: 5.0 - Adobe Systems Incorporated) Hidden
Photoshop Camera Raw_x64 (Version: 5.0 - Adobe Systems Incorporated) Hidden
PoiZone (HKLM-x32\...\PoiZone) (Version:  - Image-Line)
PowerDVD (HKLM-x32\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 7.0.3409.0 - CyberLink Corporation)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.986 - Even Balance, Inc.)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
RealPlayer (HKLM-x32\...\RealPlayer 12.0) (Version:  - RealNetworks)
RealUpgrade 1.0 (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden
Risen (HKLM-x32\...\{155F4A0E-76ED-45A2-91FB-FF2A2133C31A}) (Version: 1.00.0000 - Deep Silver)
Sawer (HKLM-x32\...\Sawer) (Version:  - Image-Line)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
SMPlayer 0.8.0 (HKLM-x32\...\SMPlayer) (Version: 0.8.0 - Ricardo Villalba)
Sony Ericsson PC Companion 2.01.217 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.01.217 - Sony Ericsson)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Suite Shared Configuration CS4 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
TeamSpeak 3 Client (HKCU\...\TeamSpeak 3 Client) (Version:  - TeamSpeak Systems GmbH)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
Toxic Biohazard (HKLM-x32\...\Toxic Biohazard) (Version:  - Image-Line)
Two Worlds II (HKLM-x32\...\Two Worlds II) (Version: 1.3.2.0 - )
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Update for Microsoft Access 2010 (KB2553446) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{FEF4C57D-0975-4D3C-ACC7-DCD038C3788F}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2837594) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{99A0DB9A-71FC-4F98-BC1F-78A18195C677}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{DB0B0CDF-77EC-47B0-94E2-4738573A1E58}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{1AA82E2E-7DB7-4C70-910C-BBB657A6B3A5}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{428CB7A0-1068-4CE1-8835-39C7ECD297ED}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553092) (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{E636FE63-842B-4F4B-9884-DA189ACC0B91}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553092) (HKLM\...\{90140000-0044-0407-1000-0000000FF1CE}_Office14.PROPLUS_{E636FE63-842B-4F4B-9884-DA189ACC0B91}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{79C725A1-3964-421C-A528-78C1C083C7C7}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{EBD18DE5-BC84-4B57-9A30-097044871F9A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{4AD36582-256B-433D-8593-F31773A15CA4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{4AD36582-256B-433D-8593-F31773A15CA4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F216169C-2B40-429B-8370-B5BA06EC5423}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F216169C-2B40-429B-8370-B5BA06EC5423}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{B6AD7E27-012A-4B63-82BA-AF62893E5435}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{07DC9C6C-E916-4F42-8677-716930ED0393}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{43F59F4D-7179-497E-BE99-BC6F7D1DDCBA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition (HKLM\...\{90140000-0044-0407-1000-0000000FF1CE}_Office14.PROPLUS_{43F59F4D-7179-497E-BE99-BC6F7D1DDCBA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 64-Bit Edition (HKLM\...\{90140000-001F-0407-1000-0000000FF1CE}_Office14.PROPLUS_{64D96F30-CF4C-4CCE-AAF2-F8909348BF35}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 64-Bit Edition (HKLM\...\{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUS_{9F6507AC-7D8F-46C1-B90F-59C7828E0E0D}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2863818) 64-Bit Edition (HKLM\...\{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUS_{A9C4BE58-07E0-473D-AE68-ECBA13FBF77E}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{8A6BDA63-4D23-4485-A466-8979E10BCF49}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{8A6BDA63-4D23-4485-A466-8979E10BCF49}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{3029C408-1DD1-4273-8E58-87CB1B638FC8}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{3029C408-1DD1-4273-8E58-87CB1B638FC8}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{DDDC32A5-9528-4771-B91A-97A8E1D7957B}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition (HKLM\...\{90140000-001A-0407-1000-0000000FF1CE}_Office14.PROPLUS_{6164E0E5-C903-488C-93AF-1B7AF7EBC331}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 64-Bit Edition (HKLM\...\{90140000-0018-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BEA3259E-14B5-4D89-87FF-ED9F1D0D81C8}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2775360) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{BE1D254A-E5CD-4E76-9BE8-7B2E5FDBA6AF}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{77374F16-2DC6-4EEF-AFAD-C59FDA2E010D}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{77374F16-2DC6-4EEF-AFAD-C59FDA2E010D}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2878227) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{04DED3FB-DDB2-4C1E-A057-2A1FB97BE42D}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{DF33B92A-5381-4F03-AB54-2D67086B357E}) (Version:  - Microsoft)
VC80CRTRedist - 8.0.50727.4053 (x32 Version: 1.1.0 - DivX, Inc) Hidden
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version:  - Elaborate Bytes)
VLC media player 1.1.4 (HKLM-x32\...\VLC media player) (Version: 1.1.4 - VideoLAN)
Warcraft III (HKLM-x32\...\Warcraft III) (Version:  - Blizzard Entertainment)
Windows Live Call (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows XP Mode (HKLM\...\{1374CC63-B520-4f3f-98E8-E9020BF01CFF}) (Version: 1.3.7600.16422 - Microsoft Corporation)
WinEdt 6 (HKLM-x32\...\WinEdt 6_is1) (Version:  - WinEdt Team)
WinRAR (HKLM-x32\...\WinRAR archiver) (Version:  - )
WinX Bluray DVD iPad Ripper 4.5.3 (HKLM-x32\...\WinX Bluray DVD iPad Ripper_is1) (Version:  - Digiarty Software,Inc.)
XAMPP 1.7.4 (HKLM-x32\...\xampp) (Version:  - )
Xilisoft Video Editor (HKLM-x32\...\Xilisoft Video Editor) (Version: 1.0.34.1218 - Xilisoft)
Youtube Downloader HD v. 2.9.4 (HKLM-x32\...\Youtube Downloader HD_is1) (Version:  - YoutubeDownloaderHD.com)

==================== Restore Points  =========================

Could not list Restore Points. Check "winmgmt" service or repair WMI.


==================== Hosts content: ==========================

2009-07-14 04:34 - 2012-04-09 15:28 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => ?

==================== Loaded Modules (whitelisted) =============

2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\Temp:07BF512B

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ioloSystemService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== Disabled items from MSCONFIG ==============

MSCONFIG\Services: AMD External Events Utility => 2
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: Brother XP spl Service => 2
MSCONFIG\Services: CLKMSVC10_9EC60124 => 2
MSCONFIG\Services: FLEXnet Licensing Service => 3
MSCONFIG\Services: FLEXnet Licensing Service 64 => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: NETGEARGenieDaemon => 2
MSCONFIG\Services: OMSI download service => 2
MSCONFIG\Services: RichVideo => 2
MSCONFIG\Services: SgtSch2Svc => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Sony Ericsson PCCompanion => 3
MSCONFIG\Services: SwitchBoard => 3
MSCONFIG\Services: WinRM => 3
MSCONFIG\Services: wlidsvc => 2
MSCONFIG\Services: WMPNetworkSvc => 2
MSCONFIG\Services: WPCSvc => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^NETGEAR WG111v3 Setup-Assistent.lnk => C:\Windows\pss\NETGEAR WG111v3 Setup-Assistent.lnk.CommonStartup
MSCONFIG\startupreg: AcronisTimounterMonitor => C:\Program Files (x86)\Seagate\BlackArmorBackup\TimounterMonitor.exe
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS4ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: AdobeCS5ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: AnyDVD => "C:\Software\SlySoft\AnyDVD\AnyDVD.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BCSSync => "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: BDRegion => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
MSCONFIG\startupreg: BlackArmorBackupMonitor.exe => C:\Program Files (x86)\Seagate\BlackArmorBackup\BlackArmorBackupMonitor.exe
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: CloneCDTray => "C:\Software\SlySoft\CloneCD\CloneCDTray.exe" /s
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: EA Core => "C:\Software\Electronic Arts\EADM\Core.exe" -silent
MSCONFIG\startupreg: InstantBurn => C:\PROGRA~2\CYBERL~1\INSTAN~1\Win2K\IBurn.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: NETGEAR USB Control Center => C:\Software\NETGEAR\USB Control Center\Control Center.exe -mini
MSCONFIG\startupreg: NETGEARGenie => "C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe" -mini -redirect
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RemoteControl => C:\Software\CyberLink\PowerDVD\PDVDServ.exe
MSCONFIG\startupreg: RemoteControl10 => C:\Software\CyberLink\PowerDVD10\PowerDVD10\PDVD10Serv.exe
MSCONFIG\startupreg: RemoteControl9 => "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
MSCONFIG\startupreg: Seagate Scheduler2 Service => "C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe"
MSCONFIG\startupreg: Sony Ericsson PC Suite => "C:\Software\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
MSCONFIG\startupreg: StartWMDriverWiz => C:\Windows\system32\rundll32.exe C:\PROGRA~2\COMMON~1\Logitech\WmDrivers\wmwizard.dll,WMWizardMain
MSCONFIG\startupreg: Steam => "C:\Software\Steam\Steam.exe" -silent
MSCONFIG\startupreg: Sweetpacks Communicator => C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe
MSCONFIG\startupreg: TkBellExe => "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot
MSCONFIG\startupreg: VirtualCloneDrive => "C:\Software\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s

==================== Faulty Device Manager Devices =============

Name: PS/2-kompatible Maus
Description: PS/2-kompatible Maus
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: BlackArmor NAS 1D
Description: BlackArmor NAS 1D
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/10/2014 02:20:28 PM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall

Error: (04/09/2014 03:51:10 PM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall

Error: (04/07/2014 01:46:54 PM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall

Error: (04/06/2014 05:01:42 PM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall

Error: (04/05/2014 02:26:49 PM) (Source: System Restore) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\system32\svchost.exe -k netsvcs; Beschreibung = Windows Update; Fehler = 0x81000101).

Error: (04/05/2014 01:49:32 PM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall

Error: (04/03/2014 01:57:04 PM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall

Error: (04/03/2014 01:24:55 AM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall

Error: (04/02/2014 01:44:38 PM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall

Error: (04/01/2014 04:54:06 PM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall


System errors:
=============
Error: (04/10/2014 01:31:22 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Defender" wurde mit folgendem Fehler beendet: 
%%126

Error: (04/09/2014 03:50:10 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Defender" wurde mit folgendem Fehler beendet: 
%%126

Error: (04/07/2014 01:12:13 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Defender" wurde mit folgendem Fehler beendet: 
%%126

Error: (04/06/2014 05:00:54 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Defender" wurde mit folgendem Fehler beendet: 
%%126

Error: (04/05/2014 02:59:25 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Definition Update for Windows Defender - KB915597 (Definition 1.169.1703.0)

Error: (04/05/2014 02:58:49 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Defender" wurde mit folgendem Fehler beendet: 
%%126

Error: (04/05/2014 01:43:27 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Defender" wurde mit folgendem Fehler beendet: 
%%126

Error: (04/03/2014 04:29:24 PM) (Source: volsnap) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

Error: (04/03/2014 01:07:41 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Defender" wurde mit folgendem Fehler beendet: 
%%126

Error: (04/03/2014 01:22:59 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Defender" wurde mit folgendem Fehler beendet: 
%%126


Microsoft Office Sessions:
=========================
Error: (04/10/2014 02:20:28 PM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall

Error: (04/09/2014 03:51:10 PM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall

Error: (04/07/2014 01:46:54 PM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall

Error: (04/06/2014 05:01:42 PM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall

Error: (04/05/2014 02:26:49 PM) (Source: System Restore)(User: )
Description: C:\Windows\system32\svchost.exe -k netsvcsWindows Update0x81000101

Error: (04/05/2014 01:49:32 PM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall

Error: (04/03/2014 01:57:04 PM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall

Error: (04/03/2014 01:24:55 AM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall

Error: (04/02/2014 01:44:38 PM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall

Error: (04/01/2014 04:54:06 PM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall


CodeIntegrity Errors:
===================================
  Date: 2014-04-10 14:04:56.465
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-04-10 14:04:56.465
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-04-10 14:04:56.450
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-04-10 14:04:56.434
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-04-10 14:04:56.434
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-04-10 14:04:56.418
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-04-07 14:06:59.045
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-04-07 14:06:59.045
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-04-07 14:06:59.045
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-04-07 14:06:59.030
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 58%
Total physical RAM: 3071.49 MB
Available physical RAM: 1277.32 MB
Total Pagefile: 6141.16 MB
Available Pagefile: 3833.09 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (DATA) (Fixed) (Total:228.82 GB) (Free:8.97 GB) NTFS
Drive d: (ACER) (Fixed) (Total:229.13 GB) (Free:51.86 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive z: (Public) (Network) (Total:1831.15 GB) (Free:124.23 GB) NTFS

==================== MBR & Partition Table ==================

==================== End Of Log ============================
         
--- --- ---

und kurze zwischenfrage,kann ich die scans durchführen während kaspersky läuft,oder stört das in irgendeiner weise?
__________________

Alt 13.04.2014, 14:49   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Sicherheitssperre Ihres Postfachs - Standard

Sicherheitssperre Ihres Postfachs



Unsere Tools brauchen immer Adminrechte, KAV abschalten.

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 14.04.2014, 15:48   #5
bl4cky
 
Sicherheitssperre Ihres Postfachs - Standard

Sicherheitssperre Ihres Postfachs



habe kav ausgestellt, combofix runtergeladen und ausgeführt.hat seinen scann gemacht,pc neugestartet..soweit so gut. bein einloggen jedoch postete es jede sekunde ein neues kleines combofix fenster so das absolut garnix mehr ging.
die desktopmanager-fenster haben ständig geblinkt(falls du weißt was ich meine,wie als würd man da draufklicken nur das ganz stell und hintereinander) und der pc war vollends ausgelastet. das kann doch nicht normal sein?
ein combofix.txt datei hab ich auch nicht am besagten platz gefunden...

und jetzt? einfach nochmal probieren?

Combofix Logfile:
Code:
ATTFilter
ComboFix 14-04-12.01 - ****** 14.04.2014  15:18:19.5.2 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.3071.1605 [GMT 2:00]
ausgeführt von:: c:\users\******_2\Downloads\ComboFix.exe
AV: Kaspersky PURE 3.0 *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
FW: Kaspersky PURE 3.0 *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
SP: Kaspersky PURE 3.0 *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Vorheriger Suchlauf -------
.
c:\software\DE-Cleaner powered by Kaspersky\setup_9.0.0.722_07.10.2012_06-07\startup.exe
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\wpcap.dll
D:\install.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_NPF
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-03-14 bis 2014-04-14  ))))))))))))))))))))))))))))))
.
.
2014-04-14 13:27 . 2014-04-14 13:27	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-04-14 13:27 . 2014-04-14 13:27	--------	d-----w-	c:\users\******\AppData\Local\temp
2014-04-13 22:25 . 2014-04-13 22:25	75888	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{F3E4C0FC-E77D-4575-A0DF-4A66D8746A80}\offreg.dll
2014-04-13 22:11 . 2014-03-17 08:16	10521840	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{F3E4C0FC-E77D-4575-A0DF-4A66D8746A80}\mpengine.dll
2014-04-11 13:19 . 2014-02-04 02:35	190912	----a-w-	c:\windows\system32\drivers\storport.sys
2014-04-11 13:19 . 2014-02-04 02:35	274880	----a-w-	c:\windows\system32\drivers\msiscsi.sys
2014-04-11 13:19 . 2014-02-04 02:35	27584	----a-w-	c:\windows\system32\drivers\Diskdump.sys
2014-04-11 13:19 . 2014-02-04 02:28	2048	----a-w-	c:\windows\system32\iologmsg.dll
2014-04-11 13:19 . 2014-02-04 02:00	2048	----a-w-	c:\windows\SysWow64\iologmsg.dll
2014-04-11 13:19 . 2014-01-24 02:37	1684928	----a-w-	c:\windows\system32\drivers\ntfs.sys
2014-04-11 13:18 . 2014-03-04 09:44	1163264	----a-w-	c:\windows\system32\kernel32.dll
2014-04-11 13:18 . 2014-03-04 09:44	362496	----a-w-	c:\windows\system32\wow64win.dll
2014-04-11 13:18 . 2014-03-04 09:44	243712	----a-w-	c:\windows\system32\wow64.dll
2014-04-11 13:18 . 2014-03-04 09:44	13312	----a-w-	c:\windows\system32\wow64cpu.dll
2014-04-11 13:18 . 2014-03-04 09:44	16384	----a-w-	c:\windows\system32\ntvdm64.dll
2014-04-11 13:18 . 2014-03-04 09:17	14336	----a-w-	c:\windows\SysWow64\ntvdm64.dll
2014-04-11 13:18 . 2014-03-04 09:16	25600	----a-w-	c:\windows\SysWow64\setup16.exe
2014-04-11 13:18 . 2014-03-04 09:16	5120	----a-w-	c:\windows\SysWow64\wow32.dll
2014-04-11 13:18 . 2014-03-04 08:09	7680	----a-w-	c:\windows\SysWow64\instnm.exe
2014-04-11 13:18 . 2014-03-04 08:09	2048	----a-w-	c:\windows\SysWow64\user.exe
2014-04-10 13:52 . 2014-04-10 13:56	--------	d-----w-	C:\FRST
2014-04-02 00:02 . 2014-04-02 00:02	--------	d-----w-	c:\users\******_2\AppData\Local\Skype
2014-04-02 00:01 . 2014-04-02 00:01	--------	d-----w-	c:\program files (x86)\Common Files\Skype
2014-04-02 00:01 . 2014-04-02 00:01	--------	d-----r-	c:\program files (x86)\Skype
2014-03-28 12:32 . 2014-03-28 12:32	--------	d-----w-	c:\windows\Migration
2014-03-25 23:29 . 2014-01-29 02:32	484864	----a-w-	c:\windows\system32\wer.dll
2014-03-25 23:29 . 2014-01-29 02:06	381440	----a-w-	c:\windows\SysWow64\wer.dll
2014-03-25 23:25 . 2014-02-04 02:32	624128	----a-w-	c:\windows\system32\qedit.dll
2014-03-25 23:25 . 2014-02-04 02:04	509440	----a-w-	c:\windows\SysWow64\qedit.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-04-11 13:24 . 2010-03-20 12:19	90655440	----a-w-	c:\windows\system32\MRT.exe
2014-04-02 11:11 . 2012-08-02 13:09	29792	----a-w-	c:\windows\system32\drivers\klim6.sys
2014-04-02 11:11 . 2012-06-19 15:28	458336	----a-w-	c:\windows\system32\drivers\kl1.sys
2014-03-31 07:35 . 2010-03-19 18:49	270496	------w-	c:\windows\system32\MpSigStub.exe
2014-03-13 15:15 . 2013-09-23 00:03	692616	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2014-03-13 15:15 . 2013-08-23 22:34	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-04 09:17 . 2014-04-11 13:18	44032	----a-w-	c:\windows\apppatch\acwow64.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon]
@="{dd230880-495a-11d1-b064-008048ec2fc5}"
[HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}]
2014-04-02 11:08	458944	----a-w-	c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\shellex.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"AnyDVD"="c:\software\SlySoft\AnyDVD\AnyDVDtray.exe" [2012-09-20 6377120]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-02-10 20922016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-05-31 152392]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
.
c:\users\******_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux7"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
R3 NetgearUDSTcpBus;NetgearUDSTcpBus;SysWOW64\Drivers\NetgearUDSTcpBus.sys;SysWOW64\Drivers\NetgearUDSTcpBus.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTL8187B;NETGEAR WG111v3 Wireless-G USB Adapter Win7 Driver;c:\windows\system32\DRIVERS\wg111v3.sys;c:\windows\SYSNATIVE\DRIVERS\wg111v3.sys [x]
R3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\DRIVERS\s1018bus.sys;c:\windows\SYSNATIVE\DRIVERS\s1018bus.sys [x]
R3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1018mgmt.sys;c:\windows\SYSNATIVE\DRIVERS\s1018mgmt.sys [x]
R3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1018nd5.sys;c:\windows\SYSNATIVE\DRIVERS\s1018nd5.sys [x]
R3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1018unic.sys;c:\windows\SYSNATIVE\DRIVERS\s1018unic.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
R4 CLKMSVC10_9EC60124;CyberLink Product - 2012/07/04 19:04;c:\program files (x86)\Cyberlink\PowerDVD9\NavFilter\kmsvc.exe;c:\program files (x86)\Cyberlink\PowerDVD9\NavFilter\kmsvc.exe [x]
R4 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
R4 NETGEARGenieDaemon;NETGEARGenieDaemon;c:\program files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe;c:\program files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [x]
R4 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files (x86)\Common Files\Seagate\Schedule2\schedul2.exe;c:\program files (x86)\Common Files\Seagate\Schedule2\schedul2.exe [x]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R4 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe;c:\program files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [x]
S0 46094262;46094262 Boot Guard Driver;c:\windows\system32\DRIVERS\46094262.sys;c:\windows\SYSNATIVE\DRIVERS\46094262.sys [x]
S0 CSCrySec;InfoWatch Encrypt Sector Library driver;c:\windows\system32\DRIVERS\CSCrySec.sys;c:\windows\SYSNATIVE\DRIVERS\CSCrySec.sys [x]
S1 46094261;46094261;c:\windows\system32\DRIVERS\46094261.sys;c:\windows\SYSNATIVE\DRIVERS\46094261.sys [x]
S1 CLBStor;InstantBurn Storage Helper Driver;c:\windows\system32\DRIVERS\CLBStor.sys;c:\windows\SYSNATIVE\DRIVERS\CLBStor.sys [x]
S1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;c:\windows\system32\DRIVERS\CSVirtualDiskDrv.sys;c:\windows\SYSNATIVE\DRIVERS\CSVirtualDiskDrv.sys [x]
S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\ElRawDsk.sys;c:\windows\SYSNATIVE\drivers\ElRawDsk.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys;c:\windows\SYSNATIVE\DRIVERS\kltdi.sys [x]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys;c:\windows\SYSNATIVE\DRIVERS\kneps.sys [x]
S2 CLBUDF;CyberLink InstantBurn UDF Filesystem; [x]
S2 CSObjectsSrv;Verwaltungsservice vom CryproStorage-System;c:\program files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe;c:\program files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [x]
S2 ioloSystemService;iolo System Service;c:\program files (x86)\iolo\Common\Lib\ioloServiceManager.exe;c:\program files (x86)\iolo\Common\Lib\ioloServiceManager.exe [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\klkbdflt.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys;c:\windows\SYSNATIVE\DRIVERS\klmouflt.sys [x]
S3 NetgearUDSMBus;UDS Master Bus of Kernel USB Software Bus by TCP;SysWOW64\Drivers\NetgearUDSMBus.sys;SysWOW64\Drivers\NetgearUDSMBus.sys [x]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys;c:\windows\SYSNATIVE\DRIVERS\seehcri.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-04-10 12:27	1077576	----a-w-	c:\program files (x86)\Google\Chrome\Application\34.0.1847.116\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-04-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-04 15:45]
.
2014-04-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-04 15:45]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon]
@="{dd230880-495a-11d1-b064-008048ec2fc5}"
[HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}]
2014-04-02 11:10	491200	----a-w-	c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\shellex.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 108144]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"MSPCLOCK"="streamci" [X]
"MSPQM"="streamci" [X]
"MSKSSRV"="streamci" [X]
"MSTEE.CxTransform"="streamci" [X]
"MSTEE.Splitter"="streamci" [X]
"WDM_DRMKAUD"="streamci" [X]
"*WerKernelReporting"="c:\windows\SYSTEM32\WerFault.exe" [2009-07-14 415232]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://mystart.incredibar.com/mb165?a=6PQCyhpUlC&i=26
uInternet Settings,ProxyOverride = *.local
IE: Hinzufügen zu Anti-Banner - c:\software\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
TCP: Interfaces\{46311A8E-493C-41C3-8C14-3C01BC5EFF93}: NameServer = 192.168.1.2
FF - ProfilePath - c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\aivyvp0o.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?barid={D852E4BD-1ECE-11E2-B4D6-001C25321542}&src=2&crg=3.1010000.10011&q=
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6PQCyhpUlC&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - 742db8f4000000000000001b2f32e49f
FF - user.js: extensions.incredibar_i.instlDay - 15526
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1417:00
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef - 
FF - user.js: extensions.incredibar_i.dfltLng - 
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id - 
FF - user.js: extensions.incredibar_i.upn2 - 6PQCyhpUlC
FF - user.js: extensions.incredibar_i.upn2n - 92543178436774820
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10665
FF - user.js: extensions.incredibar_i.ppd - 
.
.
------- Dateityp-Verknüpfung -------
.
JSEFile=NOTEPAD.EXE %1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - (no file)
Wow6432Node-HKLM-RunOnce-SMRequiresRestart - (no file)
c:\users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\setup_9.0.0.722_07.10.2012_06-07.lnk - c:\software\DE-Cleaner powered by Kaspersky\setup_9.0.0.722_07.10.2012_06-07\startup.exe "c:\software\DE-Cleaner powered by Kaspersky\setup_9.0.0.722_07.10.2012_06-07\setup_9.0.0.722_07.10.2012_06-07.exe" -gui -bl
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-4199886456-4071215553-3698710090-1000\Software\SecuROM\License information*]
"datasecu"=hex:e1,3c,26,c6,f7,a8,8d,5a,ff,df,b8,cd,a5,57,bc,54,57,b2,61,c6,cb,
   11,c3,dc,1d,e1,a6,3a,35,eb,7d,91,43,b2,c4,03,e0,e4,a4,be,ac,72,b6,77,c4,ee,\
"rkeysecu"=hex:84,10,f5,1d,cd,38,b3,7c,23,1b,a0,37,ab,97,2c,ce
.
[HKEY_USERS\S-1-5-21-4199886456-4071215553-3698710090-1003\Software\SecuROM\License information*]
"datasecu"=hex:cc,0b,5a,a6,98,60,c8,22,c9,60,e1,2f,eb,73,e4,49,f6,15,20,c9,65,
   3b,46,79,18,a4,ea,a2,ee,19,78,99,07,48,d1,a8,2d,12,88,6d,d3,59,fc,ba,0d,14,\
"rkeysecu"=hex:10,53,07,a0,28,4d,93,ce,64,80,87,94,74,6c,ae,9b
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-04-14  15:31:58
ComboFix-quarantined-files.txt  2014-04-14 13:31
.
Vor Suchlauf: 6.948.601.856 Bytes frei
Nach Suchlauf: 6.475.825.152 Bytes frei
.
- - End Of File - - 3E6B8A56E5EA0101615393BB4D133BC0
         
--- --- ---
A36C5E4F47E84449FF07ED3517B43A31


Alt 15.04.2014, 11:59   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Sicherheitssperre Ihres Postfachs - Standard

Sicherheitssperre Ihres Postfachs



Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
--> Sicherheitssperre Ihres Postfachs

Alt 16.04.2014, 21:45   #7
bl4cky
 
Sicherheitssperre Ihres Postfachs - Standard

Sicherheitssperre Ihres Postfachs



so habe alles ausgeführt,allerdings hat JRT ALLE MEINE PROGRAMME GELÖSCHT!!!!!!!!!!!! was zum teufel soll das oO
alles was in meinem software ordner war ist weg!

Malwarebytes Anti-Malware
Malwarebytes | Free Anti-Malware & Internet Security Software


Protection, 16.04.2014 13:49:02, SYSTEM, DAVESHAVE, Protection, Malware Protection, Starting,
Protection, 16.04.2014 13:49:02, SYSTEM, DAVESHAVE, Protection, Malware Protection, Started,
Protection, 16.04.2014 13:49:02, SYSTEM, DAVESHAVE, Protection, Malicious Website Protection, Starting,
Protection, 16.04.2014 13:50:02, SYSTEM, DAVESHAVE, Protection, Malicious Website Protection, Started,
Update, 16.04.2014 13:50:41, SYSTEM, DAVESHAVE, Manual, Rootkit Database, 2014.2.20.1, 2014.3.27.1,
Update, 16.04.2014 13:50:42, SYSTEM, DAVESHAVE, Manual, Rootkit Database, 2014.2.20.1, 2014.3.27.1,
Update, 16.04.2014 13:50:49, SYSTEM, DAVESHAVE, Manual, Malware Database, 2014.3.4.9, 2014.4.10.7,
Update, 16.04.2014 13:50:49, SYSTEM, DAVESHAVE, Manual, Malware Database, 2014.3.4.9, 2014.4.10.7,
Protection, 16.04.2014 13:50:50, SYSTEM, DAVESHAVE, Protection, Refresh, Starting,
Protection, 16.04.2014 13:50:50, SYSTEM, DAVESHAVE, Protection, Malicious Website Protection, Stopping,
Protection, 16.04.2014 13:50:51, SYSTEM, DAVESHAVE, Protection, Malicious Website Protection, Stopped,
Protection, 16.04.2014 13:50:57, SYSTEM, DAVESHAVE, Protection, Refresh, Success,
Protection, 16.04.2014 13:50:57, SYSTEM, DAVESHAVE, Protection, Malicious Website Protection, Starting,
Protection, 16.04.2014 13:50:57, SYSTEM, DAVESHAVE, Protection, Refresh, Starting,
Protection, 16.04.2014 13:50:58, SYSTEM, DAVESHAVE, Protection, Malicious Website Protection, Started,
Protection, 16.04.2014 13:50:58, SYSTEM, DAVESHAVE, Protection, Malicious Website Protection, Stopping,
Protection, 16.04.2014 13:50:58, SYSTEM, DAVESHAVE, Protection, Malicious Website Protection, Stopped,
Protection, 16.04.2014 13:51:06, SYSTEM, DAVESHAVE, Protection, Refresh, Success,
Protection, 16.04.2014 13:51:06, SYSTEM, DAVESHAVE, Protection, Malicious Website Protection, Starting,
Protection, 16.04.2014 13:51:06, SYSTEM, DAVESHAVE, Protection, Malicious Website Protection, Started,
Update, 16.04.2014 13:51:10, SYSTEM, DAVESHAVE, Manual, Malware Database, 2014.4.10.7, 2014.4.16.5,
Protection, 16.04.2014 13:51:11, SYSTEM, DAVESHAVE, Protection, Refresh, Starting,
Protection, 16.04.2014 13:51:11, SYSTEM, DAVESHAVE, Protection, Malicious Website Protection, Stopping,
Protection, 16.04.2014 13:51:12, SYSTEM, DAVESHAVE, Protection, Malicious Website Protection, Stopped,
Protection, 16.04.2014 13:51:18, SYSTEM, DAVESHAVE, Protection, Refresh, Success,
Protection, 16.04.2014 13:51:18, SYSTEM, DAVESHAVE, Protection, Malicious Website Protection, Starting,
Protection, 16.04.2014 13:51:19, SYSTEM, DAVESHAVE, Protection, Malicious Website Protection, Started,
Protection, 16.04.2014 21:10:10, SYSTEM, DAVESHAVE, Protection, Malware Protection, Starting,
Protection, 16.04.2014 21:10:10, SYSTEM, DAVESHAVE, Protection, Malware Protection, Started,
Protection, 16.04.2014 21:10:10, SYSTEM, DAVESHAVE, Protection, Malicious Website Protection, Starting,
Protection, 16.04.2014 21:13:24, SYSTEM, DAVESHAVE, Protection, Malicious Website Protection, Started,

(end)

AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v3.023 - Bericht erstellt am 16/04/2014 um 21:17:41
# Aktualisiert 01/04/2014 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : David - DAVESHAVE
# Gestartet von : C:\Users\David_2\Downloads\adwcleaner.exe
# Option : Suchen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Datei Gefunden : C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\aivyvp0o.default\.autoreg
Datei Gefunden : C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\aivyvp0o.default\Extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
Datei Gefunden : C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\aivyvp0o.default\Extensions\freehdsport@freehdsport.tv.xpi
Datei Gefunden : C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\aivyvp0o.default\searchplugins\MyStart Search.xml
Datei Gefunden : C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\aivyvp0o.default\searchplugins\SweetIm.xml
Datei Gefunden : C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\aivyvp0o.default\user.js
Datei Gefunden : C:\Users\David\Desktop\Search The Web.url
Datei Gefunden : C:\Users\David\Desktop\sweetpcfix.url
Datei Gefunden : C:\Users\David_2\AppData\Roaming\Mozilla\Firefox\Profiles\sqijtagj.default\user.js
Ordner Gefunden : C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\aivyvp0o.default\Extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}
Ordner Gefunden : C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\aivyvp0o.default\Extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}
Ordner Gefunden : C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\aivyvp0o.default\Extensions\engine@conduit.com
Ordner Gefunden : C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\aivyvp0o.default\Extensions\ffxtlbr@incredibar.com
Ordner Gefunden C:\Program Files (x86)\FirstRowSportApp.com
Ordner Gefunden C:\ProgramData\boost_interprocess
Ordner Gefunden C:\ProgramData\Premium
Ordner Gefunden C:\ProgramData\Tarma Installer
Ordner Gefunden C:\Users\David\AppData\Local\PackageAware
Ordner Gefunden C:\Users\David\AppData\LocalLow\incredibar.com
Ordner Gefunden C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FirstRowSportApp.com
Ordner Gefunden C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\aivyvp0o.default\SweetPacksToolbarData
Ordner Gefunden C:\Users\David\AppData\Roaming\OpenCandy
Ordner Gefunden C:\Users\David_2\AppData\Local\Ilivid Player
Ordner Gefunden C:\Users\David_2\AppData\LocalLow\incredibar.com
Ordner Gefunden C:\Users\David_2\AppData\LocalLow\softonic-de3
Ordner Gefunden C:\Windows\SysWOW64\AI_RecycleBin

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gefunden : HKCU\Software\1ClickDownload
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\conduitEngine
Schlüssel Gefunden : HKCU\Software\IM
Schlüssel Gefunden : HKCU\Software\ImInstaller
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKCU\Software\YahooPartnerToolbar
Schlüssel Gefunden : [x64] HKCU\Software\1ClickDownload
Schlüssel Gefunden : [x64] HKCU\Software\IM
Schlüssel Gefunden : [x64] HKCU\Software\ImInstaller
Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Schlüssel Gefunden : [x64] HKCU\Software\Softonic
Schlüssel Gefunden : [x64] HKCU\Software\YahooPartnerToolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\bgnnidmnbdkmhfkjgdnngciimpdgohok
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Schlüssel Gefunden : HKLM\Software\Iminent
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\FirstRowSportApp_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\FirstRowSportApp_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\NEW_CORRECT_incredibar_install_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\NEW_CORRECT_incredibar_install_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_coreavc_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_coreavc_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_easy-video-downloader_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_easy-video-downloader_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasapi32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasmancs
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\sweetpacksupdatemanager_rasapi32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS
Schlüssel Gefunden : HKLM\Software\Web Assistant
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2F603A45-D956-496B-81B5-50D782424976}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B85C4CB2-B352-4BD8-818C-BCE353599107}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Web Assistant
Wert Gefunden : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{336D0C35-8A85-403A-B9D2-65C292C39087}]

***** [ Browser ] *****

-\\ Internet Explorer v0.0.0.0

Einstellung Gefunden : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://mystart.incredibar.com/mb165?a=6PQCyhpUlC&i=26

-\\ Mozilla Firefox v17.0 (de)

[ Datei : C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\aivyvp0o.default\prefs.js ]

Zeile gefunden : user_pref("browser.newtab.url", "hxxp://home.sweetim.com/?src=97&barid={D852E4BD-1ECE-11E2-B4D6-001C25321542}");
Zeile gefunden : user_pref("extensions.incredibar_i.aflt", "orgnl");
Zeile gefunden : user_pref("extensions.incredibar_i.dfltLng", "");
Zeile gefunden : user_pref("extensions.incredibar_i.did", "10665");
Zeile gefunden : user_pref("extensions.incredibar_i.excTlbr", false);
Zeile gefunden : user_pref("extensions.incredibar_i.id", "742db8f4000000000000001b2f32e49f");
Zeile gefunden : user_pref("extensions.incredibar_i.installerproductid", "26");
Zeile gefunden : user_pref("extensions.incredibar_i.instlDay", "15526");
Zeile gefunden : user_pref("extensions.incredibar_i.instlRef", "");
Zeile gefunden : user_pref("extensions.incredibar_i.ms_url_id", "");
Zeile gefunden : user_pref("extensions.incredibar_i.newTab", false);
Zeile gefunden : user_pref("extensions.incredibar_i.ppd", "");
Zeile gefunden : user_pref("extensions.incredibar_i.prdct", "incredibar");
Zeile gefunden : user_pref("extensions.incredibar_i.productid", "26");
Zeile gefunden : user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
Zeile gefunden : user_pref("extensions.incredibar_i.smplGrp", "none");
Zeile gefunden : user_pref("extensions.incredibar_i.tlbrId", "base");
Zeile gefunden : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6PQCyhpUlC&loc=IB_TB&i=26&search=");
Zeile gefunden : user_pref("extensions.incredibar_i.upn2", "6PQCyhpUlC");
Zeile gefunden : user_pref("extensions.incredibar_i.upn2n", "92543178436774820");
Zeile gefunden : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");
Zeile gefunden : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1417:00:14");
Zeile gefunden : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");
Zeile gefunden : user_pref("keyword.URL", "hxxp://search.sweetim.com/search.asp?barid={D852E4BD-1ECE-11E2-B4D6-001C25321542}&src=2&crg=3.1010000.10011&q=");
Zeile gefunden : user_pref("sweetim.toolbar.UserSelectedSaveSettings", "true");
Zeile gefunden : user_pref("sweetim.toolbar.Visibility.VisibilityGuardLastUnHide", "0");
Zeile gefunden : user_pref("sweetim.toolbar.Visibility.enable", "true");
Zeile gefunden : user_pref("sweetim.toolbar.Visibility.intervaldays", "7");
Zeile gefunden : user_pref("sweetim.toolbar.cargo", "3.1010000.10011");
Zeile gefunden : user_pref("sweetim.toolbar.cda.DisableOveride.enable", "true");
Zeile gefunden : user_pref("sweetim.toolbar.cda.HideOveride.enable", "true");
Zeile gefunden : user_pref("sweetim.toolbar.cda.RemoveOveride.enable", "true");
Zeile gefunden : user_pref("sweetim.toolbar.dialogs.0.enable", "true");
Zeile gefunden : user_pref("sweetim.toolbar.dialogs.0.handler", "chrome://sim_toolbar_package/content/optionsdialog-handler.js");
Zeile gefunden : user_pref("sweetim.toolbar.dialogs.0.height", "335");
Zeile gefunden : user_pref("sweetim.toolbar.dialogs.0.id", "id_options_dialog");
Zeile gefunden : user_pref("sweetim.toolbar.dialogs.0.title", "$string.config.label;");
Zeile gefunden : user_pref("sweetim.toolbar.dialogs.0.url", "hxxp://www.sweetim.com/simffbar/options_remote_ff.asp?lang=$locale_id;&toolbar_version=$ITEM_VERSION;&crg=$cargo;");
Zeile gefunden : user_pref("sweetim.toolbar.dialogs.0.width", "761");
Zeile gefunden : user_pref("sweetim.toolbar.dialogs.1.enable", "true");
Zeile gefunden : user_pref("sweetim.toolbar.dialogs.1.handler", "chrome://sim_toolbar_package/content/exampledialog-handler.js");
Zeile gefunden : user_pref("sweetim.toolbar.dialogs.1.height", "300");
Zeile gefunden : user_pref("sweetim.toolbar.dialogs.1.id", "id_example_dialog");
Zeile gefunden : user_pref("sweetim.toolbar.dialogs.1.title", "Example (unit-test) dialog");
Zeile gefunden : user_pref("sweetim.toolbar.dialogs.1.url", "chrome://sim_toolbar_package/content/exampledialog.html");
Zeile gefunden : user_pref("sweetim.toolbar.dialogs.1.width", "500");
Zeile gefunden : user_pref("sweetim.toolbar.dialogs.2.enable", "true");
Zeile gefunden : user_pref("sweetim.toolbar.dialogs.2.handler", "chrome://sim_toolbar_package/content/cdadialog-handler.js");
Zeile gefunden : user_pref("sweetim.toolbar.dialogs.2.height", "150");
Zeile gefunden : user_pref("sweetim.toolbar.dialogs.2.id", "id_dialog_hide_disable_remove");
Zeile gefunden : user_pref("sweetim.toolbar.dialogs.2.title", "Option Dialog");
Zeile gefunden : user_pref("sweetim.toolbar.dialogs.2.url", "hxxp://www.sweetim.com/simffbar/simcdadialog.asp");
Zeile gefunden : user_pref("sweetim.toolbar.dialogs.2.width", "530");
Zeile gefunden : user_pref("sweetim.toolbar.dnscatch.domain-blacklist", ".*.sweetim.com/.*|.*.facebook.com/.*|.*.google.com/.*|.*.google.co.in/.*|.*.google.com.br/.*|.*.google.es/.*|.*.youtube.com/.*|.*.yahoo.com/.*|.[...]
Zeile gefunden : user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");
Zeile gefunden : user_pref("sweetim.toolbar.keywordUrlGuard.enable", "false");
Zeile gefunden : user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");
Zeile gefunden : user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");
Zeile gefunden : user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");
Zeile gefunden : user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");
Zeile gefunden : user_pref("sweetim.toolbar.mode.debug", "false");
Zeile gefunden : user_pref("sweetim.toolbar.newtab.created", "true");
Zeile gefunden : user_pref("sweetim.toolbar.newtab.enable", "true");
Zeile gefunden : user_pref("sweetim.toolbar.previous.browser.newtab.url", "hxxp://mystart.incredibar.com/mb165?a=6PQCyhpUlC&loc=FF_NT");
Zeile gefunden : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "hxxp://mystart.incredibar.com/mb165?a=6PQCyhpUlC&i=26");
Zeile gefunden : user_pref("sweetim.toolbar.previous.keyword.URL", "");
Zeile gefunden : user_pref("sweetim.toolbar.rc.url", "hxxp://www.sweetim.com/simffbar/rc.html?toolbar_version=$ITEM_VERSION;&crg=$cargo;");
Zeile gefunden : user_pref("sweetim.toolbar.scripts.0.addcontextdiv", "true");
Zeile gefunden : user_pref("sweetim.toolbar.scripts.0.callback", "simVerification");
Zeile gefunden : user_pref("sweetim.toolbar.scripts.0.domain-blacklist", "");
Zeile gefunden : user_pref("sweetim.toolbar.scripts.0.domain-whitelist", "hxxp://(www.|apps.)?facebook\\.com.*");
Zeile gefunden : user_pref("sweetim.toolbar.scripts.0.elementid", "id_script_sim_fb");
Zeile gefunden : user_pref("sweetim.toolbar.scripts.0.enable", "false");
Zeile gefunden : user_pref("sweetim.toolbar.scripts.0.id", "id_script_fb");
Zeile gefunden : user_pref("sweetim.toolbar.scripts.0.url", "hxxp://sc.sweetim.com/apps/in/fb/infb.js");
Zeile gefunden : user_pref("sweetim.toolbar.scripts.1.addcontextdiv", "true");
Zeile gefunden : user_pref("sweetim.toolbar.scripts.1.callback", "simVerification");
Zeile gefunden : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Zeile gefunden : user_pref("sweetim.toolbar.scripts.1.domain-whitelist", "hxxps://(www.|apps.)?facebook\\.com.*");
Zeile gefunden : user_pref("sweetim.toolbar.scripts.1.elementid", "id_script_sim_fb");
Zeile gefunden : user_pref("sweetim.toolbar.scripts.1.enable", "false");
Zeile gefunden : user_pref("sweetim.toolbar.scripts.1.id", "id_script_fb_hxxpS");
Zeile gefunden : user_pref("sweetim.toolbar.scripts.1.url", "hxxps://sc.sweetim.com/apps/in/fb/infb.js");
Zeile gefunden : user_pref("sweetim.toolbar.scripts.2.addcontextdiv", "false");
Zeile gefunden : user_pref("sweetim.toolbar.scripts.2.callback", "");
Zeile gefunden : user_pref("sweetim.toolbar.scripts.2.domain-blacklist", ".*.google..*|.*.bing..*|.*.live..*|.*.msn..*|.*.yahoo..*|.*.youtube.com.*|.*ask.com.*|.*.sweetim.com.*");
Zeile gefunden : user_pref("sweetim.toolbar.scripts.2.domain-whitelist", "");
Zeile gefunden : user_pref("sweetim.toolbar.scripts.2.elementid", "id_predict_include_script");
Zeile gefunden : user_pref("sweetim.toolbar.scripts.2.enable", "false");
Zeile gefunden : user_pref("sweetim.toolbar.scripts.2.id", "id_script_prad");
Zeile gefunden : user_pref("sweetim.toolbar.scripts.2.url", "hxxp://cdn1.certified-apps.com/scripts/shared/enable.js?si=3104&tid=chff1");
Zeile gefunden : user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engine=\"hxxp://*google.*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"hxxp://search.yahoo.com/*\" param=\"[...]
Zeile gefunden : user_pref("sweetim.toolbar.search.history.capacity", "10");
Zeile gefunden : user_pref("sweetim.toolbar.searchguard.enable", "false");
Zeile gefunden : user_pref("sweetim.toolbar.searchguard.initialized_by_rc", "true");
Zeile gefunden : user_pref("sweetim.toolbar.simapp_id", "{D852E4BD-1ECE-11E2-B4D6-001C25321542}");
Zeile gefunden : user_pref("sweetim.toolbar.urls.homepage", "hxxp://home.sweetim.com/?crg=3.1010000.10011");
Zeile gefunden : user_pref("sweetim.toolbar.version", "1.7.0.3");

[ Datei : C:\Users\David_2\AppData\Roaming\Mozilla\Firefox\Profiles\sqijtagj.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [16601 octets] - [16/04/2014 21:17:41]

########## EOF - \AdwCleaner\AdwCleaner[R0].txt - [16662 octets] ##########
         
--- --- ---JRT Logfile:
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Professional x64
Ran by David on 16.04.2014 at 21:20:50,03
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-4199886456-4071215553-3698710090-1000\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\1clickdownload
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\im
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\iminstaller
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sweetim
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yahoopartnertoolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduitengine
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-4199886456-4071215553-3698710090-1000\Software\sweetim
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-4199886456-4071215553-3698710090-1000\Software\web assistant
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\iminent
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\web assistant
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\applications\ilividsetupv1.exe
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\firstrowsportapp_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\firstrowsportapp_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\ilividsetupv1_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\ilividsetupv1_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\incredibartoolbar_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\incredibartoolbar_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\new_correct_incredibar_install_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\new_correct_incredibar_install_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\setupdatamngr_searchqu_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\setupdatamngr_searchqu_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\sweetim_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\sweetim_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\sweetpacksupdatemanager_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\sweetpacksupdatemanager_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_fuer_coreavc_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_fuer_coreavc_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_fuer_easy-video-downloader_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_fuer_easy-video-downloader_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_coreavc_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_coreavc_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_easy-video-downloader_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_easy-video-downloader_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
Successfully deleted: [Folder] "C:\ProgramData\premium"
Successfully deleted: [Folder] "C:\ProgramData\tarma installer"
Successfully deleted: [Folder] "C:\Users\David\AppData\Roaming\opencandy"
Failed to delete: [Folder] "\software"
Successfully deleted: [Folder] "C:\Users\David\appdata\locallow\incredibar.com"
Successfully deleted: [Folder] "C:\Program Files (x86)\firstrowsportapp.com"
Successfully deleted: [Folder] "C:\Users\David\AppData\Roaming\microsoft\windows\start menu\programs\firstrowsportapp.com"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"



~~~ Chrome

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\bgnnidmnbdkmhfkjgdnngciimpdgohok
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 16.04.2014 at 21:35:58,47
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
--- --- ---

Alt 17.04.2014, 14:50   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Sicherheitssperre Ihres Postfachs - Standard

Sicherheitssperre Ihres Postfachs



Zitat:
so habe alles ausgeführt,allerdings hat JRT ALLE MEINE PROGRAMME GELÖSCHT!!!!!!!!!!!! was zum teufel soll das oO
alles was in meinem software ordner war ist weg!
Das halte ich jetzt mal für ein gerücht. Wenn Du dir das log anschaust von JRT steht da auch gar nix von drin.

Du hast mit AdwCleaner nur suchen lassen oder das falsche Log gepostet.

Öffne bitte mal FRST und setz nen Haken bei Addition, scannen lassen, beide Logs posten.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 17.04.2014, 15:57   #9
bl4cky
 
Sicherheitssperre Ihres Postfachs - Standard

Sicherheitssperre Ihres Postfachs



"Failed to delete: [Folder] "\software" " steht im jrt log und er konnte nicht den ganzen ordner löschen weil da noch was scheibgeschütztes drin war..der rest ist jedoch weg...oder zumindestens irgendwohin verschoben oder was auch immer.beim öfnen des ordners war nichts mehr da und jegliche programmverknüpfungen funktionierten nicht mehr

ja ich habe mit adwCleaner nur suchen lassen und nichts gelöscht da er mir KEINE funde angezeigt hat und es nichs zum löschen gab.


FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-04-2014
Ran by *****_2 (ATTENTION: The logged in user is not administrator) on DAVESHAVE on 17-04-2014 15:53:00
Running from C:\Users\*****_2\Downloads
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: Downloading Farbar Recovery Scan Tool 
Download link for 64-Bit Version: Downloading Farbar Recovery Scan Tool 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
(Microsoft Corporation) C:\Windows\system32\taskmgr.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Mozilla Corporation) C:\Software\Mozilla Firefox\firefox.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\klwtblfs.exe
(Mozilla Corporation) C:\Software\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AVP] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356128 2013-10-16] (Kaspersky Lab ZAO)
HKLM\...\RunOnce: [*WerKernelReporting] - %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq [415232 2009-07-14] (Microsoft Corporation)
HKLM\...\Runonce: [MSPCLOCK] - rundll32.exe streamci,StreamingDeviceSetup {97ebaacc-95bd-11d0-a3ea-00a0c9223196},{53172480-4791-11D0-A5D6-28DB04C10000},{53172480-4791-11D0-A5D6-28DB04C10000}
HKLM\...\Runonce: [MSPQM] - rundll32.exe streamci,StreamingDeviceSetup {DDF4358E-BB2C-11D0-A42F-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196}
HKLM\...\Runonce: [MSKSSRV] - rundll32.exe streamci,StreamingDeviceSetup {96E080C7-143C-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196}
HKLM\...\Runonce: [MSTEE.CxTransform] - rundll32.exe streamci,StreamingDeviceSetup {cfd669f1-9bc2-11d0-8299-0000f822fe8a},{CF1DDA2C-9743-11D0-A3EE-00A0C9223196},{CF1DDA2C-9743-11D0-A3EE-00A0C9223196},C:\Windows\inf\ksfilter.inf,MSTEE.Interface.Install
HKLM\...\Runonce: [MSTEE.Splitter] - rundll32.exe streamci,StreamingDeviceSetup {cfd669f1-9bc2-11d0-8299-0000f822fe8a},{0A4252A0-7E70-11D0-A5D6-28DB04C10000},{0A4252A0-7E70-11D0-A5D6-28DB04C10000},C:\Windows\inf\ksfilter.inf,MSTEE.Interface.Install
HKLM\...\Runonce: [WDM_DRMKAUD] - rundll32.exe streamci,StreamingDeviceSetup {EEC12DB6-AD9C-4168-8658-B03DAEF417FE},{ABD61E00-9350-47e2-A632-4438B90C6641},{FFBB6E3F-CCFE-4D84-90D9-421418B03A8E},C:\Windows\inf\WDMAUDIO.inf,WDM_DRMKAUD.Interface.Install
HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\Direct3DVideoOutput.dll] - "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\Direct3DVideoOutput.dll",DllRegisterServer [503808 2010-08-06] (DivX, Inc.)
HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DivXDeinterlaceFilter.dll] - "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DivXDeinterlaceFilter.dll",DllRegisterServer [31232 2010-08-06] (DivX, Inc.)
HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DivXPlaybackModule.dll] - "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DivXPlaybackModule.dll",DllRegisterServer [1966080 2010-08-18] (DivX, Inc.)
HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXBannerAdPlugin.dll] - "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXBannerAdPlugin.dll",DllRegisterServer [86016 2010-08-19] ()
HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXDownloadManagerPlugin.dll] - "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXDownloadManagerPlugin.dll",DllRegisterServer [63488 2010-08-19] ()
HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXMediaManagerPlugin.dll] - "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXMediaManagerPlugin.dll",DllRegisterServer [319488 2010-08-19] ()
HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXPlayerPlugin.dll] - "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXPlayerPlugin.dll",DllRegisterServer [1085440 2010-08-19] ()
HKU\S-1-5-21-4199886456-4071215553-3698710090-1003\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [3872080 2010-04-16] (Microsoft Corporation)
HKU\S-1-5-21-4199886456-4071215553-3698710090-1003\...\Run: [Steam] => "C:\Software\Steam\steam.exe" -silent
HKU\S-1-5-21-4199886456-4071215553-3698710090-1003\...\Run: [AnyDVD] => C:\Software\SlySoft\AnyDVD\AnyDVDtray.exe [6377120 2012-09-20] (SlySoft, Inc.)
HKU\S-1-5-21-4199886456-4071215553-3698710090-1003\...\Run: [Akamai NetSession Interface] => "C:\Users\*****_2\AppData\Local\Akamai\netsession_win.exe"
Startup: C:\Users\*****_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
ShortcutTarget: OpenOffice.org 3.2.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login.
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xEAB7F67A320DCD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO-x32: Kaspersky Passsword Manager Toolbar - {215BA832-75A3-426E-A4FC-7C5B58CE6A10} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\Kaspersky Password Manager\spIEBho.dll (Kaspersky Lab)
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKLM-x32 - Kaspersky Passsword Manager Toolbar - {215BA832-75A3-426E-A4FC-7C5B58CE6A10} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\Kaspersky Password Manager\spIEBho.dll (Kaspersky Lab)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\..\Interfaces\{46311A8E-493C-41C3-8C14-3C01BC5EFF93}: [NameServer]192.168.1.2

FireFox:
========
FF ProfilePath: C:\Users\*****_2\AppData\Roaming\Mozilla\Firefox\Profiles\sqijtagj.default
FF user.js: detected! => C:\Users\*****_2\AppData\Roaming\Mozilla\Firefox\Profiles\sqijtagj.default\user.js
FF Homepage: google.com
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_182.dll ()
FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_182.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @pages.tvunetworks.com/WebPlayer - C:\Windows\system32\TVUAx\npTVUAx.dll No File
FF Plugin-x32: @real.com/nppl3260;version=6.0.12.732 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=1.0.3.732 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=1.0.0.0 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.732 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
FF Extension: YouTube Unblocker - C:\Users\*****_2\AppData\Roaming\Mozilla\Firefox\Profiles\sqijtagj.default\Extensions\youtubeunblocker@unblocker.yt [2014-03-14]
FF Extension: DownloadHelper - C:\Users\*****_2\AppData\Roaming\Mozilla\Firefox\Profiles\sqijtagj.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-03-26]
FF Extension: AntiGameOrigin - C:\Users\*****_2\AppData\Roaming\Mozilla\Firefox\Profiles\sqijtagj.default\Extensions\antigameorigin@antigame.de.xpi [2014-01-23]
FF Extension: Show Quit Warning - C:\Users\*****_2\AppData\Roaming\Mozilla\Firefox\Profiles\sqijtagj.default\Extensions\gremek@connectpc.pl.xpi [2012-11-08]
FF HKLM\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - C:\Program Files\Web Assistant\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010-03-24]
FF HKLM-x32\...\Firefox\Extensions:  - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com [2013-05-27]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com [2013-05-27]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com
FF Extension: Content Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com [2013-05-27]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com [2013-05-27]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com [2013-05-27]
FF StartMenuInternet: FIREFOX.EXE - C:\Software\Mozilla Firefox\firefox.exe

Chrome: 
=======
CHR HomePage: 
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\pdf.dll ()
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\*****_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\plugin/npUrlAdvisor.dll No File
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\*****_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\plugin/npVKPlugin.dll No File
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\*****_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\plugin/npABPlugin.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.270.7) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U27) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Software\Mozilla Firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealJukebox NS Plugin) - C:\Software\Mozilla Firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - C:\Software\Mozilla Firefox\plugins\nprpjplug.dll (RealNetworks, Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (DivX Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (Uplay PC) - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll No File
CHR Plugin: (TVU Web Player for FireFox) - C:\Windows\system32\TVUAx\npTVUAx.dll No File
CHR Extension: (Google Drive) - C:\Users\*****_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-01-04]
CHR Extension: (YouTube) - C:\Users\*****_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-01-04]
CHR Extension: (Image Downloader) - C:\Users\*****_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnpniohnfphhjihaiiggeabnkjhpaldj [2013-01-04]
CHR Extension: (Google-Suche) - C:\Users\*****_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-01-04]
CHR Extension: (Modul zur Link-Untersuchung) - C:\Users\*****_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2013-01-04]
CHR Extension: (Cr!Box) - C:\Users\*****_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjodchcocbnbhfkjeapbdoflbiibnapp [2013-04-21]
CHR Extension: (Sicherer Zahlungsverkehr) - C:\Users\*****_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh [2013-05-29]
CHR Extension: (Content Blocker) - C:\Users\*****_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail [2013-10-28]
CHR Extension: (Virtual Keyboard) - C:\Users\*****_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh [2013-01-04]
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\*****_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2013-01-04]
CHR Extension: (FVD Downloader) - C:\Users\*****_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfmhcpmkbdkbgbmkjoiopeeegenkdikp [2013-01-04]
CHR Extension: (Google Wallet) - C:\Users\*****_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-02]
CHR Extension: (Google Mail) - C:\Users\*****_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-01-04]
CHR Extension: (Anti-Banner) - C:\Users\*****_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2013-01-04]
CHR HKLM\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\Web Assistant\source.crx [2013-01-04]
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\urladvisor.crx [2012-12-28]
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\online_banking_chrome.crx [2012-12-28]
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\content_blocker_chrome.crx [2012-12-28]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\virtkbd.crx [2012-12-28]
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2010-03-24]
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\ab.crx [2012-12-28]

==================== Services (Whitelisted) =================

R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356128 2013-10-16] (Kaspersky Lab ZAO)
S4 Brother XP spl Service; C:\Windows\SysWOW64\brsvc01a.exe [57344 2004-06-14] (brother Industries Ltd)
S4 CLKMSVC10_9EC60124; C:\Program Files (x86)\Cyberlink\PowerDVD9\NavFilter\kmsvc.exe [240112 2010-11-23] (CyberLink)
R2 CSObjectsSrv; C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [819040 2012-12-21] (Infowatch)
R2 ioloSystemService; C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [722616 2011-08-25] (iolo technologies, LLC)
R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
S4 NETGEARGenieDaemon; C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [231752 2012-09-25] (NETGEAR)
R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [66872 2011-08-17] ()
S4 RichVideo; C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe [244904 2010-03-02] ()
S4 Sony Ericsson PCCompanion; C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [155344 2011-06-29] (Avanquest Software)

==================== Drivers (Whitelisted) ====================

R1 46094261; C:\Windows\System32\DRIVERS\46094261.sys [157712 2009-09-25] (Kaspersky Lab)
R0 46094262; C:\Windows\System32\DRIVERS\46094262.sys [40464 2009-10-22] (Kaspersky Lab)
R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [138400 2012-08-26] (SlySoft, Inc.)
R3 AnyDVD; C:\Windows\SysWOW64\Drivers\AnyDVD.sys [138400 2012-08-26] (SlySoft, Inc.)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2012-04-27] ()
R1 CLBStor; C:\Windows\System32\DRIVERS\CLBStor.sys [24560 2009-10-07] (Cyberlink Co.,Ltd.)
R2 CLBUDF; C:\Windows\System32\Drivers\CLBUDF.sys [376304 2009-10-07] (CyberLink Corporation.)
R0 CSCrySec; C:\Windows\System32\DRIVERS\CSCrySec.sys [84536 2011-06-02] (Infowatch)
R1 CSVirtualDiskDrv; C:\Windows\System32\DRIVERS\CSVirtualDiskDrv.sys [66616 2011-06-02] (Infowatch)
R3 ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [40648 2007-02-16] (SlySoft, Inc.)
R3 ElbyCDFL; C:\Windows\SysWOW64\Drivers\ElbyCDFL.sys [40648 2007-02-16] (SlySoft, Inc.)
R1 ElRawDisk; C:\Windows\system32\drivers\ElRawDsk.sys [23464 2008-12-09] (EldoS Corporation)
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-04-02] (Kaspersky Lab ZAO)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [90208 2013-10-16] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [626272 2013-10-16] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2014-04-02] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2013-10-16] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-16] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-07-15] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178448 2013-07-15] (Kaspersky Lab ZAO)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2012-04-27] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-04-16] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation)
R3 NetgearUDSMBus; C:\Windows\SysWow64\Drivers\NetgearUDSMBus.sys [105608 2012-05-17] (Windows (R) Codename Longhorn DDK provider)
S3 NetgearUDSTcpBus; C:\Windows\SysWow64\Drivers\NetgearUDSTcpBus.sys [181896 2012-05-17] (Windows (R) Codename Longhorn DDK provider)
S3 s1018bus; C:\Windows\System32\DRIVERS\s1018bus.sys [113704 2009-03-25] (MCCI Corporation)
S3 s1018mgmt; C:\Windows\System32\DRIVERS\s1018mgmt.sys [133160 2009-03-25] (MCCI Corporation)
S3 s1018nd5; C:\Windows\System32\DRIVERS\s1018nd5.sys [34856 2009-03-25] (MCCI Corporation)
S3 s1018unic; C:\Windows\System32\DRIVERS\s1018unic.sys [146472 2009-03-25] (MCCI Corporation)
R3 seehcri; C:\Windows\System32\DRIVERS\seehcri.sys [34032 2011-09-03] (Sony Ericsson Mobile Communications)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R0 snapman380; C:\Windows\System32\DRIVERS\snman380.sys [237600 2010-10-20] (Acronis)
R0 tdrpman174; C:\Windows\System32\DRIVERS\tdrpm174.sys [1581088 2010-10-20] (Acronis)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-17 15:52 - 2014-04-17 15:52 - 00000000 ____D () C:\Users\*****_2\Downloads\FRST-OlderVersion
2014-04-16 23:32 - 2014-04-16 23:32 - 00000000 ____D () C:\Users\*****\.smplayer
2014-04-16 21:48 - 2014-04-16 21:48 - 00229376 _____ () C:\Users\*****_2\Downloads\bungssammlung_Fsse_deutsch.pdf.part
2014-04-16 21:36 - 2014-04-16 21:36 - 00007414 _____ () C:\Users\*****_2\Desktop\JRT.txt
2014-04-16 21:35 - 2014-04-16 21:35 - 00007414 _____ () C:\Users\*****\Desktop\JRT.txt
2014-04-16 21:20 - 2014-04-16 21:20 - 00000000 ____D () C:\Windows\ERUNT
2014-04-16 21:19 - 2014-04-16 21:19 - 00016789 _____ () C:\Users\*****\Desktop\AdwCleaner[R0].txt
2014-04-16 21:17 - 2014-04-16 21:19 - 00000000 ____D () C:\AdwCleaner
2014-04-16 21:17 - 2014-04-16 21:18 - 00016789 _____ () C:\Users\*****_2\Desktop\AdwCleaner[R0].txt
2014-04-16 21:15 - 2014-04-16 21:15 - 00003145 _____ () C:\Users\*****_2\Desktop\mbam.txt
2014-04-16 13:50 - 2014-04-16 13:50 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-16 13:48 - 2014-04-16 13:48 - 00001110 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-04-16 13:48 - 2014-04-16 13:48 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-04-16 13:48 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-16 13:48 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-16 13:48 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-16 13:47 - 2014-04-16 13:47 - 01070840 _____ (Solid State Networks) C:\Users\*****_2\Downloads\install_flashplayer13x32au_mssa_aaa_aih.exe
2014-04-15 15:34 - 2014-04-15 15:35 - 01016261 _____ (Thisisu) C:\Users\*****_2\Downloads\JRT.exe
2014-04-15 15:34 - 2014-04-15 15:34 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\*****_2\Downloads\mbam-setup-2.0.1.1004.exe
2014-04-15 15:34 - 2014-04-15 15:34 - 01426178 _____ () C:\Users\*****_2\Downloads\adwcleaner.exe
2014-04-14 15:32 - 2014-04-14 15:32 - 00002255 _____ () C:\Users\*****\Desktop\Google Chrome.lnk
2014-04-14 15:31 - 2014-04-14 15:31 - 00020055 _____ () C:\ComboFix.txt
2014-04-13 23:44 - 2014-04-14 15:32 - 00000000 ____D () C:\Qoobox
2014-04-13 23:42 - 2014-04-13 23:42 - 05194807 ____R (Swearware) C:\Users\*****_2\Downloads\ComboFix.exe
2014-04-11 15:21 - 2014-03-08 06:54 - 17848832 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-11 15:21 - 2014-03-08 06:06 - 10926592 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-11 15:21 - 2014-03-08 05:49 - 02334720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-11 15:21 - 2014-03-08 05:41 - 01347072 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-11 15:21 - 2014-03-08 05:40 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-11 15:21 - 2014-03-08 05:39 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-11 15:21 - 2014-03-08 05:38 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-04-11 15:21 - 2014-03-08 05:37 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-11 15:21 - 2014-03-08 05:34 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-04-11 15:21 - 2014-03-08 05:34 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-11 15:21 - 2014-03-08 05:33 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-11 15:21 - 2014-03-08 05:32 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-11 15:21 - 2014-03-08 05:32 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-11 15:21 - 2014-03-08 05:30 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-04-11 15:21 - 2014-03-08 05:29 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-11 15:21 - 2014-03-08 05:24 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-11 15:21 - 2014-03-08 01:51 - 12347904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-11 15:21 - 2014-03-08 01:20 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-11 15:21 - 2014-03-08 01:12 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-11 15:21 - 2014-03-08 01:03 - 01105408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-11 15:21 - 2014-03-08 01:02 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-04-11 15:21 - 2014-03-08 01:02 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-11 15:21 - 2014-03-08 01:00 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-04-11 15:21 - 2014-03-08 00:59 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-11 15:21 - 2014-03-08 00:57 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-04-11 15:21 - 2014-03-08 00:57 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-04-11 15:21 - 2014-03-08 00:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-04-11 15:21 - 2014-03-08 00:54 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-11 15:21 - 2014-03-08 00:53 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-11 15:21 - 2014-03-08 00:52 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-11 15:21 - 2014-03-08 00:52 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-04-11 15:21 - 2014-03-08 00:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-04-11 15:19 - 2014-02-04 04:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-11 15:19 - 2014-02-04 04:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-11 15:19 - 2014-02-04 04:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-11 15:19 - 2014-02-04 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-11 15:19 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-04-11 15:19 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-11 15:18 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-11 15:18 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-11 15:18 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-11 15:18 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-11 15:18 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-11 15:18 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-11 15:18 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-11 15:18 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-11 15:18 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-11 15:18 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-11 15:18 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-10 22:23 - 2014-04-10 22:23 - 01678496 _____ (Skype Technologies S.A.) C:\Users\*****_2\Downloads\SkypeSetup.exe
2014-04-10 15:54 - 2014-04-10 15:56 - 00046212 _____ () C:\Users\*****_2\Downloads\Addition.txt
2014-04-10 15:52 - 2014-04-17 15:53 - 00028528 _____ () C:\Users\*****_2\Downloads\FRST.txt
2014-04-10 15:52 - 2014-04-17 15:53 - 00000000 ____D () C:\FRST
2014-04-10 15:51 - 2014-04-17 15:52 - 02158592 _____ (Farbar) C:\Users\*****_2\Downloads\FRST64.exe
2014-04-02 02:02 - 2014-04-02 02:02 - 00000000 ____D () C:\Users\*****_2\AppData\Local\Skype
2014-04-02 02:01 - 2014-04-02 02:01 - 00002699 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-04-02 02:01 - 2014-04-02 02:01 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-04-01 16:39 - 2014-04-01 16:39 - 13835269 _____ () C:\Users\*****_2\Desktop\Elizabeth Mitchell - You Are My Sunshine.mp4
2014-03-31 20:39 - 2014-03-31 20:40 - 00000000 ____D () C:\Users\*****_2\Desktop\kusnt2
2014-03-31 01:08 - 2014-03-31 01:09 - 10505239 _____ () C:\Users\*****_2\Desktop\Bobby _Blue_ Bland - Ain_t No Love In The Heart Of The City.flv
2014-03-28 14:35 - 2014-04-05 14:47 - 01597772 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-03-26 01:29 - 2014-01-29 04:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-26 01:29 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-26 01:29 - 2014-01-01 01:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-03-26 01:29 - 2014-01-01 01:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-03-26 01:28 - 2014-02-07 03:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-26 01:28 - 2014-02-04 04:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-26 01:28 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-26 01:28 - 2014-01-28 04:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-26 01:28 - 2014-01-09 04:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-03-26 01:28 - 2014-01-04 00:44 - 06574592 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-03-26 01:28 - 2013-12-25 01:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-03-26 01:28 - 2013-12-25 00:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-03-26 01:28 - 2013-12-06 04:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-03-26 01:28 - 2013-12-06 04:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-03-26 01:28 - 2013-12-06 04:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-03-26 01:28 - 2013-12-06 04:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-03-26 01:28 - 2013-12-04 04:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-03-26 01:28 - 2013-12-04 04:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-03-26 01:28 - 2013-12-04 04:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-03-26 01:28 - 2013-12-04 04:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-03-26 01:28 - 2013-12-04 04:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-03-26 01:28 - 2013-12-04 04:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-03-26 01:28 - 2013-12-04 04:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-03-26 01:28 - 2013-12-04 04:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-03-26 01:28 - 2013-12-04 04:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-03-26 01:28 - 2013-12-04 04:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-03-26 01:28 - 2013-12-04 04:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-03-26 01:28 - 2013-12-04 04:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-03-26 01:28 - 2013-12-04 04:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-03-26 01:28 - 2013-12-04 04:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-03-26 01:28 - 2013-12-04 03:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-03-26 01:28 - 2013-12-04 03:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-03-26 01:28 - 2013-12-04 03:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-03-26 01:28 - 2013-12-04 03:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-03-26 01:28 - 2013-11-26 10:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-03-26 01:28 - 2013-11-23 00:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-03-26 01:25 - 2014-02-04 04:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-26 01:25 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll

==================== One Month Modified Files and Folders =======

2014-04-17 15:53 - 2014-04-10 15:52 - 00028528 _____ () C:\Users\*****_2\Downloads\FRST.txt
2014-04-17 15:53 - 2014-04-10 15:52 - 00000000 ____D () C:\FRST
2014-04-17 15:52 - 2014-04-17 15:52 - 00000000 ____D () C:\Users\*****_2\Downloads\FRST-OlderVersion
2014-04-17 15:52 - 2014-04-10 15:51 - 02158592 _____ (Farbar) C:\Users\*****_2\Downloads\FRST64.exe
2014-04-17 15:39 - 2010-03-20 14:41 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-04-17 15:26 - 2013-01-04 17:45 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-17 13:23 - 2009-07-14 06:45 - 00015184 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-17 13:23 - 2009-07-14 06:45 - 00015184 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-17 13:19 - 2013-11-25 22:45 - 01883529 _____ () C:\Windows\WindowsUpdate.log
2014-04-17 00:43 - 2013-09-23 02:03 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-04-17 00:43 - 2013-08-24 00:34 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-17 00:43 - 2010-04-24 16:13 - 00000000 ____D () C:\Users\*****\AppData\Local\Adobe
2014-04-16 23:38 - 2010-03-17 21:40 - 00000000 ____D () C:\Users\*****
2014-04-16 23:32 - 2014-04-16 23:32 - 00000000 ____D () C:\Users\*****\.smplayer
2014-04-16 23:26 - 2013-01-04 17:45 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-16 22:46 - 2009-03-28 12:04 - 00000000 ____D () C:\Software
2014-04-16 21:48 - 2014-04-16 21:48 - 00229376 _____ () C:\Users\*****_2\Downloads\bungssammlung_Fsse_deutsch.pdf.part
2014-04-16 21:37 - 2013-03-16 16:02 - 00000000 ____D () C:\Users\*****_2\Desktop\chemie
2014-04-16 21:36 - 2014-04-16 21:36 - 00007414 _____ () C:\Users\*****_2\Desktop\JRT.txt
2014-04-16 21:36 - 2010-03-31 19:50 - 00000000 ____D () C:\Users\*****_2\Tracing
2014-04-16 21:35 - 2014-04-16 21:35 - 00007414 _____ () C:\Users\*****\Desktop\JRT.txt
2014-04-16 21:20 - 2014-04-16 21:20 - 00000000 ____D () C:\Windows\ERUNT
2014-04-16 21:19 - 2014-04-16 21:19 - 00016789 _____ () C:\Users\*****\Desktop\AdwCleaner[R0].txt
2014-04-16 21:19 - 2014-04-16 21:17 - 00000000 ____D () C:\AdwCleaner
2014-04-16 21:18 - 2014-04-16 21:17 - 00016789 _____ () C:\Users\*****_2\Desktop\AdwCleaner[R0].txt
2014-04-16 21:15 - 2014-04-16 21:15 - 00003145 _____ () C:\Users\*****_2\Desktop\mbam.txt
2014-04-16 21:10 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-16 21:09 - 2013-11-25 22:43 - 00009016 _____ () C:\Windows\setupact.log
2014-04-16 13:50 - 2014-04-16 13:50 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-16 13:48 - 2014-04-16 13:48 - 00001110 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-04-16 13:48 - 2014-04-16 13:48 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-04-16 13:48 - 2012-07-04 17:11 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-16 13:47 - 2014-04-16 13:47 - 01070840 _____ (Solid State Networks) C:\Users\*****_2\Downloads\install_flashplayer13x32au_mssa_aaa_aih.exe
2014-04-15 15:35 - 2014-04-15 15:34 - 01016261 _____ (Thisisu) C:\Users\*****_2\Downloads\JRT.exe
2014-04-15 15:34 - 2014-04-15 15:34 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\*****_2\Downloads\mbam-setup-2.0.1.1004.exe
2014-04-15 15:34 - 2014-04-15 15:34 - 01426178 _____ () C:\Users\*****_2\Downloads\adwcleaner.exe
2014-04-15 14:56 - 2012-05-23 16:17 - 00129328 _____ () C:\Windows\PFRO.log
2014-04-14 16:26 - 2010-05-03 17:46 - 00000000 ____D () C:\Users\*****_2\AppData\Roaming\Skype
2014-04-14 15:44 - 2010-03-17 23:21 - 00000000 ____D () C:\Users\*****\AppData\Local\Mozilla
2014-04-14 15:32 - 2014-04-14 15:32 - 00002255 _____ () C:\Users\*****\Desktop\Google Chrome.lnk
2014-04-14 15:32 - 2014-04-13 23:44 - 00000000 ____D () C:\Qoobox
2014-04-14 15:32 - 2010-03-26 20:36 - 00000000 ___RD () C:\Users\*****\Virtual Machines
2014-04-14 15:32 - 2010-03-17 21:40 - 00000000 ___RD () C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-14 15:32 - 2010-03-17 21:40 - 00000000 ___RD () C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-04-14 15:32 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-04-14 15:31 - 2014-04-14 15:31 - 00020055 _____ () C:\ComboFix.txt
2014-04-14 15:27 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-04-14 15:15 - 2013-11-12 18:49 - 00000000 ____D () C:\Users\*****_2\Downloads\Isthor-721
2014-04-13 23:57 - 2012-04-07 18:05 - 00000000 ____D () C:\Windows\ERDNT
2014-04-13 23:42 - 2014-04-13 23:42 - 05194807 ____R (Swearware) C:\Users\*****_2\Downloads\ComboFix.exe
2014-04-13 15:50 - 2009-07-14 19:58 - 00701326 _____ () C:\Windows\system32\perfh007.dat
2014-04-13 15:50 - 2009-07-14 19:58 - 00150226 _____ () C:\Windows\system32\perfc007.dat
2014-04-13 15:50 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-12 15:03 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-04-11 15:30 - 2010-04-20 23:00 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-11 15:28 - 2013-07-18 18:36 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-11 15:24 - 2010-03-20 14:19 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-10 22:25 - 2010-05-03 17:46 - 00000000 ____D () C:\ProgramData\Skype
2014-04-10 22:23 - 2014-04-10 22:23 - 01678496 _____ (Skype Technologies S.A.) C:\Users\*****_2\Downloads\SkypeSetup.exe
2014-04-10 15:56 - 2014-04-10 15:54 - 00046212 _____ () C:\Users\*****_2\Downloads\Addition.txt
2014-04-05 14:47 - 2014-03-28 14:35 - 01597772 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-04-03 09:51 - 2014-04-16 13:48 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-16 13:48 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-04-16 13:48 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-02 13:11 - 2012-08-02 15:09 - 00029792 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klim6.sys
2014-04-02 13:11 - 2012-06-19 17:28 - 00458336 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kl1.sys
2014-04-02 02:02 - 2014-04-02 02:02 - 00000000 ____D () C:\Users\*****_2\AppData\Local\Skype
2014-04-02 02:01 - 2014-04-02 02:01 - 00002699 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-04-02 02:01 - 2014-04-02 02:01 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-04-01 16:39 - 2014-04-01 16:39 - 13835269 _____ () C:\Users\*****_2\Desktop\Elizabeth Mitchell - You Are My Sunshine.mp4
2014-03-31 20:40 - 2014-03-31 20:39 - 00000000 ____D () C:\Users\*****_2\Desktop\kusnt2
2014-03-31 09:35 - 2010-03-19 20:49 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-03-31 01:09 - 2014-03-31 01:08 - 10505239 _____ () C:\Users\*****_2\Desktop\Bobby _Blue_ Bland - Ain_t No Love In The Heart Of The City.flv
2014-03-26 02:02 - 2009-07-14 06:45 - 05015448 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-26 02:01 - 2013-03-14 00:19 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-26 02:01 - 2013-03-14 00:19 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-25 00:40 - 2014-02-25 18:19 - 00000000 ____D () C:\Users\*****_2\Desktop\Neuer Ordner (2)
2014-03-20 18:50 - 2014-03-06 18:53 - 00000000 ____D () C:\Users\*****_2\AppData\Local\dxhr

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---

FRST Additions Logfile:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-04-2014
Ran by ******_2 at 2014-04-17 15:54:36
Running from C:\Users\******_2\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Kaspersky PURE 3.0 (Enabled - Up to date) {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
AS: Kaspersky PURE 3.0 (Enabled - Up to date) {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky PURE 3.0 (Enabled) {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}

==================== Installed Programs ======================

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.0.3.13070 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 2.0.3.13070 - Adobe Systems Inc.) Hidden
Adobe Anchor Service CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Anchor Service x64 CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Bridge CS4 (x32 Version: 3 - Adobe Systems Incorporated) Hidden
Adobe CMaps CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe CMaps x64 CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color - Photoshop Specific CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color EU Recommended Settings CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color JA Extra Settings CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color NA Extra Settings CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color Video Profiles CS CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Community Help (x32 Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe CSI CS4 (x32 Version: 1 - Adobe Systems Incorporated) Hidden
Adobe CSI CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Default Language CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Drive CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe ExtendScript Toolkit CS4 (x32 Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.182 - Adobe Systems Incorporated)
Adobe Fonts All (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Fonts All x64 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Linguistics CS4 (x32 Version: 4.0.0 - Adobe Systems Incorporated) Hidden
Adobe Linguistics CS4 x64 (Version: 4.0.0 - Adobe Systems Incorporated) Hidden
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Media Player (x32 Version: 1.8 - Adobe Systems Incorporated) Hidden
Adobe Output Module (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe PDF Library Files CS4 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe PDF Library Files x64 CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS4 (64 Bit) (Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS4 (HKLM-x32\...\Adobe_faf656ef605427ee2f42989c3ad31b8) (Version: 11.0 - Adobe Systems Incorporated)
Adobe Photoshop CS4 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS4 Support (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Reader 9.5.4 - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-A95000000001}) (Version: 9.5.4 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Adobe Search for Help (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Service Manager Extension (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Setup (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Type Support CS4 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Type Support x64 CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Update Manager CS4 (x32 Version: 6.0.0 - Adobe Systems Incorporated) Hidden
Adobe WinSoft Linguistics Plugin (x32 Version: 1.1 - Adobe Systems Incorporated) Hidden
Adobe WinSoft Linguistics Plugin x64 (Version: 1.1 - Adobe Systems Incorporated) Hidden
Adobe XMP Panels CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
AdobeColorCommonSetCMYK (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
AdobeColorCommonSetRGB (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
AMD Drag and Drop Transcoding (Version: 2.00.0000 - ATI Technologies Inc.) Hidden
AnyDVD (HKLM-x32\...\AnyDVD) (Version: 7.0.9.0 - SlySoft)
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Application Profiles (HKLM-x32\...\{BBB7F293-12A9-821C-9409-013CD8E824EC}) (Version: 2.0.3904.33816 - Ihr Firmenname)
Assassin's Creed II (HKLM-x32\...\{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}) (Version: 1.01 - Ubisoft)
ATI AVIVO64 Codecs (Version: 11.6.0.50825 - ATI Technologies Inc.) Hidden
ATI Catalyst Install Manager (HKLM\...\{70DFF8B2-44A3-2C2C-FB21-783E8291265F}) (Version: 3.0.790.0 - ATI Technologies, Inc.)
Auslogics Disk Defrag (HKLM-x32\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: version 3.4 - Auslogics Software Pty Ltd)
Battlefield 2(TM) (HKLM-x32\...\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}) (Version:  - )
Beyond Compare Version 2.5.2 (HKLM-x32\...\BC2_is1) (Version:  - Scooter Software)
BlackArmor Backup (HKLM-x32\...\{9DF6EC22-733E-4EDC-AC88-54CAD4BF4E7B}) (Version: 12.1.9799 - Seagate)
BlackArmor Discovery (HKLM-x32\...\InstallShield_{B52480BF-CCED-4DD4-8DC2-28BB750D703E}) (Version: 1.20.0931.004 - Seagate)
BlackArmor Discovery (x32 Version: 1.20.0931.004 - Seagate) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Call of Duty(R) - World at War(TM) 1.1 Patch (x32 Version:  - ) Hidden
Call of Duty(R) - World at War(TM) 1.1 Patch (x32 Version: 1.1 - Activision) Hidden
Call of Duty(R) - World at War(TM) 1.2 Patch (x32 Version:  - ) Hidden
Call of Duty(R) - World at War(TM) 1.2 Patch (x32 Version: 1.2 - Activision) Hidden
Call of Duty(R) - World at War(TM) 1.3 Patch (x32 Version:  - ) Hidden
Call of Duty(R) - World at War(TM) 1.3 Patch (x32 Version: 1.3 - Activision) Hidden
Call of Duty(R) - World at War(TM) 1.4 Patch (x32 Version:  - ) Hidden
Call of Duty(R) - World at War(TM) 1.4 Patch (x32 Version: 1.4 - Activision) Hidden
Call of Duty(R) - World at War(TM) 1.5 Patch (x32 Version:  - ) Hidden
Call of Duty(R) - World at War(TM) 1.5 Patch (x32 Version: 1.5 - Activision) Hidden
Call of Duty: Modern Warfare 2 - Multiplayer (HKLM-x32\...\Steam App 10190) (Version:  - Infinity Ward)
Call of Duty: Modern Warfare 2 (HKLM-x32\...\Steam App 10180) (Version:  - Infinity Ward)
Call of Duty: Modern Warfare 3 - Multiplayer (HKLM-x32\...\Steam App 42690) (Version:  - Infinity Ward - Sledgehammer Games)
Call of Duty: Modern Warfare 3 (HKLM-x32\...\Steam App 42680) (Version:  - Infinity Ward - Sledgehammer Games)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2010.0825.2146.37182 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0825.2146.37182 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2010.0825.2146.37182 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2010.0825.2146.37182 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2010.0825.2145.37182 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2010.0825.2145.37182 - ATI) Hidden
CCC Help Czech (x32 Version: 2010.0825.2145.37182 - ATI) Hidden
CCC Help Danish (x32 Version: 2010.0825.2145.37182 - ATI) Hidden
CCC Help Dutch (x32 Version: 2010.0825.2145.37182 - ATI) Hidden
CCC Help English (x32 Version: 2010.0825.2145.37182 - ATI) Hidden
CCC Help Finnish (x32 Version: 2010.0825.2145.37182 - ATI) Hidden
CCC Help French (x32 Version: 2010.0825.2145.37182 - ATI) Hidden
CCC Help German (x32 Version: 2010.0825.2145.37182 - ATI) Hidden
CCC Help Greek (x32 Version: 2010.0825.2145.37182 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2010.0825.2145.37182 - ATI) Hidden
CCC Help Italian (x32 Version: 2010.0825.2145.37182 - ATI) Hidden
CCC Help Japanese (x32 Version: 2010.0825.2145.37182 - ATI) Hidden
CCC Help Korean (x32 Version: 2010.0825.2145.37182 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2010.0825.2145.37182 - ATI) Hidden
CCC Help Polish (x32 Version: 2010.0825.2145.37182 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2010.0825.2145.37182 - ATI) Hidden
CCC Help Russian (x32 Version: 2010.0825.2145.37182 - ATI) Hidden
CCC Help Spanish (x32 Version: 2010.0825.2145.37182 - ATI) Hidden
CCC Help Swedish (x32 Version: 2010.0825.2145.37182 - ATI) Hidden
CCC Help Thai (x32 Version: 2010.0825.2145.37182 - ATI) Hidden
CCC Help Turkish (x32 Version: 2010.0825.2145.37182 - ATI) Hidden
ccc-core-static (x32 Version: 2010.0825.2146.37182 - Ihr Firmenname) Hidden
ccc-utility64 (Version: 2010.0825.2146.37182 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.01 - Piriform)
CloneCD (HKLM-x32\...\CloneCD) (Version:  - SlySoft)
CloneDVD2 (HKLM-x32\...\CloneDVD2) (Version: 2.9.3.0 - Elaborate Bytes)
Connect (x32 Version: 1.0.0.1 - Adobe Systems Incorporated) Hidden
CoreAVC Pro 1.8.5.0 (HKLM-x32\...\coreavc_is1) (Version: 1.8.5.0 - )
CyberLink BD_3D Advisor 2.0 (HKLM-x32\...\{2D2D8FE2-605C-4D3C-B706-36E981E7EEF0}) (Version:  - )
CyberLink InstantBurn (HKLM-x32\...\{19C64880-BBCA-11D4-9EEE-0004ACDDDB3B}) (Version: 5.0.6210 - CyberLink Corp.)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3418 - CyberLink Corp.)
CyberLink LabelPrint (x32 Version: 2.5.3418 - CyberLink Corp.) Hidden
CyberLink PowerBackup (HKLM-x32\...\{ADD5DB49-72CF-11D8-9D75-000129760D75}) (Version: 2.5.6023 - CyberLink Corp.)
CyberLink PowerDVD 9 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.3530.52 - CyberLink Corp.)
CyberLink PowerDVD 9 (x32 Version: 9.0.3530.52 - CyberLink Corp.) Hidden
CyberLink PowerProducer (HKLM-x32\...\InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 5.0.2.2429 - CyberLink Corp.)
CyberLink PowerProducer (x32 Version: 5.0.2.2429 - CyberLink Corp.) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{AC53C6A4-1CC4-48A5-91F3-565BB7978B22}) (Version:  - Microsoft)
DivX-Setup (HKLM-x32\...\DivX Setup.divx.com) (Version: 2.0.4.2 - DivX, Inc. )
Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
EE-ZDE (HKLM-x32\...\{B49C924C-A651-4378-94F6-5D9BF44A959F}) (Version:  - )
Empire Earth (HKLM-x32\...\{2447500B-22D7-47BD-9B13-1A927F43A267}) (Version:  - )
Far Cry 2 (HKLM-x32\...\{F2835483-37F2-4123-B4FE-0E77D58447F2}) (Version: 1.00.00 - Ubisoft)
FIFA 12 (HKLM-x32\...\{EA8ADAA9-6671-4839-A51E-0C6792B78F3E}) (Version: 1.0.0.0 - Electronic Arts)
FL Studio 9 (HKLM-x32\...\FL Studio 9) (Version:  - Image-Line)
Free FLV Converter V 7.6.1 (HKLM-x32\...\Free FLV Converter_is1) (Version: 7.6.1.0 - Koyote Lab Inc.)
FUSSBALL MANAGER 10 (HKLM-x32\...\FUSSBALL MANAGER 10) (Version: 2.0.0.7 - Electronic Arts)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.116 - Google Inc.)
Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
Gothic II (HKLM-x32\...\Gothic II) (Version:  - JoWooD Productions Software AG)
Hardcore (HKLM-x32\...\Hardcore) (Version:  - Image-Line)
Hitman: Absolution (HKLM-x32\...\Steam App 203140) (Version:  - IO Interactive)
HydraVision (x32 Version: 4.2.180.0 - ATI Technologies Inc.) Hidden
IL Download Manager (HKLM-x32\...\IL Download Manager) (Version:  - Image-Line)
iolo technologies' System Mechanic (HKLM-x32\...\{55FD1D5A-7AEF-4DA3-8FAF-A71B2A52FFC7}_is1) (Version: 10.5.4 - iolo technologies, LLC)
iTunes (HKLM\...\{76FF0F03-B707-4332-B5D1-A56C8303514E}) (Version: 11.0.4.4 - Apple Inc.)
Java 7 Update 21 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417021FF}) (Version: 7.0.210 - Oracle)
Java 7 Update 21 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217021FF}) (Version: 7.0.210 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.5 - Sun Microsystems, Inc.) Hidden
Java-Editor 9.14h (HKLM-x32\...\{65FBA21B-7F80-4E4E-B275-0958D2648F94}_is1) (Version:  - Gerhard Röhner)
Kaspersky PURE 3.0 (HKLM-x32\...\InstallWIX_{D0702EE9-9DE4-419A-9C6C-4730B1C985BA}) (Version: 13.0.2.558 - Kaspersky Lab)
Kaspersky PURE 3.0 (x32 Version: 13.0.2.558 - Kaspersky Lab) Hidden
kuler (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Logitech Gaming Software (HKLM-x32\...\{B9242864-2841-4ADE-86E0-8F90F91B04DD}) (Version: 4.40 - )
Malwarebytes Anti-Malware Version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Media Player Classic - Home Cinema 1.6.1.4235 x64 (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.6.1.4235 - MPC-HC Team)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Age of Empires (HKLM-x32\...\Age of Empires) (Version:  - )
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}) (Version: 3.1.99.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office Access MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 32-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Mozilla Firefox 17.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 17.0 (x86 de)) (Version: 17.0 - Mozilla)
Mozilla Firefox 28.0 (x86 de) (HKCU\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla)
Mozilla Thunderbird (3.0.11) (HKCU\...\Mozilla Thunderbird (3.0.11)) (Version: 3.0.11 (de) - Mozilla)
Mozilla Thunderbird (3.0.3) (HKLM-x32\...\Mozilla Thunderbird (3.0.3)) (Version: 3.0.3 (de) - Mozilla)
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.2 - F.J. Wechselberger)
NETGEAR Genie (HKLM-x32\...\NETGEAR Genie) (Version: 2.2.27.1  - NETGEAR Inc.)
NETGEAR USB Control Center   (HKLM-x32\...\{CE79625A-8E53-41F6-8EC1-FCADAD0F130F}) (Version: 1.27 - NETGEAR)
NETGEAR WG111v3 wireless USB 2.0 adapter (HKLM-x32\...\InstallShield_{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}) (Version: 1.01.10 - NETGEAR)
NETGEAR WG111v3 wireless USB 2.0 adapter (x32 Version: 1.01.10 - NETGEAR) Hidden
NVIDIA PhysX (HKLM-x32\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA Corporation)
OpenOffice.org 3.2 (HKLM-x32\...\{8D1E61D1-1395-4E97-997F-D002DB3A5074}) (Version: 3.2.9502 - OpenOffice.org)
Origin (HKLM-x32\...\Origin) (Version: 8.5.1.15 - Electronic Arts, Inc.)
PDF Settings CS4 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
Photoshop Camera Raw (x32 Version: 5.0 - Adobe Systems Incorporated) Hidden
Photoshop Camera Raw_x64 (Version: 5.0 - Adobe Systems Incorporated) Hidden
PoiZone (HKLM-x32\...\PoiZone) (Version:  - Image-Line)
PowerDVD (HKLM-x32\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 7.0.3409.0 - CyberLink Corporation)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.986 - Even Balance, Inc.)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
RealPlayer (HKLM-x32\...\RealPlayer 12.0) (Version:  - RealNetworks)
RealUpgrade 1.0 (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden
Risen (HKLM-x32\...\{155F4A0E-76ED-45A2-91FB-FF2A2133C31A}) (Version: 1.00.0000 - Deep Silver)
Sawer (HKLM-x32\...\Sawer) (Version:  - Image-Line)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Sony Ericsson PC Companion 2.01.217 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.01.217 - Sony Ericsson)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Suite Shared Configuration CS4 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
TeamSpeak 3 Client (HKCU\...\TeamSpeak 3 Client) (Version:  - TeamSpeak Systems GmbH)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
Toxic Biohazard (HKLM-x32\...\Toxic Biohazard) (Version:  - Image-Line)
Two Worlds II (HKLM-x32\...\Two Worlds II) (Version: 1.3.2.0 - )
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Update for Microsoft Access 2010 (KB2553446) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{FEF4C57D-0975-4D3C-ACC7-DCD038C3788F}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2837594) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{99A0DB9A-71FC-4F98-BC1F-78A18195C677}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{DB0B0CDF-77EC-47B0-94E2-4738573A1E58}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{1AA82E2E-7DB7-4C70-910C-BBB657A6B3A5}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{428CB7A0-1068-4CE1-8835-39C7ECD297ED}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553092) (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{E636FE63-842B-4F4B-9884-DA189ACC0B91}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553092) (HKLM\...\{90140000-0044-0407-1000-0000000FF1CE}_Office14.PROPLUS_{E636FE63-842B-4F4B-9884-DA189ACC0B91}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{79C725A1-3964-421C-A528-78C1C083C7C7}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{EBD18DE5-BC84-4B57-9A30-097044871F9A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{4AD36582-256B-433D-8593-F31773A15CA4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{4AD36582-256B-433D-8593-F31773A15CA4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F216169C-2B40-429B-8370-B5BA06EC5423}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F216169C-2B40-429B-8370-B5BA06EC5423}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{B6AD7E27-012A-4B63-82BA-AF62893E5435}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{07DC9C6C-E916-4F42-8677-716930ED0393}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{43F59F4D-7179-497E-BE99-BC6F7D1DDCBA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition (HKLM\...\{90140000-0044-0407-1000-0000000FF1CE}_Office14.PROPLUS_{43F59F4D-7179-497E-BE99-BC6F7D1DDCBA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 64-Bit Edition (HKLM\...\{90140000-001F-0407-1000-0000000FF1CE}_Office14.PROPLUS_{64D96F30-CF4C-4CCE-AAF2-F8909348BF35}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 64-Bit Edition (HKLM\...\{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUS_{9F6507AC-7D8F-46C1-B90F-59C7828E0E0D}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2863818) 64-Bit Edition (HKLM\...\{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUS_{A9C4BE58-07E0-473D-AE68-ECBA13FBF77E}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{8A6BDA63-4D23-4485-A466-8979E10BCF49}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{8A6BDA63-4D23-4485-A466-8979E10BCF49}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{3029C408-1DD1-4273-8E58-87CB1B638FC8}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{3029C408-1DD1-4273-8E58-87CB1B638FC8}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{DDDC32A5-9528-4771-B91A-97A8E1D7957B}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition (HKLM\...\{90140000-001A-0407-1000-0000000FF1CE}_Office14.PROPLUS_{6164E0E5-C903-488C-93AF-1B7AF7EBC331}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A20A650C-F820-4CE4-AEA5-EC140192FAFB}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 64-Bit Edition (HKLM\...\{90140000-0018-0407-1000-0000000FF1CE}_Office14.PROPLUS_{FD360122-6829-4497-97C1-1BF578EF695B}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{77374F16-2DC6-4EEF-AFAD-C59FDA2E010D}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{77374F16-2DC6-4EEF-AFAD-C59FDA2E010D}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2553444) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{8E076AE6-4E29-4056-A13F-70CC8F433FB5}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{DF33B92A-5381-4F03-AB54-2D67086B357E}) (Version:  - Microsoft)
VC80CRTRedist - 8.0.50727.4053 (x32 Version: 1.1.0 - DivX, Inc) Hidden
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version:  - Elaborate Bytes)
VLC media player 1.1.4 (HKLM-x32\...\VLC media player) (Version: 1.1.4 - VideoLAN)
Warcraft III (HKLM-x32\...\Warcraft III) (Version:  - Blizzard Entertainment)
Windows Live Call (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows XP Mode (HKLM\...\{1374CC63-B520-4f3f-98E8-E9020BF01CFF}) (Version: 1.3.7600.16422 - Microsoft Corporation)
WinEdt 6 (HKLM-x32\...\WinEdt 6_is1) (Version:  - WinEdt Team)
WinRAR (HKLM-x32\...\WinRAR archiver) (Version:  - )
Youtube Downloader HD v. 2.9.4 (HKLM-x32\...\Youtube Downloader HD_is1) (Version:  - YoutubeDownloaderHD.com)

==================== Restore Points  =========================

Could not list Restore Points. Check "winmgmt" service or repair WMI.


==================== Hosts content: ==========================

2009-07-14 04:34 - 2014-04-13 23:57 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => ?

==================== Loaded Modules (whitelisted) =============

2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\Temp:07BF512B

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ioloSystemService => ""="Service"

==================== Disabled items from MSCONFIG ==============

MSCONFIG\Services: AMD External Events Utility => 2
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: Brother XP spl Service => 2
MSCONFIG\Services: bthserv => 3
MSCONFIG\Services: CLKMSVC10_9EC60124 => 2
MSCONFIG\Services: FLEXnet Licensing Service => 3
MSCONFIG\Services: FLEXnet Licensing Service 64 => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: NETGEARGenieDaemon => 2
MSCONFIG\Services: OMSI download service => 2
MSCONFIG\Services: RichVideo => 2
MSCONFIG\Services: SgtSch2Svc => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Sony Ericsson PCCompanion => 3
MSCONFIG\Services: SwitchBoard => 3
MSCONFIG\Services: WinRM => 3
MSCONFIG\Services: wlidsvc => 2
MSCONFIG\Services: WMPNetworkSvc => 2
MSCONFIG\Services: WPCSvc => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^NETGEAR WG111v3 Setup-Assistent.lnk => C:\Windows\pss\NETGEAR WG111v3 Setup-Assistent.lnk.CommonStartup
MSCONFIG\startupreg: AcronisTimounterMonitor => C:\Program Files (x86)\Seagate\BlackArmorBackup\TimounterMonitor.exe
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS4ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: AdobeCS5ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: AnyDVD => "C:\Software\SlySoft\AnyDVD\AnyDVD.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BCSSync => "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: BDRegion => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
MSCONFIG\startupreg: BlackArmorBackupMonitor.exe => C:\Program Files (x86)\Seagate\BlackArmorBackup\BlackArmorBackupMonitor.exe
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: CloneCDTray => "C:\Software\SlySoft\CloneCD\CloneCDTray.exe" /s
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: EA Core => "C:\Software\Electronic Arts\EADM\Core.exe" -silent
MSCONFIG\startupreg: InstantBurn => C:\PROGRA~2\CYBERL~1\INSTAN~1\Win2K\IBurn.exe
MSCONFIG\startupreg: iolo Startup => "C:\Program Files (x86)\iolo\Common\Lib\ioloLManager.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: NETGEAR USB Control Center => C:\Software\NETGEAR\USB Control Center\Control Center.exe -mini
MSCONFIG\startupreg: NETGEARGenie => "C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe" -mini -redirect
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RemoteControl => C:\Software\CyberLink\PowerDVD\PDVDServ.exe
MSCONFIG\startupreg: RemoteControl10 => C:\Software\CyberLink\PowerDVD10\PowerDVD10\PDVD10Serv.exe
MSCONFIG\startupreg: RemoteControl9 => "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
MSCONFIG\startupreg: Seagate Scheduler2 Service => "C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe"
MSCONFIG\startupreg: Sony Ericsson PC Suite => "C:\Software\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
MSCONFIG\startupreg: StartWMDriverWiz => C:\Windows\system32\rundll32.exe C:\PROGRA~2\COMMON~1\Logitech\WmDrivers\wmwizard.dll,WMWizardMain
MSCONFIG\startupreg: Steam => "C:\Software\Steam\Steam.exe" -silent
MSCONFIG\startupreg: Sweetpacks Communicator => C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe
MSCONFIG\startupreg: TkBellExe => "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot
MSCONFIG\startupreg: VirtualCloneDrive => "C:\Software\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s

==================== Faulty Device Manager Devices =============

Name: PS/2-kompatible Maus
Description: PS/2-kompatible Maus
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: BlackArmor NAS 1D
Description: BlackArmor NAS 1D
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/16/2014 11:31:15 PM) (Source: MsiInstaller) (User: Daveshave)
Description: Product: Greenfoot -- Error 1730. You must be an Administrator to remove this application. To remove this application, you can log on as an Administrator, or contact your technical support group for assistance.

Error: (04/16/2014 11:30:51 PM) (Source: Application Error) (User: )
Description: Aus einem der folgenden Gründe kann nicht auf die Datei "" zugegriffen werden:
Es besteht ein Problem mit der Netzwerkverbindung, dem Datenträger mit der gespeicherten Datei bzw. den auf dem Computer installierten
Speichertreibern, oder der Datenträger fehlt.
Das Programm plugin-container.exe wurde wegen dieses Fehlers geschlossen.

Programm: plugin-container.exe
Datei: 

Der Fehlerwert ist im Abschnitt "Zusätzliche Dateien" aufgelistet.
Benutzeraktion
1. Öffnen Sie die Datei erneut.
Diese Situation ist eventuell ein temporäres Problem, das selbstständig behoben wird, wenn das Programm erneut ausgeführt wird.
2.
Wenn Sie weiterhin nicht auf die Datei zugreifen können und
	- diese sich im Netzwerk befindet, 
dann sollte der Netzwerkadministrator überprüfen, dass kein Netzwerkproblem besteht und dass eine Verbindung mit dem Server hergestellt werden kann.
	- diese sich auf einem Wechseldatenträger, wie z. B. einer Diskette oder einer CD, befindet, überprüfen Sie, ob der Datenträger richtig in den Computer eingelegt ist.
3. Überprüfen und reparieren Sie das Dateisystem, indem Sie CHKDSK ausführen. Klicken Sie dazu im Menü "Start" auf "Ausführen", geben Sie CMD ein, und klicken Sie auf "OK". Geben Sie an der Eingabeaufforderung CHKDSK /F ein, und drücken Sie die EINGABETASTE.
4. Stellen Sie die Datei von einer Sicherungskopie wieder her, wenn das Problem weiterhin besteht.
5. Überprüfen Sie, ob andere Dateien auf demselben Datenträger geöffnet werden können. Falls dies nicht möglich ist, ist der Datenträger eventuell beschädigt. 
Wenden Sie sich an den Administrator oder den Hersteller der Computerhardware, um weitere Unterstützung zu erhalten, wenn es sich um eine Festplatte handelt.

Zusätzliche Daten
Fehlerwert: C000026E
Datenträgertyp: 0

Error: (04/16/2014 11:30:51 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 0.0.0.0, Zeitstempel: 0x53240e5d
Name des fehlerhaften Moduls: xul.dll, Version: 0.0.0.0, Zeitstempel: 0x53240e04
Ausnahmecode: 0xc0000006
Fehleroffset: 0x003e1163
ID des fehlerhaften Prozesses: 0xabc
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3

Error: (04/16/2014 11:30:27 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 0.0.0.0, Zeitstempel: 0x53240e37
Name des fehlerhaften Moduls: xul.dll, Version: 0.0.0.0, Zeitstempel: 0x53240e04
Ausnahmecode: 0x4000001f
Fehleroffset: 0x008ae8da
ID des fehlerhaften Prozesses: 0x15a4
Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0
Pfad der fehlerhaften Anwendung: firefox.exe1
Pfad des fehlerhaften Moduls: firefox.exe2
Berichtskennung: firefox.exe3


System errors:
=============
Error: (04/17/2014 00:09:16 AM) (Source: volsnap) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

Error: (04/16/2014 10:48:43 PM) (Source: volsnap) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.


Microsoft Office Sessions:
=========================
Error: (04/16/2014 11:31:15 PM) (Source: MsiInstaller)(User: Daveshave)
Description: Product: Greenfoot -- Error 1730. You must be an Administrator to remove this application. To remove this application, you can log on as an Administrator, or contact your technical support group for assistance.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (04/16/2014 11:30:51 PM) (Source: Application Error)(User: )
Description: plugin-container.exeC000026E0

Error: (04/16/2014 11:30:51 PM) (Source: Application Error)(User: )
Description: plugin-container.exe0.0.0.053240e5dxul.dll0.0.0.053240e04c0000006003e1163abc01cf59b14df55452\\localhost\C$\@GMT-2014.04.13-21.45.32\Software\Mozilla Firefox\plugin-container.exe\\localhost\C$\@GMT-2014.04.13-21.45.32\Software\Mozilla Firefox\xul.dll61bc3fb4-c5ae-11e3-ae8b-001c25321542

Error: (04/16/2014 11:30:27 PM) (Source: Application Error)(User: )
Description: firefox.exe0.0.0.053240e37xul.dll0.0.0.053240e044000001f008ae8da15a401cf59b13b5301a9\\localhost\C$\@GMT-2014.04.13-21.45.32\Software\Mozilla Firefox\firefox.exe\\localhost\C$\@GMT-2014.04.13-21.45.32\Software\Mozilla Firefox\xul.dll5325cdf3-c5ae-11e3-ae8b-001c25321542


CodeIntegrity Errors:
===================================
  Date: 2014-04-16 15:08:14.660
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-04-16 15:08:14.660
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-04-16 15:08:14.655
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-04-16 15:08:14.560
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-04-16 15:08:14.555
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-04-16 15:08:14.550
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-04-16 15:08:14.535
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-04-16 15:08:14.530
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-04-16 15:08:14.525
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-04-15 00:58:43.608
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 56%
Total physical RAM: 3071.49 MB
Available physical RAM: 1347.63 MB
Total Pagefile: 6141.16 MB
Available Pagefile: 3531 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (DATA) (Fixed) (Total:228.82 GB) (Free:125.52 GB) NTFS
Drive d: (ACER) (Fixed) (Total:229.13 GB) (Free:51.7 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive p: (ANTIBOT) (CDROM) (Total:0.89 GB) (Free:0 GB) CDFS
Drive z: (Public) (Network) (Total:1831.15 GB) (Free:124.23 GB) NTFS

==================== MBR & Partition Table ==================

==================== End Of Log ============================
         
--- --- ---

Alt 18.04.2014, 17:09   #10
schrauber
/// the machine
/// TB-Ausbilder
 

Sicherheitssperre Ihres Postfachs - Standard

Sicherheitssperre Ihres Postfachs



Ich wiederhole mich mal:

Unsere Tools brauchen immer Adminrechte
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 19.04.2014, 04:07   #11
bl4cky
 
Sicherheitssperre Ihres Postfachs - Standard

Sicherheitssperre Ihres Postfachs



habe ich gelesen und dementsprechend mit "als administrator ausführen" geöffnet

Alt 19.04.2014, 13:42   #12
schrauber
/// the machine
/// TB-Ausbilder
 

Sicherheitssperre Ihres Postfachs - Standard

Sicherheitssperre Ihres Postfachs



Zitat:
Ran by *****_2 (ATTENTION: The logged in user is not administrator) on DAVESHAVE on 17-04-2014 15:53:00
Ok ich präzisiere: Vom Adminkonto aus
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Sicherheitssperre Ihres Postfachs
ausspioniert, beseitigen, browser, dadrüber, datensätze, email, erhalte, fall von identitätsdiebstahl, gestartet, gmx, ide, kaspersky, kunde, lange, link, morgen, passwort, schädlinge, seite, sicherheitssperre, sicherheitssperre ihres postfachs, wichtiger, zusammen, änderung



Ähnliche Themen: Sicherheitssperre Ihres Postfachs


  1. Vorsorgliche Sicherheitssperre Ihres Postfachs, Web.de
    Log-Analyse und Auswertung - 21.09.2015 (9)
  2. Windows 8.1 E-Mail-Sicherheitssperre ESET: Win32/Conduit.SearchProtect.I
    Log-Analyse und Auswertung - 22.07.2015 (106)
  3. Wiederholte Sicherheitssperre des Postfachs
    Log-Analyse und Auswertung - 24.04.2014 (11)
  4. Gmer Log auswerten, Web.de Sicherheitssperre, mehrere Rootkits
    Plagegeister aller Art und deren Bekämpfung - 08.04.2014 (9)
  5. Email ; Vorsorgliche Sicherheitssperre ihres Postfachs
    Log-Analyse und Auswertung - 21.06.2013 (7)
  6. Sperrungs des email Postfachs Malware ?
    Plagegeister aller Art und deren Bekämpfung - 11.06.2013 (12)
  7. Warnung: Ihr Systhem hat entdeckt dass sie die Version Ihres Flashplayers aktualiesieren müssen HEUTE!
    Plagegeister aller Art und deren Bekämpfung - 15.05.2013 (7)
  8. Email "Vorsorgliche Sicherheitssperre Ihres Postfachs!" von keineantwortadresse@web.de
    Plagegeister aller Art und deren Bekämpfung - 04.05.2013 (22)
  9. Sicherheitssperre Windows XP gegen 50 Euro
    Plagegeister aller Art und deren Bekämpfung - 05.01.2012 (9)

Zum Thema Sicherheitssperre Ihres Postfachs - hey zusammen, ich habe heute morgen folgende email bekommen: "GMX Kundenmanagement Sicherheitssperre Ihres Postfachs Lieber GMX Nutzer, mit diesem Sicherheitshinweis möchten wir Sie über einen Fall von Identitätsdiebstahl informieren, von - Sicherheitssperre Ihres Postfachs...
Archiv
Du betrachtest: Sicherheitssperre Ihres Postfachs auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.