Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Explorer stürzt ohne erkennbaren Grund ab (https://www.trojaner-board.de/152040-explorer-stuerzt-ohne-erkennbaren-grund-ab.html)

Bastian 76 05.04.2014 12:54
Explorer stürzt ohne erkennbaren Grund ab
 
Liste der Anhänge anzeigen (Anzahl: 1)
Hallo und Guten Tag ,
leider habe ich das Problem das mein Explorer öfter abstürzt ,es passiert in verschiedensten Momenten also ohne erkennbares System.

Ich habe bisher :
mbar-1.07.0.1009 - Malwarebytes Anti-Rootkit durchlaufen lassen (ohne Funde) ,
Malwarebytes Anti-Malware - (ohne Funde) ,
cmd - sfc /scannow - Windows Systemdateien reparieren (keine Fehler),
HijackThis - laut Userbewertung,Logfilauswertung (ohne Funde)
Als letztes habe ich wie im Forum Schritt für Schritt beschrieben den Farbar Service Scanner und im Anschluss Farbar Recovery Scan Tool FRST durchlaufen lassen .
Hierbei wurde wohl etwas gefunden und in den Logs aufgeführt ,ich poste im Anhang
die verschiedenen Logs .

Hiermit bitte ich um Hilfe und Unterstützung bei meinem Problem ,vielen dank im voraus.

Mfg
Bastian B.

M-K-D-B 05.04.2014 12:58
:hallo:


Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.


Bitte beachte folgende Hinweise:
  • Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support unterbrechen bis jegliche Art von illegaler Software vom Rechner entfernt wurde.
  • Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags.
  • Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
  • Solltest du mir nicht innerhalb von 4 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo.
    Solltest du einmal länger abwesend sein, so gib mir bitte Bescheid!
  • Während der Bereinigung bitte nichts installieren oder deinstallieren, außer ich bitte dich darum!
  • Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort zu starten!
    Ich kann Dir niemals eine Garantie geben, dass auch ich alles finde. Eine Formatierung ist meist der schnellere und immer der sicherste Weg.
    Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.





Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Bastian 76 05.04.2014 13:38
Hallo Matthias ,
erstmal vielen Dank für deine schnelle Rückmedlung und deine professionelle Hilfe .
Wie gewünscht habe ich die Combofix.exe durchlaufen lassen ,es gabe nur einmal kurz eine Frage ob ich ESET Smart Security wirklich schliessen (ich drückte auf ja und das war es an Meldungen .

Hier nun der gewünschten Log :

Code:
ComboFix 14-04-05.01 - BlackUser 05.04.2014  14:13:48.1.4 - x86
Microsoft Windows 7 Professional  6.1.7601.1.1252.49.1031.18.3582.2045 [GMT 2:00]
ausgeführt von:: c:\users\BlackUser\Desktop\ComboFix.exe
AV: ESET Smart Security 7.0 *Disabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
FW: ESET Personal Firewall *Disabled* {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
SP: ESET Smart Security 7.0 *Disabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\xp-AntiSpy
c:\program files\xp-AntiSpy\Uninstall.exe
c:\program files\xp-AntiSpy\xp-AntiSpy.chm
c:\program files\xp-AntiSpy\xp-AntiSpy.exe
c:\program files\xp-AntiSpy\xp-AntiSpy.url
c:\users\BlackUser\4.0
c:\windows\system32\uxt473.tmp
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
.
(((((((((((((((((((((((  Dateien erstellt von 2014-03-05 bis 2014-04-05  ))))))))))))))))))))))))))))))
.
.
2014-04-05 12:19 . 2014-04-05 12:23        --------        d-----w-        c:\users\BlackUser\AppData\Local\temp
2014-04-05 11:21 . 2014-03-07 04:35        7969936        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{C84790CB-7B05-48B8-AE80-4A52D058B788}\mpengine.dll
2014-04-05 11:16 . 2014-04-05 11:24        --------        d-----w-        C:\FRST
2014-04-05 10:48 . 2014-04-05 10:57        --------        d-----w-        c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-04-05 10:48 . 2014-04-05 10:48        107224        ----a-w-        c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-04-05 10:46 . 2014-04-05 10:46        75480        ----a-w-        c:\windows\system32\drivers\mbamchameleon.sys
2014-04-05 10:20 . 2014-04-05 10:21        --------        d-----w-        c:\users\BlackUser\AppData\Local\ElevatedDiagnostics
2014-04-03 10:45 . 2014-04-03 10:45        --------        d-----w-        c:\users\BlackUser\AppData\Roaming\ProductData
2014-04-03 10:45 . 2014-04-03 10:50        --------        d-----w-        c:\programdata\IObit
2014-04-03 10:45 . 2014-04-03 10:45        --------        d-----w-        c:\programdata\ProductData
2014-04-03 10:45 . 2014-04-03 10:45        --------        d-----w-        c:\program files\IObit
2014-04-02 15:28 . 2014-04-02 15:28        --------        d-----w-        c:\programdata\Xilisoft
2014-04-02 15:28 . 2014-04-02 15:28        --------        d-----w-        c:\program files\Xilisoft
2014-03-11 12:21 . 2014-01-09 02:22        5694464        ----a-w-        c:\windows\system32\mstscax.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-29 15:13 . 2012-04-11 16:22        692616        ----a-w-        c:\windows\system32\FlashPlayerApp.exe
2014-03-29 15:13 . 2011-05-15 08:43        71048        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-12 08:28 . 2012-07-12 08:28        2174976        ----a-w-        c:\program files\Common Files\atimpenc.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}]
2014-04-03 10:45        752960        ----a-w-        c:\program files\IObit\IObit Uninstaller\UninstallExplorer32.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
2013-04-26 12:47        280736        ----a-w-        c:\program files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-07-12 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1425208]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2013-09-12 5110672]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2011-2-18 813584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 11:28        72208        ----a-w-        c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^DFX.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\DFX.lnk
backup=c:\windows\pss\DFX.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Skype"="c:\program files\Skype\Phone\Skype.exe" /minimized /regrun
"KiesPDLR"=c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
"Google Update"="c:\users\BlackUser\AppData\Local\Google\Update\GoogleUpdate.exe" /c
"KiesPreload"=c:\program files\Samsung\Kies\Kies.exe /preload
"KiesAirMessage"=c:\program files\Samsung\Kies\KiesAirMessage.exe -startup
"Sony PC Companion"="c:\program files\Sony\Sony PC Companion\PCCompanion.exe" /Background
"iCloudServices"=c:\program files\Common Files\Apple\Internet Services\iCloudServices.exe
"Digiarty_Software_AirPlayit"="c:\program files\Digiarty\Air_Playit\airplayit.exe" -min
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe"
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
"D-Link D-Link Wireless N DWA-140"=c:\program files\D-Link\DWA-140 revB\AirNCFG.exe
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" /hide
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"MagicTuneLauncher"=c:\program files\MagicTune Premium\MagicTuneLauncher.exe
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"KiesTrayAgent"=c:\program files\Samsung\Kies\KiesTrayAgent.exe
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
.
R2 LiveUpdateSvc;LiveUpdate;c:\program files\IObit\LiveUpdate\LiveUpdate.exe [2014-04-03 2153792]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-10-23 172192]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-09-20 83168]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2012-12-25 12400]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-03-01 108032]
R3 netr28u;D-Link dnetr28u USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\Dnetr28u.sys [2010-05-05 855392]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 RTL2832UBDA;NOXON DAB Stick BDA Driver;c:\windows\system32\drivers\RTL2832UBDA.sys [2011-10-04 188160]
R3 RTL2832UUSB;NOXON DAB Stick USB Driver;c:\windows\system32\Drivers\RTL2832UUSB.sys [2011-10-04 33536]
R3 Sony PC Companion;Sony PC Companion;c:\program files\Sony\Sony PC Companion\PCCService.exe [2012-01-18 155320]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-09-20 181344]
R3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudserd.sys [2012-09-20 181344]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-10-02 49152]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2013-09-17 49240]
S1 anodlwf;ANOD Network Security Filter driver;c:\windows\system32\DRIVERS\anodlwf.sys [2009-03-06 12800]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2013-09-17 188808]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2013-09-17 134248]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [2013-09-17 37416]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-07-07 176128]
S2 D-Link Wireless N DWA-140_WPS;D-Link Wireless N DWA-140_WPS Service;c:\program files\D-Link\DWA-140 revB\ANIWConnService.exe [2010-06-03 53248]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2013-09-12 1337752]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2013-02-05 233472]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 TeamViewer9;TeamViewer 9;c:\program files\TeamViewer\Version9\TeamViewer_Service.exe [2014-02-05 4915040]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [2011-12-13 1527104]
S2 TwonkyProxy;TwonkyProxy;c:\program files\Twonky\TwonkyServer\twonkyproxy.exe [2013-03-27 881480]
S2 TwonkyServer;TwonkyServer;c:\program files\Twonky\TwonkyServer\twonkystarter.exe [2013-03-27 586568]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2013-02-05 37344]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\Drivers\LEqdUsb.Sys [2009-06-17 40720]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\Drivers\LHidEqd.Sys [2009-06-17 10384]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 22344]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [2011-07-07 10064]
S3 WFMC_VAD;WFMCVAD (WDM);c:\windows\system32\DRIVERS\wfmcvad.sys [2010-02-08 19456]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
Inhalt des "geplante Tasks" Ordners
.
2014-04-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore1ce1012e153d350.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-18 19:34]
.
2014-04-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore1ce83331cd77c90.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-18 19:34]
.
2014-04-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA1ce83331da21f90.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-18 19:34]
.
2014-04-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3561012100-737277942-265128044-1001Core1ce833321667a90.job
- c:\users\BlackUser\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-03 19:52]
.
2014-04-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3561012100-737277942-265128044-1001UA1cec9cb49d9d600.job
- c:\users\BlackUser\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-03 19:52]
.
2013-10-06 c:\windows\Tasks\Wise Registry Cleaner Schedule Task.job
- c:\program files\Wise\Wise Registry Cleaner\WiseRegCleaner.exe [2013-04-25 11:52]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube to MP3 Converter - c:\program files\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
IE: {{07BA1DA9-F501-4796-8728-74D1B91A6CD5} - c:\program files\PokerStars.EU\PokerStarsUpdate.exe
IE: {{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - c:\program files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
LSP: c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\BlackUser\AppData\Roaming\Mozilla\Firefox\Profiles\hd0l7f88.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-xp-AntiSpy - c:\program files\xp-AntiSpy\Uninstall.exe
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(7392)
c:\program files\Logitech\SetPoint\lgscroll.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\atieclxx.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\sppsvc.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-04-05  14:25:58 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2014-04-05 12:25
.
Vor Suchlauf: 10 Verzeichnis(se), 124.521.586.688 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 124.447.703.040 Bytes frei
.
- - End Of File - - 9097EB179E388E0AF8221190502AEFA7
A36C5E4F47E84449FF07ED3517B43A31

M-K-D-B 05.04.2014 13:55
Servus,


ok, FRST bitte neu ausführen:



Kontrollscan mit FRST
Führe wie zuvor beschrieben einen Scan mit FRST aus.
Setze dazu einen Haken bei Addition.txt rechts unten und klicke auf Scan.
Es werden zwei Logdateien erzeugt. Poste mir diese.

Bastian 76 05.04.2014 14:10
wie gewünscht die beiden Logdateien:
FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014  01
Ran by BlackUser (administrator) on BLACKUSER-PC on 05-04-2014 15:01:18
Running from C:\Users\BlackUser\Desktop
Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: Downloading Farbar Recovery Scan Tool
Download link for 64-Bit Version: Downloading Farbar Recovery Scan Tool
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\D-Link\DWA-140 revB\ANIWConnService.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
(Teruten) C:\Windows\system32\FsUsbExService.Exe
(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
() C:\Program Files\Twonky\TwonkyServer\twonkyproxy.exe
(PacketVideo) C:\Program Files\Twonky\TwonkyServer\twonkystarter.exe
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPoint\SetPoint.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Kernel and Hardware Abstraction Layer] - C:\Windows\KHALMNPR.EXE [55824 2009-06-17] (Logitech, Inc.)
HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\System32\LogiLDA.dll [1425208 2012-09-20] (Logitech, Inc.)
HKLM\...\Run: [egui] - C:\Program Files\ESET\ESET Smart Security\egui.exe [5110672 2013-09-12] (ESET)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logitech\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-3561012100-737277942-265128044-1001\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-07-12] (Google Inc.)
HKU\S-1-5-21-3561012100-737277942-265128044-1001\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-3561012100-737277942-265128044-1001\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-3561012100-737277942-265128044-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
GroupPolicyUsers\S-1-5-21-3561012100-737277942-265128044-1003\User: Group Policy restriction detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Sign In
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
SearchScopes: HKCU - {73821FBE-B390-4437-9A1E-0380C185BE43} URL = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7ADFA_deDE419
BHO: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll (IObit)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: DVDVideoSoft WebPageAdjuster Class - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Winsock: Catalog9 01 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [268832] (NVIDIA)
Winsock: Catalog9 02 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [268832] (NVIDIA)
Winsock: Catalog9 03 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [268832] (NVIDIA)
Winsock: Catalog9 04 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [268832] (NVIDIA)
Winsock: Catalog9 05 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [268832] (NVIDIA)
Winsock: Catalog9 06 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [268832] (NVIDIA)
Winsock: Catalog9 17 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [268832] (NVIDIA)
Winsock: Catalog9 18 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [268832] (NVIDIA)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\BlackUser\AppData\Roaming\Mozilla\Firefox\Profiles\hd0l7f88.default
FF Homepage: hxxp://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @playstation.com/PsndlCheck,version=1.00 - C:\Program Files\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
FF Plugin: @SonyCreativeSoftware.com/Media Go,version=1.0 - C:\Program Files\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\BlackUser\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\BlackUser\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\BlackUser\AppData\Roaming\Mozilla\Firefox\Profiles\hd0l7f88.default\searchplugins\11-suche.xml
FF SearchPlugin: C:\Users\BlackUser\AppData\Roaming\Mozilla\Firefox\Profiles\hd0l7f88.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\BlackUser\AppData\Roaming\Mozilla\Firefox\Profiles\hd0l7f88.default\searchplugins\firefox-add-ons.xml
FF SearchPlugin: C:\Users\BlackUser\AppData\Roaming\Mozilla\Firefox\Profiles\hd0l7f88.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\BlackUser\AppData\Roaming\Mozilla\Firefox\Profiles\hd0l7f88.default\searchplugins\google-ssl.xml
FF SearchPlugin: C:\Users\BlackUser\AppData\Roaming\Mozilla\Firefox\Profiles\hd0l7f88.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\BlackUser\AppData\Roaming\Mozilla\Firefox\Profiles\hd0l7f88.default\searchplugins\qrobeit-https.xml
FF SearchPlugin: C:\Users\BlackUser\AppData\Roaming\Mozilla\Firefox\Profiles\hd0l7f88.default\searchplugins\qrobeit.xml
FF SearchPlugin: C:\Users\BlackUser\AppData\Roaming\Mozilla\Firefox\Profiles\hd0l7f88.default\searchplugins\suche.xml
FF SearchPlugin: C:\Users\BlackUser\AppData\Roaming\Mozilla\Firefox\Profiles\hd0l7f88.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Users\BlackUser\AppData\Roaming\Mozilla\Firefox\Profiles\hd0l7f88.default\searchplugins\youtube.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: DoNotTrackMe: Online Privacy Protection - C:\Users\BlackUser\AppData\Roaming\Mozilla\Firefox\Profiles\hd0l7f88.default\Extensions\donottrackplus@abine.com [2014-04-05]
FF Extension: YouTube Unblocker - C:\Users\BlackUser\AppData\Roaming\Mozilla\Firefox\Profiles\hd0l7f88.default\Extensions\youtubeunblocker@unblocker.yt [2014-03-25]
FF Extension: WOT - C:\Users\BlackUser\AppData\Roaming\Mozilla\Firefox\Profiles\hd0l7f88.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-11-26]
FF Extension: DownloadHelper - C:\Users\BlackUser\AppData\Roaming\Mozilla\Firefox\Profiles\hd0l7f88.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-03-29]
FF Extension: FoxLingo - C:\Users\BlackUser\AppData\Roaming\Mozilla\Firefox\Profiles\hd0l7f88.default\Extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66} [2012-11-12]
FF Extension: GoogBar - C:\Users\BlackUser\AppData\Roaming\Mozilla\Firefox\Profiles\hd0l7f88.default\Extensions\29satnam@gmail.com.xpi [2013-12-13]
FF Extension: Adblock Plus Pop-up Addon - C:\Users\BlackUser\AppData\Roaming\Mozilla\Firefox\Profiles\hd0l7f88.default\Extensions\adblockpopups@jessehakanen.net.xpi [2014-04-05]
FF Extension: Video Downloader professional - C:\Users\BlackUser\AppData\Roaming\Mozilla\Firefox\Profiles\hd0l7f88.default\Extensions\ffext_basicvideoext@startpage24.xpi [2013-04-22]
FF Extension: Firebug - C:\Users\BlackUser\AppData\Roaming\Mozilla\Firefox\Profiles\hd0l7f88.default\Extensions\firebug@software.joehewitt.com.xpi [2011-12-28]
FF Extension: gui:config - C:\Users\BlackUser\AppData\Roaming\Mozilla\Firefox\Profiles\hd0l7f88.default\Extensions\guiconfig@slosd.net.xpi [2011-06-21]
FF Extension: SaveFrom.net helper - C:\Users\BlackUser\AppData\Roaming\Mozilla\Firefox\Profiles\hd0l7f88.default\Extensions\helper@savefrom.net.xpi [2013-04-09]
FF Extension: Thumbnail Zoom Plus - C:\Users\BlackUser\AppData\Roaming\Mozilla\Firefox\Profiles\hd0l7f88.default\Extensions\thumbnailZoom@dadler.github.com.xpi [2013-07-05]
FF Extension: WEB.DE MailCheck - C:\Users\BlackUser\AppData\Roaming\Mozilla\Firefox\Profiles\hd0l7f88.default\Extensions\toolbar@web.de.xpi [2012-08-18]
FF Extension: Youtube and more - Easy Video Downloader - C:\Users\BlackUser\AppData\Roaming\Mozilla\Firefox\Profiles\hd0l7f88.default\Extensions\vdpure@link64.xpi [2014-04-05]
FF Extension: QuickTime Helper Light - C:\Users\BlackUser\AppData\Roaming\Mozilla\Firefox\Profiles\hd0l7f88.default\Extensions\{2302e65c-3886-4cc4-bf4a-c3d54d660848}.xpi [2013-11-15]
FF Extension: Show MyIP - C:\Users\BlackUser\AppData\Roaming\Mozilla\Firefox\Profiles\hd0l7f88.default\Extensions\{6D1D11DB-3C6C-4db8-96E4-20F4A1088AAC}.xpi [2012-06-16]
FF Extension: NoScript - C:\Users\BlackUser\AppData\Roaming\Mozilla\Firefox\Profiles\hd0l7f88.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012-06-18]
FF Extension: ReloadEvery - C:\Users\BlackUser\AppData\Roaming\Mozilla\Firefox\Profiles\hd0l7f88.default\Extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}.xpi [2011-05-23]
FF Extension: {98afeb61-c805-4b05-b056-c069b21febd5} - C:\Users\BlackUser\AppData\Roaming\Mozilla\Firefox\Profiles\hd0l7f88.default\Extensions\{98afeb61-c805-4b05-b056-c069b21febd5}.xpi [2013-11-12]
FF Extension: Adblock Plus - C:\Users\BlackUser\AppData\Roaming\Mozilla\Firefox\Profiles\hd0l7f88.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-03-26]
FF Extension: BetterPrivacy - C:\Users\BlackUser\AppData\Roaming\Mozilla\Firefox\Profiles\hd0l7f88.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2013-01-31]
FF Extension: Tab Mix Plus - C:\Users\BlackUser\AppData\Roaming\Mozilla\Firefox\Profiles\hd0l7f88.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2011-06-22]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-04-02]
FF HKLM\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\ []
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2013-11-12]

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\BlackUser\AppData\Local\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\BlackUser\AppData\Local\Google\Chrome\Application\33.0.1750.154\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\BlackUser\AppData\Local\Google\Chrome\Application\33.0.1750.154\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (Java Deployment Toolkit 6.0.310.5) - C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Extension: (YouTube) - C:\Users\BlackUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-06-03]
CHR Extension: (Adblock Plus) - C:\Users\BlackUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2012-06-03]
CHR Extension: (Google-Suche) - C:\Users\BlackUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-06-03]
CHR Extension: (DVDVideoSoft Browser Extension) - C:\Users\BlackUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp [2013-04-29]
CHR Extension: (dict-cc) - C:\Users\BlackUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\nknonnojlmhnmjhpeokdbeineeajcemh [2013-02-07]
CHR Extension: (Google Wallet) - C:\Users\BlackUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-10]
CHR Extension: (Google Mail) - C:\Users\BlackUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-06-03]
CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [2013-04-29]
CHR StartMenuInternet: Google Chrome - C:\Users\BlackUser\AppData\Local\Google\Chrome\Application\chrome.exe

========================== Services (Whitelisted) =================

R2 D-Link Wireless N DWA-140_WPS; C:\Program Files\D-Link\DWA-140 revB\ANIWConnService.exe [53248 2010-06-03] ()
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [1337752 2013-09-12] (ESET)
R2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [387616 2009-07-23] ()
S3 LBTServ; C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe [121360 2009-07-20] (Logitech, Inc.)
S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2153792 2014-04-03] (IObit)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [655944 2012-07-03] (Malwarebytes Corporation)
R2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [178720 2009-07-23] ()
S3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155320 2012-01-18] (Avanquest Software)
R2 TwonkyProxy; C:\Program Files\Twonky\TwonkyServer\twonkyproxy.exe [881480 2013-03-27] ()
R2 TwonkyServer; C:\Program Files\Twonky\TwonkyServer\twonkystarter.exe [586568 2013-03-27] (PacketVideo)

==================== Drivers (Whitelisted) ====================

R1 anodlwf; C:\Windows\System32\DRIVERS\anodlwf.sys [12800 2009-03-06] ()
S3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [121080 2012-03-27] (SlySoft, Inc.)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [188808 2013-09-17] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [134248 2013-09-17] (ESET)
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [31088 2010-12-17] (Elaborate Bytes AG)
R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [174400 2013-09-17] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [37416 2013-09-17] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [49240 2013-09-17] (ESET)
R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [37344 2013-02-05] ()
R3 LEqdUsb; C:\Windows\System32\Drivers\LEqdUsb.Sys [40720 2009-06-17] (Logitech, Inc.)
R3 LHidEqd; C:\Windows\System32\Drivers\LHidEqd.Sys [10384 2009-06-17] (Logitech, Inc.)
R3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2Mon.sys [25752 2009-10-07] ()
R1 MagicTune; C:\Windows\system32\drivers\MTiCtwl.sys [14336 2010-04-22] (Samsung Electronics, Inc. )
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22344 2012-07-03] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()
S3 netr28u; C:\Windows\System32\DRIVERS\Dnetr28u.sys [855392 2010-05-05] (Ralink Technology Corp.)
S3 RTL2832UBDA; C:\Windows\System32\drivers\RTL2832UBDA.sys [188160 2011-10-04] (REALTEK SEMICONDUCTOR Corp.)
S3 RTL2832UUSB; C:\Windows\System32\Drivers\RTL2832UUSB.sys [33536 2011-10-04] (REALTEK SEMICONDUCTOR Corp.)
S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [181344 2012-09-20] (DEVGURU Co., LTD.(???? | ????? ???? ?????.))
R3 WFMC_VAD; C:\Windows\System32\DRIVERS\wfmcvad.sys [19456 2010-02-08] (WiFi Media Connect)
R3 catchme; \??\C:\Users\BLACKU~1\AppData\Local\Temp\catchme.sys [X]
S3 lmimirr; system32\DRIVERS\lmimirr.sys [X]
S0 PxHelp20; system32\DRIVERS\PxHelp20.sys [X]
U3 mbr; \??\C:\Users\BLACKU~1\AppData\Local\Temp\mbr.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-05 15:01 - 2014-04-05 15:01 - 00021545 _____ () C:\Users\BlackUser\Desktop\FRST.txt
2014-04-05 14:25 - 2014-04-05 14:25 - 00018156 _____ () C:\ComboFix.txt
2014-04-05 14:20 - 2014-04-05 14:20 - 00000944 _____ () C:\Windows\PFRO.log
2014-04-05 14:12 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-04-05 14:12 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-04-05 14:12 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-04-05 14:12 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-04-05 14:12 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-04-05 14:12 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-04-05 14:12 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-04-05 14:12 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-04-05 14:11 - 2014-04-05 14:26 - 00000000 ____D () C:\Qoobox
2014-04-05 14:11 - 2014-04-05 14:24 - 00000000 ____D () C:\Windows\erdnt
2014-04-05 14:08 - 2014-04-05 14:09 - 05193579 ____R (Swearware) C:\Users\BlackUser\Desktop\ComboFix.exe
2014-04-05 13:18 - 2014-04-05 13:18 - 00409600 _____ (Farbar) C:\Users\BlackUser\Desktop\FSS.exe
2014-04-05 13:16 - 2014-04-05 15:01 - 00000000 ____D () C:\FRST
2014-04-05 13:16 - 2014-04-05 13:16 - 01145856 _____ (Farbar) C:\Users\BlackUser\Desktop\FRST.exe
2014-04-05 13:09 - 2014-04-05 13:09 - 00009277 _____ () C:\Users\BlackUser\Desktop\hijackthis.log
2014-04-05 12:48 - 2014-04-05 12:57 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-04-05 12:48 - 2014-04-05 12:48 - 00107224 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-05 12:46 - 2014-04-05 12:46 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-05 12:42 - 2014-04-05 12:43 - 12589848 _____ (Malwarebytes Corp.) C:\Users\BlackUser\Desktop\mbar-1.07.0.1009.exe
2014-04-05 12:04 - 2014-04-05 14:20 - 00000392 _____ () C:\Windows\setupact.log
2014-04-05 12:04 - 2014-04-05 12:04 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-05 11:45 - 2014-04-05 11:45 - 02494677 _____ () C:\Users\BlackUser\Downloads\Mama  (Kauf-DVD).zip
2014-04-03 19:11 - 2014-04-03 19:11 - 03274467 _____ () C:\Users\BlackUser\Downloads\Conjuring (Die Heimsuchung) (1).zip
2014-04-03 19:07 - 2014-04-03 19:07 - 06992510 _____ () C:\Users\BlackUser\Downloads\Conjuring - Die Heimsuchung (1).zip
2014-04-03 12:45 - 2014-04-03 12:50 - 00000000 ____D () C:\ProgramData\IObit
2014-04-03 12:45 - 2014-04-03 12:45 - 00001210 _____ () C:\Users\BlackUser\AppData\Roaming\Microsoft\Windows\Start Menu\Uninstall Programs.lnk
2014-04-03 12:45 - 2014-04-03 12:45 - 00000000 ____D () C:\Users\BlackUser\AppData\Roaming\ProductData
2014-04-03 12:45 - 2014-04-03 12:45 - 00000000 ____D () C:\ProgramData\ProductData
2014-04-03 12:45 - 2014-04-03 12:45 - 00000000 ____D () C:\Program Files\IObit
2014-04-03 12:44 - 2014-04-03 12:44 - 12569408 _____ (IObit) C:\Users\BlackUser\Downloads\iobituninstaller.exe
2014-04-02 17:28 - 2014-04-02 17:28 - 00000000 ____D () C:\ProgramData\Xilisoft
2014-04-02 17:28 - 2014-04-02 17:28 - 00000000 ____D () C:\Program Files\Xilisoft
2014-04-02 17:09 - 2014-04-02 17:10 - 38156184 _____ () C:\Users\BlackUser\Downloads\x-video-converter-ultimate7-de-chip_v7.7.3.exe
2014-04-02 17:00 - 2014-04-02 17:00 - 03224200 _____ (WiseCleaner.com ) C:\Users\BlackUser\Downloads\WRCFree (9).exe
2014-04-02 16:40 - 2014-04-02 16:40 - 37546464 _____ () C:\Users\BlackUser\Downloads\x-video-converter-ultimate7-de (1).exe
2014-04-02 15:22 - 2014-04-02 15:22 - 02479187 _____ () C:\Users\BlackUser\Downloads\altbinz03915_Bastian (1).zip
2014-04-02 12:40 - 2014-04-02 12:41 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-04-02 12:35 - 2014-04-02 12:35 - 01609145 _____ () C:\Users\BlackUser\Downloads\wrar420d.exe
2014-03-29 17:15 - 2014-03-29 17:15 - 04787368 _____ (Piriform Ltd) C:\Users\BlackUser\Downloads\ccsetup412.exe
2014-03-25 15:06 - 2014-03-25 15:06 - 37293658 _____ () C:\Users\BlackUser\Downloads\Glasperlenspiel - Grenzenlos.zip
2014-03-14 15:31 - 2014-03-01 06:10 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-14 15:31 - 2014-03-01 05:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-14 15:31 - 2014-03-01 05:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-14 15:31 - 2014-03-01 05:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-14 15:31 - 2014-03-01 05:38 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-14 15:31 - 2014-03-01 05:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-14 15:31 - 2014-03-01 05:31 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-14 15:31 - 2014-03-01 04:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-14 15:31 - 2014-03-01 04:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-14 15:30 - 2014-03-01 06:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-14 15:30 - 2014-03-01 06:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-14 15:30 - 2014-03-01 05:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-14 15:30 - 2014-03-01 05:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-14 15:30 - 2014-03-01 05:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-14 15:30 - 2014-03-01 05:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-14 15:30 - 2014-03-01 05:25 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-14 15:30 - 2014-03-01 05:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-14 15:30 - 2014-03-01 05:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-14 15:30 - 2014-03-01 05:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-14 15:30 - 2014-03-01 05:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-14 15:30 - 2014-03-01 04:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-14 15:30 - 2014-03-01 04:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-14 15:30 - 2014-02-07 03:07 - 02349056 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-14 15:30 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-14 15:30 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-14 15:30 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-14 15:30 - 2014-01-28 04:07 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-14 15:28 - 2014-03-14 15:29 - 98566144 _____ () C:\Users\BlackUser\Downloads\msert (10).exe
2014-03-14 15:28 - 2014-03-14 15:28 - 25578720 _____ (Microsoft Corporation) C:\Users\BlackUser\Downloads\Windows-KB890830-V5.10.exe
2014-03-14 15:15 - 2014-03-14 15:16 - 00000000 _____ () C:\Users\BlackUser\Downloads\Conjuring (Die Heimsuchung).zip
2014-03-14 15:12 - 2014-03-14 15:12 - 00000000 _____ () C:\Users\BlackUser\Downloads\Conjuring - Die Heimsuchung.zip
2014-03-11 15:57 - 2014-03-11 15:58 - 04765152 _____ (Piriform Ltd) C:\Users\BlackUser\Downloads\ccsetup411.exe
2014-03-11 15:57 - 2014-03-11 15:58 - 04765152 _____ (Piriform Ltd) C:\Users\BlackUser\Downloads\ccsetup411 (1).exe
2014-03-11 14:21 - 2014-01-09 04:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll

==================== One Month Modified Files and Folders =======

2014-04-05 15:01 - 2014-04-05 15:01 - 00021545 _____ () C:\Users\BlackUser\Desktop\FRST.txt
2014-04-05 15:01 - 2014-04-05 13:16 - 00000000 ____D () C:\FRST
2014-04-05 14:47 - 2013-07-17 23:18 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1ce83331da21f90.job
2014-04-05 14:46 - 2013-10-15 19:23 - 00001136 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3561012100-737277942-265128044-1001UA1cec9cb49d9d600.job
2014-04-05 14:28 - 2009-07-14 06:34 - 00014640 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-05 14:28 - 2009-07-14 06:34 - 00014640 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-05 14:26 - 2014-04-05 14:11 - 00000000 ____D () C:\Qoobox
2014-04-05 14:26 - 2009-07-14 04:37 - 00000000 __RHD () C:\Users\Default
2014-04-05 14:26 - 2009-07-14 04:37 - 00000000 ___RD () C:\Users\Public
2014-04-05 14:25 - 2014-04-05 14:25 - 00018156 _____ () C:\ComboFix.txt
2014-04-05 14:25 - 2011-02-18 20:56 - 01629370 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-05 14:24 - 2014-04-05 14:11 - 00000000 ____D () C:\Windows\erdnt
2014-04-05 14:24 - 2012-07-10 21:15 - 01547809 _____ () C:\Windows\WindowsUpdate.log
2014-04-05 14:21 - 2013-07-17 23:17 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1ce83331cd77c90.job
2014-04-05 14:21 - 2013-02-21 11:07 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1ce1012e153d350.job
2014-04-05 14:21 - 2009-07-14 04:04 - 00000215 _____ () C:\Windows\system.ini
2014-04-05 14:20 - 2014-04-05 14:20 - 00000944 _____ () C:\Windows\PFRO.log
2014-04-05 14:20 - 2014-04-05 12:04 - 00000392 _____ () C:\Windows\setupact.log
2014-04-05 14:20 - 2013-04-07 14:04 - 00000000 ____D () C:\ProgramData\TwonkyServer
2014-04-05 14:20 - 2011-02-18 21:46 - 00000000 _____ () C:\Windows\system32\Drivers\lvuvc.hs
2014-04-05 14:20 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-05 14:09 - 2014-04-05 14:08 - 05193579 ____R (Swearware) C:\Users\BlackUser\Desktop\ComboFix.exe
2014-04-05 13:18 - 2014-04-05 13:18 - 00409600 _____ (Farbar) C:\Users\BlackUser\Desktop\FSS.exe
2014-04-05 13:16 - 2014-04-05 13:16 - 01145856 _____ (Farbar) C:\Users\BlackUser\Desktop\FRST.exe
2014-04-05 13:09 - 2014-04-05 13:09 - 00009277 _____ () C:\Users\BlackUser\Desktop\hijackthis.log
2014-04-05 12:57 - 2014-04-05 12:48 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-04-05 12:48 - 2014-04-05 12:48 - 00107224 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-05 12:46 - 2014-04-05 12:46 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-05 12:43 - 2014-04-05 12:42 - 12589848 _____ (Malwarebytes Corp.) C:\Users\BlackUser\Desktop\mbar-1.07.0.1009.exe
2014-04-05 12:04 - 2014-04-05 12:04 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-05 11:57 - 2013-01-15 16:17 - 00000000 ____D () C:\Users\BlackUser\AppData\Roaming\vlc
2014-04-05 11:45 - 2014-04-05 11:45 - 02494677 _____ () C:\Users\BlackUser\Downloads\Mama  (Kauf-DVD).zip
2014-04-03 19:11 - 2014-04-03 19:11 - 03274467 _____ () C:\Users\BlackUser\Downloads\Conjuring (Die Heimsuchung) (1).zip
2014-04-03 19:07 - 2014-04-03 19:07 - 06992510 _____ () C:\Users\BlackUser\Downloads\Conjuring - Die Heimsuchung (1).zip
2014-04-03 17:46 - 2013-07-17 23:18 - 00001084 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3561012100-737277942-265128044-1001Core1ce833321667a90.job
2014-04-03 12:50 - 2014-04-03 12:45 - 00000000 ____D () C:\ProgramData\IObit
2014-04-03 12:45 - 2014-04-03 12:45 - 00001210 _____ () C:\Users\BlackUser\AppData\Roaming\Microsoft\Windows\Start Menu\Uninstall Programs.lnk
2014-04-03 12:45 - 2014-04-03 12:45 - 00000000 ____D () C:\Users\BlackUser\AppData\Roaming\ProductData
2014-04-03 12:45 - 2014-04-03 12:45 - 00000000 ____D () C:\ProgramData\ProductData
2014-04-03 12:45 - 2014-04-03 12:45 - 00000000 ____D () C:\Program Files\IObit
2014-04-03 12:44 - 2014-04-03 12:44 - 12569408 _____ (IObit) C:\Users\BlackUser\Downloads\iobituninstaller.exe
2014-04-03 10:58 - 2012-04-30 18:21 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-04-02 18:24 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-04-02 17:28 - 2014-04-02 17:28 - 00000000 ____D () C:\ProgramData\Xilisoft
2014-04-02 17:28 - 2014-04-02 17:28 - 00000000 ____D () C:\Program Files\Xilisoft
2014-04-02 17:10 - 2014-04-02 17:09 - 38156184 _____ () C:\Users\BlackUser\Downloads\x-video-converter-ultimate7-de-chip_v7.7.3.exe
2014-04-02 17:06 - 2009-07-14 04:03 - 53215232 _____ () C:\Windows\system32\config\software.bak
2014-04-02 17:06 - 2009-07-14 04:03 - 00262144 _____ () C:\Windows\system32\config\default.bak
2014-04-02 17:06 - 2009-07-14 04:03 - 00098304 _____ () C:\Windows\system32\config\sam.bak
2014-04-02 17:06 - 2009-07-14 04:03 - 00024576 _____ () C:\Windows\system32\config\security.bak
2014-04-02 17:00 - 2014-04-02 17:00 - 03224200 _____ (WiseCleaner.com ) C:\Users\BlackUser\Downloads\WRCFree (9).exe
2014-04-02 16:40 - 2014-04-02 16:40 - 37546464 _____ () C:\Users\BlackUser\Downloads\x-video-converter-ultimate7-de (1).exe
2014-04-02 15:22 - 2014-04-02 15:22 - 02479187 _____ () C:\Users\BlackUser\Downloads\altbinz03915_Bastian (1).zip
2014-04-02 12:41 - 2014-04-02 12:40 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-04-02 12:35 - 2014-04-02 12:35 - 01609145 _____ () C:\Users\BlackUser\Downloads\wrar420d.exe
2014-03-29 17:15 - 2014-03-29 17:15 - 04787368 _____ (Piriform Ltd) C:\Users\BlackUser\Downloads\ccsetup412.exe
2014-03-29 17:15 - 2011-02-19 00:01 - 00000000 ____D () C:\Program Files\CCleaner
2014-03-29 17:13 - 2012-04-11 18:22 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-03-29 17:13 - 2011-05-15 10:43 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-03-25 15:06 - 2014-03-25 15:06 - 37293658 _____ () C:\Users\BlackUser\Downloads\Glasperlenspiel - Grenzenlos.zip
2014-03-14 15:38 - 2009-07-14 06:33 - 03714712 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-14 15:37 - 2012-07-10 20:36 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-14 15:29 - 2014-03-14 15:28 - 98566144 _____ () C:\Users\BlackUser\Downloads\msert (10).exe
2014-03-14 15:28 - 2014-03-14 15:28 - 25578720 _____ (Microsoft Corporation) C:\Users\BlackUser\Downloads\Windows-KB890830-V5.10.exe
2014-03-14 15:16 - 2014-03-14 15:15 - 00000000 _____ () C:\Users\BlackUser\Downloads\Conjuring (Die Heimsuchung).zip
2014-03-14 15:12 - 2014-03-14 15:12 - 00000000 _____ () C:\Users\BlackUser\Downloads\Conjuring - Die Heimsuchung.zip
2014-03-11 15:58 - 2014-03-11 15:57 - 04765152 _____ (Piriform Ltd) C:\Users\BlackUser\Downloads\ccsetup411.exe
2014-03-11 15:58 - 2014-03-11 15:57 - 04765152 _____ (Piriform Ltd) C:\Users\BlackUser\Downloads\ccsetup411 (1).exe
2014-03-11 14:21 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-02 14:54

==================== End Of Log ============================
--- --- ---
und hier die zweite :FRST Additions Logfile:
Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-03-2014  01
Ran by BlackUser at 2014-04-05 15:02:23
Running from C:\Users\BlackUser\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: ESET Smart Security 7.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET Smart Security 7.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
FW: ESET Personal Firewall (Enabled) {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}

==================== Installed Programs ======================

Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.7.0.19530 - Adobe Systems Incorporated)
Adobe AIR (Version: 2.7.0.19530 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 11 ActiveX (HKLM\...\{8A5F5F0A-BE2D-4763-B764-BF6EFE93A68B}) (Version: 11.5.502.146 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Help Center 2.0 (Version: 2.0.0 - Adobe Systems) Hidden
Adobe Reader XI (11.0.06) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM\...\Adobe Shockwave Player) (Version: 11.6.5.635 - Adobe Systems, Inc.)
Adobe Stock Photos 1.0 (Version: 1.0.1 - Adobe Systems) Hidden
Air Playit 2.0.0 (HKLM\...\Air Playit_is1) (Version:  - Digiarty)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - ATI Technologies Inc.) Hidden
AnyDVD (HKLM\...\AnyDVD) (Version: 7.0.4.0 - SlySoft)
Apple Application Support (HKLM\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{E14ADE0E-75F3-4A46-87E5-26692DD626EC}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ashampoo Burning Studio 2012 v.10.0.15 (HKLM\...\Ashampoo Burning Studio 2012_is1) (Version: 10.0.15 - Ashampoo GmbH & Co. KG)
ATI Catalyst Install Manager (HKLM\...\{0FEA9A38-B993-0969-3A78-4D5CDDACEFEE}) (Version: 3.0.782.0 - ATI Technologies, Inc.)
ATI Catalyst Registration (Version: 3.00.0000 - ATI Technologies Inc.) Hidden
AVM FRITZ!Box Dokumentation (HKLM\...\AVMFBox) (Version:  - AVM Berlin)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
calibre (HKLM\...\{7D69BF2B-6C60-4D0A-8A6C-BCFD025D5D84}) (Version: 1.17.0 - Kovid Goyal)
Canon MP Navigator EX 1.0 (HKLM\...\MP Navigator EX 1.0) (Version:  - )
Canon MP520 series (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP520_series) (Version:  - )
Canon MP520 series Benutzerregistrierung (HKLM\...\Canon MP520 series Benutzerregistrierung) (Version:  - )
Canon Utilities Easy-PhotoPrint EX (HKLM\...\Easy-PhotoPrint EX) (Version:  - )
Catalyst Control Center - Branding (Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (Version: 2010.0706.2128.36662 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (Version: 2010.0706.2128.36662 - ATI) Hidden
Catalyst Control Center InstallProxy (Version: 2010.0706.2128.36662 - ATI Technologies, Inc.) Hidden
CCC Help English (Version: 2010.0706.2127.36662 - ATI) Hidden
ccc-core-static (Version: 2010.0706.2128.36662 - Ihr Firmenname) Hidden
ccc-utility (Version: 2010.0706.2128.36662 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.12 - Piriform)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.4.1.3184 - CDBurnerXP)
CDDRV_Installer (Version: 4.60 - Logitech) Hidden
Cheat Engine 6.1 (HKLM\...\Cheat Engine 6.1_is1) (Version:  - Dark Byte)
CircleSurround II Plugin for Windows Media Player (HKLM\...\{135BFFD7-D9C1-4374-B18C-BEB64FC7851C}) (Version: 1.04.0200 - SRS Labs, Inc.)
CloneDVD2 (HKLM\...\CloneDVD2) (Version: 2.9.2.8 - Elaborate Bytes)
Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
DFX (HKLM\...\DFX) (Version: 10.134.0.0 - Power Technology)
D-Link DWA-140 (HKLM\...\{D7D2F494-89E3-42ED-8A2B-75BDD9B464CB}) (Version:  - D-Link)
erLT (Version: 1.20.0137 - Logitech, Inc.) Hidden
ESET Smart Security (HKLM\...\{025FFD63-BE62-4C83-B8DD-D8CCCB55355B}) (Version: 7.0.302.26 - ESET, spol s r. o.)
Free YouTube to MP3 Converter version 3.12.2.426 (HKLM\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.2.426 - DVDVideoSoft Ltd.)
G-Force (HKLM\...\G-Force) (Version: 3.7.5 - SoundSpectrum)
Google Chrome (HKCU\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.23.9 - Google Inc.) Hidden
iCloud (HKLM\...\{925F1DB6-E86E-4378-9091-D1F68B0583C9}) (Version: 2.1.2.8 - Apple Inc.)
Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version:  - )
Internet-TV für Windows Media Center (HKLM\...\{9D318C86-AF4C-409F-A6AC-7183FF4CF424}) (Version: 4.2.2.0 - Microsoft Corporation)
IObit Uninstaller (HKLM\...\IObitUninstall) (Version: 3.2.9.10 - IObit)
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.35 - Irfan Skiljan)
iTunes (HKLM\...\{91FD46D2-4FB7-4A51-8637-556E1BE1DB7C}) (Version: 11.0.4.4 - Apple Inc.)
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
KhalInstallWrapper (Version: 2.00.0000 - Logitech) Hidden
Lidl-Fotos (HKLM\...\Lidl-Fotos_is1) (Version:  - )
Logitech SetPoint (HKLM\...\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}) (Version: 4.80 - Logitech)
Logitech Webcam Software (HKLM\...\{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}) (Version: 12.10.1113 - Logitech Inc.)
MagicTune Premium (HKLM\...\{69F962F7-3761-4704-9E4B-24FF10F77111}) (Version: 4.0.12 - Samsung Electronics Co. Ltd.)
Malwarebytes Anti-Malware Version 1.62.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.62.0.1300 - Malwarebytes Corporation)
Media Go (HKLM\...\{362AB21A-E2C4-40CE-81C2-8C4D62B0635A}) (Version: 2.4.256 - Sony)
Media Go Video Playback Engine 1.116.108.02030 (HKLM\...\{54215B8A-6212-8DB8-39B4-98EE2BB98BD1}) (Version: 1.116.108.02030 - Sony)
MediaManager (HKLM\...\MediaManager) (Version: 3.0.3 (60) - PacketVideo)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (HKLM\...\{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version: 9.0.21022.218 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFCLOC_x86 (Version: 1.00.0000 - Adobe) Hidden
Mozilla Firefox 28.0 (x86 de) (HKLM\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
Mp3tag v2.57 (HKLM\...\Mp3tag) (Version: v2.57 - Florian Heidenreich)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyFreeCodec (HKCU\...\MyFreeCodec) (Version:  - )
NOXON DAB MediaPlayer (HKLM\...\{68568BFD-A28C-41AD-B953-C35A19B8E113}) (Version: 1.0.7 - NOXON Media)
NOXON DAB Player (HKLM\...\{267A1D4B-FDB6-4914-AD41-FC8F3AB118B9}) (Version: 1.1.0 - NOXON Media)
NOXON DAB Stick V86.001.0930.2011 (HKLM\...\NOXON DAB Stick) (Version: 86.001.0930.2011 - )
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.4 - NVIDIA Corporation)
NVIDIA ForceWare Network Access Manager (HKLM\...\InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}) (Version: 1.00.7313 - NVIDIA Corporation)
NVIDIA ForceWare Network Access Manager (Version: 1.00.7313 - NVIDIA Corporation) Hidden
NVIDIA Install Application (Version: 2.1002.109.718 - NVIDIA Corporation) Hidden
PlayStation(R)Network Downloader (HKLM\...\{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}) (Version: 2.07.00849 - Sony Computer Entertainment Inc.)
PlayStation(R)Store (HKLM\...\{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}) (Version: 4.14.6.15183 - Sony Computer Entertainment Inc.)
PokerStars.eu (HKLM\...\PokerStars.eu) (Version:  - PokerStars.eu)
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.0.12094_28 - Samsung Electronics Co., Ltd.)
Samsung Kies (Version: 2.5.0.12094_28 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.18.0 - SAMSUNG Electronics Co., Ltd.)
Samsung_MonSetup (HKLM\...\{8EA79DBF-D637-448A-89D6-410A087A4493}) (Version: 1.00.0000 - Samsung)
ScanSoft OmniPage SE 4 (HKLM\...\{DEE88727-779B-47A9-ACEF-F87CA5F92A65}) (Version: 15.2.0020 - Nuance Communications, Inc.)
SDFormatter (HKLM\...\{15EB20D6-5F13-41D0-BEF9-C9C44D6AC620}) (Version: 3.0.0 - SD Association)
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.9.9216 - Skype Technologies S.A.)
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Sony Ericsson Update Engine (HKLM\...\Update Engine) (Version: 2.12.15.18 - Sony Ericsson Communications AB)
Sony PC Companion 2.10.115 (HKLM\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.115 - Sony)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.13 - TeamSpeak Systems GmbH)
TeamViewer 9 (HKLM\...\TeamViewer 9) (Version: 9.0.25942 - TeamViewer)
TIPP10 Version 2.1.0 (HKLM\...\TIPP10_is1) (Version:  - (c) 2006-2011, Tom Thielicke IT Solutions)
Toolbar Cleaner 1.0 (HKLM\...\Toolbar Cleaner) (Version:  - Visicom Media Inc.)
TuneUp Utilities 2011 (HKLM\...\TuneUp Utilities 2011) (Version: 10.0.4600.4 - TuneUp Software)
TuneUp Utilities 2011 (Version: 10.0.4600.4 - TuneUp Software) Hidden
TuneUp Utilities Language Pack (de-DE) (Version: 10.0.4600.4 - TuneUp Software) Hidden
TuneUp Utilities Language Pack (de-DE) (Version: 9.0.2000.15 - TuneUp Software) Hidden
Twonky Server (HKLM\...\TwonkyServer) (Version: 7.2.0.0 - PacketVideo)
Twonky Windows Components (HKLM\...\{7CC673E7-5271-409D-B196-BB76DA60300B}) (Version: 3.0.3 - PacketVideo)
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Wi-Fi MediaConnect (HKLM\...\{AA58346A-A5D7-4659-91D6-38D07345BDCF}) (Version: 1.6.43 - Philips)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR 4.00 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)
Wise Registry Cleaner 8.03 (HKLM\...\Wise Registry Cleaner_is1) (Version: 8.03 - WiseCleaner.com, Inc.)
Xilisoft Video Converter Ultimate (HKLM\...\Xilisoft Video Converter Ultimate) (Version: 7.7.3.20131014 - Xilisoft)

==================== Restore Points  =========================

11-03-2014 12:21:13 Windows Update
14-03-2014 13:31:04 Windows Update
18-03-2014 14:37:50 Windows Update
25-03-2014 14:12:00 Windows Update
29-03-2014 15:14:48 Windows Update
02-04-2014 10:02:38 Windows Update
02-04-2014 15:26:08 Revo Uninstaller's restore point - Xilisoft Video Converter Ultimate
05-04-2014 11:21:29 Windows Update

==================== Hosts content: ==========================

2009-07-14 04:04 - 2014-04-05 14:21 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {0803DFD4-F77D-4362-B016-DB76E2847E8C} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2013-07-02] (Oracle Corporation)
Task: {093BF0FE-4FC9-4375-9695-326249B16877} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21] (Adobe Systems Incorporated)
Task: {0FCBD048-3B73-486B-B321-EDE862D52FF5} - System32\Tasks\Uninstaller_SkipUac_Administrator => C:\Program Files\IObit\IObit Uninstaller\IObitUninstaler.exe [2014-04-03] (IObit)
Task: {13F6AF0E-E593-469D-BEE9-CF0E075364B0} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2011 => C:\Program Files\TuneUp Utilities 2011\OneClick.exe [2011-12-13] (TuneUp Software)
Task: {2ADA88C9-AE8A-498A-80A6-596B9E78A36C} - System32\Tasks\{D3601E9A-E3A4-459E-8CDF-779F00E0FD77} => Chrome.exe
Task: {2DC226D4-EA26-479F-8F5B-22D7A52FB421} - System32\Tasks\{F7B61AD2-A4FD-49FC-922C-62C7C0C2645C} => Chrome.exe
Task: {33E8A0C9-B4E1-458D-871D-2DE10DB428A4} - System32\Tasks\Google Updater and Installer => C:\Users\BlackUser\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-28] (Google Inc.)
Task: {5E9D0497-9081-4E63-90F7-A4B5CAFF790B} - System32\Tasks\Wise Registry Cleaner Schedule Task => C:\Program Files\Wise\Wise Registry Cleaner\WiseRegCleaner.exe [2014-03-17] (WiseCleaner.com)
Task: {697BB8CF-7374-40A4-B3C3-D277F19C8812} - System32\Tasks\{C0940DF1-7D04-4A38-87C7-462639DF94A2} => C:\Program Files\Skype\\Phone\Skype.exe [2013-11-14] (Skype Technologies S.A.)
Task: {6FD9C6EB-3057-4274-8B93-F58115B930BD} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3561012100-737277942-265128044-1001UA1cec9cb49d9d600 => C:\Users\BlackUser\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-28] (Google Inc.)
Task: {81CA492B-1563-41C7-BB8E-49784B6E2163} - System32\Tasks\GoogleUpdateTaskMachineCore1ce83331cd77c90 => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-02-18] (Google Inc.)
Task: {8F08C648-0988-4A99-AA4A-BA0E4A135DB4} - System32\Tasks\GoogleUpdateTaskMachineUA1ce83331da21f90 => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-02-18] (Google Inc.)
Task: {C2C4850C-0902-41BF-8E6A-485DDFA7B63D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-03-18] (Piriform Ltd)
Task: {C761DAEE-B7E8-4B05-95AF-53D41302C48E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3561012100-737277942-265128044-1001Core1ce833321667a90 => C:\Users\BlackUser\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-28] (Google Inc.)
Task: {D176685A-2F56-4A41-AD94-6E7D1563BC2F} - System32\Tasks\GoogleUpdateTaskMachineCore1ce1012e153d350 => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-02-18] (Google Inc.)
Task: {EB8C10E6-4EAE-4ED7-8DA2-6060EFDBD05E} - System32\Tasks\ScanSoft Background Update => C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-10-25] (Nuance Communications, Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1ce1012e153d350.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1ce83331cd77c90.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1ce83331da21f90.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3561012100-737277942-265128044-1001Core1ce833321667a90.job => C:\Users\BlackUser\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3561012100-737277942-265128044-1001UA1cec9cb49d9d600.job => C:\Users\BlackUser\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Wise Registry Cleaner Schedule Task.job => C:\Program Files\Wise\Wise Registry Cleaner\WiseRegCleaner.exe

==================== Loaded Modules (whitelisted) =============

2013-01-28 13:08 - 2013-01-28 13:08 - 00087952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2013-01-28 13:08 - 2013-01-28 13:08 - 01242512 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2012-05-05 13:39 - 2010-06-03 13:36 - 00053248 _____ () C:\Program Files\D-Link\DWA-140 revB\ANIWConnService.exe
2009-07-23 18:23 - 2009-07-23 18:23 - 00387616 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
2009-07-23 18:23 - 2009-07-23 18:23 - 00068128 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nv_common.dll
2009-07-23 18:23 - 2009-07-23 18:23 - 00436768 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\SpecialCase.dll
2013-03-27 18:27 - 2013-03-27 18:27 - 00881480 _____ () C:\Program Files\Twonky\TwonkyServer\twonkyproxy.exe
2009-07-23 18:23 - 2009-07-23 18:23 - 00178720 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
2011-02-18 22:08 - 2009-07-20 13:27 - 00017936 _____ () C:\Program Files\Logitech\SetPoint\khalwrapper.dll
2011-02-18 22:57 - 2011-03-02 12:40 - 00140288 _____ () C:\Program Files\WinRAR\rarext.dll
2014-04-02 12:40 - 2014-04-02 12:41 - 03642480 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2012-02-29 18:56 - 2012-02-29 18:56 - 00049064 _____ () C:\Program Files\Common Files\DFX\Dlls\dfxShared32.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^DFX.lnk => C:\Windows\pss\DFX.lnk.CommonStartup

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/05/2014 00:32:47 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567, Zeitstempel: 0x4d6727a7
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000
ID des fehlerhaften Prozesses: 0xf60
Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0
Pfad der fehlerhaften Anwendung: Explorer.EXE1
Pfad des fehlerhaften Moduls: Explorer.EXE2
Berichtskennung: Explorer.EXE3

Error: (04/05/2014 00:16:33 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567, Zeitstempel: 0x4d6727a7
Name des fehlerhaften Moduls: UninstallExplorer32.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x52c4d398
Ausnahmecode: 0xc0000005
Fehleroffset: 0x07cae020
ID des fehlerhaften Prozesses: 0xca0
Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0
Pfad der fehlerhaften Anwendung: Explorer.EXE1
Pfad des fehlerhaften Moduls: Explorer.EXE2
Berichtskennung: Explorer.EXE3

Error: (04/03/2014 00:14:33 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (04/02/2014 05:26:08 PM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
  Generatordaten werden gesammelt

Kontext:
  Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
  Generatorname: System Writer
  Generatorinstanz-ID: {a2f37e30-be5d-4898-a533-80763f15f475}

Error: (02/22/2014 08:46:22 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: OneClick.exe, Version: 10.0.4600.4, Zeitstempel: 0x4ee70ee4
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea91c
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00052ca9
ID des fehlerhaften Prozesses: 0x12f4
Startzeit der fehlerhaften Anwendung: 0xOneClick.exe0
Pfad der fehlerhaften Anwendung: OneClick.exe1
Pfad des fehlerhaften Moduls: OneClick.exe2
Berichtskennung: OneClick.exe3

Error: (02/22/2014 08:33:25 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (02/22/2014 08:33:04 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (02/07/2014 00:46:39 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (02/05/2014 04:10:29 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 26.0.0.5087, Zeitstempel: 0x52a0d273
Name des fehlerhaften Moduls: xul.dll, Version: 26.0.0.5087, Zeitstempel: 0x52a0d20a
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0014e1a8
ID des fehlerhaften Prozesses: 0x1244
Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0
Pfad der fehlerhaften Anwendung: firefox.exe1
Pfad des fehlerhaften Moduls: firefox.exe2
Berichtskennung: firefox.exe3

Error: (02/05/2014 04:05:54 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: avc.exe, Version: 1.0.7.1219, Zeitstempel: 0x50e79abb
Name des fehlerhaften Moduls: MSVCR90.dll, Version: 9.0.30729.6161, Zeitstempel: 0x4dace5b9
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0003ae7a
ID des fehlerhaften Prozesses: 0x9fc
Startzeit der fehlerhaften Anwendung: 0xavc.exe0
Pfad der fehlerhaften Anwendung: avc.exe1
Pfad des fehlerhaften Moduls: avc.exe2
Berichtskennung: avc.exe3


System errors:
=============
Error: (04/05/2014 02:20:41 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
PxHelp20

Error: (04/05/2014 02:20:32 PM) (Source: WMPNetworkSvc) (User: )
Description: WMPNetworkSvc

Error: (04/05/2014 02:20:08 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ‎05.‎04.‎2014 um 14:19:04 unerwartet heruntergefahren.

Error: (04/05/2014 02:16:26 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (04/05/2014 02:13:40 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (04/05/2014 02:11:51 PM) (Source: Service Control Manager) (User: )
Description: Dienst "Process Monitor" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (04/05/2014 00:05:10 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
PxHelp20

Error: (04/05/2014 00:05:05 PM) (Source: WMPNetworkSvc) (User: )
Description: WMPNetworkSvc

Error: (04/05/2014 10:18:16 AM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
PxHelp20

Error: (04/05/2014 10:18:12 AM) (Source: WMPNetworkSvc) (User: )
Description: WMPNetworkSvc


Microsoft Office Sessions:
=========================
Error: (04/05/2014 00:32:47 PM) (Source: Application Error)(User: )
Description: Explorer.EXE6.1.7601.175674d6727a7unknown0.0.0.000000000c000000500000000f6001cf50b834c238b0C:\Windows\Explorer.EXEunknowna0aa72c0-bcad-11e3-a363-002354392a98

Error: (04/05/2014 00:16:33 PM) (Source: Application Error)(User: )
Description: Explorer.EXE6.1.7601.175674d6727a7UninstallExplorer32.dll_unloaded0.0.0.052c4d398c000000507cae020ca001cf50b6880cc550C:\Windows\Explorer.EXEUninstallExplorer32.dll5c0565f0-bcab-11e3-a363-002354392a98

Error: (04/03/2014 00:14:33 PM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\Sony\sony pc companion\Drivers\DPInst64.exe

Error: (04/02/2014 05:26:08 PM) (Source: VSS)(User: )
Description: 0x80070005, Zugriff verweigert


Vorgang:
  Generatordaten werden gesammelt

Kontext:
  Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
  Generatorname: System Writer
  Generatorinstanz-ID: {a2f37e30-be5d-4898-a533-80763f15f475}

Error: (02/22/2014 08:46:22 PM) (Source: Application Error)(User: )
Description: OneClick.exe10.0.4600.44ee70ee4ntdll.dll6.1.7601.18247521ea91cc000000500052ca912f401cf2ff28eeb7360C:\Program Files\TuneUp Utilities 2011\OneClick.exeC:\Windows\SYSTEM32\ntdll.dll9f7a68b0-9bf1-11e3-8c38-002354392a98

Error: (02/22/2014 08:33:25 PM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Users\BlackUser\Downloads\msert (5).exe

Error: (02/22/2014 08:33:04 PM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Users\BlackUser\Downloads\msert (4).exe

Error: (02/07/2014 00:46:39 PM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\Sony\sony pc companion\Drivers\DPInst64.exe

Error: (02/05/2014 04:10:29 PM) (Source: Application Error)(User: )
Description: firefox.exe26.0.0.508752a0d273xul.dll26.0.0.508752a0d20ac00000050014e1a8124401cf2256daaecb70C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\xul.dll440047f0-8e6f-11e3-bb3f-002354392a98

Error: (02/05/2014 04:05:54 PM) (Source: Application Error)(User: )
Description: avc.exe1.0.7.121950e79abbMSVCR90.dll9.0.30729.61614dace5b9c00000050003ae7a9fc01cf227b617568c0C:\Program Files\Xilisoft\Video Converter Ultimate\avc.exeC:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dlla04dd910-8e6e-11e3-bb3f-002354392a98


==================== Memory info ===========================

Percentage of memory in use: 41%
Total physical RAM: 3582.43 MB
Available physical RAM: 2097.27 MB
Total Pagefile: 7164.86 MB
Available Pagefile: 5731.61 MB
Total Virtual: 2047.88 MB
Available Virtual: 1919.04 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:195.21 GB) (Free:116.06 GB) NTFS
Drive d: () (Fixed) (Total:156.25 GB) (Free:1.27 GB) NTFS
Drive e: () (Fixed) (Total:114.2 GB) (Free:8.71 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 10CA10C9)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=195 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=156 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=114 GB) - (Type=07 NTFS)

==================== End Of Log ============================
--- --- ---

Bastian 76 05.04.2014 14:11
wie gewünscht die beiden Logdateien:
FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014  01
Ran by BlackUser (administrator) on BLACKUSER-PC on 05-04-2014 15:01:18
Running from C:\Users\BlackUser\Desktop
Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: Downloading Farbar Recovery Scan Tool
Download link for 64-Bit Version: Downloading Farbar Recovery Scan Tool
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\D-Link\DWA-140 revB\ANIWConnService.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
(Teruten) C:\Windows\system32\FsUsbExService.Exe
(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
() C:\Program Files\Twonky\TwonkyServer\twonkyproxy.exe
(PacketVideo) C:\Program Files\Twonky\TwonkyServer\twonkystarter.exe
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPoint\SetPoint.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Kernel and Hardware Abstraction Layer] - C:\Windows\KHALMNPR.EXE [55824 2009-06-17] (Logitech, Inc.)
HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\System32\LogiLDA.dll [1425208 2012-09-20] (Logitech, Inc.)
HKLM\...\Run: [egui] - C:\Program Files\ESET\ESET Smart Security\egui.exe [5110672 2013-09-12] (ESET)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logitech\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-3561012100-737277942-265128044-1001\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-07-12] (Google Inc.)
HKU\S-1-5-21-3561012100-737277942-265128044-1001\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-3561012100-737277942-265128044-1001\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-3561012100-737277942-265128044-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
GroupPolicyUsers\S-1-5-21-3561012100-737277942-265128044-1003\User: Group Policy restriction detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Sign In
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
SearchScopes: HKCU - {73821FBE-B390-4437-9A1E-0380C185BE43} URL = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7ADFA_deDE419
BHO: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll (IObit)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: DVDVideoSoft WebPageAdjuster Class - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Winsock: Catalog9 01 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [268832] (NVIDIA)
Winsock: Catalog9 02 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [268832] (NVIDIA)
Winsock: Catalog9 03 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [268832] (NVIDIA)
Winsock: Catalog9 04 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [268832] (NVIDIA)
Winsock: Catalog9 05 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [268832] (NVIDIA)
Winsock: Catalog9 06 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [268832] (NVIDIA)
Winsock: Catalog9 17 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [268832] (NVIDIA)
Winsock: Catalog9 18 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [268832] (NVIDIA)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\BlackUser\AppData\Roaming\Mozilla\Firefox\Profiles\hd0l7f88.default
FF Homepage: hxxp://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @playstation.com/PsndlCheck,version=1.00 - C:\Program Files\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
FF Plugin: @SonyCreativeSoftware.com/Media Go,version=1.0 - C:\Program Files\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\BlackUser\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\BlackUser\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\BlackUser\AppData\Roaming\Mozilla\Firefox\Profiles\hd0l7f88.default\searchplugins\11-suche.xml
FF SearchPlugin: C:\Users\BlackUser\AppData\Roaming\Mozilla\Firefox\Profiles\hd0l7f88.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\BlackUser\AppData\Roaming\Mozilla\Firefox\Profiles\hd0l7f88.default\searchplugins\firefox-add-ons.xml
FF SearchPlugin: C:\Users\BlackUser\AppData\Roaming\Mozilla\Firefox\Profiles\hd0l7f88.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\BlackUser\AppData\Roaming\Mozilla\Firefox\Profiles\hd0l7f88.default\searchplugins\google-ssl.xml
FF SearchPlugin: C:\Users\BlackUser\AppData\Roaming\Mozilla\Firefox\Profiles\hd0l7f88.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\BlackUser\AppData\Roaming\Mozilla\Firefox\Profiles\hd0l7f88.default\searchplugins\qrobeit-https.xml
FF SearchPlugin: C:\Users\BlackUser\AppData\Roaming\Mozilla\Firefox\Profiles\hd0l7f88.default\searchplugins\qrobeit.xml
FF SearchPlugin: C:\Users\BlackUser\AppData\Roaming\Mozilla\Firefox\Profiles\hd0l7f88.default\searchplugins\suche.xml
FF SearchPlugin: C:\Users\BlackUser\AppData\Roaming\Mozilla\Firefox\Profiles\hd0l7f88.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Users\BlackUser\AppData\Roaming\Mozilla\Firefox\Profiles\hd0l7f88.default\searchplugins\youtube.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: DoNotTrackMe: Online Privacy Protection - C:\Users\BlackUser\AppData\Roaming\Mozilla\Firefox\Profiles\hd0l7f88.default\Extensions\donottrackplus@abine.com [2014-04-05]
FF Extension: YouTube Unblocker - C:\Users\BlackUser\AppData\Roaming\Mozilla\Firefox\Profiles\hd0l7f88.default\Extensions\youtubeunblocker@unblocker.yt [2014-03-25]
FF Extension: WOT - C:\Users\BlackUser\AppData\Roaming\Mozilla\Firefox\Profiles\hd0l7f88.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-11-26]
FF Extension: DownloadHelper - C:\Users\BlackUser\AppData\Roaming\Mozilla\Firefox\Profiles\hd0l7f88.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-03-29]
FF Extension: FoxLingo - C:\Users\BlackUser\AppData\Roaming\Mozilla\Firefox\Profiles\hd0l7f88.default\Extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66} [2012-11-12]
FF Extension: GoogBar - C:\Users\BlackUser\AppData\Roaming\Mozilla\Firefox\Profiles\hd0l7f88.default\Extensions\29satnam@gmail.com.xpi [2013-12-13]
FF Extension: Adblock Plus Pop-up Addon - C:\Users\BlackUser\AppData\Roaming\Mozilla\Firefox\Profiles\hd0l7f88.default\Extensions\adblockpopups@jessehakanen.net.xpi [2014-04-05]
FF Extension: Video Downloader professional - C:\Users\BlackUser\AppData\Roaming\Mozilla\Firefox\Profiles\hd0l7f88.default\Extensions\ffext_basicvideoext@startpage24.xpi [2013-04-22]
FF Extension: Firebug - C:\Users\BlackUser\AppData\Roaming\Mozilla\Firefox\Profiles\hd0l7f88.default\Extensions\firebug@software.joehewitt.com.xpi [2011-12-28]
FF Extension: gui:config - C:\Users\BlackUser\AppData\Roaming\Mozilla\Firefox\Profiles\hd0l7f88.default\Extensions\guiconfig@slosd.net.xpi [2011-06-21]
FF Extension: SaveFrom.net helper - C:\Users\BlackUser\AppData\Roaming\Mozilla\Firefox\Profiles\hd0l7f88.default\Extensions\helper@savefrom.net.xpi [2013-04-09]
FF Extension: Thumbnail Zoom Plus - C:\Users\BlackUser\AppData\Roaming\Mozilla\Firefox\Profiles\hd0l7f88.default\Extensions\thumbnailZoom@dadler.github.com.xpi [2013-07-05]
FF Extension: WEB.DE MailCheck - C:\Users\BlackUser\AppData\Roaming\Mozilla\Firefox\Profiles\hd0l7f88.default\Extensions\toolbar@web.de.xpi [2012-08-18]
FF Extension: Youtube and more - Easy Video Downloader - C:\Users\BlackUser\AppData\Roaming\Mozilla\Firefox\Profiles\hd0l7f88.default\Extensions\vdpure@link64.xpi [2014-04-05]
FF Extension: QuickTime Helper Light - C:\Users\BlackUser\AppData\Roaming\Mozilla\Firefox\Profiles\hd0l7f88.default\Extensions\{2302e65c-3886-4cc4-bf4a-c3d54d660848}.xpi [2013-11-15]
FF Extension: Show MyIP - C:\Users\BlackUser\AppData\Roaming\Mozilla\Firefox\Profiles\hd0l7f88.default\Extensions\{6D1D11DB-3C6C-4db8-96E4-20F4A1088AAC}.xpi [2012-06-16]
FF Extension: NoScript - C:\Users\BlackUser\AppData\Roaming\Mozilla\Firefox\Profiles\hd0l7f88.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012-06-18]
FF Extension: ReloadEvery - C:\Users\BlackUser\AppData\Roaming\Mozilla\Firefox\Profiles\hd0l7f88.default\Extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}.xpi [2011-05-23]
FF Extension: {98afeb61-c805-4b05-b056-c069b21febd5} - C:\Users\BlackUser\AppData\Roaming\Mozilla\Firefox\Profiles\hd0l7f88.default\Extensions\{98afeb61-c805-4b05-b056-c069b21febd5}.xpi [2013-11-12]
FF Extension: Adblock Plus - C:\Users\BlackUser\AppData\Roaming\Mozilla\Firefox\Profiles\hd0l7f88.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-03-26]
FF Extension: BetterPrivacy - C:\Users\BlackUser\AppData\Roaming\Mozilla\Firefox\Profiles\hd0l7f88.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2013-01-31]
FF Extension: Tab Mix Plus - C:\Users\BlackUser\AppData\Roaming\Mozilla\Firefox\Profiles\hd0l7f88.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2011-06-22]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-04-02]
FF HKLM\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\ []
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2013-11-12]

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\BlackUser\AppData\Local\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\BlackUser\AppData\Local\Google\Chrome\Application\33.0.1750.154\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\BlackUser\AppData\Local\Google\Chrome\Application\33.0.1750.154\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (Java Deployment Toolkit 6.0.310.5) - C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Extension: (YouTube) - C:\Users\BlackUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-06-03]
CHR Extension: (Adblock Plus) - C:\Users\BlackUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2012-06-03]
CHR Extension: (Google-Suche) - C:\Users\BlackUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-06-03]
CHR Extension: (DVDVideoSoft Browser Extension) - C:\Users\BlackUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp [2013-04-29]
CHR Extension: (dict-cc) - C:\Users\BlackUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\nknonnojlmhnmjhpeokdbeineeajcemh [2013-02-07]
CHR Extension: (Google Wallet) - C:\Users\BlackUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-10]
CHR Extension: (Google Mail) - C:\Users\BlackUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-06-03]
CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [2013-04-29]
CHR StartMenuInternet: Google Chrome - C:\Users\BlackUser\AppData\Local\Google\Chrome\Application\chrome.exe

========================== Services (Whitelisted) =================

R2 D-Link Wireless N DWA-140_WPS; C:\Program Files\D-Link\DWA-140 revB\ANIWConnService.exe [53248 2010-06-03] ()
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [1337752 2013-09-12] (ESET)
R2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [387616 2009-07-23] ()
S3 LBTServ; C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe [121360 2009-07-20] (Logitech, Inc.)
S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2153792 2014-04-03] (IObit)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [655944 2012-07-03] (Malwarebytes Corporation)
R2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [178720 2009-07-23] ()
S3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155320 2012-01-18] (Avanquest Software)
R2 TwonkyProxy; C:\Program Files\Twonky\TwonkyServer\twonkyproxy.exe [881480 2013-03-27] ()
R2 TwonkyServer; C:\Program Files\Twonky\TwonkyServer\twonkystarter.exe [586568 2013-03-27] (PacketVideo)

==================== Drivers (Whitelisted) ====================

R1 anodlwf; C:\Windows\System32\DRIVERS\anodlwf.sys [12800 2009-03-06] ()
S3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [121080 2012-03-27] (SlySoft, Inc.)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [188808 2013-09-17] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [134248 2013-09-17] (ESET)
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [31088 2010-12-17] (Elaborate Bytes AG)
R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [174400 2013-09-17] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [37416 2013-09-17] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [49240 2013-09-17] (ESET)
R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [37344 2013-02-05] ()
R3 LEqdUsb; C:\Windows\System32\Drivers\LEqdUsb.Sys [40720 2009-06-17] (Logitech, Inc.)
R3 LHidEqd; C:\Windows\System32\Drivers\LHidEqd.Sys [10384 2009-06-17] (Logitech, Inc.)
R3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2Mon.sys [25752 2009-10-07] ()
R1 MagicTune; C:\Windows\system32\drivers\MTiCtwl.sys [14336 2010-04-22] (Samsung Electronics, Inc. )
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22344 2012-07-03] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()
S3 netr28u; C:\Windows\System32\DRIVERS\Dnetr28u.sys [855392 2010-05-05] (Ralink Technology Corp.)
S3 RTL2832UBDA; C:\Windows\System32\drivers\RTL2832UBDA.sys [188160 2011-10-04] (REALTEK SEMICONDUCTOR Corp.)
S3 RTL2832UUSB; C:\Windows\System32\Drivers\RTL2832UUSB.sys [33536 2011-10-04] (REALTEK SEMICONDUCTOR Corp.)
S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [181344 2012-09-20] (DEVGURU Co., LTD.(???? | ????? ???? ?????.))
R3 WFMC_VAD; C:\Windows\System32\DRIVERS\wfmcvad.sys [19456 2010-02-08] (WiFi Media Connect)
R3 catchme; \??\C:\Users\BLACKU~1\AppData\Local\Temp\catchme.sys [X]
S3 lmimirr; system32\DRIVERS\lmimirr.sys [X]
S0 PxHelp20; system32\DRIVERS\PxHelp20.sys [X]
U3 mbr; \??\C:\Users\BLACKU~1\AppData\Local\Temp\mbr.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-05 15:01 - 2014-04-05 15:01 - 00021545 _____ () C:\Users\BlackUser\Desktop\FRST.txt
2014-04-05 14:25 - 2014-04-05 14:25 - 00018156 _____ () C:\ComboFix.txt
2014-04-05 14:20 - 2014-04-05 14:20 - 00000944 _____ () C:\Windows\PFRO.log
2014-04-05 14:12 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-04-05 14:12 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-04-05 14:12 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-04-05 14:12 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-04-05 14:12 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-04-05 14:12 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-04-05 14:12 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-04-05 14:12 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-04-05 14:11 - 2014-04-05 14:26 - 00000000 ____D () C:\Qoobox
2014-04-05 14:11 - 2014-04-05 14:24 - 00000000 ____D () C:\Windows\erdnt
2014-04-05 14:08 - 2014-04-05 14:09 - 05193579 ____R (Swearware) C:\Users\BlackUser\Desktop\ComboFix.exe
2014-04-05 13:18 - 2014-04-05 13:18 - 00409600 _____ (Farbar) C:\Users\BlackUser\Desktop\FSS.exe
2014-04-05 13:16 - 2014-04-05 15:01 - 00000000 ____D () C:\FRST
2014-04-05 13:16 - 2014-04-05 13:16 - 01145856 _____ (Farbar) C:\Users\BlackUser\Desktop\FRST.exe
2014-04-05 13:09 - 2014-04-05 13:09 - 00009277 _____ () C:\Users\BlackUser\Desktop\hijackthis.log
2014-04-05 12:48 - 2014-04-05 12:57 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-04-05 12:48 - 2014-04-05 12:48 - 00107224 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-05 12:46 - 2014-04-05 12:46 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-05 12:42 - 2014-04-05 12:43 - 12589848 _____ (Malwarebytes Corp.) C:\Users\BlackUser\Desktop\mbar-1.07.0.1009.exe
2014-04-05 12:04 - 2014-04-05 14:20 - 00000392 _____ () C:\Windows\setupact.log
2014-04-05 12:04 - 2014-04-05 12:04 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-05 11:45 - 2014-04-05 11:45 - 02494677 _____ () C:\Users\BlackUser\Downloads\Mama  (Kauf-DVD).zip
2014-04-03 19:11 - 2014-04-03 19:11 - 03274467 _____ () C:\Users\BlackUser\Downloads\Conjuring (Die Heimsuchung) (1).zip
2014-04-03 19:07 - 2014-04-03 19:07 - 06992510 _____ () C:\Users\BlackUser\Downloads\Conjuring - Die Heimsuchung (1).zip
2014-04-03 12:45 - 2014-04-03 12:50 - 00000000 ____D () C:\ProgramData\IObit
2014-04-03 12:45 - 2014-04-03 12:45 - 00001210 _____ () C:\Users\BlackUser\AppData\Roaming\Microsoft\Windows\Start Menu\Uninstall Programs.lnk
2014-04-03 12:45 - 2014-04-03 12:45 - 00000000 ____D () C:\Users\BlackUser\AppData\Roaming\ProductData
2014-04-03 12:45 - 2014-04-03 12:45 - 00000000 ____D () C:\ProgramData\ProductData
2014-04-03 12:45 - 2014-04-03 12:45 - 00000000 ____D () C:\Program Files\IObit
2014-04-03 12:44 - 2014-04-03 12:44 - 12569408 _____ (IObit) C:\Users\BlackUser\Downloads\iobituninstaller.exe
2014-04-02 17:28 - 2014-04-02 17:28 - 00000000 ____D () C:\ProgramData\Xilisoft
2014-04-02 17:28 - 2014-04-02 17:28 - 00000000 ____D () C:\Program Files\Xilisoft
2014-04-02 17:09 - 2014-04-02 17:10 - 38156184 _____ () C:\Users\BlackUser\Downloads\x-video-converter-ultimate7-de-chip_v7.7.3.exe
2014-04-02 17:00 - 2014-04-02 17:00 - 03224200 _____ (WiseCleaner.com ) C:\Users\BlackUser\Downloads\WRCFree (9).exe
2014-04-02 16:40 - 2014-04-02 16:40 - 37546464 _____ () C:\Users\BlackUser\Downloads\x-video-converter-ultimate7-de (1).exe
2014-04-02 15:22 - 2014-04-02 15:22 - 02479187 _____ () C:\Users\BlackUser\Downloads\altbinz03915_Bastian (1).zip
2014-04-02 12:40 - 2014-04-02 12:41 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-04-02 12:35 - 2014-04-02 12:35 - 01609145 _____ () C:\Users\BlackUser\Downloads\wrar420d.exe
2014-03-29 17:15 - 2014-03-29 17:15 - 04787368 _____ (Piriform Ltd) C:\Users\BlackUser\Downloads\ccsetup412.exe
2014-03-25 15:06 - 2014-03-25 15:06 - 37293658 _____ () C:\Users\BlackUser\Downloads\Glasperlenspiel - Grenzenlos.zip
2014-03-14 15:31 - 2014-03-01 06:10 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-14 15:31 - 2014-03-01 05:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-14 15:31 - 2014-03-01 05:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-14 15:31 - 2014-03-01 05:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-14 15:31 - 2014-03-01 05:38 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-14 15:31 - 2014-03-01 05:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-14 15:31 - 2014-03-01 05:31 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-14 15:31 - 2014-03-01 04:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-14 15:31 - 2014-03-01 04:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-14 15:30 - 2014-03-01 06:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-14 15:30 - 2014-03-01 06:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-14 15:30 - 2014-03-01 05:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-14 15:30 - 2014-03-01 05:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-14 15:30 - 2014-03-01 05:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-14 15:30 - 2014-03-01 05:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-14 15:30 - 2014-03-01 05:25 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-14 15:30 - 2014-03-01 05:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-14 15:30 - 2014-03-01 05:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-14 15:30 - 2014-03-01 05:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-14 15:30 - 2014-03-01 05:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-14 15:30 - 2014-03-01 04:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-14 15:30 - 2014-03-01 04:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-14 15:30 - 2014-02-07 03:07 - 02349056 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-14 15:30 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-14 15:30 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-14 15:30 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-14 15:30 - 2014-01-28 04:07 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-14 15:28 - 2014-03-14 15:29 - 98566144 _____ () C:\Users\BlackUser\Downloads\msert (10).exe
2014-03-14 15:28 - 2014-03-14 15:28 - 25578720 _____ (Microsoft Corporation) C:\Users\BlackUser\Downloads\Windows-KB890830-V5.10.exe
2014-03-14 15:15 - 2014-03-14 15:16 - 00000000 _____ () C:\Users\BlackUser\Downloads\Conjuring (Die Heimsuchung).zip
2014-03-14 15:12 - 2014-03-14 15:12 - 00000000 _____ () C:\Users\BlackUser\Downloads\Conjuring - Die Heimsuchung.zip
2014-03-11 15:57 - 2014-03-11 15:58 - 04765152 _____ (Piriform Ltd) C:\Users\BlackUser\Downloads\ccsetup411.exe
2014-03-11 15:57 - 2014-03-11 15:58 - 04765152 _____ (Piriform Ltd) C:\Users\BlackUser\Downloads\ccsetup411 (1).exe
2014-03-11 14:21 - 2014-01-09 04:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll

==================== One Month Modified Files and Folders =======

2014-04-05 15:01 - 2014-04-05 15:01 - 00021545 _____ () C:\Users\BlackUser\Desktop\FRST.txt
2014-04-05 15:01 - 2014-04-05 13:16 - 00000000 ____D () C:\FRST
2014-04-05 14:47 - 2013-07-17 23:18 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1ce83331da21f90.job
2014-04-05 14:46 - 2013-10-15 19:23 - 00001136 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3561012100-737277942-265128044-1001UA1cec9cb49d9d600.job
2014-04-05 14:28 - 2009-07-14 06:34 - 00014640 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-05 14:28 - 2009-07-14 06:34 - 00014640 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-05 14:26 - 2014-04-05 14:11 - 00000000 ____D () C:\Qoobox
2014-04-05 14:26 - 2009-07-14 04:37 - 00000000 __RHD () C:\Users\Default
2014-04-05 14:26 - 2009-07-14 04:37 - 00000000 ___RD () C:\Users\Public
2014-04-05 14:25 - 2014-04-05 14:25 - 00018156 _____ () C:\ComboFix.txt
2014-04-05 14:25 - 2011-02-18 20:56 - 01629370 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-05 14:24 - 2014-04-05 14:11 - 00000000 ____D () C:\Windows\erdnt
2014-04-05 14:24 - 2012-07-10 21:15 - 01547809 _____ () C:\Windows\WindowsUpdate.log
2014-04-05 14:21 - 2013-07-17 23:17 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1ce83331cd77c90.job
2014-04-05 14:21 - 2013-02-21 11:07 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1ce1012e153d350.job
2014-04-05 14:21 - 2009-07-14 04:04 - 00000215 _____ () C:\Windows\system.ini
2014-04-05 14:20 - 2014-04-05 14:20 - 00000944 _____ () C:\Windows\PFRO.log
2014-04-05 14:20 - 2014-04-05 12:04 - 00000392 _____ () C:\Windows\setupact.log
2014-04-05 14:20 - 2013-04-07 14:04 - 00000000 ____D () C:\ProgramData\TwonkyServer
2014-04-05 14:20 - 2011-02-18 21:46 - 00000000 _____ () C:\Windows\system32\Drivers\lvuvc.hs
2014-04-05 14:20 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-05 14:09 - 2014-04-05 14:08 - 05193579 ____R (Swearware) C:\Users\BlackUser\Desktop\ComboFix.exe
2014-04-05 13:18 - 2014-04-05 13:18 - 00409600 _____ (Farbar) C:\Users\BlackUser\Desktop\FSS.exe
2014-04-05 13:16 - 2014-04-05 13:16 - 01145856 _____ (Farbar) C:\Users\BlackUser\Desktop\FRST.exe
2014-04-05 13:09 - 2014-04-05 13:09 - 00009277 _____ () C:\Users\BlackUser\Desktop\hijackthis.log
2014-04-05 12:57 - 2014-04-05 12:48 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-04-05 12:48 - 2014-04-05 12:48 - 00107224 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-05 12:46 - 2014-04-05 12:46 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-05 12:43 - 2014-04-05 12:42 - 12589848 _____ (Malwarebytes Corp.) C:\Users\BlackUser\Desktop\mbar-1.07.0.1009.exe
2014-04-05 12:04 - 2014-04-05 12:04 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-05 11:57 - 2013-01-15 16:17 - 00000000 ____D () C:\Users\BlackUser\AppData\Roaming\vlc
2014-04-05 11:45 - 2014-04-05 11:45 - 02494677 _____ () C:\Users\BlackUser\Downloads\Mama  (Kauf-DVD).zip
2014-04-03 19:11 - 2014-04-03 19:11 - 03274467 _____ () C:\Users\BlackUser\Downloads\Conjuring (Die Heimsuchung) (1).zip
2014-04-03 19:07 - 2014-04-03 19:07 - 06992510 _____ () C:\Users\BlackUser\Downloads\Conjuring - Die Heimsuchung (1).zip
2014-04-03 17:46 - 2013-07-17 23:18 - 00001084 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3561012100-737277942-265128044-1001Core1ce833321667a90.job
2014-04-03 12:50 - 2014-04-03 12:45 - 00000000 ____D () C:\ProgramData\IObit
2014-04-03 12:45 - 2014-04-03 12:45 - 00001210 _____ () C:\Users\BlackUser\AppData\Roaming\Microsoft\Windows\Start Menu\Uninstall Programs.lnk
2014-04-03 12:45 - 2014-04-03 12:45 - 00000000 ____D () C:\Users\BlackUser\AppData\Roaming\ProductData
2014-04-03 12:45 - 2014-04-03 12:45 - 00000000 ____D () C:\ProgramData\ProductData
2014-04-03 12:45 - 2014-04-03 12:45 - 00000000 ____D () C:\Program Files\IObit
2014-04-03 12:44 - 2014-04-03 12:44 - 12569408 _____ (IObit) C:\Users\BlackUser\Downloads\iobituninstaller.exe
2014-04-03 10:58 - 2012-04-30 18:21 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-04-02 18:24 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-04-02 17:28 - 2014-04-02 17:28 - 00000000 ____D () C:\ProgramData\Xilisoft
2014-04-02 17:28 - 2014-04-02 17:28 - 00000000 ____D () C:\Program Files\Xilisoft
2014-04-02 17:10 - 2014-04-02 17:09 - 38156184 _____ () C:\Users\BlackUser\Downloads\x-video-converter-ultimate7-de-chip_v7.7.3.exe
2014-04-02 17:06 - 2009-07-14 04:03 - 53215232 _____ () C:\Windows\system32\config\software.bak
2014-04-02 17:06 - 2009-07-14 04:03 - 00262144 _____ () C:\Windows\system32\config\default.bak
2014-04-02 17:06 - 2009-07-14 04:03 - 00098304 _____ () C:\Windows\system32\config\sam.bak
2014-04-02 17:06 - 2009-07-14 04:03 - 00024576 _____ () C:\Windows\system32\config\security.bak
2014-04-02 17:00 - 2014-04-02 17:00 - 03224200 _____ (WiseCleaner.com ) C:\Users\BlackUser\Downloads\WRCFree (9).exe
2014-04-02 16:40 - 2014-04-02 16:40 - 37546464 _____ () C:\Users\BlackUser\Downloads\x-video-converter-ultimate7-de (1).exe
2014-04-02 15:22 - 2014-04-02 15:22 - 02479187 _____ () C:\Users\BlackUser\Downloads\altbinz03915_Bastian (1).zip
2014-04-02 12:41 - 2014-04-02 12:40 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-04-02 12:35 - 2014-04-02 12:35 - 01609145 _____ () C:\Users\BlackUser\Downloads\wrar420d.exe
2014-03-29 17:15 - 2014-03-29 17:15 - 04787368 _____ (Piriform Ltd) C:\Users\BlackUser\Downloads\ccsetup412.exe
2014-03-29 17:15 - 2011-02-19 00:01 - 00000000 ____D () C:\Program Files\CCleaner
2014-03-29 17:13 - 2012-04-11 18:22 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-03-29 17:13 - 2011-05-15 10:43 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-03-25 15:06 - 2014-03-25 15:06 - 37293658 _____ () C:\Users\BlackUser\Downloads\Glasperlenspiel - Grenzenlos.zip
2014-03-14 15:38 - 2009-07-14 06:33 - 03714712 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-14 15:37 - 2012-07-10 20:36 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-14 15:29 - 2014-03-14 15:28 - 98566144 _____ () C:\Users\BlackUser\Downloads\msert (10).exe
2014-03-14 15:28 - 2014-03-14 15:28 - 25578720 _____ (Microsoft Corporation) C:\Users\BlackUser\Downloads\Windows-KB890830-V5.10.exe
2014-03-14 15:16 - 2014-03-14 15:15 - 00000000 _____ () C:\Users\BlackUser\Downloads\Conjuring (Die Heimsuchung).zip
2014-03-14 15:12 - 2014-03-14 15:12 - 00000000 _____ () C:\Users\BlackUser\Downloads\Conjuring - Die Heimsuchung.zip
2014-03-11 15:58 - 2014-03-11 15:57 - 04765152 _____ (Piriform Ltd) C:\Users\BlackUser\Downloads\ccsetup411.exe
2014-03-11 15:58 - 2014-03-11 15:57 - 04765152 _____ (Piriform Ltd) C:\Users\BlackUser\Downloads\ccsetup411 (1).exe
2014-03-11 14:21 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-02 14:54

==================== End Of Log ============================
--- --- ---

und hier die zweite :FRST Additions Logfile:
Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-03-2014  01
Ran by BlackUser at 2014-04-05 15:02:23
Running from C:\Users\BlackUser\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: ESET Smart Security 7.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET Smart Security 7.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
FW: ESET Personal Firewall (Enabled) {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}

==================== Installed Programs ======================

Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.7.0.19530 - Adobe Systems Incorporated)
Adobe AIR (Version: 2.7.0.19530 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 11 ActiveX (HKLM\...\{8A5F5F0A-BE2D-4763-B764-BF6EFE93A68B}) (Version: 11.5.502.146 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Help Center 2.0 (Version: 2.0.0 - Adobe Systems) Hidden
Adobe Reader XI (11.0.06) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM\...\Adobe Shockwave Player) (Version: 11.6.5.635 - Adobe Systems, Inc.)
Adobe Stock Photos 1.0 (Version: 1.0.1 - Adobe Systems) Hidden
Air Playit 2.0.0 (HKLM\...\Air Playit_is1) (Version:  - Digiarty)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - ATI Technologies Inc.) Hidden
AnyDVD (HKLM\...\AnyDVD) (Version: 7.0.4.0 - SlySoft)
Apple Application Support (HKLM\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{E14ADE0E-75F3-4A46-87E5-26692DD626EC}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ashampoo Burning Studio 2012 v.10.0.15 (HKLM\...\Ashampoo Burning Studio 2012_is1) (Version: 10.0.15 - Ashampoo GmbH & Co. KG)
ATI Catalyst Install Manager (HKLM\...\{0FEA9A38-B993-0969-3A78-4D5CDDACEFEE}) (Version: 3.0.782.0 - ATI Technologies, Inc.)
ATI Catalyst Registration (Version: 3.00.0000 - ATI Technologies Inc.) Hidden
AVM FRITZ!Box Dokumentation (HKLM\...\AVMFBox) (Version:  - AVM Berlin)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
calibre (HKLM\...\{7D69BF2B-6C60-4D0A-8A6C-BCFD025D5D84}) (Version: 1.17.0 - Kovid Goyal)
Canon MP Navigator EX 1.0 (HKLM\...\MP Navigator EX 1.0) (Version:  - )
Canon MP520 series (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP520_series) (Version:  - )
Canon MP520 series Benutzerregistrierung (HKLM\...\Canon MP520 series Benutzerregistrierung) (Version:  - )
Canon Utilities Easy-PhotoPrint EX (HKLM\...\Easy-PhotoPrint EX) (Version:  - )
Catalyst Control Center - Branding (Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (Version: 2010.0706.2128.36662 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (Version: 2010.0706.2128.36662 - ATI) Hidden
Catalyst Control Center InstallProxy (Version: 2010.0706.2128.36662 - ATI Technologies, Inc.) Hidden
CCC Help English (Version: 2010.0706.2127.36662 - ATI) Hidden
ccc-core-static (Version: 2010.0706.2128.36662 - Ihr Firmenname) Hidden
ccc-utility (Version: 2010.0706.2128.36662 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.12 - Piriform)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.4.1.3184 - CDBurnerXP)
CDDRV_Installer (Version: 4.60 - Logitech) Hidden
Cheat Engine 6.1 (HKLM\...\Cheat Engine 6.1_is1) (Version:  - Dark Byte)
CircleSurround II Plugin for Windows Media Player (HKLM\...\{135BFFD7-D9C1-4374-B18C-BEB64FC7851C}) (Version: 1.04.0200 - SRS Labs, Inc.)
CloneDVD2 (HKLM\...\CloneDVD2) (Version: 2.9.2.8 - Elaborate Bytes)
Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
DFX (HKLM\...\DFX) (Version: 10.134.0.0 - Power Technology)
D-Link DWA-140 (HKLM\...\{D7D2F494-89E3-42ED-8A2B-75BDD9B464CB}) (Version:  - D-Link)
erLT (Version: 1.20.0137 - Logitech, Inc.) Hidden
ESET Smart Security (HKLM\...\{025FFD63-BE62-4C83-B8DD-D8CCCB55355B}) (Version: 7.0.302.26 - ESET, spol s r. o.)
Free YouTube to MP3 Converter version 3.12.2.426 (HKLM\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.2.426 - DVDVideoSoft Ltd.)
G-Force (HKLM\...\G-Force) (Version: 3.7.5 - SoundSpectrum)
Google Chrome (HKCU\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.23.9 - Google Inc.) Hidden
iCloud (HKLM\...\{925F1DB6-E86E-4378-9091-D1F68B0583C9}) (Version: 2.1.2.8 - Apple Inc.)
Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version:  - )
Internet-TV für Windows Media Center (HKLM\...\{9D318C86-AF4C-409F-A6AC-7183FF4CF424}) (Version: 4.2.2.0 - Microsoft Corporation)
IObit Uninstaller (HKLM\...\IObitUninstall) (Version: 3.2.9.10 - IObit)
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.35 - Irfan Skiljan)
iTunes (HKLM\...\{91FD46D2-4FB7-4A51-8637-556E1BE1DB7C}) (Version: 11.0.4.4 - Apple Inc.)
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
KhalInstallWrapper (Version: 2.00.0000 - Logitech) Hidden
Lidl-Fotos (HKLM\...\Lidl-Fotos_is1) (Version:  - )
Logitech SetPoint (HKLM\...\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}) (Version: 4.80 - Logitech)
Logitech Webcam Software (HKLM\...\{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}) (Version: 12.10.1113 - Logitech Inc.)
MagicTune Premium (HKLM\...\{69F962F7-3761-4704-9E4B-24FF10F77111}) (Version: 4.0.12 - Samsung Electronics Co. Ltd.)
Malwarebytes Anti-Malware Version 1.62.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.62.0.1300 - Malwarebytes Corporation)
Media Go (HKLM\...\{362AB21A-E2C4-40CE-81C2-8C4D62B0635A}) (Version: 2.4.256 - Sony)
Media Go Video Playback Engine 1.116.108.02030 (HKLM\...\{54215B8A-6212-8DB8-39B4-98EE2BB98BD1}) (Version: 1.116.108.02030 - Sony)
MediaManager (HKLM\...\MediaManager) (Version: 3.0.3 (60) - PacketVideo)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (HKLM\...\{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version: 9.0.21022.218 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFCLOC_x86 (Version: 1.00.0000 - Adobe) Hidden
Mozilla Firefox 28.0 (x86 de) (HKLM\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
Mp3tag v2.57 (HKLM\...\Mp3tag) (Version: v2.57 - Florian Heidenreich)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyFreeCodec (HKCU\...\MyFreeCodec) (Version:  - )
NOXON DAB MediaPlayer (HKLM\...\{68568BFD-A28C-41AD-B953-C35A19B8E113}) (Version: 1.0.7 - NOXON Media)
NOXON DAB Player (HKLM\...\{267A1D4B-FDB6-4914-AD41-FC8F3AB118B9}) (Version: 1.1.0 - NOXON Media)
NOXON DAB Stick V86.001.0930.2011 (HKLM\...\NOXON DAB Stick) (Version: 86.001.0930.2011 - )
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.4 - NVIDIA Corporation)
NVIDIA ForceWare Network Access Manager (HKLM\...\InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}) (Version: 1.00.7313 - NVIDIA Corporation)
NVIDIA ForceWare Network Access Manager (Version: 1.00.7313 - NVIDIA Corporation) Hidden
NVIDIA Install Application (Version: 2.1002.109.718 - NVIDIA Corporation) Hidden
PlayStation(R)Network Downloader (HKLM\...\{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}) (Version: 2.07.00849 - Sony Computer Entertainment Inc.)
PlayStation(R)Store (HKLM\...\{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}) (Version: 4.14.6.15183 - Sony Computer Entertainment Inc.)
PokerStars.eu (HKLM\...\PokerStars.eu) (Version:  - PokerStars.eu)
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.0.12094_28 - Samsung Electronics Co., Ltd.)
Samsung Kies (Version: 2.5.0.12094_28 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.18.0 - SAMSUNG Electronics Co., Ltd.)
Samsung_MonSetup (HKLM\...\{8EA79DBF-D637-448A-89D6-410A087A4493}) (Version: 1.00.0000 - Samsung)
ScanSoft OmniPage SE 4 (HKLM\...\{DEE88727-779B-47A9-ACEF-F87CA5F92A65}) (Version: 15.2.0020 - Nuance Communications, Inc.)
SDFormatter (HKLM\...\{15EB20D6-5F13-41D0-BEF9-C9C44D6AC620}) (Version: 3.0.0 - SD Association)
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.9.9216 - Skype Technologies S.A.)
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Sony Ericsson Update Engine (HKLM\...\Update Engine) (Version: 2.12.15.18 - Sony Ericsson Communications AB)
Sony PC Companion 2.10.115 (HKLM\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.115 - Sony)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.13 - TeamSpeak Systems GmbH)
TeamViewer 9 (HKLM\...\TeamViewer 9) (Version: 9.0.25942 - TeamViewer)
TIPP10 Version 2.1.0 (HKLM\...\TIPP10_is1) (Version:  - (c) 2006-2011, Tom Thielicke IT Solutions)
Toolbar Cleaner 1.0 (HKLM\...\Toolbar Cleaner) (Version:  - Visicom Media Inc.)
TuneUp Utilities 2011 (HKLM\...\TuneUp Utilities 2011) (Version: 10.0.4600.4 - TuneUp Software)
TuneUp Utilities 2011 (Version: 10.0.4600.4 - TuneUp Software) Hidden
TuneUp Utilities Language Pack (de-DE) (Version: 10.0.4600.4 - TuneUp Software) Hidden
TuneUp Utilities Language Pack (de-DE) (Version: 9.0.2000.15 - TuneUp Software) Hidden
Twonky Server (HKLM\...\TwonkyServer) (Version: 7.2.0.0 - PacketVideo)
Twonky Windows Components (HKLM\...\{7CC673E7-5271-409D-B196-BB76DA60300B}) (Version: 3.0.3 - PacketVideo)
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Wi-Fi MediaConnect (HKLM\...\{AA58346A-A5D7-4659-91D6-38D07345BDCF}) (Version: 1.6.43 - Philips)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR 4.00 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)
Wise Registry Cleaner 8.03 (HKLM\...\Wise Registry Cleaner_is1) (Version: 8.03 - WiseCleaner.com, Inc.)
Xilisoft Video Converter Ultimate (HKLM\...\Xilisoft Video Converter Ultimate) (Version: 7.7.3.20131014 - Xilisoft)

==================== Restore Points  =========================

11-03-2014 12:21:13 Windows Update
14-03-2014 13:31:04 Windows Update
18-03-2014 14:37:50 Windows Update
25-03-2014 14:12:00 Windows Update
29-03-2014 15:14:48 Windows Update
02-04-2014 10:02:38 Windows Update
02-04-2014 15:26:08 Revo Uninstaller's restore point - Xilisoft Video Converter Ultimate
05-04-2014 11:21:29 Windows Update

==================== Hosts content: ==========================

2009-07-14 04:04 - 2014-04-05 14:21 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {0803DFD4-F77D-4362-B016-DB76E2847E8C} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2013-07-02] (Oracle Corporation)
Task: {093BF0FE-4FC9-4375-9695-326249B16877} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21] (Adobe Systems Incorporated)
Task: {0FCBD048-3B73-486B-B321-EDE862D52FF5} - System32\Tasks\Uninstaller_SkipUac_Administrator => C:\Program Files\IObit\IObit Uninstaller\IObitUninstaler.exe [2014-04-03] (IObit)
Task: {13F6AF0E-E593-469D-BEE9-CF0E075364B0} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2011 => C:\Program Files\TuneUp Utilities 2011\OneClick.exe [2011-12-13] (TuneUp Software)
Task: {2ADA88C9-AE8A-498A-80A6-596B9E78A36C} - System32\Tasks\{D3601E9A-E3A4-459E-8CDF-779F00E0FD77} => Chrome.exe
Task: {2DC226D4-EA26-479F-8F5B-22D7A52FB421} - System32\Tasks\{F7B61AD2-A4FD-49FC-922C-62C7C0C2645C} => Chrome.exe
Task: {33E8A0C9-B4E1-458D-871D-2DE10DB428A4} - System32\Tasks\Google Updater and Installer => C:\Users\BlackUser\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-28] (Google Inc.)
Task: {5E9D0497-9081-4E63-90F7-A4B5CAFF790B} - System32\Tasks\Wise Registry Cleaner Schedule Task => C:\Program Files\Wise\Wise Registry Cleaner\WiseRegCleaner.exe [2014-03-17] (WiseCleaner.com)
Task: {697BB8CF-7374-40A4-B3C3-D277F19C8812} - System32\Tasks\{C0940DF1-7D04-4A38-87C7-462639DF94A2} => C:\Program Files\Skype\\Phone\Skype.exe [2013-11-14] (Skype Technologies S.A.)
Task: {6FD9C6EB-3057-4274-8B93-F58115B930BD} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3561012100-737277942-265128044-1001UA1cec9cb49d9d600 => C:\Users\BlackUser\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-28] (Google Inc.)
Task: {81CA492B-1563-41C7-BB8E-49784B6E2163} - System32\Tasks\GoogleUpdateTaskMachineCore1ce83331cd77c90 => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-02-18] (Google Inc.)
Task: {8F08C648-0988-4A99-AA4A-BA0E4A135DB4} - System32\Tasks\GoogleUpdateTaskMachineUA1ce83331da21f90 => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-02-18] (Google Inc.)
Task: {C2C4850C-0902-41BF-8E6A-485DDFA7B63D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-03-18] (Piriform Ltd)
Task: {C761DAEE-B7E8-4B05-95AF-53D41302C48E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3561012100-737277942-265128044-1001Core1ce833321667a90 => C:\Users\BlackUser\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-28] (Google Inc.)
Task: {D176685A-2F56-4A41-AD94-6E7D1563BC2F} - System32\Tasks\GoogleUpdateTaskMachineCore1ce1012e153d350 => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-02-18] (Google Inc.)
Task: {EB8C10E6-4EAE-4ED7-8DA2-6060EFDBD05E} - System32\Tasks\ScanSoft Background Update => C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-10-25] (Nuance Communications, Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1ce1012e153d350.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1ce83331cd77c90.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1ce83331da21f90.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3561012100-737277942-265128044-1001Core1ce833321667a90.job => C:\Users\BlackUser\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3561012100-737277942-265128044-1001UA1cec9cb49d9d600.job => C:\Users\BlackUser\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Wise Registry Cleaner Schedule Task.job => C:\Program Files\Wise\Wise Registry Cleaner\WiseRegCleaner.exe

==================== Loaded Modules (whitelisted) =============

2013-01-28 13:08 - 2013-01-28 13:08 - 00087952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2013-01-28 13:08 - 2013-01-28 13:08 - 01242512 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2012-05-05 13:39 - 2010-06-03 13:36 - 00053248 _____ () C:\Program Files\D-Link\DWA-140 revB\ANIWConnService.exe
2009-07-23 18:23 - 2009-07-23 18:23 - 00387616 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
2009-07-23 18:23 - 2009-07-23 18:23 - 00068128 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nv_common.dll
2009-07-23 18:23 - 2009-07-23 18:23 - 00436768 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\SpecialCase.dll
2013-03-27 18:27 - 2013-03-27 18:27 - 00881480 _____ () C:\Program Files\Twonky\TwonkyServer\twonkyproxy.exe
2009-07-23 18:23 - 2009-07-23 18:23 - 00178720 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
2011-02-18 22:08 - 2009-07-20 13:27 - 00017936 _____ () C:\Program Files\Logitech\SetPoint\khalwrapper.dll
2011-02-18 22:57 - 2011-03-02 12:40 - 00140288 _____ () C:\Program Files\WinRAR\rarext.dll
2014-04-02 12:40 - 2014-04-02 12:41 - 03642480 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2012-02-29 18:56 - 2012-02-29 18:56 - 00049064 _____ () C:\Program Files\Common Files\DFX\Dlls\dfxShared32.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^DFX.lnk => C:\Windows\pss\DFX.lnk.CommonStartup

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/05/2014 00:32:47 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567, Zeitstempel: 0x4d6727a7
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000
ID des fehlerhaften Prozesses: 0xf60
Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0
Pfad der fehlerhaften Anwendung: Explorer.EXE1
Pfad des fehlerhaften Moduls: Explorer.EXE2
Berichtskennung: Explorer.EXE3

Error: (04/05/2014 00:16:33 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567, Zeitstempel: 0x4d6727a7
Name des fehlerhaften Moduls: UninstallExplorer32.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x52c4d398
Ausnahmecode: 0xc0000005
Fehleroffset: 0x07cae020
ID des fehlerhaften Prozesses: 0xca0
Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0
Pfad der fehlerhaften Anwendung: Explorer.EXE1
Pfad des fehlerhaften Moduls: Explorer.EXE2
Berichtskennung: Explorer.EXE3

Error: (04/03/2014 00:14:33 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (04/02/2014 05:26:08 PM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
  Generatordaten werden gesammelt

Kontext:
  Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
  Generatorname: System Writer
  Generatorinstanz-ID: {a2f37e30-be5d-4898-a533-80763f15f475}

Error: (02/22/2014 08:46:22 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: OneClick.exe, Version: 10.0.4600.4, Zeitstempel: 0x4ee70ee4
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea91c
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00052ca9
ID des fehlerhaften Prozesses: 0x12f4
Startzeit der fehlerhaften Anwendung: 0xOneClick.exe0
Pfad der fehlerhaften Anwendung: OneClick.exe1
Pfad des fehlerhaften Moduls: OneClick.exe2
Berichtskennung: OneClick.exe3

Error: (02/22/2014 08:33:25 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (02/22/2014 08:33:04 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (02/07/2014 00:46:39 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (02/05/2014 04:10:29 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 26.0.0.5087, Zeitstempel: 0x52a0d273
Name des fehlerhaften Moduls: xul.dll, Version: 26.0.0.5087, Zeitstempel: 0x52a0d20a
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0014e1a8
ID des fehlerhaften Prozesses: 0x1244
Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0
Pfad der fehlerhaften Anwendung: firefox.exe1
Pfad des fehlerhaften Moduls: firefox.exe2
Berichtskennung: firefox.exe3

Error: (02/05/2014 04:05:54 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: avc.exe, Version: 1.0.7.1219, Zeitstempel: 0x50e79abb
Name des fehlerhaften Moduls: MSVCR90.dll, Version: 9.0.30729.6161, Zeitstempel: 0x4dace5b9
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0003ae7a
ID des fehlerhaften Prozesses: 0x9fc
Startzeit der fehlerhaften Anwendung: 0xavc.exe0
Pfad der fehlerhaften Anwendung: avc.exe1
Pfad des fehlerhaften Moduls: avc.exe2
Berichtskennung: avc.exe3


System errors:
=============
Error: (04/05/2014 02:20:41 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
PxHelp20

Error: (04/05/2014 02:20:32 PM) (Source: WMPNetworkSvc) (User: )
Description: WMPNetworkSvc

Error: (04/05/2014 02:20:08 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ‎05.‎04.‎2014 um 14:19:04 unerwartet heruntergefahren.

Error: (04/05/2014 02:16:26 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (04/05/2014 02:13:40 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (04/05/2014 02:11:51 PM) (Source: Service Control Manager) (User: )
Description: Dienst "Process Monitor" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (04/05/2014 00:05:10 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
PxHelp20

Error: (04/05/2014 00:05:05 PM) (Source: WMPNetworkSvc) (User: )
Description: WMPNetworkSvc

Error: (04/05/2014 10:18:16 AM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
PxHelp20

Error: (04/05/2014 10:18:12 AM) (Source: WMPNetworkSvc) (User: )
Description: WMPNetworkSvc


Microsoft Office Sessions:
=========================
Error: (04/05/2014 00:32:47 PM) (Source: Application Error)(User: )
Description: Explorer.EXE6.1.7601.175674d6727a7unknown0.0.0.000000000c000000500000000f6001cf50b834c238b0C:\Windows\Explorer.EXEunknowna0aa72c0-bcad-11e3-a363-002354392a98

Error: (04/05/2014 00:16:33 PM) (Source: Application Error)(User: )
Description: Explorer.EXE6.1.7601.175674d6727a7UninstallExplorer32.dll_unloaded0.0.0.052c4d398c000000507cae020ca001cf50b6880cc550C:\Windows\Explorer.EXEUninstallExplorer32.dll5c0565f0-bcab-11e3-a363-002354392a98

Error: (04/03/2014 00:14:33 PM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\Sony\sony pc companion\Drivers\DPInst64.exe

Error: (04/02/2014 05:26:08 PM) (Source: VSS)(User: )
Description: 0x80070005, Zugriff verweigert


Vorgang:
  Generatordaten werden gesammelt

Kontext:
  Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
  Generatorname: System Writer
  Generatorinstanz-ID: {a2f37e30-be5d-4898-a533-80763f15f475}

Error: (02/22/2014 08:46:22 PM) (Source: Application Error)(User: )
Description: OneClick.exe10.0.4600.44ee70ee4ntdll.dll6.1.7601.18247521ea91cc000000500052ca912f401cf2ff28eeb7360C:\Program Files\TuneUp Utilities 2011\OneClick.exeC:\Windows\SYSTEM32\ntdll.dll9f7a68b0-9bf1-11e3-8c38-002354392a98

Error: (02/22/2014 08:33:25 PM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Users\BlackUser\Downloads\msert (5).exe

Error: (02/22/2014 08:33:04 PM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Users\BlackUser\Downloads\msert (4).exe

Error: (02/07/2014 00:46:39 PM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\Sony\sony pc companion\Drivers\DPInst64.exe

Error: (02/05/2014 04:10:29 PM) (Source: Application Error)(User: )
Description: firefox.exe26.0.0.508752a0d273xul.dll26.0.0.508752a0d20ac00000050014e1a8124401cf2256daaecb70C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\xul.dll440047f0-8e6f-11e3-bb3f-002354392a98

Error: (02/05/2014 04:05:54 PM) (Source: Application Error)(User: )
Description: avc.exe1.0.7.121950e79abbMSVCR90.dll9.0.30729.61614dace5b9c00000050003ae7a9fc01cf227b617568c0C:\Program Files\Xilisoft\Video Converter Ultimate\avc.exeC:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dlla04dd910-8e6e-11e3-bb3f-002354392a98


==================== Memory info ===========================

Percentage of memory in use: 41%
Total physical RAM: 3582.43 MB
Available physical RAM: 2097.27 MB
Total Pagefile: 7164.86 MB
Available Pagefile: 5731.61 MB
Total Virtual: 2047.88 MB
Available Virtual: 1919.04 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:195.21 GB) (Free:116.06 GB) NTFS
Drive d: () (Fixed) (Total:156.25 GB) (Free:1.27 GB) NTFS
Drive e: () (Fixed) (Total:114.2 GB) (Free:8.71 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 10CA10C9)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=195 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=156 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=114 GB) - (Type=07 NTFS)

==================== End Of Log ============================
--- --- ---

M-K-D-B 05.04.2014 14:17
Servus,




Schritt 1
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).





Schritt 2
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.







Bitte poste mit deiner nächsten Antwort
  • die Logdatei von AdwCleaner,
  • die Logdatei von MBAM.

Bastian 76 05.04.2014 15:22
AdwCleaner Logfile:
Code:
# AdwCleaner v3.023 - Bericht erstellt am 05/04/2014 um 15:27:33
# Aktualisiert 01/04/2014 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits)
# Benutzername : BlackUser - BLACKUSER-PC
# Gestartet von : C:\Users\BlackUser\Desktop\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\myfree codec
Ordner Gelöscht : C:\Program Files\myfree codec
Ordner Gelöscht : C:\Program Files\Toolbar Cleaner
Ordner Gelöscht : C:\Users\BlackUser\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\BlackUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Toolbar Cleaner
Datei Gelöscht : C:\Users\BlackUser\AppData\Roaming\Mozilla\Firefox\Profiles\hd0l7f88.default\searchplugins\11-suche.xml

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{ACAA314B-EEBA-48E4-AD47-84E31C44796C}]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_windows-media-player-plugin_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_windows-media-player-plugin_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_xilisoft-xbox-converter(1)_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_xilisoft-xbox-converter(1)_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5C3B5DAA-0AFF-4808-90FB-0F2F2D760E36}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FD501041-8EBE-11CE-8183-00AA00577DA2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Myfree Codec
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKLM\Software\Myfree Codec
Schlüssel Gelöscht : HKLM\Software\Toolbar Cleaner
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\464AA55239C100F32AF2D438EDDC0F47
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5652BA3D5FB98AE31B337BF0AF939856
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EB95E1AFCBABE3DB9ECCC669B99494

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.16521


-\\ Mozilla Firefox v28.0 (de)

[ Datei : C:\Users\BlackUser\AppData\Roaming\Mozilla\Firefox\Profiles\hd0l7f88.default\prefs.js ]

Zeile gelöscht : user_pref("extensions.foxlingo.addit.defaultAddons", "{ \"software\": {\"13\": {\"id\": \"13\",\"title\": \"PriceGong\",\"type\": \"XPI\",\"url\": \"hxxps://www.radialsearch.com/downloads/pricegong.xp[...]

[ Datei : C:\Users\Standardbenutzer\AppData\Roaming\Mozilla\Firefox\Profiles\xpuvvv21.default\prefs.js ]


-\\ Google Chrome v

[ Datei : C:\Users\BlackUser\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [5401 octets] - [05/04/2014 15:24:09]
AdwCleaner[S0].txt - [5332 octets] - [05/04/2014 15:27:33]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5392 octets] ##########
--- --- ---

leider speichert er das Textdokument Von Malewarebytes nicht ab ,wo kann ich den Log noch finden ?

endlich geschaft !! ich habe es in die Zwischenablage kopiert und dann hier eingefügt

Malwarebytes Anti-Malware
Malwarebytes | Free Anti-Malware & Internet Security Software

Suchlauf Datum: 05.04.2014
Suchlauf-Zeit: 15:57:21
Logdatei:
Administrator: Ja

Version: 2.00.1.1004
Malware Datenbank: v2014.04.05.03
Rootkit Datenbank: v2014.03.27.01
Lizenz: Premium
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Chameleon: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x86
Dateisystem: NTFS
Benutzer: BlackUser

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 333199
Verstrichene Zeit: 18 Min, 9 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Shuriken: Aktiviert
PUP: Warnen
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 0
(No malicious items detected)

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 5
Hacktool.Gen, C:\Users\BlackUser\Downloads\CloneDVD_Keygen_by_Dirty_Denim.zip, In Quarantäne, [b749e020b54b817f2214ac6f1ce88b75],
Trojan.Agent.W, C:\Users\BlackUser\Downloads\Windows 7 Loader v1.7.9(x86 & x64).rar, In Quarantäne, [35cb51af02feb44c8f2dd615788b7090],
Hacktool.Agent, C:\Users\BlackUser\Downloads\Windows+7+Loader+v2.1.1+by+Daz+(x86+&+x64).zip, In Quarantäne, [a25e33cda75926da83e24bf7709138c8],
RiskWare.Tool.CK, C:\Users\BlackUser\Downloads\29clon-d-30.rar, In Quarantäne, [b7495ba5e61a9a660ee56f2d8a7746ba],
Hacktool.Agent, C:\Users\BlackUser\Desktop\Windows+7+Loader+v2.1.1 und Extrem Version\Windows+7+Loader+v2.1.1+by+Daz+(x86+&+x64).zip, In Quarantäne, [718f05fbad53c739e283360c47ba27d9],

Physische Sektoren: 0
(No malicious items detected)


(end)

Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 05.04.2014
Suchlauf-Zeit: 15:57:21
Logdatei:
Administrator: Ja

Version: 2.00.1.1004
Malware Datenbank: v2014.04.05.03
Rootkit Datenbank: v2014.03.27.01
Lizenz: Premium
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Chameleon: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x86
Dateisystem: NTFS
Benutzer: BlackUser

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 333199
Verstrichene Zeit: 18 Min, 9 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Shuriken: Aktiviert
PUP: Warnen
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 0
(No malicious items detected)

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 5
Hacktool.Gen, C:\Users\BlackUser\Downloads\CloneDVD_Keygen_by_Dirty_Denim.zip, In Quarantäne, [b749e020b54b817f2214ac6f1ce88b75],
Trojan.Agent.W, C:\Users\BlackUser\Downloads\Windows 7 Loader v1.7.9(x86 & x64).rar, In Quarantäne, [35cb51af02feb44c8f2dd615788b7090],
Hacktool.Agent, C:\Users\BlackUser\Downloads\Windows+7+Loader+v2.1.1+by+Daz+(x86+&+x64).zip, In Quarantäne, [a25e33cda75926da83e24bf7709138c8],
RiskWare.Tool.CK, C:\Users\BlackUser\Downloads\29clon-d-30.rar, In Quarantäne, [b7495ba5e61a9a660ee56f2d8a7746ba],
Hacktool.Agent, C:\Users\BlackUser\Desktop\Windows+7+Loader+v2.1.1 und Extrem Version\Windows+7+Loader+v2.1.1+by+Daz+(x86+&+x64).zip, In Quarantäne, [718f05fbad53c739e283360c47ba27d9],

Physische Sektoren: 0
(No malicious items detected)


(end)

M-K-D-B 05.04.2014 15:34
Servus,



auf deinem Rechner wird illegale Software verwendet:
Zitat:
Hacktool.Gen, C:\Users\BlackUser\Downloads\CloneDVD_Keygen_by_Dirty_Denim.zip, In Quarantäne, [b749e020b54b817f2214ac6f1ce88b75],
Trojan.Agent.W, C:\Users\BlackUser\Downloads\Windows 7 Loader v1.7.9(x86 & x64).rar, In Quarantäne, [35cb51af02feb44c8f2dd615788b7090],
Hacktool.Agent, C:\Users\BlackUser\Downloads\Windows+7+Loader+v2.1.1+by+Daz+(x86+&+x64).zip, In Quarantäne, [a25e33cda75926da83e24bf7709138c8],
RiskWare.Tool.CK, C:\Users\BlackUser\Downloads\29clon-d-30.rar, In Quarantäne, [b7495ba5e61a9a660ee56f2d8a7746ba],
Hacktool.Agent, C:\Users\BlackUser\Desktop\Windows+7+Loader+v2.1.1 und Extrem Version\Windows+7+Loader+v2.1.1+by+Daz+(x86+&+x64).zip, In Quarantäne, [718f05fbad53c739e283360c47ba27d9],
Was kannst du mir hierzu sagen?

Sobald du jegliche illegale Software entfernt hast, können wir mit der Bereinigung fortfahren. Sollte ich dann jedoch noch einmal etwas entdecken, ist Schluss.

Bitte lesen:
Cracks, Keygens und andere illegale Software





Downloade dir bitte CKScanner

Wichtig: Speichere die Datei am Desktop.
  • Doppelklicke auf die CKScanner.exe und klicke auf Search For Files.
  • Danach klicke auf Save List To File.
  • Es wird eine Box aufpoppen, die dir mitteilt, dass die Datei gespeichert wurde (file saved)
  • Öffne die CKFiles.txt auf deinem Desktop und poste den Inhalt hier.

Bastian 76 05.04.2014 15:49
Dazu kann ich nur eins sagen DANKE Sohnemann ,ich habe bewusst keine illegale Software verwendet und so wie ich es selber einschätzen kann ist diese Software nicht bei mir installiert nur heruntergeladen worden ;-(
Die Programme wurden ja alle in Quarantäne verschoben ,bin ich diese Programme los wenn ich sie dort löschen lasse ?

M-K-D-B 05.04.2014 15:51
Servus,


CKSkanner bitte wie beschrieben ausführen.


Noch Probleme mit der Explorer?

Bastian 76 05.04.2014 17:08
Ich habe alle in Quarantäne befindlichen Dateien gelöscht ,desweiteren habe ich nochmal einen Scan durchführen lassen hier der Log von Malewarebytes .
Danach der gewünschte Log vom CKScanner .

Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 05.04.2014
Suchlauf-Zeit: 17:03:53
Logdatei:
Administrator: Ja

Version: 2.00.1.1004
Malware Datenbank: v2014.04.05.03
Rootkit Datenbank: v2014.03.27.01
Lizenz: Premium
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Chameleon: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x86
Dateisystem: NTFS
Benutzer: BlackUser

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 333330
Verstrichene Zeit: 12 Min, 52 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Shuriken: Aktiviert
PUP: Warnen
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 0
(No malicious items detected)

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 0
(No malicious items detected)

Physische Sektoren: 0
(No malicious items detected)


(end)
Code:
CKScanner 2.4 - Additional Security Risks - These are not necessarily bad
c:\users\blackuser\documents\calibre library\technocrack\landung auf darkover.doc (1813)\landung auf darkover.doc - technocrack.epub
c:\users\blackuser\documents\calibre library\technocrack\landung auf darkover.doc (1813)\landung auf darkover.doc - technocrack.pdf
c:\users\blackuser\documents\calibre library\technocrack\landung auf darkover.doc (1813)\metadata.opf
scanner sequence 3.CP.11.GGABT0
 ----- EOF -----
Ich habe momentan keine Abstürze mehr ,was mir aber auffällt wenn ich zb ein Bild
öffnen möchte und das über "öffne mit" tuen möchte ,dann hat es in der Regel gereicht den Cursur auf "öffne mit" zu ziehen damit es sich öffnet und ich ein beliebiges Programm auswählen kann .Nun muss ich öfters mit Mausklick bestätigen ,das hatte ich so noch nie .Ich musste sonst nie mit Mausklick bestätigen.

Nur um einem Missverständniss vorzubeugen :
library\technocrack\landung auf darkover.doc -
dies ist ein Buch und heisst Landung auf Darkover ,technocrack bezieht sich dabei auf einen Namen und nicht auf ein Programm ,Tool oder ähnliches

M-K-D-B 05.04.2014 18:15
Servus,


ok, das mit dem Bild ist komisch...


FRST bitte zur Kontrolle nochmal ausführen:



Kontrollscan mit FRST
Führe wie zuvor beschrieben einen Scan mit FRST aus.
Setze dazu einen Haken bei Addition.txt rechts unten und klicke auf Scan.
Es werden zwei Logdateien erzeugt. Poste mir diese.

Bastian 76 05.04.2014 18:23
Ja vielleicht irritiert der Name das Programm !?

Hier wie gewünscht die beiden Logdateien :


FRST Additions Logfile:
Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-03-2014  01
Ran by BlackUser at 2014-04-05 19:19:39
Running from C:\Users\BlackUser\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: ESET Smart Security 7.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET Smart Security 7.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
FW: ESET Personal Firewall (Enabled) {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}

==================== Installed Programs ======================

Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.7.0.19530 - Adobe Systems Incorporated)
Adobe AIR (Version: 2.7.0.19530 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 11 ActiveX (HKLM\...\{8A5F5F0A-BE2D-4763-B764-BF6EFE93A68B}) (Version: 11.5.502.146 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Help Center 2.0 (Version: 2.0.0 - Adobe Systems) Hidden
Adobe Reader XI (11.0.06) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM\...\Adobe Shockwave Player) (Version: 11.6.5.635 - Adobe Systems, Inc.)
Adobe Stock Photos 1.0 (Version: 1.0.1 - Adobe Systems) Hidden
Air Playit 2.0.0 (HKLM\...\Air Playit_is1) (Version:  - Digiarty)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - ATI Technologies Inc.) Hidden
AnyDVD (HKLM\...\AnyDVD) (Version: 7.0.4.0 - SlySoft)
Apple Application Support (HKLM\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{E14ADE0E-75F3-4A46-87E5-26692DD626EC}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ashampoo Burning Studio 2012 v.10.0.15 (HKLM\...\Ashampoo Burning Studio 2012_is1) (Version: 10.0.15 - Ashampoo GmbH & Co. KG)
ATI Catalyst Install Manager (HKLM\...\{0FEA9A38-B993-0969-3A78-4D5CDDACEFEE}) (Version: 3.0.782.0 - ATI Technologies, Inc.)
ATI Catalyst Registration (Version: 3.00.0000 - ATI Technologies Inc.) Hidden
AVM FRITZ!Box Dokumentation (HKLM\...\AVMFBox) (Version:  - AVM Berlin)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
calibre (HKLM\...\{7D69BF2B-6C60-4D0A-8A6C-BCFD025D5D84}) (Version: 1.17.0 - Kovid Goyal)
Canon MP Navigator EX 1.0 (HKLM\...\MP Navigator EX 1.0) (Version:  - )
Canon MP520 series (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP520_series) (Version:  - )
Canon MP520 series Benutzerregistrierung (HKLM\...\Canon MP520 series Benutzerregistrierung) (Version:  - )
Canon Utilities Easy-PhotoPrint EX (HKLM\...\Easy-PhotoPrint EX) (Version:  - )
Catalyst Control Center - Branding (Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (Version: 2010.0706.2128.36662 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (Version: 2010.0706.2128.36662 - ATI) Hidden
Catalyst Control Center InstallProxy (Version: 2010.0706.2128.36662 - ATI Technologies, Inc.) Hidden
CCC Help English (Version: 2010.0706.2127.36662 - ATI) Hidden
ccc-core-static (Version: 2010.0706.2128.36662 - Ihr Firmenname) Hidden
ccc-utility (Version: 2010.0706.2128.36662 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.12 - Piriform)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.4.1.3184 - CDBurnerXP)
CDDRV_Installer (Version: 4.60 - Logitech) Hidden
Cheat Engine 6.1 (HKLM\...\Cheat Engine 6.1_is1) (Version:  - Dark Byte)
CircleSurround II Plugin for Windows Media Player (HKLM\...\{135BFFD7-D9C1-4374-B18C-BEB64FC7851C}) (Version: 1.04.0200 - SRS Labs, Inc.)
CloneDVD2 (HKLM\...\CloneDVD2) (Version: 2.9.2.8 - Elaborate Bytes)
Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
DFX (HKLM\...\DFX) (Version: 10.134.0.0 - Power Technology)
D-Link DWA-140 (HKLM\...\{D7D2F494-89E3-42ED-8A2B-75BDD9B464CB}) (Version:  - D-Link)
erLT (Version: 1.20.0137 - Logitech, Inc.) Hidden
ESET Smart Security (HKLM\...\{025FFD63-BE62-4C83-B8DD-D8CCCB55355B}) (Version: 7.0.302.26 - ESET, spol s r. o.)
Free YouTube to MP3 Converter version 3.12.2.426 (HKLM\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.2.426 - DVDVideoSoft Ltd.)
G-Force (HKLM\...\G-Force) (Version: 3.7.5 - SoundSpectrum)
Google Chrome (HKCU\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.23.9 - Google Inc.) Hidden
iCloud (HKLM\...\{925F1DB6-E86E-4378-9091-D1F68B0583C9}) (Version: 2.1.2.8 - Apple Inc.)
Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version:  - )
Internet-TV für Windows Media Center (HKLM\...\{9D318C86-AF4C-409F-A6AC-7183FF4CF424}) (Version: 4.2.2.0 - Microsoft Corporation)
IObit Uninstaller (HKLM\...\IObitUninstall) (Version: 3.2.9.10 - IObit)
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.35 - Irfan Skiljan)
iTunes (HKLM\...\{91FD46D2-4FB7-4A51-8637-556E1BE1DB7C}) (Version: 11.0.4.4 - Apple Inc.)
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
KhalInstallWrapper (Version: 2.00.0000 - Logitech) Hidden
Lidl-Fotos (HKLM\...\Lidl-Fotos_is1) (Version:  - )
Logitech SetPoint (HKLM\...\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}) (Version: 4.80 - Logitech)
Logitech Webcam Software (HKLM\...\{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}) (Version: 12.10.1113 - Logitech Inc.)
MagicTune Premium (HKLM\...\{69F962F7-3761-4704-9E4B-24FF10F77111}) (Version: 4.0.12 - Samsung Electronics Co. Ltd.)
Malwarebytes Anti-Malware Version 2.0.1.1004 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Media Go (HKLM\...\{362AB21A-E2C4-40CE-81C2-8C4D62B0635A}) (Version: 2.4.256 - Sony)
Media Go Video Playback Engine 1.116.108.02030 (HKLM\...\{54215B8A-6212-8DB8-39B4-98EE2BB98BD1}) (Version: 1.116.108.02030 - Sony)
MediaManager (HKLM\...\MediaManager) (Version: 3.0.3 (60) - PacketVideo)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (HKLM\...\{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version: 9.0.21022.218 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFCLOC_x86 (Version: 1.00.0000 - Adobe) Hidden
Mozilla Firefox 28.0 (x86 de) (HKLM\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
Mp3tag v2.57 (HKLM\...\Mp3tag) (Version: v2.57 - Florian Heidenreich)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NOXON DAB MediaPlayer (HKLM\...\{68568BFD-A28C-41AD-B953-C35A19B8E113}) (Version: 1.0.7 - NOXON Media)
NOXON DAB Player (HKLM\...\{267A1D4B-FDB6-4914-AD41-FC8F3AB118B9}) (Version: 1.1.0 - NOXON Media)
NOXON DAB Stick V86.001.0930.2011 (HKLM\...\NOXON DAB Stick) (Version: 86.001.0930.2011 - )
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.4 - NVIDIA Corporation)
NVIDIA ForceWare Network Access Manager (HKLM\...\InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}) (Version: 1.00.7313 - NVIDIA Corporation)
NVIDIA ForceWare Network Access Manager (Version: 1.00.7313 - NVIDIA Corporation) Hidden
NVIDIA Install Application (Version: 2.1002.109.718 - NVIDIA Corporation) Hidden
PlayStation(R)Network Downloader (HKLM\...\{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}) (Version: 2.07.00849 - Sony Computer Entertainment Inc.)
PlayStation(R)Store (HKLM\...\{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}) (Version: 4.14.6.15183 - Sony Computer Entertainment Inc.)
PokerStars.eu (HKLM\...\PokerStars.eu) (Version:  - PokerStars.eu)
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.0.12094_28 - Samsung Electronics Co., Ltd.)
Samsung Kies (Version: 2.5.0.12094_28 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.18.0 - SAMSUNG Electronics Co., Ltd.)
Samsung_MonSetup (HKLM\...\{8EA79DBF-D637-448A-89D6-410A087A4493}) (Version: 1.00.0000 - Samsung)
ScanSoft OmniPage SE 4 (HKLM\...\{DEE88727-779B-47A9-ACEF-F87CA5F92A65}) (Version: 15.2.0020 - Nuance Communications, Inc.)
SDFormatter (HKLM\...\{15EB20D6-5F13-41D0-BEF9-C9C44D6AC620}) (Version: 3.0.0 - SD Association)
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.9.9216 - Skype Technologies S.A.)
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Sony Ericsson Update Engine (HKLM\...\Update Engine) (Version: 2.12.15.18 - Sony Ericsson Communications AB)
Sony PC Companion 2.10.115 (HKLM\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.115 - Sony)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.13 - TeamSpeak Systems GmbH)
TeamViewer 9 (HKLM\...\TeamViewer 9) (Version: 9.0.25942 - TeamViewer)
TIPP10 Version 2.1.0 (HKLM\...\TIPP10_is1) (Version:  - (c) 2006-2011, Tom Thielicke IT Solutions)
TuneUp Utilities 2011 (HKLM\...\TuneUp Utilities 2011) (Version: 10.0.4600.4 - TuneUp Software)
TuneUp Utilities 2011 (Version: 10.0.4600.4 - TuneUp Software) Hidden
TuneUp Utilities Language Pack (de-DE) (Version: 10.0.4600.4 - TuneUp Software) Hidden
TuneUp Utilities Language Pack (de-DE) (Version: 9.0.2000.15 - TuneUp Software) Hidden
Twonky Server (HKLM\...\TwonkyServer) (Version: 7.2.0.0 - PacketVideo)
Twonky Windows Components (HKLM\...\{7CC673E7-5271-409D-B196-BB76DA60300B}) (Version: 3.0.3 - PacketVideo)
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Wi-Fi MediaConnect (HKLM\...\{AA58346A-A5D7-4659-91D6-38D07345BDCF}) (Version: 1.6.43 - Philips)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR 4.00 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)
Wise Registry Cleaner 8.03 (HKLM\...\Wise Registry Cleaner_is1) (Version: 8.03 - WiseCleaner.com, Inc.)
Xilisoft Video Converter Ultimate (HKLM\...\Xilisoft Video Converter Ultimate) (Version: 7.7.3.20131014 - Xilisoft)

==================== Restore Points  =========================

11-03-2014 12:21:13 Windows Update
14-03-2014 13:31:04 Windows Update
18-03-2014 14:37:50 Windows Update
25-03-2014 14:12:00 Windows Update
29-03-2014 15:14:48 Windows Update
02-04-2014 10:02:38 Windows Update
02-04-2014 15:26:08 Revo Uninstaller's restore point - Xilisoft Video Converter Ultimate
05-04-2014 11:21:29 Windows Update

==================== Hosts content: ==========================

2009-07-14 04:04 - 2014-04-05 14:21 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {0803DFD4-F77D-4362-B016-DB76E2847E8C} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2013-07-02] (Oracle Corporation)
Task: {093BF0FE-4FC9-4375-9695-326249B16877} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21] (Adobe Systems Incorporated)
Task: {0FCBD048-3B73-486B-B321-EDE862D52FF5} - System32\Tasks\Uninstaller_SkipUac_Administrator => C:\Program Files\IObit\IObit Uninstaller\IObitUninstaler.exe [2014-04-03] (IObit)
Task: {13F6AF0E-E593-469D-BEE9-CF0E075364B0} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2011 => C:\Program Files\TuneUp Utilities 2011\OneClick.exe [2011-12-13] (TuneUp Software)
Task: {2ADA88C9-AE8A-498A-80A6-596B9E78A36C} - System32\Tasks\{D3601E9A-E3A4-459E-8CDF-779F00E0FD77} => Chrome.exe
Task: {2DC226D4-EA26-479F-8F5B-22D7A52FB421} - System32\Tasks\{F7B61AD2-A4FD-49FC-922C-62C7C0C2645C} => Chrome.exe
Task: {33E8A0C9-B4E1-458D-871D-2DE10DB428A4} - System32\Tasks\Google Updater and Installer => C:\Users\BlackUser\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-28] (Google Inc.)
Task: {5E9D0497-9081-4E63-90F7-A4B5CAFF790B} - System32\Tasks\Wise Registry Cleaner Schedule Task => C:\Program Files\Wise\Wise Registry Cleaner\WiseRegCleaner.exe [2014-03-17] (WiseCleaner.com)
Task: {697BB8CF-7374-40A4-B3C3-D277F19C8812} - System32\Tasks\{C0940DF1-7D04-4A38-87C7-462639DF94A2} => C:\Program Files\Skype\\Phone\Skype.exe [2013-11-14] (Skype Technologies S.A.)
Task: {6FD9C6EB-3057-4274-8B93-F58115B930BD} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3561012100-737277942-265128044-1001UA1cec9cb49d9d600 => C:\Users\BlackUser\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-28] (Google Inc.)
Task: {81CA492B-1563-41C7-BB8E-49784B6E2163} - System32\Tasks\GoogleUpdateTaskMachineCore1ce83331cd77c90 => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-02-18] (Google Inc.)
Task: {8F08C648-0988-4A99-AA4A-BA0E4A135DB4} - System32\Tasks\GoogleUpdateTaskMachineUA1ce83331da21f90 => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-02-18] (Google Inc.)
Task: {C2C4850C-0902-41BF-8E6A-485DDFA7B63D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-03-18] (Piriform Ltd)
Task: {C761DAEE-B7E8-4B05-95AF-53D41302C48E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3561012100-737277942-265128044-1001Core1ce833321667a90 => C:\Users\BlackUser\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-28] (Google Inc.)
Task: {D176685A-2F56-4A41-AD94-6E7D1563BC2F} - System32\Tasks\GoogleUpdateTaskMachineCore1ce1012e153d350 => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-02-18] (Google Inc.)
Task: {EB8C10E6-4EAE-4ED7-8DA2-6060EFDBD05E} - System32\Tasks\ScanSoft Background Update => C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-10-25] (Nuance Communications, Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1ce1012e153d350.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1ce83331cd77c90.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1ce83331da21f90.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3561012100-737277942-265128044-1001Core1ce833321667a90.job => C:\Users\BlackUser\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3561012100-737277942-265128044-1001UA1cec9cb49d9d600.job => C:\Users\BlackUser\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Wise Registry Cleaner Schedule Task.job => C:\Program Files\Wise\Wise Registry Cleaner\WiseRegCleaner.exe

==================== Loaded Modules (whitelisted) =============

2013-01-28 13:08 - 2013-01-28 13:08 - 00087952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2013-01-28 13:08 - 2013-01-28 13:08 - 01242512 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2012-05-05 13:39 - 2010-06-03 13:36 - 00053248 _____ () C:\Program Files\D-Link\DWA-140 revB\ANIWConnService.exe
2009-07-23 18:23 - 2009-07-23 18:23 - 00387616 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
2009-07-23 18:23 - 2009-07-23 18:23 - 00068128 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nv_common.dll
2009-07-23 18:23 - 2009-07-23 18:23 - 00436768 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\SpecialCase.dll
2013-03-27 18:27 - 2013-03-27 18:27 - 00881480 _____ () C:\Program Files\Twonky\TwonkyServer\twonkyproxy.exe
2009-07-23 18:23 - 2009-07-23 18:23 - 00178720 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
2011-02-18 22:57 - 2011-03-02 12:40 - 00140288 _____ () C:\Program Files\WinRAR\rarext.dll
2011-02-18 22:08 - 2009-07-20 13:27 - 00017936 _____ () C:\Program Files\Logitech\SetPoint\khalwrapper.dll
2014-04-02 12:40 - 2014-04-02 12:41 - 03642480 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-03-18 23:59 - 2014-03-18 23:59 - 00043520 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^DFX.lnk => C:\Windows\pss\DFX.lnk.CommonStartup

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/05/2014 06:04:04 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: avc.exe, Version: 1.0.7.1219, Zeitstempel: 0x50e79abb
Name des fehlerhaften Moduls: atimpenc.dll, Version: 11.6.0.50527, Zeitstempel: 0x4bfea3b7
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000e4916
ID des fehlerhaften Prozesses: 0x1544
Startzeit der fehlerhaften Anwendung: 0xavc.exe0
Pfad der fehlerhaften Anwendung: avc.exe1
Pfad des fehlerhaften Moduls: avc.exe2
Berichtskennung: avc.exe3

Error: (04/05/2014 06:03:38 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: avc.exe, Version: 1.0.7.1219, Zeitstempel: 0x50e79abb
Name des fehlerhaften Moduls: atimpenc.dll, Version: 11.6.0.50527, Zeitstempel: 0x4bfea3b7
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000e4916
ID des fehlerhaften Prozesses: 0x1208
Startzeit der fehlerhaften Anwendung: 0xavc.exe0
Pfad der fehlerhaften Anwendung: avc.exe1
Pfad des fehlerhaften Moduls: avc.exe2
Berichtskennung: avc.exe3

Error: (04/05/2014 00:32:47 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567, Zeitstempel: 0x4d6727a7
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000
ID des fehlerhaften Prozesses: 0xf60
Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0
Pfad der fehlerhaften Anwendung: Explorer.EXE1
Pfad des fehlerhaften Moduls: Explorer.EXE2
Berichtskennung: Explorer.EXE3

Error: (04/05/2014 00:16:33 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567, Zeitstempel: 0x4d6727a7
Name des fehlerhaften Moduls: UninstallExplorer32.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x52c4d398
Ausnahmecode: 0xc0000005
Fehleroffset: 0x07cae020
ID des fehlerhaften Prozesses: 0xca0
Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0
Pfad der fehlerhaften Anwendung: Explorer.EXE1
Pfad des fehlerhaften Moduls: Explorer.EXE2
Berichtskennung: Explorer.EXE3

Error: (04/03/2014 00:14:33 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (04/02/2014 05:26:08 PM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
  Generatordaten werden gesammelt

Kontext:
  Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
  Generatorname: System Writer
  Generatorinstanz-ID: {a2f37e30-be5d-4898-a533-80763f15f475}

Error: (02/22/2014 08:46:22 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: OneClick.exe, Version: 10.0.4600.4, Zeitstempel: 0x4ee70ee4
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea91c
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00052ca9
ID des fehlerhaften Prozesses: 0x12f4
Startzeit der fehlerhaften Anwendung: 0xOneClick.exe0
Pfad der fehlerhaften Anwendung: OneClick.exe1
Pfad des fehlerhaften Moduls: OneClick.exe2
Berichtskennung: OneClick.exe3

Error: (02/22/2014 08:33:25 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (02/22/2014 08:33:04 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (02/07/2014 00:46:39 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".


System errors:
=============
Error: (04/05/2014 05:24:20 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
PxHelp20

Error: (04/05/2014 05:24:10 PM) (Source: WMPNetworkSvc) (User: )
Description: WMPNetworkSvc

Error: (04/05/2014 03:29:43 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
PxHelp20

Error: (04/05/2014 03:29:30 PM) (Source: WMPNetworkSvc) (User: )
Description: WMPNetworkSvc

Error: (04/05/2014 02:20:41 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
PxHelp20

Error: (04/05/2014 02:20:32 PM) (Source: WMPNetworkSvc) (User: )
Description: WMPNetworkSvc

Error: (04/05/2014 02:20:08 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ‎05.‎04.‎2014 um 14:19:04 unerwartet heruntergefahren.

Error: (04/05/2014 02:16:26 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (04/05/2014 02:13:40 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (04/05/2014 02:11:51 PM) (Source: Service Control Manager) (User: )
Description: Dienst "Process Monitor" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.


Microsoft Office Sessions:
=========================
Error: (04/05/2014 06:04:04 PM) (Source: Application Error)(User: )
Description: avc.exe1.0.7.121950e79abbatimpenc.dll11.6.0.505274bfea3b7c0000005000e4916154401cf50e8a836a530C:\Program Files\Xilisoft\Video Converter Ultimate\avc.exeC:\Program Files\Common Files\atimpenc.dlle87e0ed0-bcdb-11e3-850a-002354392a98

Error: (04/05/2014 06:03:38 PM) (Source: Application Error)(User: )
Description: avc.exe1.0.7.121950e79abbatimpenc.dll11.6.0.505274bfea3b7c0000005000e4916120801cf50e89817c0d0C:\Program Files\Xilisoft\Video Converter Ultimate\avc.exeC:\Program Files\Common Files\atimpenc.dlld8b40130-bcdb-11e3-850a-002354392a98

Error: (04/05/2014 00:32:47 PM) (Source: Application Error)(User: )
Description: Explorer.EXE6.1.7601.175674d6727a7unknown0.0.0.000000000c000000500000000f6001cf50b834c238b0C:\Windows\Explorer.EXEunknowna0aa72c0-bcad-11e3-a363-002354392a98

Error: (04/05/2014 00:16:33 PM) (Source: Application Error)(User: )
Description: Explorer.EXE6.1.7601.175674d6727a7UninstallExplorer32.dll_unloaded0.0.0.052c4d398c000000507cae020ca001cf50b6880cc550C:\Windows\Explorer.EXEUninstallExplorer32.dll5c0565f0-bcab-11e3-a363-002354392a98

Error: (04/03/2014 00:14:33 PM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\Sony\sony pc companion\Drivers\DPInst64.exe

Error: (04/02/2014 05:26:08 PM) (Source: VSS)(User: )
Description: 0x80070005, Zugriff verweigert


Vorgang:
  Generatordaten werden gesammelt

Kontext:
  Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
  Generatorname: System Writer
  Generatorinstanz-ID: {a2f37e30-be5d-4898-a533-80763f15f475}

Error: (02/22/2014 08:46:22 PM) (Source: Application Error)(User: )
Description: OneClick.exe10.0.4600.44ee70ee4ntdll.dll6.1.7601.18247521ea91cc000000500052ca912f401cf2ff28eeb7360C:\Program Files\TuneUp Utilities 2011\OneClick.exeC:\Windows\SYSTEM32\ntdll.dll9f7a68b0-9bf1-11e3-8c38-002354392a98

Error: (02/22/2014 08:33:25 PM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Users\BlackUser\Downloads\msert (5).exe

Error: (02/22/2014 08:33:04 PM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Users\BlackUser\Downloads\msert (4).exe

Error: (02/07/2014 00:46:39 PM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\Sony\sony pc companion\Drivers\DPInst64.exe


==================== Memory info ===========================

Percentage of memory in use: 53%
Total physical RAM: 3582.43 MB
Available physical RAM: 1663.61 MB
Total Pagefile: 7164.86 MB
Available Pagefile: 5215.78 MB
Total Virtual: 2047.88 MB
Available Virtual: 1901.39 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:195.21 GB) (Free:115.65 GB) NTFS
Drive d: () (Fixed) (Total:156.25 GB) (Free:1.26 GB) NTFS
Drive e: () (Fixed) (Total:114.2 GB) (Free:6.71 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 10CA10C9)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=195 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=156 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=114 GB) - (Type=07 NTFS)

==================== End Of Log ============================
FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014  01
Ran by BlackUser (administrator) on BLACKUSER-PC on 05-04-2014 19:19:06
Running from C:\Users\BlackUser\Desktop
Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: Downloading Farbar Recovery Scan Tool
Download link for 64-Bit Version: Downloading Farbar Recovery Scan Tool
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\D-Link\DWA-140 revB\ANIWConnService.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
(Teruten) C:\Windows\system32\FsUsbExService.Exe
(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
() C:\Program Files\Twonky\TwonkyServer\twonkyproxy.exe
(PacketVideo) C:\Program Files\Twonky\TwonkyServer\twonkystarter.exe
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPoint\SetPoint.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Kernel and Hardware Abstraction Layer] - C:\Windows\KHALMNPR.EXE [55824 2009-06-17] (Logitech, Inc.)
HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\System32\LogiLDA.dll [1425208 2012-09-20] (Logitech, Inc.)
HKLM\...\Run: [egui] - C:\Program Files\ESET\ESET Smart Security\egui.exe [5110672 2013-09-12] (ESET)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logitech\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-3561012100-737277942-265128044-1001\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-07-12] (Google Inc.)
HKU\S-1-5-21-3561012100-737277942-265128044-1001\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-3561012100-737277942-265128044-1001\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-3561012100-737277942-265128044-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-3561012100-737277942-265128044-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-07-12] (Google Inc.)
HKU\S-1-5-21-3561012100-737277942-265128044-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-3561012100-737277942-265128044-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-3561012100-737277942-265128044-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-3561012100-737277942-265128044-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-07-12] (Google Inc.)
HKU\S-1-5-21-3561012100-737277942-265128044-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-3561012100-737277942-265128044-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
GroupPolicyUsers\S-1-5-21-3561012100-737277942-265128044-1003\User: Group Policy restriction detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Sign In
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {73821FBE-B390-4437-9A1E-0380C185BE43} URL = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7ADFA_deDE419
BHO: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll (IObit)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Winsock: Catalog9 01 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [268832] (NVIDIA)
Winsock: Catalog9 02 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [268832] (NVIDIA)
Winsock: Catalog9 03 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [268832] (NVIDIA)
Winsock: Catalog9 04 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [268832] (NVIDIA)
Winsock: Catalog9 05 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [268832] (NVIDIA)
Winsock: Catalog9 06 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [268832] (NVIDIA)
Winsock: Catalog9 17 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [268832] (NVIDIA)
Winsock: Catalog9 18 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [268832] (NVIDIA)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\BlackUser\AppData\Roaming\Mozilla\Firefox\Profiles\hd0l7f88.default
FF Homepage: hxxp://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @playstation.com/PsndlCheck,version=1.00 - C:\Program Files\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
FF Plugin: @SonyCreativeSoftware.com/Media Go,version=1.0 - C:\Program Files\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\BlackUser\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\BlackUser\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\BlackUser\AppData\Roaming\Mozilla\Firefox\Profiles\hd0l7f88.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\BlackUser\AppData\Roaming\Mozilla\Firefox\Profiles\hd0l7f88.default\searchplugins\firefox-add-ons.xml
FF SearchPlugin: C:\Users\BlackUser\AppData\Roaming\Mozilla\Firefox\Profiles\hd0l7f88.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\BlackUser\AppData\Roaming\Mozilla\Firefox\Profiles\hd0l7f88.default\searchplugins\google-ssl.xml
FF SearchPlugin: C:\Users\BlackUser\AppData\Roaming\Mozilla\Firefox\Profiles\hd0l7f88.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\BlackUser\AppData\Roaming\Mozilla\Firefox\Profiles\hd0l7f88.default\searchplugins\qrobeit-https.xml
FF SearchPlugin: C:\Users\BlackUser\AppData\Roaming\Mozilla\Firefox\Profiles\hd0l7f88.default\searchplugins\qrobeit.xml
FF SearchPlugin: C:\Users\BlackUser\AppData\Roaming\Mozilla\Firefox\Profiles\hd0l7f88.default\searchplugins\suche.xml
FF SearchPlugin: C:\Users\BlackUser\AppData\Roaming\Mozilla\Firefox\Profiles\hd0l7f88.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Users\BlackUser\AppData\Roaming\Mozilla\Firefox\Profiles\hd0l7f88.default\searchplugins\youtube.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: DoNotTrackMe: Online Privacy Protection - C:\Users\BlackUser\AppData\Roaming\Mozilla\Firefox\Profiles\hd0l7f88.default\Extensions\donottrackplus@abine.com [2014-04-05]
FF Extension: YouTube Unblocker - C:\Users\BlackUser\AppData\Roaming\Mozilla\Firefox\Profiles\hd0l7f88.default\Extensions\youtubeunblocker@unblocker.yt [2014-03-25]
FF Extension: WOT - C:\Users\BlackUser\AppData\Roaming\Mozilla\Firefox\Profiles\hd0l7f88.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-11-26]
FF Extension: DownloadHelper - C:\Users\BlackUser\AppData\Roaming\Mozilla\Firefox\Profiles\hd0l7f88.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-03-29]
FF Extension: FoxLingo - C:\Users\BlackUser\AppData\Roaming\Mozilla\Firefox\Profiles\hd0l7f88.default\Extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66} [2012-11-12]
FF Extension: GoogBar - C:\Users\BlackUser\AppData\Roaming\Mozilla\Firefox\Profiles\hd0l7f88.default\Extensions\29satnam@gmail.com.xpi [2013-12-13]
FF Extension: Adblock Plus Pop-up Addon - C:\Users\BlackUser\AppData\Roaming\Mozilla\Firefox\Profiles\hd0l7f88.default\Extensions\adblockpopups@jessehakanen.net.xpi [2014-04-05]
FF Extension: Video Downloader professional - C:\Users\BlackUser\AppData\Roaming\Mozilla\Firefox\Profiles\hd0l7f88.default\Extensions\ffext_basicvideoext@startpage24.xpi [2013-04-22]
FF Extension: Firebug - C:\Users\BlackUser\AppData\Roaming\Mozilla\Firefox\Profiles\hd0l7f88.default\Extensions\firebug@software.joehewitt.com.xpi [2011-12-28]
FF Extension: gui:config - C:\Users\BlackUser\AppData\Roaming\Mozilla\Firefox\Profiles\hd0l7f88.default\Extensions\guiconfig@slosd.net.xpi [2011-06-21]
FF Extension: SaveFrom.net helper - C:\Users\BlackUser\AppData\Roaming\Mozilla\Firefox\Profiles\hd0l7f88.default\Extensions\helper@savefrom.net.xpi [2013-04-09]
FF Extension: Thumbnail Zoom Plus - C:\Users\BlackUser\AppData\Roaming\Mozilla\Firefox\Profiles\hd0l7f88.default\Extensions\thumbnailZoom@dadler.github.com.xpi [2013-07-05]
FF Extension: WEB.DE MailCheck - C:\Users\BlackUser\AppData\Roaming\Mozilla\Firefox\Profiles\hd0l7f88.default\Extensions\toolbar@web.de.xpi [2012-08-18]
FF Extension: Youtube and more - Easy Video Downloader - C:\Users\BlackUser\AppData\Roaming\Mozilla\Firefox\Profiles\hd0l7f88.default\Extensions\vdpure@link64.xpi [2014-04-05]
FF Extension: QuickTime Helper Light - C:\Users\BlackUser\AppData\Roaming\Mozilla\Firefox\Profiles\hd0l7f88.default\Extensions\{2302e65c-3886-4cc4-bf4a-c3d54d660848}.xpi [2013-11-15]
FF Extension: Show MyIP - C:\Users\BlackUser\AppData\Roaming\Mozilla\Firefox\Profiles\hd0l7f88.default\Extensions\{6D1D11DB-3C6C-4db8-96E4-20F4A1088AAC}.xpi [2012-06-16]
FF Extension: NoScript - C:\Users\BlackUser\AppData\Roaming\Mozilla\Firefox\Profiles\hd0l7f88.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012-06-18]
FF Extension: ReloadEvery - C:\Users\BlackUser\AppData\Roaming\Mozilla\Firefox\Profiles\hd0l7f88.default\Extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}.xpi [2011-05-23]
FF Extension: {98afeb61-c805-4b05-b056-c069b21febd5} - C:\Users\BlackUser\AppData\Roaming\Mozilla\Firefox\Profiles\hd0l7f88.default\Extensions\{98afeb61-c805-4b05-b056-c069b21febd5}.xpi [2013-11-12]
FF Extension: Adblock Plus - C:\Users\BlackUser\AppData\Roaming\Mozilla\Firefox\Profiles\hd0l7f88.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-03-26]
FF Extension: BetterPrivacy - C:\Users\BlackUser\AppData\Roaming\Mozilla\Firefox\Profiles\hd0l7f88.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2013-01-31]
FF Extension: Tab Mix Plus - C:\Users\BlackUser\AppData\Roaming\Mozilla\Firefox\Profiles\hd0l7f88.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2011-06-22]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-04-02]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2013-11-12]

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\BlackUser\AppData\Local\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\BlackUser\AppData\Local\Google\Chrome\Application\33.0.1750.154\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\BlackUser\AppData\Local\Google\Chrome\Application\33.0.1750.154\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (Java Deployment Toolkit 6.0.310.5) - C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Extension: (YouTube) - C:\Users\BlackUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-06-03]
CHR Extension: (Adblock Plus) - C:\Users\BlackUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2012-06-03]
CHR Extension: (Google-Suche) - C:\Users\BlackUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-06-03]
CHR Extension: (DVDVideoSoft Browser Extension) - C:\Users\BlackUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp [2013-04-29]
CHR Extension: (dict-cc) - C:\Users\BlackUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\nknonnojlmhnmjhpeokdbeineeajcemh [2013-02-07]
CHR Extension: (Google Wallet) - C:\Users\BlackUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-10]
CHR Extension: (Google Mail) - C:\Users\BlackUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-06-03]
CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [2013-04-29]
CHR StartMenuInternet: Google Chrome - C:\Users\BlackUser\AppData\Local\Google\Chrome\Application\chrome.exe

========================== Services (Whitelisted) =================

R2 D-Link Wireless N DWA-140_WPS; C:\Program Files\D-Link\DWA-140 revB\ANIWConnService.exe [53248 2010-06-03] ()
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [1337752 2013-09-12] (ESET)
R2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [387616 2009-07-23] ()
S3 LBTServ; C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe [121360 2009-07-20] (Logitech, Inc.)
S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2153792 2014-04-03] (IObit)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
R2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [178720 2009-07-23] ()
S3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155320 2012-01-18] (Avanquest Software)
R2 TwonkyProxy; C:\Program Files\Twonky\TwonkyServer\twonkyproxy.exe [881480 2013-03-27] ()
R2 TwonkyServer; C:\Program Files\Twonky\TwonkyServer\twonkystarter.exe [586568 2013-03-27] (PacketVideo)

==================== Drivers (Whitelisted) ====================

R1 anodlwf; C:\Windows\System32\DRIVERS\anodlwf.sys [12800 2009-03-06] ()
S3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [121080 2012-03-27] (SlySoft, Inc.)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [188808 2013-09-17] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [134248 2013-09-17] (ESET)
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [31088 2010-12-17] (Elaborate Bytes AG)
R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [174400 2013-09-17] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [37416 2013-09-17] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [49240 2013-09-17] (ESET)
R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [37344 2013-02-05] ()
R3 LEqdUsb; C:\Windows\System32\Drivers\LEqdUsb.Sys [40720 2009-06-17] (Logitech, Inc.)
R3 LHidEqd; C:\Windows\System32\Drivers\LHidEqd.Sys [10384 2009-06-17] (Logitech, Inc.)
R3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2Mon.sys [25752 2009-10-07] ()
R1 MagicTune; C:\Windows\system32\drivers\MTiCtwl.sys [14336 2010-04-22] (Samsung Electronics, Inc. )
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-04-03] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [107736 2014-04-05] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51416 2014-04-03] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()
S3 netr28u; C:\Windows\System32\DRIVERS\Dnetr28u.sys [855392 2010-05-05] (Ralink Technology Corp.)
S3 RTL2832UBDA; C:\Windows\System32\drivers\RTL2832UBDA.sys [188160 2011-10-04] (REALTEK SEMICONDUCTOR Corp.)
S3 RTL2832UUSB; C:\Windows\System32\Drivers\RTL2832UUSB.sys [33536 2011-10-04] (REALTEK SEMICONDUCTOR Corp.)
S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [181344 2012-09-20] (DEVGURU Co., LTD.(???? | ????? ???? ?????.))
R3 WFMC_VAD; C:\Windows\System32\DRIVERS\wfmcvad.sys [19456 2010-02-08] (WiFi Media Connect)
S3 catchme; \??\C:\Users\BLACKU~1\AppData\Local\Temp\catchme.sys [X]
S3 lmimirr; system32\DRIVERS\lmimirr.sys [X]
S0 PxHelp20; system32\DRIVERS\PxHelp20.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-05 19:19 - 2014-04-05 19:19 - 00022607 _____ () C:\Users\BlackUser\Desktop\FRST.txt
2014-04-05 18:09 - 2014-04-05 19:18 - 00000000 ____D () C:\Users\BlackUser\Desktop\Viren Tool's
2014-04-05 17:04 - 2014-04-05 17:04 - 00000497 _____ () C:\Users\BlackUser\Desktop\ckfiles.txt
2014-04-05 15:35 - 2014-04-05 15:38 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-04-05 15:35 - 2014-04-03 09:51 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-05 15:24 - 2014-04-05 15:27 - 00000000 ____D () C:\AdwCleaner
2014-04-05 14:25 - 2014-04-05 14:25 - 00018156 _____ () C:\ComboFix.txt
2014-04-05 14:12 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-04-05 14:12 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-04-05 14:12 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-04-05 14:12 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-04-05 14:12 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-04-05 14:12 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-04-05 14:12 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-04-05 14:12 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-04-05 14:11 - 2014-04-05 14:26 - 00000000 ____D () C:\Qoobox
2014-04-05 14:11 - 2014-04-05 14:24 - 00000000 ____D () C:\Windows\erdnt
2014-04-05 13:16 - 2014-04-05 19:19 - 00000000 ____D () C:\FRST
2014-04-05 13:16 - 2014-04-05 13:16 - 01145856 _____ (Farbar) C:\Users\BlackUser\Desktop\FRST.exe
2014-04-05 12:48 - 2014-04-05 18:44 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2014-04-05 12:48 - 2014-04-05 12:57 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-04-05 12:46 - 2014-04-03 09:51 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-05 11:45 - 2014-04-05 11:45 - 02494677 _____ () C:\Users\BlackUser\Downloads\Mama  (Kauf-DVD).zip
2014-04-03 19:11 - 2014-04-03 19:11 - 03274467 _____ () C:\Users\BlackUser\Downloads\Conjuring (Die Heimsuchung) (1).zip
2014-04-03 19:07 - 2014-04-03 19:07 - 06992510 _____ () C:\Users\BlackUser\Downloads\Conjuring - Die Heimsuchung (1).zip
2014-04-03 12:45 - 2014-04-03 12:50 - 00000000 ____D () C:\ProgramData\IObit
2014-04-03 12:45 - 2014-04-03 12:45 - 00001210 _____ () C:\Users\BlackUser\AppData\Roaming\Microsoft\Windows\Start Menu\Uninstall Programs.lnk
2014-04-03 12:45 - 2014-04-03 12:45 - 00000000 ____D () C:\Users\BlackUser\AppData\Roaming\ProductData
2014-04-03 12:45 - 2014-04-03 12:45 - 00000000 ____D () C:\ProgramData\ProductData
2014-04-03 12:45 - 2014-04-03 12:45 - 00000000 ____D () C:\Program Files\IObit
2014-04-03 12:44 - 2014-04-03 12:44 - 12569408 _____ (IObit) C:\Users\BlackUser\Downloads\iobituninstaller.exe
2014-04-02 17:28 - 2014-04-02 17:28 - 00000000 ____D () C:\ProgramData\Xilisoft
2014-04-02 17:28 - 2014-04-02 17:28 - 00000000 ____D () C:\Program Files\Xilisoft
2014-04-02 17:09 - 2014-04-02 17:10 - 38156184 _____ () C:\Users\BlackUser\Downloads\x-video-converter-ultimate7-de-chip_v7.7.3.exe
2014-04-02 17:00 - 2014-04-02 17:00 - 03224200 _____ (WiseCleaner.com ) C:\Users\BlackUser\Downloads\WRCFree (9).exe
2014-04-02 16:40 - 2014-04-02 16:40 - 37546464 _____ () C:\Users\BlackUser\Downloads\x-video-converter-ultimate7-de (1).exe
2014-04-02 15:22 - 2014-04-02 15:22 - 02479187 _____ () C:\Users\BlackUser\Downloads\altbinz03915_Bastian (1).zip
2014-04-02 12:40 - 2014-04-02 12:41 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-04-02 12:35 - 2014-04-02 12:35 - 01609145 _____ () C:\Users\BlackUser\Downloads\wrar420d.exe
2014-03-29 17:15 - 2014-03-29 17:15 - 04787368 _____ (Piriform Ltd) C:\Users\BlackUser\Downloads\ccsetup412.exe
2014-03-25 15:06 - 2014-03-25 15:06 - 37293658 _____ () C:\Users\BlackUser\Downloads\Glasperlenspiel - Grenzenlos.zip
2014-03-14 15:31 - 2014-03-01 06:10 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-14 15:31 - 2014-03-01 05:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-14 15:31 - 2014-03-01 05:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-14 15:31 - 2014-03-01 05:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-14 15:31 - 2014-03-01 05:38 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-14 15:31 - 2014-03-01 05:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-14 15:31 - 2014-03-01 05:31 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-14 15:31 - 2014-03-01 04:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-14 15:31 - 2014-03-01 04:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-14 15:30 - 2014-03-01 06:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-14 15:30 - 2014-03-01 06:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-14 15:30 - 2014-03-01 05:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-14 15:30 - 2014-03-01 05:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-14 15:30 - 2014-03-01 05:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-14 15:30 - 2014-03-01 05:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-14 15:30 - 2014-03-01 05:25 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-14 15:30 - 2014-03-01 05:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-14 15:30 - 2014-03-01 05:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-14 15:30 - 2014-03-01 05:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-14 15:30 - 2014-03-01 05:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-14 15:30 - 2014-03-01 04:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-14 15:30 - 2014-03-01 04:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-14 15:30 - 2014-02-07 03:07 - 02349056 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-14 15:30 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-14 15:30 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-14 15:30 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-14 15:30 - 2014-01-28 04:07 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-14 15:28 - 2014-03-14 15:29 - 98566144 _____ () C:\Users\BlackUser\Downloads\msert (10).exe
2014-03-14 15:28 - 2014-03-14 15:28 - 25578720 _____ (Microsoft Corporation) C:\Users\BlackUser\Downloads\Windows-KB890830-V5.10.exe
2014-03-14 15:15 - 2014-03-14 15:16 - 00000000 _____ () C:\Users\BlackUser\Downloads\Conjuring (Die Heimsuchung).zip
2014-03-14 15:12 - 2014-03-14 15:12 - 00000000 _____ () C:\Users\BlackUser\Downloads\Conjuring - Die Heimsuchung.zip
2014-03-11 15:57 - 2014-03-11 15:58 - 04765152 _____ (Piriform Ltd) C:\Users\BlackUser\Downloads\ccsetup411.exe
2014-03-11 15:57 - 2014-03-11 15:58 - 04765152 _____ (Piriform Ltd) C:\Users\BlackUser\Downloads\ccsetup411 (1).exe
2014-03-11 14:21 - 2014-01-09 04:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll

==================== One Month Modified Files and Folders =======

2014-04-05 19:19 - 2014-04-05 19:19 - 00022607 _____ () C:\Users\BlackUser\Desktop\FRST.txt
2014-04-05 19:19 - 2014-04-05 13:16 - 00000000 ____D () C:\FRST
2014-04-05 19:18 - 2014-04-05 18:09 - 00000000 ____D () C:\Users\BlackUser\Desktop\Viren Tool's
2014-04-05 18:47 - 2013-07-17 23:18 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1ce83331da21f90.job
2014-04-05 18:46 - 2013-10-15 19:23 - 00001136 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3561012100-737277942-265128044-1001UA1cec9cb49d9d600.job
2014-04-05 18:44 - 2014-04-05 12:48 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2014-04-05 18:03 - 2013-01-15 16:17 - 00000000 ____D () C:\Users\BlackUser\AppData\Roaming\vlc
2014-04-05 17:46 - 2013-07-17 23:18 - 00001084 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3561012100-737277942-265128044-1001Core1ce833321667a90.job
2014-04-05 17:31 - 2009-07-14 06:34 - 00014640 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-05 17:31 - 2009-07-14 06:34 - 00014640 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-05 17:28 - 2011-02-18 20:56 - 01629370 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-05 17:25 - 2012-07-10 21:15 - 01565424 ____N () C:\Windows\WindowsUpdate.log
2014-04-05 17:24 - 2013-07-17 23:17 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1ce83331cd77c90.job
2014-04-05 17:24 - 2013-04-07 14:04 - 00000000 ____D () C:\ProgramData\TwonkyServer
2014-04-05 17:24 - 2013-02-21 11:07 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1ce1012e153d350.job
2014-04-05 17:24 - 2011-02-18 21:46 - 00000000 _____ () C:\Windows\system32\Drivers\lvuvc.hs
2014-04-05 17:24 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-05 17:04 - 2014-04-05 17:04 - 00000497 _____ () C:\Users\BlackUser\Desktop\ckfiles.txt
2014-04-05 16:28 - 2011-02-18 22:36 - 00000000 ____D () C:\Users\BlackUser\Documents\Linki
2014-04-05 15:57 - 2014-02-22 22:58 - 00000000 ____D () C:\Users\BlackUser\Desktop\Windows+7+Loader+v2.1.1 und Extrem Version
2014-04-05 15:38 - 2014-04-05 15:35 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-04-05 15:35 - 2012-06-18 19:29 - 00000000 ____D () C:\Users\BlackUser\AppData\Roaming\Malwarebytes
2014-04-05 15:35 - 2012-06-18 19:29 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-05 15:27 - 2014-04-05 15:24 - 00000000 ____D () C:\AdwCleaner
2014-04-05 14:26 - 2014-04-05 14:11 - 00000000 ____D () C:\Qoobox
2014-04-05 14:26 - 2009-07-14 04:37 - 00000000 __RHD () C:\Users\Default
2014-04-05 14:26 - 2009-07-14 04:37 - 00000000 ___RD () C:\Users\Public
2014-04-05 14:25 - 2014-04-05 14:25 - 00018156 _____ () C:\ComboFix.txt
2014-04-05 14:24 - 2014-04-05 14:11 - 00000000 ____D () C:\Windows\erdnt
2014-04-05 14:21 - 2009-07-14 04:04 - 00000215 _____ () C:\Windows\system.ini
2014-04-05 13:16 - 2014-04-05 13:16 - 01145856 _____ (Farbar) C:\Users\BlackUser\Desktop\FRST.exe
2014-04-05 12:57 - 2014-04-05 12:48 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-04-05 11:45 - 2014-04-05 11:45 - 02494677 _____ () C:\Users\BlackUser\Downloads\Mama  (Kauf-DVD).zip
2014-04-03 19:11 - 2014-04-03 19:11 - 03274467 _____ () C:\Users\BlackUser\Downloads\Conjuring (Die Heimsuchung) (1).zip
2014-04-03 19:07 - 2014-04-03 19:07 - 06992510 _____ () C:\Users\BlackUser\Downloads\Conjuring - Die Heimsuchung (1).zip
2014-04-03 12:50 - 2014-04-03 12:45 - 00000000 ____D () C:\ProgramData\IObit
2014-04-03 12:45 - 2014-04-03 12:45 - 00001210 _____ () C:\Users\BlackUser\AppData\Roaming\Microsoft\Windows\Start Menu\Uninstall Programs.lnk
2014-04-03 12:45 - 2014-04-03 12:45 - 00000000 ____D () C:\Users\BlackUser\AppData\Roaming\ProductData
2014-04-03 12:45 - 2014-04-03 12:45 - 00000000 ____D () C:\ProgramData\ProductData
2014-04-03 12:45 - 2014-04-03 12:45 - 00000000 ____D () C:\Program Files\IObit
2014-04-03 12:44 - 2014-04-03 12:44 - 12569408 _____ (IObit) C:\Users\BlackUser\Downloads\iobituninstaller.exe
2014-04-03 10:58 - 2012-04-30 18:21 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-04-03 09:51 - 2014-04-05 15:35 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:51 - 2014-04-05 12:46 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:50 - 2012-06-18 19:29 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-02 18:24 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-04-02 17:28 - 2014-04-02 17:28 - 00000000 ____D () C:\ProgramData\Xilisoft
2014-04-02 17:28 - 2014-04-02 17:28 - 00000000 ____D () C:\Program Files\Xilisoft
2014-04-02 17:10 - 2014-04-02 17:09 - 38156184 _____ () C:\Users\BlackUser\Downloads\x-video-converter-ultimate7-de-chip_v7.7.3.exe
2014-04-02 17:06 - 2009-07-14 04:03 - 53215232 _____ () C:\Windows\system32\config\software.bak
2014-04-02 17:06 - 2009-07-14 04:03 - 00262144 _____ () C:\Windows\system32\config\default.bak
2014-04-02 17:06 - 2009-07-14 04:03 - 00098304 _____ () C:\Windows\system32\config\sam.bak
2014-04-02 17:06 - 2009-07-14 04:03 - 00024576 _____ () C:\Windows\system32\config\security.bak
2014-04-02 17:00 - 2014-04-02 17:00 - 03224200 _____ (WiseCleaner.com ) C:\Users\BlackUser\Downloads\WRCFree (9).exe
2014-04-02 16:40 - 2014-04-02 16:40 - 37546464 _____ () C:\Users\BlackUser\Downloads\x-video-converter-ultimate7-de (1).exe
2014-04-02 15:22 - 2014-04-02 15:22 - 02479187 _____ () C:\Users\BlackUser\Downloads\altbinz03915_Bastian (1).zip
2014-04-02 12:41 - 2014-04-02 12:40 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-04-02 12:35 - 2014-04-02 12:35 - 01609145 _____ () C:\Users\BlackUser\Downloads\wrar420d.exe
2014-03-29 17:15 - 2014-03-29 17:15 - 04787368 _____ (Piriform Ltd) C:\Users\BlackUser\Downloads\ccsetup412.exe
2014-03-29 17:15 - 2011-02-19 00:01 - 00000000 ____D () C:\Program Files\CCleaner
2014-03-29 17:13 - 2012-04-11 18:22 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-03-29 17:13 - 2011-05-15 10:43 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-03-25 15:06 - 2014-03-25 15:06 - 37293658 _____ () C:\Users\BlackUser\Downloads\Glasperlenspiel - Grenzenlos.zip
2014-03-14 15:38 - 2009-07-14 06:33 - 03714712 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-14 15:37 - 2012-07-10 20:36 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-14 15:29 - 2014-03-14 15:28 - 98566144 _____ () C:\Users\BlackUser\Downloads\msert (10).exe
2014-03-14 15:28 - 2014-03-14 15:28 - 25578720 _____ (Microsoft Corporation) C:\Users\BlackUser\Downloads\Windows-KB890830-V5.10.exe
2014-03-14 15:16 - 2014-03-14 15:15 - 00000000 _____ () C:\Users\BlackUser\Downloads\Conjuring (Die Heimsuchung).zip
2014-03-14 15:12 - 2014-03-14 15:12 - 00000000 _____ () C:\Users\BlackUser\Downloads\Conjuring - Die Heimsuchung.zip
2014-03-11 15:58 - 2014-03-11 15:57 - 04765152 _____ (Piriform Ltd) C:\Users\BlackUser\Downloads\ccsetup411.exe
2014-03-11 15:58 - 2014-03-11 15:57 - 04765152 _____ (Piriform Ltd) C:\Users\BlackUser\Downloads\ccsetup411 (1).exe
2014-03-11 14:21 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE

Some content of TEMP:
====================
C:\Users\BlackUser\AppData\Local\temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-02 14:54

==================== End Of Log ============================
--- --- ---

--- --- ---

M-K-D-B 05.04.2014 18:32
Servus,



Wir entfernen die letzten Reste und kontrollieren nochmal alles. ESET kann länger (> 2 h) dauern.
Im Anschluss daran räumen wir auf und ich gebe dir noch ein paar Tipps mit auf den Weg.



Schritt 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument


Code:
start
GroupPolicyUsers\S-1-5-21-3561012100-737277942-265128044-1003\User: Group Policy restriction detected <======= ATTENTION
end

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.






Schritt 2
Downloade dir die passende Version von HitmanPro auf deinen Desktop: HitmanPro - 32 Bit | HitmanPro - 64 Bit.
  • Starte die HitmanPro.exe
  • Klicke auf
  • Entferne den Haken bei
  • Klicke auf
    und
  • Akzeptiere die Lizenzbedingungen und klicke auf
  • Klicke auf

    und auf
  • Wenn der Scan beendet wurde, nichts löschen lassen etc. sondern wähle unten links auf der Button-Leiste
    und speichere die Logdatei auf Deinem Desktop.
  • Schließe HitmanPro und poste mir das Log.

 






Schritt 3

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset






Schritt 4
Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.






Bitte poste mit deiner nächsten Antwort
  • die Logdatei von FRST,
  • die Logdatei von HitmanPro,
  • die Logdatei von ESET,
  • die Logdatei von SecurityCheck.


Alle Zeitangaben in WEZ +1. Es ist jetzt 15:22 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131