Trojaner-Board - GVU Trojaner Windows7

Hier das Log

Code:

ComboFix 14-02-05.02 - M.Schleusing 08.02.2014  14:09:02.1.2 - x64

ausgeführt von:: c:\users\M.Schleusing\Desktop\ComboFix.exe

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\END

C:\prefs.js

c:\program files (x86)\Common Files\Acer GameZone online.ico

c:\program files (x86)\facemoods.com

c:\program files (x86)\facemoods.com\facemoods\1.4.17.11\bh\facemoods.dll

c:\program files (x86)\facemoods.com\facemoods\1.4.17.11\facemoods.crx

c:\program files (x86)\facemoods.com\facemoods\1.4.17.11\facemoods.png

c:\program files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodsApp.dll

c:\program files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodsEng.dll

c:\program files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe

c:\program files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll

c:\program files (x86)\facemoods.com\facemoods\1.4.17.11\uninstall.exe

c:\program files (x86)\facemoods.com\sqlite3.dll

c:\programdata\17i3hx.zvv

c:\users\M.Schleusing\AppData\Local\Microsoft\Windows\Temporary Internet Files\Whilokii_iels

c:\users\M.Schleusing\AppData\Roaming\.#

c:\windows\IsUn0407.exe

.

.

(((((((((((((((((((((((   Dateien erstellt von 2014-01-08 bis 2014-02-08  ))))))))))))))))))))))))))))))

.

.

2014-02-08 19:42 . 2014-02-08 21:29        --------        d-----w-        C:\FRST

2014-02-08 13:23 . 2014-02-08 13:23        --------        d-----w-        c:\users\Default\AppData\Local\temp

2014-02-01 12:48 . 2014-02-01 12:49        --------        d-----w-        c:\program files (x86)\Cultures

2014-01-14 19:04 . 2014-01-14 19:04        --------        d-----w-        c:\users\M.Schleusing\AppData\Roaming\FoxTab

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2014-02-05 17:41 . 2013-03-01 13:45        692616        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe

2014-02-05 17:41 . 2011-05-17 13:40        71048        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2014-01-15 20:50 . 2012-08-13 12:01        86054176        ----a-w-        c:\windows\system32\MRT.exe

2014-01-06 19:23 . 2014-01-06 19:23        4558848        ----a-w-        c:\windows\SysWow64\GPhotos.scr

2014-01-03 13:01 . 2014-01-03 13:02        866720        ----a-w-        c:\windows\SysWow64\npDeployJava1.dll

2014-01-03 13:01 . 2014-01-03 13:01        95648        ----a-w-        c:\windows\SysWow64\WindowsAccessBridge-32.dll

2014-01-03 13:01 . 2011-08-24 14:40        788896        ----a-w-        c:\windows\SysWow64\deployJava1.dll

2013-12-18 18:55 . 2013-08-06 07:51        84720        ----a-w-        c:\windows\system32\drivers\avnetflt.sys

2013-12-18 18:55 . 2013-08-06 07:36        131576        ----a-w-        c:\windows\system32\drivers\avipbb.sys

2013-12-18 18:55 . 2013-08-06 07:36        108440        ----a-w-        c:\windows\system32\drivers\avgntflt.sys

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{D8278076-BC68-4484-9233-6E7F1628B56C}"= "c:\program files (x86)\AskPartnerNetwork\Toolbar\searchhook.dll" [2013-12-20 74704]

.

[HKEY_CLASSES_ROOT\clsid\{d8278076-bc68-4484-9233-6e7f1628b56c}]

[HKEY_CLASSES_ROOT\TypeLib\{7C4EE486-5EA5-4683-8C23-BF520933BB5E}]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{41564952-412D-5637-00A7-7A786E7484D7}]

2013-12-20 19:17        12240        ----a-w-        c:\program files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{41564952-412D-5637-00A7-7A786E7484D7}"= "c:\program files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll" [2013-12-20 12240]

.

[HKEY_CLASSES_ROOT\clsid\{41564952-412d-5637-00a7-7a786e7484d7}]

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1EldosIconOverlay]

@="{430E8868-67B9-4EA9-8D2E-1CAF7BCBD1BA}"

[HKEY_CLASSES_ROOT\CLSID\{430E8868-67B9-4EA9-8D2E-1CAF7BCBD1BA}]

2012-04-09 14:27        158224        ----a-w-        c:\windows\SysWOW64\CbFsMntNtf3.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2009-09-10 13:41        120104        ----a-w-        c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]

@="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"

[HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]

2012-04-09 14:27        158224        ----a-w-        c:\windows\SysWOW64\CbFsMntNtf3.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sony PC Companion"="c:\program files (x86)\Sony\Sony PC Companion\PCCompanion.exe" [2013-10-31 449760]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-08-12 261888]

"Hotkey Utility"="c:\program files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe" [2009-08-18 629280]

"EgisTecLiveUpdate"="c:\program files (x86)\EgisTec Egis Software Update\EgisUpdate.exe" [2009-08-04 199464]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-10-19 98304]

"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]

"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-12-18 684600]

"ApnTBMon"="c:\program files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe" [2013-12-20 1778640]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"Userinit"="userinit.exe"

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys;c:\windows\SYSNATIVE\Drivers\androidusb.sys [x]

R3 ArcService;Arc Service;c:\program files (x86)\Perfect World Entertainment\Arc\ArcService.exe;c:\program files (x86)\Perfect World Entertainment\Arc\ArcService.exe [x]

R3 ewsercd;Huawei DataCard USB Serial Port;c:\windows\system32\DRIVERS\ewsercd.sys;c:\windows\SYSNATIVE\DRIVERS\ewsercd.sys [x]

R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbnet.sys [x]

R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbdev.sys [x]

R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbfake.sys [x]

R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [x]

R3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\DRIVERS\s1018bus.sys;c:\windows\SYSNATIVE\DRIVERS\s1018bus.sys [x]

R3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1018mdfl.sys;c:\windows\SYSNATIVE\DRIVERS\s1018mdfl.sys [x]

R3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1018mdm.sys;c:\windows\SYSNATIVE\DRIVERS\s1018mdm.sys [x]

R3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1018mgmt.sys;c:\windows\SYSNATIVE\DRIVERS\s1018mgmt.sys [x]

R3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1018nd5.sys;c:\windows\SYSNATIVE\DRIVERS\s1018nd5.sys [x]

R3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1018obex.sys;c:\windows\SYSNATIVE\DRIVERS\s1018obex.sys [x]

R3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1018unic.sys;c:\windows\SYSNATIVE\DRIVERS\s1018unic.sys [x]

R3 SipIMNDI;T-Home Dialerschutz VoIP Service;c:\windows\system32\DRIVERS\SipIMNDI64.sys;c:\windows\SYSNATIVE\DRIVERS\SipIMNDI64.sys [x]

R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [x]

R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]

R3 zghsmdm;ZTE General Handset USB Modem Proprietary;c:\windows\system32\DRIVERS\zghsmdm.sys;c:\windows\SYSNATIVE\DRIVERS\zghsmdm.sys [x]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]

S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]

S1 cbfs3;cbfs3;c:\windows\system32\drivers\cbfs3.sys;c:\windows\SYSNATIVE\drivers\cbfs3.sys [x]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]

S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x]

S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x]

S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]

S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]

S2 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [x]

S2 APNMCP;Ask Aktualisierungsdienst;c:\program files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe;c:\program files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [x]

S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe;c:\program files (x86)\Acer\Registration\GregHSRW.exe [x]

S2 McNeelUpdate;McNeel Update Service 5.0;c:\program files (x86)\McNeelUpdate\5.0\McNeelUpdateService.exe;c:\program files (x86)\McNeelUpdate\5.0\McNeelUpdateService.exe [x]

S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [x]

.

.

--- Andere Dienste/Treiber im Speicher ---

.

*NewlyCreated* - WS2IFSL

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

hpdevmgmt        REG_MULTI_SZ           hpqcxs08 hpqddsvc

.

Inhalt des "geplante Tasks" Ordners

.

2014-02-08 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-01 17:41]

.

2014-02-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1377681411-3994106491-3036228621-1000Core.job

- c:\users\M.Schleusing\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-18 09:10]

.

2014-02-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1377681411-3994106491-3036228621-1000UA.job

- c:\users\M.Schleusing\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-18 09:10]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{41564952-412D-5637-00A7-7A786E7484D7}]

2013-12-20 19:17        13776        ----a-w-        c:\program files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{41564952-412D-5637-00A7-7A786E7484D7}"= "c:\program files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll" [2013-12-20 13776]

.

[HKEY_CLASSES_ROOT\CLSID\{41564952-412D-5637-00A7-7A786E7484D7}]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1EldosIconOverlay]

@="{430E8868-67B9-4EA9-8D2E-1CAF7BCBD1BA}"

[HKEY_CLASSES_ROOT\CLSID\{430E8868-67B9-4EA9-8D2E-1CAF7BCBD1BA}]

2012-04-09 14:27        190480        ----a-w-        c:\windows\System32\CbFsMntNtf3.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2009-09-10 13:44        137512        ----a-w-        c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]

@="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"

[HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]

2012-04-09 14:27        190480        ----a-w-        c:\windows\System32\CbFsMntNtf3.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-20 7981088]

"mwlDaemon"="c:\program files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-09-10 349480]

"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-30 499608]

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = https://www.google.de/

uLocal Page = c:\windows\system32\blank.htm

mDefault_Page_URL = hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=hp&from=cor&uid=395049983_1052514_7CD22FDF&ts=1380313102

mStart Page = hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=hp&from=cor&uid=395049983_1052514_7CD22FDF&ts=1380313102

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.0.1

TCP: Interfaces\{43AF8AD8-8451-43AC-82C2-12BF479B49C2}: NameServer = 212.23.115.148 212.23.115.132

TCP: Interfaces\{4DB558CD-8FE3-4960-9244-5BCFFD5F89DE}: NameServer = 212.23.115.148 212.23.115.132

TCP: Interfaces\{54126AAF-3ECA-4062-8DFA-CBB371FA71A5}: NameServer = 212.23.115.148 212.23.97.2

TCP: Interfaces\{7489ABAC-82E0-4061-90D1-83615B41A690}: NameServer = 212.23.115.148 212.23.115.132

TCP: Interfaces\{A3E241D2-280E-4239-85E4-FB70AC001AD3}: NameServer = 212.23.115.148 212.23.115.132

TCP: Interfaces\{CE80EEA8-5776-416C-BC8F-D6286D5E47B9}: NameServer = 212.23.115.150 212.23.115.132

TCP: Interfaces\{DA000208-B9E1-45CC-A63C-54F2214F1BB3}: NameServer = 212.23.115.148 212.23.115.132

TCP: Interfaces\{FEA10D0C-9F03-4FD7-B774-E10F50C7063C}: NameServer = 212.23.115.150 212.23.115.132

FF - ProfilePath - c:\users\M.Schleusing\AppData\Roaming\Mozilla\Firefox\Profiles\124vuhh6.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/

FF - ExtSQL: !HIDDEN! 2010-12-08 17:13; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

URLSearchHooks-{40c3cc16-7269-4b32-9531-17f2950fb06f} - (no file)

URLSearchHooks-{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - (no file)

BHO-{64182481-4F71-486b-A045-B233BD0DA8FC} - c:\program files (x86)\facemoods.com\facemoods\1.4.17.11\bh\facemoods.dll

Toolbar-Locked - (no file)

Toolbar-{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - c:\program files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll

Wow6432Node-HKCU-Run-AdobeBridge - (no file)

Wow6432Node-HKLM-Run-<NO NAME> - (no file)

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Launcher.lnk - c:\program files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe

SafeBoot-mcmscsvc

SafeBoot-MCODS

Toolbar-Locked - (no file)

AddRemove-Cultures - Die Entdeckung Vinlands - c:\windows\IsUn0407.exe

AddRemove-facemoods - c:\program files (x86)\facemoods.com\facemoods\1.4.17.11\uninstall.exe

AddRemove-Floyd - c:\windows\IsUn0407.exe

AddRemove-{EE74D039-45D7-44E9-BF95-B9CFB015964F_P1Sec}_is1 - d:\gothic 4\ArcaniA - Gothic 4\unins000.exe

.

.

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_USERS\S-1-5-21-1377681411-3994106491-3036228621-1000\Software\SecuROM\License information*]

"datasecu"=hex:4b,76,c9,e8,ca,14,34,1e,9e,3c,d7,fc,94,86,09,02,f8,ae,01,12,3d,

   14,b5,d1,18,3c,43,c2,09,ca,ae,9b,02,ba,21,19,4b,77,2d,9f,3c,a6,4e,fa,31,01,\

"rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_44_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_44_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Weitere laufende Prozesse ------------------------

.

c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe

c:\program files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe

.

**************************************************************************

.

Zeit der Fertigstellung: 2014-02-08  14:41:52 - PC wurde neu gestartet

ComboFix-quarantined-files.txt  2014-02-08 13:41

.

Vor Suchlauf: 17 Verzeichnis(se), 199.318.941.696 Bytes frei

Nach Suchlauf: 26 Verzeichnis(se), 205.959.503.872 Bytes frei

.

- - End Of File - - 15FBBAEBBE3908319819819C3439421C

70E629B51C16B3C007730C6AE57144C9

Das adwCleaner Log:

Code:

# AdwCleaner v3.018 - Bericht erstellt am 08/02/2014 um 14:59:38

# Updated 28/01/2014 von Xplode

# Betriebssystem : Windows 7 Home Premium  (64 bits)

# Benutzername : M.Schleusing - MSCHLEUSING-PC

# Gestartet von : C:\Users\M.Schleusing\Desktop\adwcleaner.exe

# Option : Löschen
 

***** [ Dienste ] *****
 
 

***** [ Dateien / Ordner ] *****
 

Ordner Gelöscht : C:\ProgramData\BonanzaDealsLive

Ordner Gelöscht : C:\ProgramData\Partner

Ordner Gelöscht : C:\Program Files (x86)\BonanzaDeals

Ordner Gelöscht : C:\Program Files (x86)\BonanzaDealsLive

Ordner Gelöscht : C:\Program Files (x86)\Conduit

Ordner Gelöscht : C:\Users\M.Schleusing\AppData\Local\BonanzaDealsLive

Ordner Gelöscht : C:\Users\M.Schleusing\AppData\Local\Conduit

Ordner Gelöscht : C:\Users\M.Schleusing\AppData\LocalLow\Conduit

Ordner Gelöscht : C:\Users\M.Schleusing\AppData\LocalLow\facemoods.com

Ordner Gelöscht : C:\Users\M.Schleusing\AppData\Roaming\Funmoods

Ordner Gelöscht : C:\Users\M.Schleusing\AppData\Roaming\loadtbs

Ordner Gelöscht : C:\Users\M.Schleusing\AppData\Roaming\OpenCandy

Ordner Gelöscht : C:\Users\M.Schleusing\AppData\Roaming\pdfforge

Ordner Gelöscht : C:\Users\M.Schleusing\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhphemoobgnikcoofkgackkaimpfmenm

Ordner Gelöscht : C:\Users\M.Schleusing\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo

Ordner Gelöscht : C:\Users\M.Schleusing\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif

[!] Ordner Gelöscht : C:\Users\M.Schleusing\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhphemoobgnikcoofkgackkaimpfmenm

Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\qvo6.xml

Datei Gelöscht : C:\Users\M.Schleusing\AppData\Roaming\Mozilla\Firefox\Profiles\124vuhh6.default\user.js

Datei Gelöscht : C:\Users\M.Schleusing\AppData\Roaming\Mozilla\Firefox\Profiles\{DefaultProfilesFolder}\user.js

Datei Gelöscht : C:\Windows\System32\Tasks\Funmoods
 

***** [ Verknüpfungen ] *****
 

Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

Verknüpfung Desinfiziert : C:\Users\M.Schleusing\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk

Verknüpfung Desinfiziert : C:\Users\M.Schleusing\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

Verknüpfung Desinfiziert : C:\Users\M.Schleusing\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk

Verknüpfung Desinfiziert : C:\Users\M.Schleusing\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk

Verknüpfung Desinfiziert : C:\Users\M.Schleusing\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

Verknüpfung Desinfiziert : C:\Users\M.Schleusing\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk

Verknüpfung Desinfiziert : C:\Users\M.Schleusing\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk

Verknüpfung Desinfiziert : C:\Users\M.Schleusing\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Google Chrome.lnk

Verknüpfung Desinfiziert : C:\Users\M.Schleusing\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Internet Explorer.lnk
 

***** [ Registrierungsdatenbank ] *****
 

Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\bhphemoobgnikcoofkgackkaimpfmenm

Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\bhphemoobgnikcoofkgackkaimpfmenm

Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo

Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\ihflimipbcaljfnojhhknppphnnciiif

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane.1

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escrtBtn.1

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.escrtSrvc

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.escrtSrvc.1

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\facemoods.xtrnl

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\facemoods.xtrnl.1

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\facemoodsApp.appCore

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\facemoodsApp.appCore.1

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskPIP_FF__RASAPI32

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskPIP_FF__RASMANCS

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\facemoods_RASAPI32

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\facemoods_RASMANCS

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASAPI32

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASMANCS

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2319825

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2625848

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{AD25754E-D76C-42B3-A335-2F81478B722F}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{64182481-4F71-486B-A045-B233BD0DA8FC}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A5B99E41-E157-4209-8AAC-DB003A816079}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AD20D01C-C939-4DD2-8C55-56935A48987E}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DDE2C74F-58CC-4D71-8CE1-09DEBB8CFB78}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DFEFCDEE-CF1A-4FC8-88AD-129872198372}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E95EAD3F-18C6-4304-9DC6-BD6FD8E11D37}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{542FA950-C57A-4E17-B3E1-D935DFE15DEE}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5B035F86-41B5-40F1-AAAD-3D219F30244E}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6365AC7B-9920-4D8B-AF5D-3BDFEAC340A8}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6A934270-717F-4BC3-BA59-BC9BED47A8D2}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{74C012C4-00FB-4F04-9AFB-4AD5449D2018}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{78888F8B-D5E4-43CE-89F5-C8C18223AF64}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{79B13431-CCAC-4097-8889-D0289E5E924F}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8B8558F6-DC26-4F39-8417-34B8934AA459}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8C8D5C57-3CAD-4CF9-BCAD-F873678DA883}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{981334CB-7B8B-431F-B86D-67B7426B125B}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A3A2A5C0-1306-4D1A-A093-9CECA4230002}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C1C2FC43-F042-4F17-AEDB-C5ABF3B42E4B}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F7EC6286-297C-4981-9DCC-FD7F57BC24C9}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{12A5F606-B1EC-474C-83ED-95E99FD8058E}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{AD25754E-D76C-42B3-A335-2F81478B722F}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{B12E99ED-69BD-437C-86BE-C862B9E5444D}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64182481-4F71-486B-A045-B233BD0DA8FC}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DFEFCDEE-CF1A-4FC8-88AD-129872198372}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DFEFCDEE-CF1A-4FC8-88AD-129872198372}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FFDF9EF3-3C3A-4F05-9A6E-5D3B778EC567}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}

Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}]

Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{DFEFCDEE-CF1A-4FC8-88AD-129872198372}]

Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]

Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{542FA950-C57A-4E17-B3E1-D935DFE15DEE}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{5B035F86-41B5-40F1-AAAD-3D219F30244E}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{6365AC7B-9920-4D8B-AF5D-3BDFEAC340A8}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{6A934270-717F-4BC3-BA59-BC9BED47A8D2}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{74C012C4-00FB-4F04-9AFB-4AD5449D2018}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{78888F8B-D5E4-43CE-89F5-C8C18223AF64}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{79B13431-CCAC-4097-8889-D0289E5E924F}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{8B8558F6-DC26-4F39-8417-34B8934AA459}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{8C8D5C57-3CAD-4CF9-BCAD-F873678DA883}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{981334CB-7B8B-431F-B86D-67B7426B125B}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A3A2A5C0-1306-4D1A-A093-9CECA4230002}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{AB4DA692-F26B-403C-AF8F-FD87D121F8F1}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C1C2FC43-F042-4F17-AEDB-C5ABF3B42E4B}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{F7EC6286-297C-4981-9DCC-FD7F57BC24C9}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}

Schlüssel Gelöscht : HKCU\Software\BonanzaDealsLive

Schlüssel Gelöscht : HKCU\Software\Conduit

Schlüssel Gelöscht : HKCU\Software\facemoods.com

Schlüssel Gelöscht : HKCU\Software\Funmoods

Schlüssel Gelöscht : HKCU\Software\InstallCore

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\smartbar

Schlüssel Gelöscht : HKLM\Software\BonanzaDealsLive

Schlüssel Gelöscht : HKLM\Software\Conduit

Schlüssel Gelöscht : HKLM\Software\facemoods.com

Schlüssel Gelöscht : HKLM\Software\qvo6Software

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Funmoods

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\facemoods

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\loadtbs-2.1
 

***** [ Browser ] *****
 

-\\ Internet Explorer v9.0.8112.16476
 

Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]

Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]

Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
 

-\\ Mozilla Firefox v26.0 (de)
 

[ Datei : C:\Users\M.Schleusing\AppData\Roaming\Mozilla\Firefox\Profiles\124vuhh6.default\prefs.js ]
 

Zeile gelöscht : user_pref("browser.search.defaultenginename", "qvo6");
 

[ Datei : C:\Users\M.Schleusing\AppData\Roaming\Mozilla\Firefox\Profiles\{DefaultProfilesFolder}\prefs.js ]
 
 

-\\ Google Chrome v
 

[ Datei : C:\Users\M.Schleusing\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 

*************************
 

AdwCleaner[R0].txt - [17010 octets] - [08/02/2014 14:58:04]

AdwCleaner[S0].txt - [14566 octets] - [08/02/2014 14:59:38]
 

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [14627 octets] ##########

Das JRT Log:

Code:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.1.1 (02.04.2014:1)

OS: Windows 7 Home Premium x64

Ran by M.Schleusing on 08.02.2014 at 15:02:53,39

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 

~~~ Services
 
 
 

~~~ Registry Values
 

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\apntbmon
 
 
 

~~~ Registry Keys
 

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{41564952-412D-5637-00A7-7A786E7484D7}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\updatewhilokii_rasapi32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\updatewhilokii_rasmancs
 
 
 

~~~ Files
 
 
 

~~~ Folders
 

Successfully deleted: [Folder] "C:\ProgramData\apn"

Successfully deleted: [Folder] "C:\Users\M.Schleusing\appdata\local\cre"
 
 
 

~~~ FireFox
 

Emptied folder: C:\Users\M.Schleusing\AppData\Roaming\mozilla\firefox\profiles\124vuhh6.default\minidumps [131 files]
 
 
 

~~~ Chrome
 

Successfully deleted: [Folder] C:\Users\M.Schleusing\appdata\local\Google\Chrome\User Data\Default\Extensions\aaaaacalgebmfelllfiaoknifldpngjh

Successfully deleted: [Folder] C:\Users\M.Schleusing\appdata\local\Google\Chrome\User Data\Default\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo

Successfully deleted: [Folder] C:\Users\M.Schleusing\appdata\local\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\aaaaacalgebmfelllfiaoknifldpngjh
 
 
 

~~~ Event Viewer Logs were cleared
 
 
 
 
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 08.02.2014 at 15:09:45,35

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Das FRST Log:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-02-2014

Ran by M.Schleusing (administrator) on MSCHLEUSING-PC on 08-02-2014 15:10:35

Running from C:\Users\M.Schleusing\Desktop

Windows 7 Home Premium (X64) OS Language: German Standard

Internet Explorer Version 9

Boot Mode: Normal
 
 

==================== Processes (Whitelisted) =================
 

(AMD) C:\Windows\System32\atiesrxx.exe

(AMD) C:\Windows\System32\atieclxx.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe

(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GregHSRW.exe

(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe

(Robert McNeel & Associates) C:\Program Files (x86)\McNeelUpdate\5.0\McNeelUpdateService.exe

(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(Egis Technology Inc.) C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe

(Sony) C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe

(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe

() C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe

(Egis Technology Inc.) C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe

(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

(APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe

() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe

() C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe

(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
 
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7981088 2009-07-20] (Realtek Semiconductor)

HKLM\...\Run: [mwlDaemon] - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe [349480 2009-09-10] (Egis Technology Inc.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-03-30] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [261888 2009-08-12] (NewTech Infosystems, Inc.)

HKLM-x32\...\Run: [Hotkey Utility] - C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [629280 2009-08-18] ()

HKLM-x32\...\Run: [EgisTecLiveUpdate] - C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe [199464 2009-08-04] (Egis Technology Inc.)

HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-10-19] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)

HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [] - [X]

HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-18] (Avira Operations GmbH & Co. KG)

HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)

HKU\S-1-5-21-1377681411-3994106491-3036228621-1000\...\Run: [Sony PC Companion] - C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [449760 2013-10-31] (Sony)

SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)

SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
 

==================== Internet (Whitelisted) ====================
 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

URLSearchHook: HKCU - SearchHook Class - {D8278076-BC68-4484-9233-6E7F1628B56C} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\searchhook.dll (APN LLC.)

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 

SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW

SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE402

BHO: Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll (APN LLC.)

BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)

BHO-x32: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)

BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

BHO-x32: No Name - {41564952-412D-5637-00A7-7A786E7484D7} -  No File

BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: ArcPluginIEBHO Class - {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} - C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\ArcPluginIE.dll (Perfect World Entertainment Inc)

BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

BHO-x32: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)

BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)

Toolbar: HKLM - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll (APN LLC.)

Toolbar: HKLM-x32 - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)

Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

Toolbar: HKLM-x32 - No Name - {41564952-412D-5637-00A7-7A786E7484D7} -  No File

Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

Tcpip\..\Interfaces\{43AF8AD8-8451-43AC-82C2-12BF479B49C2}: [NameServer]212.23.115.148 212.23.115.132

Tcpip\..\Interfaces\{4DB558CD-8FE3-4960-9244-5BCFFD5F89DE}: [NameServer]212.23.115.148 212.23.115.132

Tcpip\..\Interfaces\{54126AAF-3ECA-4062-8DFA-CBB371FA71A5}: [NameServer]212.23.115.148 212.23.97.2

Tcpip\..\Interfaces\{7489ABAC-82E0-4061-90D1-83615B41A690}: [NameServer]212.23.115.148 212.23.115.132

Tcpip\..\Interfaces\{A3E241D2-280E-4239-85E4-FB70AC001AD3}: [NameServer]212.23.115.148 212.23.115.132

Tcpip\..\Interfaces\{CE80EEA8-5776-416C-BC8F-D6286D5E47B9}: [NameServer]212.23.115.150 212.23.115.132

Tcpip\..\Interfaces\{DA000208-B9E1-45CC-A63C-54F2214F1BB3}: [NameServer]212.23.115.148 212.23.115.132

Tcpip\..\Interfaces\{FEA10D0C-9F03-4FD7-B774-E10F50C7063C}: [NameServer]212.23.115.150 212.23.115.132
 

FireFox:

========

FF ProfilePath: C:\Users\M.Schleusing\AppData\Roaming\Mozilla\Firefox\Profiles\124vuhh6.default

FF Homepage: hxxp://www.google.de/

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()

FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)

FF Plugin-x32: @graphisoft.com/GDL Web Plug-in - C:\Program Files (x86)\GRAPHISOFT\GDLWebControl\npGDLMozilla.dll (Graphisoft SE)

FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin - C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\npArcPluginFF.dll (Perfect World Entertainment Inc)

FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)

FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\M.Schleusing\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\M.Schleusing\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml

FF Extension: Adblock Edge - C:\Users\M.Schleusing\AppData\Roaming\Mozilla\Firefox\Profiles\124vuhh6.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2013-09-09]

FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-12-08]

FF HKLM-x32\...\Firefox\Extensions: [{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}] - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}

FF Extension: Adobe Contribute Toolbar - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2013-02-11]

FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn

FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013-02-11]

FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-12-08]
 

Chrome: 

=======

CHR Extension: (Google Docs) - C:\Users\M.Schleusing\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-29]

CHR Extension: (Google Drive) - C:\Users\M.Schleusing\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-29]

CHR Extension: (YouTube) - C:\Users\M.Schleusing\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-16]

CHR Extension: (Google-Suche) - C:\Users\M.Schleusing\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-16]

CHR Extension: (Google Wallet) - C:\Users\M.Schleusing\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-25]

CHR Extension: (Google Mail) - C:\Users\M.Schleusing\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-16]

CHR HKCU\...\Chrome\Extension: [ngnjhfpfhadncgafgbneeljaginimmmk] - C:\Users\M.Schleusing\AppData\Local\CRE\ngnjhfpfhadncgafgbneeljaginimmmk.crx [2011-12-16]

CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [2011-12-16]

CHR HKLM-x32\...\Chrome\Extension: [ngnjhfpfhadncgafgbneeljaginimmmk] - C:\Users\M.Schleusing\AppData\Local\CRE\ngnjhfpfhadncgafgbneeljaginimmmk.crx [2011-12-16]

CHR StartMenuInternet: Google Chrome - C:\Users\M.Schleusing\AppData\Local\Google\Chrome\Application\chrome.exe
 

==================== Services (Whitelisted) =================
 

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-18] (Avira Operations GmbH & Co. KG)

R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-29] (Avira Operations GmbH & Co. KG)

R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1011768 2013-12-18] (Avira Operations GmbH & Co. KG)

R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2013-12-20] (APN LLC.)

S3 ArcService; C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe [88400 2013-12-19] (Perfect World Entertainment Inc)

R2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [625184 2009-04-19] ()

R2 McNeelUpdate; C:\Program Files (x86)\McNeelUpdate\5.0\McNeelUpdateService.exe [68192 2013-12-13] (Robert McNeel & Associates)

S3 MWLService; C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [305448 2009-09-10] (Egis Technology Inc.)

R2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [207904 2009-04-19] ()
 

==================== Drivers (Whitelisted) ====================
 

S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [38424 2010-10-18] (Google Inc)

R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2011-08-14] ()

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-18] (Avira Operations GmbH & Co. KG)

R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-18] (Avira Operations GmbH & Co. KG)

R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-01] (Avira Operations GmbH & Co. KG)

R1 cbfs3; C:\Windows\system32\drivers\cbfs3.sys [352144 2012-04-09] (EldoS Corporation)

R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [254528 2011-08-14] (DT Soft Ltd)

S3 ewsercd; C:\Windows\System32\DRIVERS\ewsercd.sys [112896 2011-05-17] (Huawei Technologies Co., Ltd.)

S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [246224 2009-12-07] (Huawei Technologies Co., Ltd.)

S3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [114304 2009-10-12] (Huawei Technologies Co., Ltd.)

R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2011-08-14] ()

S3 s1018bus; C:\Windows\System32\DRIVERS\s1018bus.sys [113704 2009-03-25] (MCCI Corporation)

S3 s1018mdfl; C:\Windows\System32\DRIVERS\s1018mdfl.sys [19496 2009-03-25] (MCCI Corporation)

S3 s1018mdm; C:\Windows\System32\DRIVERS\s1018mdm.sys [153128 2009-03-25] (MCCI Corporation)

S3 s1018mgmt; C:\Windows\System32\DRIVERS\s1018mgmt.sys [133160 2009-03-25] (MCCI Corporation)

S3 s1018nd5; C:\Windows\System32\DRIVERS\s1018nd5.sys [34856 2009-03-25] (MCCI Corporation)

S3 s1018obex; C:\Windows\System32\DRIVERS\s1018obex.sys [128552 2009-03-25] (MCCI Corporation)

S3 s1018unic; C:\Windows\System32\DRIVERS\s1018unic.sys [146472 2009-03-25] (MCCI Corporation)

S3 SipIMNDI; C:\Windows\System32\DRIVERS\SipIMNDI64.sys [28192 2009-10-15] (T-Systems International GmbH)

S3 zghsmdm; C:\Windows\System32\DRIVERS\zghsmdm.sys [122624 2011-01-13] (ZTE Incorporated)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)

S3 catchme; \??\C:\ComboFix\catchme.sys [X]

S3 hwusbfake; system32\DRIVERS\ewusbfake.sys [X]
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2014-02-08 20:42 - 2014-02-08 15:10 - 00000000 ____D () C:\FRST

2014-02-08 15:10 - 2014-02-08 15:11 - 00019150 _____ () C:\Users\M.Schleusing\Desktop\FRST.txt

2014-02-08 15:10 - 2014-02-08 11:38 - 02079744 _____ (Farbar) C:\Users\M.Schleusing\Desktop\FRST64.exe

2014-02-08 15:09 - 2014-02-08 15:09 - 00001913 _____ () C:\Users\M.Schleusing\Desktop\JRT.txt

2014-02-08 15:02 - 2014-02-08 15:02 - 00000000 ____D () C:\Windows\ERUNT

2014-02-08 14:57 - 2014-02-08 15:00 - 00000000 ____D () C:\AdwCleaner

2014-02-08 14:57 - 2014-02-08 14:55 - 01166132 _____ () C:\Users\M.Schleusing\Desktop\adwcleaner.exe

2014-02-08 14:57 - 2014-02-08 14:55 - 01037530 _____ (Thisisu) C:\Users\M.Schleusing\Desktop\JRT.exe

2014-02-08 14:42 - 2014-02-08 14:42 - 00024910 _____ () C:\ComboFix.txt

2014-02-08 14:04 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe

2014-02-08 14:04 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe

2014-02-08 14:04 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe

2014-02-08 14:04 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe

2014-02-08 14:04 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe

2014-02-08 14:04 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe

2014-02-08 14:04 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe

2014-02-08 14:04 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe

2014-02-08 14:01 - 2014-02-08 14:42 - 00000000 ____D () C:\Qoobox

2014-02-08 14:01 - 2014-02-08 14:37 - 00000000 ____D () C:\Windows\erdnt

2014-02-08 13:57 - 2014-02-08 13:55 - 05180173 ____R (Swearware) C:\Users\M.Schleusing\Desktop\ComboFix.exe

2014-02-07 15:50 - 2014-02-07 17:07 - 00000000 ____D () C:\Users\M.Schleusing\Desktop\Mappe

2014-02-04 20:16 - 2014-02-05 19:46 - 00019237 _____ () C:\Users\M.Schleusing\Desktop\spicker.odt

2014-02-01 13:48 - 2014-02-01 13:49 - 00000000 ____D () C:\Program Files (x86)\Cultures

2014-02-01 13:40 - 2014-02-01 13:40 - 00002920 _____ () C:\Windows\System32\Tasks\{FBBABE86-5183-484A-BDC3-FCDD519E2F66}

2014-02-01 13:40 - 2014-02-01 13:40 - 00002920 _____ () C:\Windows\System32\Tasks\{B5BB1036-B2A5-4C62-8989-2251A48B0FDC}

2014-02-01 13:34 - 2014-02-01 13:34 - 00002940 _____ () C:\Windows\System32\Tasks\{EECF1880-041C-4EF3-8274-BE09C7BC01D9}

2014-02-01 13:33 - 2014-02-01 13:33 - 00002940 _____ () C:\Windows\System32\Tasks\{9C76DAFE-2BF5-4AE5-9945-DE2E0B189A59}

2014-02-01 13:30 - 2014-02-01 13:30 - 00002940 _____ () C:\Windows\System32\Tasks\{D5573631-6F91-4B09-B594-F943C827214E}

2014-02-01 13:30 - 2014-02-01 13:30 - 00002940 _____ () C:\Windows\System32\Tasks\{436F74D0-51EC-4B98-9364-FD71D6EEDFA4}

2014-01-29 21:21 - 2014-01-29 21:34 - 00000132 _____ () C:\Users\M.Schleusing\AppData\Roaming\Adobe PNG Format CS5 Prefs

2014-01-25 13:20 - 2014-01-25 13:20 - 00275232 _____ () C:\Windows\Minidump\012514-20732-01.dmp

2014-01-23 19:09 - 2014-01-23 19:09 - 00000000 ____D () C:\Users\M.Schleusing\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup

2014-01-23 18:01 - 2014-01-29 17:56 - 00000000 ____D () C:\Users\M.Schleusing\Desktop\für gang

2014-01-23 15:28 - 2014-01-23 15:28 - 00275232 _____ () C:\Windows\Minidump\012314-20779-01.dmp

2014-01-21 21:47 - 2014-01-25 13:20 - 626339174 _____ () C:\Windows\MEMORY.DMP

2014-01-21 21:47 - 2014-01-21 21:47 - 00275232 _____ () C:\Windows\Minidump\012114-20623-01.dmp

2014-01-14 20:04 - 2014-01-14 20:04 - 00000000 ____D () C:\Users\M.Schleusing\AppData\Roaming\FoxTab

2014-01-11 19:23 - 2014-01-11 19:23 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_androidusb_01005.Wdf
 

==================== One Month Modified Files and Folders =======
 

2014-02-08 22:29 - 2010-09-08 16:56 - 00000000 ___RD () C:\Users\M.Schleusing\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

2014-02-08 15:11 - 2014-02-08 15:10 - 00019150 _____ () C:\Users\M.Schleusing\Desktop\FRST.txt

2014-02-08 15:10 - 2014-02-08 20:42 - 00000000 ____D () C:\FRST

2014-02-08 15:09 - 2014-02-08 15:09 - 00001913 _____ () C:\Users\M.Schleusing\Desktop\JRT.txt

2014-02-08 15:09 - 2009-07-14 05:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-02-08 15:09 - 2009-07-14 05:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-02-08 15:08 - 2011-09-18 19:07 - 00001148 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1377681411-3994106491-3036228621-1000UA.job

2014-02-08 15:05 - 2006-10-10 12:13 - 01257528 _____ () C:\Windows\WindowsUpdate.log

2014-02-08 15:02 - 2014-02-08 15:02 - 00000000 ____D () C:\Windows\ERUNT

2014-02-08 15:01 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-02-08 15:01 - 2009-07-14 05:51 - 00205964 _____ () C:\Windows\setupact.log

2014-02-08 15:00 - 2014-02-08 14:57 - 00000000 ____D () C:\AdwCleaner

2014-02-08 14:59 - 2011-09-18 19:13 - 00000000 ____D () C:\Users\M.Schleusing\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome

2014-02-08 14:59 - 2010-09-08 16:56 - 00001148 _____ () C:\Users\M.Schleusing\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

2014-02-08 14:59 - 2010-09-08 16:56 - 00001001 _____ () C:\Users\M.Schleusing\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk

2014-02-08 14:55 - 2014-02-08 14:57 - 01166132 _____ () C:\Users\M.Schleusing\Desktop\adwcleaner.exe

2014-02-08 14:55 - 2014-02-08 14:57 - 01037530 _____ (Thisisu) C:\Users\M.Schleusing\Desktop\JRT.exe

2014-02-08 14:42 - 2014-02-08 14:42 - 00024910 _____ () C:\ComboFix.txt

2014-02-08 14:42 - 2014-02-08 14:01 - 00000000 ____D () C:\Qoobox

2014-02-08 14:42 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default

2014-02-08 14:41 - 2013-03-01 14:45 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-02-08 14:37 - 2014-02-08 14:01 - 00000000 ____D () C:\Windows\erdnt

2014-02-08 14:25 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini

2014-02-08 14:24 - 2009-10-17 02:50 - 01553352 _____ () C:\Windows\PFRO.log

2014-02-08 13:55 - 2014-02-08 13:57 - 05180173 ____R (Swearware) C:\Users\M.Schleusing\Desktop\ComboFix.exe

2014-02-08 11:38 - 2014-02-08 15:10 - 02079744 _____ (Farbar) C:\Users\M.Schleusing\Desktop\FRST64.exe

2014-02-07 17:49 - 2013-09-22 16:48 - 00000084 _____ () C:\Users\M.Schleusing\AppData\Roaming\WB.CFG

2014-02-07 17:10 - 2012-03-20 21:13 - 00000000 ____D () C:\Users\M.Schleusing\Graphisoft

2014-02-07 17:09 - 2013-02-18 19:10 - 00000000 ____D () C:\Users\M.Schleusing\Documents\BIMx

2014-02-07 17:07 - 2014-02-07 15:50 - 00000000 ____D () C:\Users\M.Schleusing\Desktop\Mappe

2014-02-07 16:15 - 2011-08-22 09:46 - 00000000 ____D () C:\Users\M.Schleusing\Documents\für Studium

2014-02-07 16:08 - 2011-09-18 19:07 - 00001096 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1377681411-3994106491-3036228621-1000Core.job

2014-02-07 09:37 - 2009-07-14 06:13 - 01613412 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-02-07 09:37 - 2006-10-10 22:05 - 00696848 _____ () C:\Windows\system32\perfh007.dat

2014-02-07 09:37 - 2006-10-10 22:05 - 00148144 _____ () C:\Windows\system32\perfc007.dat

2014-02-05 21:11 - 2013-03-05 11:49 - 00000000 ____D () C:\Program Files (x86)\Steam

2014-02-05 19:46 - 2014-02-04 20:16 - 00019237 _____ () C:\Users\M.Schleusing\Desktop\spicker.odt

2014-02-05 18:41 - 2013-03-01 14:45 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-02-05 18:41 - 2013-03-01 14:45 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2014-02-05 18:41 - 2011-05-17 14:40 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-02-04 22:48 - 2013-09-26 12:22 - 00000220 _____ () C:\Users\M.Schleusing\Desktop\diablo fehler.txt

2014-02-02 20:21 - 2011-05-31 18:17 - 00000000 ____D () C:\Users\M.Schleusing\AppData\Local\CrashDumps

2014-02-01 13:49 - 2014-02-01 13:48 - 00000000 ____D () C:\Program Files (x86)\Cultures

2014-02-01 13:48 - 2006-10-10 12:32 - 00633932 _____ () C:\Windows\DirectX.log

2014-02-01 13:40 - 2014-02-01 13:40 - 00002920 _____ () C:\Windows\System32\Tasks\{FBBABE86-5183-484A-BDC3-FCDD519E2F66}

2014-02-01 13:40 - 2014-02-01 13:40 - 00002920 _____ () C:\Windows\System32\Tasks\{B5BB1036-B2A5-4C62-8989-2251A48B0FDC}

2014-02-01 13:34 - 2014-02-01 13:34 - 00002940 _____ () C:\Windows\System32\Tasks\{EECF1880-041C-4EF3-8274-BE09C7BC01D9}

2014-02-01 13:33 - 2014-02-01 13:33 - 00002940 _____ () C:\Windows\System32\Tasks\{9C76DAFE-2BF5-4AE5-9945-DE2E0B189A59}

2014-02-01 13:30 - 2014-02-01 13:30 - 00002940 _____ () C:\Windows\System32\Tasks\{D5573631-6F91-4B09-B594-F943C827214E}

2014-02-01 13:30 - 2014-02-01 13:30 - 00002940 _____ () C:\Windows\System32\Tasks\{436F74D0-51EC-4B98-9364-FD71D6EEDFA4}

2014-02-01 11:46 - 2013-03-22 19:17 - 00418646 _____ () C:\Windows\DPINST.LOG

2014-01-29 21:34 - 2014-01-29 21:21 - 00000132 _____ () C:\Users\M.Schleusing\AppData\Roaming\Adobe PNG Format CS5 Prefs

2014-01-29 17:56 - 2014-01-23 18:01 - 00000000 ____D () C:\Users\M.Schleusing\Desktop\für gang

2014-01-29 11:18 - 2009-07-14 06:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

2014-01-25 13:20 - 2014-01-25 13:20 - 00275232 _____ () C:\Windows\Minidump\012514-20732-01.dmp

2014-01-25 13:20 - 2014-01-21 21:47 - 626339174 _____ () C:\Windows\MEMORY.DMP

2014-01-25 13:20 - 2010-10-21 12:07 - 00000000 ____D () C:\Windows\Minidump

2014-01-23 19:09 - 2014-01-23 19:09 - 00000000 ____D () C:\Users\M.Schleusing\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup

2014-01-23 19:04 - 2011-08-19 16:01 - 00000000 ____D () C:\Users\M.Schleusing\AppData\Local\Paint.NET

2014-01-23 15:28 - 2014-01-23 15:28 - 00275232 _____ () C:\Windows\Minidump\012314-20779-01.dmp

2014-01-21 21:47 - 2014-01-21 21:47 - 00275232 _____ () C:\Windows\Minidump\012114-20623-01.dmp

2014-01-19 20:28 - 2013-01-01 22:25 - 00000000 ____D () C:\Users\M.Schleusing\AppData\Roaming\vlc

2014-01-15 21:54 - 2013-07-21 21:02 - 00000000 ____D () C:\Windows\system32\MRT

2014-01-15 21:54 - 2009-10-17 03:13 - 00000000 ____D () C:\ProgramData\Microsoft Help

2014-01-15 21:50 - 2012-08-13 13:01 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-01-15 11:43 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF

2014-01-15 11:35 - 2011-11-02 17:48 - 00000000 ____D () C:\Users\M.Schleusing\Desktop\ABI

2014-01-15 10:22 - 2013-11-05 13:03 - 00001990 _____ () C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk

2014-01-15 10:22 - 2009-10-17 02:49 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information

2014-01-14 20:04 - 2014-01-14 20:04 - 00000000 ____D () C:\Users\M.Schleusing\AppData\Roaming\FoxTab

2014-01-11 19:23 - 2014-01-11 19:23 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_androidusb_01005.Wdf

2014-01-09 16:59 - 2010-09-11 11:22 - 00000000 ____D () C:\Users\M.Schleusing\AppData\Roaming\Adobe
 

Some content of TEMP:

====================

C:\Users\M.Schleusing\AppData\Local\Temp\avgnt.exe

C:\Users\M.Schleusing\AppData\Local\Temp\Quarantine.exe
 
 

==================== Bamital & volsnap Check =================
 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 

LastRegBack: 2014-01-29 17:09
 

==================== End Of Log ============================

--- --- ---

Das Addition Log:

Code:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-02-2014

Ran by M.Schleusing at 2014-02-08 15:12:00

Running from C:\Users\M.Schleusing\Desktop

Boot Mode: Normal

==========================================================
 
 

==================== Security Center ========================
 

AV: Avira Desktop (Disabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

AS: Avira Desktop (Disabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 

==================== Installed Programs ======================
 

 Update for Microsoft Office 2007 (KB2508958) (x32 Version:  - Microsoft)

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden

Acer Backup Manager (x32 Version: 2.0.2.19 - NewTech Infosystems)

Acer eRecovery Management (x32 Version: 4.05.3005 - Acer Incorporated)

Acer Registration (x32 Version: 1.02.3006 - Acer Incorporated)

Acer ScreenSaver (x32 Version: 1.2.0812 - Acer Incorporated)

Acrobat.com (x32 Version: 1.6.65 - Adobe Systems Incorporated)

Adobe Acrobat X Pro - English, Français, Deutsch (x32 Version: 10.1.6 - Adobe Systems)

Adobe AIR (x32 Version: 2.5.1.17730 - Adobe Systems Inc.)

Adobe AIR (x32 Version: 2.5.1.17730 - Adobe Systems Inc.) Hidden

Adobe Community Help (x32 Version: 3.4.980 - Adobe Systems Incorporated.)

Adobe Community Help (x32 Version: 3.4.980 - Adobe Systems Incorporated.) Hidden

Adobe Content Viewer (x32 Version: 1.4.0 - Adobe Systems Incorporated)

Adobe Content Viewer (x32 Version: 1.4.0 - Adobe Systems Incorporated) Hidden

Adobe Creative Suite 5.5 Master Collection (x32 Version: 5.5 - Adobe Systems Incorporated)

Adobe Flash Player 12 ActiveX (x32 Version: 12.0.0.44 - Adobe Systems Incorporated)

Adobe Flash Player 12 Plugin (x32 Version: 12.0.0.44 - Adobe Systems Incorporated)

Adobe Reader 9.1 MUI (x32 Version: 9.1.0 - Adobe Systems Incorporated)

Adobe Story (x32 Version: 1.0.571 - Adobe Systems Incorporated)

Adobe Story (x32 Version: 1.0.571 - Adobe Systems Incorporated) Hidden

Adobe Widget Browser (x32 Version: 2.0 Build 230 - Adobe Systems Incorporated.)

Adobe Widget Browser (x32 Version: 2.0.230 - Adobe Systems Incorporated.) Hidden

Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden

AMD Catalyst Install Manager (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)

AMD DnD V1.0.19 (x32 Version: 1.0.19 - AMD) Hidden

Anno 1701 - Der Fluch des Drachen (x32 Version: 2.03 - Sunflowers)

Anno 1701 (x32 Version: 1.00 - Sunflowers)

Apple Application Support (x32 Version: 1.4.1 - Apple Inc.)

Apple Software Update (x32 Version: 2.1.1.116 - Apple Inc.)

Arc (x32 Version: 1.0.0.5510 - Perfect World Entertainment)

ArcaniA - Gothic 4 Patch (x32 Version:  - JoWooD Entertainment AG)

ArchiCAD 16 GER (Version: 16.0 - GRAPHISOFT)

ArchiCAD 17 GER (Version: 17.0 - GRAPHISOFT)

ATI AVIVO64 Codecs (Version: 10.11.0.41019 - ATI Technologies Inc.) Hidden

Avira Free Antivirus (x32 Version: 14.0.2.286 - Avira)

Avira SearchFree Toolbar (x32 Version: 12.10.0.2948 - APN, LLC)

Backup Manager Advance (x32 Version: 2.0.2.19 - NewTech Infosystems) Hidden

Black & White® 2 (x32 Version: 1.00.0000 - Lionhead Studios)

BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden

C4700 (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden

Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden

Catalyst Control Center Core Implementation (x32 Version: 2009.1019.2131.36819 - ATI) Hidden

Catalyst Control Center Graphics Full Existing (x32 Version: 2009.1019.2131.36819 - ATI) Hidden

Catalyst Control Center Graphics Full New (x32 Version: 2009.1019.2131.36819 - ATI) Hidden

Catalyst Control Center Graphics Light (x32 Version: 2009.1019.2131.36819 - ATI) Hidden

Catalyst Control Center Graphics Previews Vista (x32 Version: 2009.1019.2131.36819 - ATI) Hidden

Catalyst Control Center InstallProxy (x32 Version: 2009.1019.2131.36819 - ATI Technologies, Inc.) Hidden

Catalyst Control Center InstallProxy (x32 Version: 2013.0320.2223.38347 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Localization All (x32 Version: 2009.1019.2131.36819 - ATI) Hidden

CCC Help Chinese Standard (x32 Version: 2009.1019.2130.36819 - ATI) Hidden

CCC Help Chinese Traditional (x32 Version: 2009.1019.2130.36819 - ATI) Hidden

CCC Help Czech (x32 Version: 2009.1019.2130.36819 - ATI) Hidden

CCC Help Danish (x32 Version: 2009.1019.2130.36819 - ATI) Hidden

CCC Help Dutch (x32 Version: 2009.1019.2130.36819 - ATI) Hidden

CCC Help English (x32 Version: 2009.1019.2130.36819 - ATI) Hidden

CCC Help Finnish (x32 Version: 2009.1019.2130.36819 - ATI) Hidden

CCC Help French (x32 Version: 2009.1019.2130.36819 - ATI) Hidden

CCC Help German (x32 Version: 2009.1019.2130.36819 - ATI) Hidden

CCC Help Greek (x32 Version: 2009.1019.2130.36819 - ATI) Hidden

CCC Help Hungarian (x32 Version: 2009.1019.2130.36819 - ATI) Hidden

CCC Help Italian (x32 Version: 2009.1019.2130.36819 - ATI) Hidden

CCC Help Japanese (x32 Version: 2009.1019.2130.36819 - ATI) Hidden

CCC Help Korean (x32 Version: 2009.1019.2130.36819 - ATI) Hidden

CCC Help Norwegian (x32 Version: 2009.1019.2130.36819 - ATI) Hidden

CCC Help Polish (x32 Version: 2009.1019.2130.36819 - ATI) Hidden

CCC Help Portuguese (x32 Version: 2009.1019.2130.36819 - ATI) Hidden

CCC Help Russian (x32 Version: 2009.1019.2130.36819 - ATI) Hidden

CCC Help Spanish (x32 Version: 2009.1019.2130.36819 - ATI) Hidden

CCC Help Swedish (x32 Version: 2009.1019.2130.36819 - ATI) Hidden

CCC Help Thai (x32 Version: 2009.1019.2130.36819 - ATI) Hidden

CCC Help Turkish (x32 Version: 2009.1019.2130.36819 - ATI) Hidden

ccc-core-static (x32 Version: 2009.1019.2131.36819 - Ihr Firmenname) Hidden

ccc-utility64 (Version: 2009.1019.2131.36819 - ATI) Hidden

Compatibility Pack für 2007 Office System (x32 Version: 12.0.6612.1000 - Microsoft Corporation)

Cossacks - Back To War (x32 Version:  - )

Cultures - Die Entdeckung Vinlands (x32 Version:  - )

DAEMON Tools Lite (x32 Version: 4.40.2.0131 - DT Soft Ltd)

Dawn of War - Dark Crusade (x32 Version: 1.00.0000 - THQ)

Dawn of War - Soulstorm (x32 Version: 1.00.0000 - THQ)

Dawn of War - Soulstorm (x32 Version: 1.00.0000 - THQ) Hidden

Demigod (x32 Version:  - Stardock Entertainment, Inc.)

Demigod (x32 Version: 1.00 - Stardock Entertainment, Inc.) Hidden

Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden

DeviceDiscovery (x32 Version: 130.0.372.000 - Hewlett-Packard) Hidden

Diablo III (x32 Version:  - Blizzard Entertainment)

Die Sims™ 3 (x32 Version: 1.29.55 - Electronic Arts)

Die Sims™ 3 Einfach tierisch (x32 Version: 10.0.96 - Electronic Arts)

Die Sims™ 3 Traumkarrieren (x32 Version: 4.0.87 - Electronic Arts)

Empire Earth Ultimate Edition (x32 Version: 1.0 - The Games Company)

Empire: Total War (x32 Version:  - The Creative Assembly)

eSobi v2 (x32 Version: 2.0.4.000274 - esobi Inc.)

eSobi v2 (x32 Version: 2.0.4.000274 - esobi Inc.) Hidden

Fable III (x32 Version: 1.0.0002.131 - Microsoft Game Studios) Hidden

Floyd - Es gibt noch Helden (x32 Version:  - )

From Dust (x32 Version: 1.00.003 - Ubisoft)

Google Chrome (HKCU Version: 32.0.1700.107 - Google Inc.)

Google Update Helper (x32 Version: 1.3.23.0 - BonanzaDeals) Hidden <==== ATTENTION

Google+ Auto Backup (x32 Version: 1.0.21.81 - Google)

GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden

Hotkey Utility (x32 Version: 1.00.3004 - Acer Incorporated)

HP Customer Participation Program 13.0 (Version: 13.0 - HP)

HP Imaging Device Functions 13.0 (Version: 13.0 - HP)

HP Photosmart C4700 All-In-One Driver Software 13.0 Rel .6 (Version: 13.0 - HP)

HP Print Projects 1.0 (Version: 1.0 - HP)

HP Smart Web Printing 4.5 (Version: 4.5 - HP)

HP Solution Center 13.0 (Version: 13.0 - HP)

HP Update (x32 Version: 4.000.011.006 - Hewlett-Packard)

HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden

hpPrintProjects (x32 Version: 130.0.303.000 - Hewlett-Packard) Hidden

HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden

HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden

hpWLPGInstaller (x32 Version: 130.0.303.000 - Hewlett-Packard) Hidden

Identity Card (x32 Version: 1.00.3002 - Acer Incorporated)

ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden

Impossible Creatures (x32 Version:  - )

Impulse (x32 Version:  - Stardock)

Impulse (x32 Version: 1.0 - Stardock Corporation) Hidden

Java 7 Update 21 (x32 Version: 7.0.210 - Oracle)

Java Auto Updater (x32 Version: 2.1.9.5 - Sun Microsystems, Inc.) Hidden

Java(TM) 6 Update 22 (x32 Version: 6.0.220 - Oracle)

MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden

Mass Effect (x32 Version: 1.00 - Electronic Arts, Inc.)

Mass Effect 2 (x32 Version: 1.02 - Electronic Arts, Inc.)

Mass Effect™ 3 (x32 Version: 1.05.0.0 - Electronic Arts)

Memoria (x32 Version: 1.00 - Deep Silver)

Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)

Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden

Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation)

Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden

Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation)

Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden

Microsoft Age of Empires II (x32 Version:  - )

Microsoft Age of Empires II: The Conquerors Expansion (x32 Version:  - )

Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden

Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden

Microsoft Games for Windows - LIVE (x32 Version: 3.0.89.0 - Microsoft Corporation)

Microsoft Games for Windows - LIVE (x32 Version: 3.3.24.0 - Microsoft Corporation)

Microsoft Games for Windows - LIVE Redistributable (x32 Version: 3.5.92.0 - Microsoft Corporation)

Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden

Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003 - Microsoft Corporation)

Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Language Pack 2007 - German/Deutsch (x32 Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft Office Live Add-in 1.5 (x32 Version: 2.0.4024.1 - Microsoft Corporation)

Microsoft Office O MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office PowerPoint Viewer 2007 (German) (x32 Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden

Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden

Microsoft Office SharePoint Designer MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Suite Activation Assistant (x32 Version: 2.9 - Microsoft Corporation)

Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office X MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)

Microsoft Works (x32 Version: 9.7.0621 - Microsoft Corporation)

Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0 - Microsoft Corp.)

Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden

Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden

Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden

Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden

Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden

Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden

Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden

Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053 - Adobe) Hidden

Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000 - Adobe) Hidden

Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000 - Adobe) Hidden

Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden

Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000 - Adobe) Hidden

Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden

Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden

Microsoft_VC90_MFCLOC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden

Microsoft_VC90_MFCLOC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden

Might & Magic Heroes VI (x32 Version: 1.5.2 - Ubisoft)

Mobile Partner (x32 Version: 16.001.06.03.52 - Huawei Technologies Co.,Ltd)

Mozilla Firefox 26.0 (x86 de) (x32 Version: 26.0 - Mozilla)

Mozilla Maintenance Service (x32 Version: 26.0 - Mozilla)

MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden

MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0 - Microsoft Corporation)

MyWinLocker (x32 Version: 3.1.76.0 - Egis Technology Inc.)

Nero 9 Essentials (x32 Version:  - Nero AG)

Nero ControlCenter (x32 Version: 9.0.0.1 - Nero AG) Hidden

Nero DiscSpeed (x32 Version: 5.4.7.201 - Nero AG) Hidden

Nero DiscSpeed Help (x32 Version: 5.4.4.100 - Nero AG) Hidden

Nero DriveSpeed (x32 Version: 4.4.7.201 - Nero AG) Hidden

Nero DriveSpeed Help (x32 Version: 4.4.4.100 - Nero AG) Hidden

Nero Express Help (x32 Version: 9.4.9.100 - Nero AG) Hidden

Nero InfoTool (x32 Version: 6.4.7.201 - Nero AG) Hidden

Nero InfoTool Help (x32 Version: 6.4.4.100 - Nero AG) Hidden

Nero Installer (x32 Version: 4.4.8.1 - Nero AG) Hidden

Nero Online Upgrade (x32 Version: 1.3.0.0 - Nero AG) Hidden

Nero StartSmart (x32 Version: 9.4.11.209 - Nero AG) Hidden

Nero StartSmart Help (x32 Version: 9.4.11.208 - Nero AG) Hidden

Nero StartSmart OEM (x32 Version: 9.16.0.100 - Nero AG) Hidden

NeroExpress (x32 Version: 9.4.10.505 - Nero AG) Hidden

neroxml (x32 Version: 1.0.0 - Nero AG) Hidden

Network64 (Version: 130.0.572.000 - Hewlett-Packard) Hidden

Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden

NVIDIA Drivers (Version: 1.7 - NVIDIA Corporation)

NVIDIA ForceWare Network Access Manager (Version: 1.00.7305 - NVIDIA Corporation) Hidden

NVIDIA ForceWare Network Access Manager (x32 Version:  - )

NVIDIA PhysX (x32 Version: 9.11.1107 - NVIDIA Corporation)

OpenOffice.org 3.3 (x32 Version: 3.3.9567 - OpenOffice.org)

Origin (x32 Version: 8.6.0.357 - Electronic Arts, Inc.)

Paint.NET v3.5.10 (Version: 3.60.0 - dotPDN LLC)

PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden

PDF24 Creator 5.4.0 (x32 Version:  - PDF24.org)

PDFCreator (x32 Version: 1.2.3 - Frank Heindörfer, Philip Chinery)

Picasa 3 (x32 Version: 3.9 - Google, Inc.)

PS_AIO_06_C4700_SW_Min (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden

PxMergeModule (x32 Version: 1.00.0000 - Your Company Name) Hidden

QuickTime (x32 Version: 7.69.80.9 - Apple Inc.)

RAD Video Tools (x32 Version:  - )

Realtek High Definition Audio Driver (x32 Version: 6.0.1.5898 - Realtek Semiconductor Corp.)

Rhinoceros 5 (64-bit) (Version: 5.1.30129.1756 - Robert McNeel & Associates)

Rhinoceros 5 (x32 Version: 5.7.31213.18395 - Robert McNeel & Associates)

Rhinoceros 5.0 Help Media (x32 Version: 5.1.20828.1435 - Robert McNeel & Associates)

Rhinoceros 5.0 Language Pack Installer (de-DE) (x32 Version: 5.1.20905.0935 - Robert McNeel & Associates)

RIFT (HKCU Version:  - Trion Worlds, Inc.)

Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden

ScummVM 1.6.0 (x32 Version:  - The ScummVM Team)

Shop for HP Supplies (Version: 13.0 - HP)

SmartWebPrinting (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden

SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden

Sony Ericsson Update Engine (x32 Version: 2.13.6.201305161305 - Sony Ericsson Communications AB)

Sony PC Companion 2.10.188 (x32 Version: 2.10.188 - Sony)

SPORE™ (x32 Version: 1.00.0000 - Electronic Arts)

Status (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden

Steam (x32 Version: 1.0.0.0 - Valve Corporation)

Team Fortress 2 (x32 Version:  - Valve)

The Elder Scrolls V: Skyrim (x32 Version:  - Bethesda Game Studios)

The Movies(TM) (x32 Version: 1.0 - Activision)

The Movies(TM) (x32 Version: 1.0 - Activision) Hidden

The Next BIG Thing (Deutsch) (x32 Version: 1.00 - CRIMSON COW)

The Witcher 2 (x32 Version: 1.00.0000 - CD Projekt Red)

The Witcher Enhanced Edition (x32 Version: 1.00.0000 - CD Projekt Red)

Tomb Raider (x32 Version:  - Crystal Dynamics)

Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden

TrayApp (x32 Version: 130.0.376.000 - Hewlett-Packard) Hidden

Trine (x32 Version:  - Frozenbyte)

Trine 2 (x32 Version:  - Frozenbyte)

Ubisoft Game Launcher (x32 Version: 1.0.0.0 - UBISOFT)

Update for 2007 Microsoft Office System (KB967642) (x32 Version:  - Microsoft)

Update for Foxtab (HKCU Version:  - Update for Foxtab) <==== ATTENTION

Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1 - Microsoft Corporation)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1 - Microsoft Corporation)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1 - Microsoft Corporation)

Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1 - Microsoft Corporation)

Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1 - Microsoft Corporation)

Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1 - Microsoft Corporation)

Update for Microsoft Office 2007 Help for Common Features (KB963673) (x32 Version:  - Microsoft)

Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32 Version:  - Microsoft)

Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32 Version:  - Microsoft)

Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32 Version:  - Microsoft)

Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32 Version:  - Microsoft)

Update for Microsoft Office Excel 2007 Help (KB963678) (x32 Version:  - Microsoft)

Update for Microsoft Office OneNote 2007 Help (KB963670) (x32 Version:  - Microsoft)

Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (x32 Version:  - Microsoft)

Update for Microsoft Office Powerpoint 2007 Help (KB963669) (x32 Version:  - Microsoft)

Update for Microsoft Office Script Editor Help (KB963671) (x32 Version:  - Microsoft)

Update for Microsoft Office Word 2007 Help (KB963665) (x32 Version:  - Microsoft)

Update für Microsoft Office Excel 2007 Help (KB963678) (x32 Version:  - Microsoft)

Update für Microsoft Office Outlook 2007 Help (KB963677) (x32 Version:  - Microsoft)

Update für Microsoft Office Powerpoint 2007 Help (KB963669) (x32 Version:  - Microsoft)

Update für Microsoft Office Word 2007 Help (KB963665) (x32 Version:  - Microsoft)

Viva Piñata (x32 Version: 1.00.0000 - Microsoft Game Studios)

Viva Pinata (x32 Version: 1.00.0000 - Microsoft Game Studios) Hidden

VLC media player 2.0.5 (Version: 2.0.5 - VideoLAN)

Warhammer 40,000: Dawn Of War - Gold Edition (x32 Version: 1.51 - THQ)

Warlords Battlecry III (x32 Version: W4PCA0.8 - )

Warsow 1.0 (x32 Version: 1.0 - Chasseur de bots)

WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden

Welcome Center (x32 Version: 1.00.3008 - Acer Incorporated)

Windows Live Communications Platform (x32 Version: 14.0.8064.206 - Microsoft Corporation) Hidden

Windows Live Essentials (x32 Version: 14.0.8089.0726 - Microsoft Corporation)

Windows Live Essentials (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden

Windows Live Fotogalerie (x32 Version: 14.0.8081.709 - Microsoft Corporation) Hidden

Windows Live ID Sign-in Assistant (Version: 6.500.3165.0 - Microsoft Corporation)

Windows Live Movie Maker (x32 Version: 14.0.8091.0730 - Microsoft Corporation) Hidden

Windows Live Sync (x32 Version: 14.0.8089.726 - Microsoft Corporation)

Windows Live Writer (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden

WinRAR 4.01 (32-Bit) (x32 Version: 4.01.0 - win.rar GmbH)

Wuala (HKCU Version: 1.0.444.0 - LaCie)

Wuala CBFS (x32 Version: 3.2.107.0 - LaCie)

Yahoo! Toolbar (x32 Version:  - )
 

==================== Restore Points  =========================
 

12-01-2014 21:41:51 Windows Update

15-01-2014 09:23:48 Sony PC Companion

15-01-2014 20:49:37 Windows Update

25-01-2014 10:36:47 Geplanter Prüfpunkt

01-02-2014 10:45:40 Sony PC Companion
 

==================== Hosts content: ==========================
 

2009-07-14 03:34 - 2014-02-08 14:24 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost
 

==================== Scheduled Tasks (whitelisted) =============
 

Task: {05B9978B-2118-4430-ABE4-5E82966677A0} - \Funmoods No Task File

Task: {081DA528-25E0-4594-B1E9-3B6D70F47E1F} - System32\Tasks\{43CC6C0D-B818-4F01-BF8C-04E3CB6FD380} => D:\Age of Empires 2\EMPIRES2.EXE [2000-07-29] (Microsoft Corporation)

Task: {0FECA8B4-1491-49C2-80FC-3C0CDF3C1E8E} - System32\Tasks\{EECF1880-041C-4EF3-8274-BE09C7BC01D9} => D:\Cultures\Cultures.exe

Task: {19728C3B-C7BA-4ED0-B828-788655891A6B} - System32\Tasks\{D5573631-6F91-4B09-B594-F943C827214E} => D:\Cultures\Cultures.exe

Task: {2B2AB601-8928-4513-AF70-C134AE1AEEB0} - System32\Tasks\{FBBABE86-5183-484A-BDC3-FCDD519E2F66} => E:\DX7Ager.exe [1999-12-20] (Microsoft Corporation)

Task: {2C1719DA-0E74-4AE7-9F38-8A9E01BA9201} - System32\Tasks\{357EF36A-2051-4253-8254-B7215E398144} => C:\Users\M.Schleusing\Cossacks\Cossacks - Back To War\dmcr.exe [2002-08-22] (-GSC-)

Task: {496AF377-8822-410F-A393-D5E76C893601} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2009-07-14] (Microsoft Corporation)

Task: {4D9DAC98-132E-4114-B1D0-E0592AA367E0} - System32\Tasks\{7F4824AF-855D-4B8C-945B-D2EB79EB644A} => C:\Program Files (x86)\The Witcher 2\launcher.exe

Task: {5F989159-CF0C-424A-B9D0-D60F1B628228} - System32\Tasks\{97013C60-E492-4F8C-9BF4-BF1AC26E29D4} => C:\Users\M.Schleusing\Cossacks\Cossacks - Back To War\dmcr.exe [2002-08-22] (-GSC-)

Task: {707E523E-17D0-4603-AE50-9CE5FD5E2E00} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1377681411-3994106491-3036228621-1000UA => C:\Users\M.Schleusing\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-09] (Google Inc.)

Task: {934571BC-0C81-49DE-B304-AF2489750FE0} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-05] (Adobe Systems Incorporated)

Task: {AB6A7DC3-461B-4FFC-A8E3-E4A4D37F50F9} - System32\Tasks\{79FEA238-AAF9-4713-9B04-58DD0ED6F4C9} => C:\Users\M.Schleusing\Cossacks\Cossacks - Back To War\dmcr.exe [2002-08-22] (-GSC-)

Task: {BE0165E8-BB3B-4DD4-863E-B758B5591805} - System32\Tasks\{B5BB1036-B2A5-4C62-8989-2251A48B0FDC} => E:\DX7Ager.exe [1999-12-20] (Microsoft Corporation)

Task: {C490A810-55F1-4F29-8384-92D1124B8B35} - System32\Tasks\{9C76DAFE-2BF5-4AE5-9945-DE2E0B189A59} => D:\Cultures\Cultures.exe

Task: {CE75826A-9026-431A-8433-3C90E229EDE9} - System32\Tasks\{436F74D0-51EC-4B98-9364-FD71D6EEDFA4} => D:\Cultures\Cultures.exe

Task: {D7D7F078-B076-4721-9754-D7B90948248D} - System32\Tasks\AdobeAAMUpdater-1.0-MSchleusing-PC-M.Schleusing => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2011-03-30] (Adobe Systems Incorporated)

Task: {EF7839C0-BC03-409F-9806-AC3B08E05344} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1377681411-3994106491-3036228621-1000Core => C:\Users\M.Schleusing\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-09] (Google Inc.)

Task: {F069E0B5-2C18-43DA-AF0A-64C68C0518F5} - System32\Tasks\{27ADA48D-B0F0-41EC-947B-6EB0EDCA2C69} => C:\Program Files (x86)\The Witcher 2\launcher.exe

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1377681411-3994106491-3036228621-1000Core.job => C:\Users\M.Schleusing\AppData\Local\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1377681411-3994106491-3036228621-1000UA.job => C:\Users\M.Schleusing\AppData\Local\Google\Update\GoogleUpdate.exe
 

==================== Loaded Modules (whitelisted) =============
 

2009-08-14 09:55 - 2009-08-14 09:55 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll

2006-10-10 12:21 - 2006-10-10 12:21 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll

2011-08-11 22:21 - 2011-05-28 21:05 - 00164864 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll

2013-08-06 08:36 - 2013-08-05 13:26 - 00394824 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll

2009-02-03 01:33 - 2009-02-03 01:33 - 00460199 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll

2008-09-29 01:55 - 2008-09-29 01:55 - 01076224 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\ACE.dll

2013-03-22 19:16 - 2012-04-30 10:57 - 00039936 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\TMonitorAPI.dll

2013-03-22 19:16 - 2013-09-13 10:02 - 00208896 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\MExplorer.dll

2011-07-07 14:54 - 2011-07-07 14:54 - 00233984 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\Report.dll

2013-04-19 08:22 - 2013-05-20 11:58 - 00620718 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\sqlite3.dll

2013-11-20 15:56 - 2013-11-20 15:56 - 00668672 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\PhoneUpdate.dll

2009-08-18 08:31 - 2009-08-18 08:31 - 00163840 _____ () C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyHook.dll
 

==================== Alternate Data Streams (whitelisted) =========
 

AlternateDataStreams: C:\ProgramData\TEMP:0B9176C0

AlternateDataStreams: C:\ProgramData\TEMP:444C53BA

AlternateDataStreams: C:\ProgramData\TEMP:4CF61E54

AlternateDataStreams: C:\ProgramData\TEMP:4D066AD2

AlternateDataStreams: C:\ProgramData\TEMP:93DE1838

AlternateDataStreams: C:\ProgramData\TEMP:AB689DEA

AlternateDataStreams: C:\ProgramData\TEMP:ABE89FFE

AlternateDataStreams: C:\ProgramData\TEMP:B606BA34

AlternateDataStreams: C:\ProgramData\TEMP:E1F04E8D
 

==================== Safe Mode (whitelisted) ===================
 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"
 

==================== Faulty Device Manager Devices =============
 
 

==================== Event log errors: =========================
 

Application errors:

==================
 

System errors:

=============
 

Microsoft Office Sessions:

=========================
 

CodeIntegrity Errors:

===================================

  Date: 2014-02-08 14:18:50.707

  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
 

  Date: 2014-02-08 14:18:50.488

  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
 
 

==================== Memory info =========================== 
 

Percentage of memory in use: 32%

Total physical RAM: 4094.55 MB

Available physical RAM: 2783.87 MB

Total Pagefile: 8187.24 MB

Available Pagefile: 6509.98 MB

Total Virtual: 8192 MB

Available Virtual: 8191.83 MB
 

==================== Drives ================================
 

Drive c: (Acer) (Fixed) (Total:458.87 GB) (Free:191.85 GB) NTFS

Drive d: (DATA) (Fixed) (Total:458.87 GB) (Free:70.51 GB) NTFS

Drive e: (Cultures) (CDROM) (Total:0.19 GB) (Free:0 GB) CDFS

Drive k: () (Removable) (Total:7.53 GB) (Free:7.52 GB) FAT32
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (Size: 932 GB) (Disk ID: 8406D83F)

Partition 1: (Not Active) - (Size=14 GB) - (Type=27)

Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=459 GB) - (Type=07 NTFS)

Partition 4: (Not Active) - (Size=459 GB) - (Type=07 NTFS)
 

========================================================

Disk: 3 (MBR Code: Windows XP) (Size: 8 GB) (Disk ID: C3072E18)

Partition 1: (Active) - (Size=8 GB) - (Type=0B)
 

==================== End Of Log ============================