Trojaner-Board
Seite 1 von 3 1 23
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   PC fast ganz gesperrt - schwarzer Desktop - Programme, Links + Co weg (https://www.trojaner-board.de/137454-pc-fast-ganz-gesperrt-schwarzer-desktop-programme-links-co-weg.html)

Panthera7 30.06.2013 14:17
PC fast ganz gesperrt - schwarzer Desktop - Programme, Links + Co weg
 
Ein herzliches Hallo an die Profis... :)

Kommen wir doch gleich auch den Punkt...
Obwohl ich mich durchaus ganz gut mit Computern, Windows, usw. auskenne (euch kann aber mit Sicherheit nicht das Wasser reichen) habe ich gerade ein derartiges Problem mit meinem PC das ich mir z.Zt. leider doch nicht mehr selbst helfen kann. :(

Dieses Problem sieht folgendermaßen aus...
Ich habe vor einiger Zeit einen größeren Stapel Mediadateien aus dem Netz heruntergeladen und war gerade dabei diese Dateien nun auf eine andere HDD zu verschieben/kopieren. (in bulk)
Dabei hat sich möglicherweise eine infizierte Datei oder evtl. sogar eine Schadprogramm (exe) in dem Stapel versteckt und wurde dabei "aktiviert". Mein Antivir Premium gab eine entsprechende Warnung ('TR/Crypt.ZPACK.Gen8' [trojan]) und verschob die Datei in die Quarantäne. Kurz darauf hat mein System angefangen "herumzuspinnen". Leider kann ich nicht mehr genau sagen was es gemacht hat, aber es waren ein paar Kleinigkeiten die ich mit einem Neustart "reparieren" wollte. Dies hat jedoch nicht so funktioniert wie ich es erwartet hatte... :( ...und nun bin ich hier (nachdem ich selbst versucht habe zu recherchieren was da passiert ist und hier ein paar ähnliche Beiträge gefunden habe).

Der aktuelle Stand ist nun, daß nahezu alle Programme auf meinem System "weg" (verschwunden) sind (aber noch in der Liste der installierten Programme sind), die dazugehörigen Links (im Startmenü + am Desktop) und ein ganze reihe anderer Links (inkl. Schnellstartleiste, usw.) weg sind, der Desktop-Hintergrund schwarz ist und mein Windows 7 Ultimate auf einmal meint es wäre keine Originalsoftware mehr...
Was immer dieses Problem verursacht hat, kann es sein daß hier (u.a.) massiv in die Registry eingegriffen wurde?
(+ von meinen Webbrowsern funktioniert nur noch der IE (einigermaßen, hat aber mit vielen Webseiten, inkl. eurer, Darstellungsprobleme), FF + Chrome gehen gar nicht)

(Wobei ich hier erwähnen muß, daß mir hier möglicherweise eine nicht ganz 100% legitime Ultimate Version verkauft wurde... vielleicht... Allerdings hat sie vorher noch nie Probleme in dieser Richtung gemacht und hat auch in allen Bereichen einwandfrei funktioniert.
Ich kann daher allerdings nicht mit Sicherheit sagen ob oder wie diese Fehler miteinander zu tun haben... :(
Kann es sein das mein System von MS dermaßen blockiert wird, weil irgendein Server plötzlich sagt, daß meine Lizenz nicht ok ist? Das wäre doch ziemlich drastisch... Andererseits kann ich mir auch wieder nicht vorstellen das es sich hier um 2 unterschiedliche Probleme handelt die zufälligerweise gleichzeitig aufgetreten sind... das wäre doch sehr unwahrscheinlich.
Also sollte es hier doch wohl irgendeine Verbindung geben, oder wird diese Situation von nur einem dieser Probleme verursacht? ...Falls ja, von welchem?)


Wie auch immer der "rechtliche" Status meines OS nun aussieht... Ich habe mir sicherheitshalber bereits eine neue DVD (mit Sicherheit legal!) bestellt und möchte nun noch so viel wie irgenwie möglich von meinem System wiederherstellen und vor der Neuinstallation sichern. (Meine restlichen Dateien sind soweit ich gesehen habe glaub ich noch da, aber ich will vorher noch versch. Einstellungen und in den Programmen gespeicherte (Benutzer-)Daten, usw. retten.)

Die gewünschten Standard-Logs sind klarerweise angehängt... Ich hoffe jemand von euch Profis hat eine Idee wie ich dieses Problem so gut wie möglich lösen kann. Wenn ihr noch weitere Fragen habt werde ich sie natürlich so gut ich kann beantworten.
Ich danke euch schon vorab herzlich für eure Bemühungen... :)

Notiz: Außer einem erfolglosen Versuch mit "unhide.exe" habe ich bisher noch keine eigenen (aktiven) Schritte zur Lösung unternommen.

schrauber 30.06.2013 14:32
Hi,

Systemscan mit FRST
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Start > Computer (Rechtsklick) > Eigenschaften)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Scan.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Panthera7 30.06.2013 14:51
Hallo :)

Herzlichen Dank für die schnelle Reaktion... :)

Hier sind die gewünschten Logs:

FRST Logfile:


FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-06-2013 01
Ran by Janus (administrator) on 30-06-2013 15:43:34
Running from D:\Janus\Desktop
Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\system32\AUDIODG.EXE
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe
() C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
(FileZilla Project) C:\xampp\FileZillaFTP\FileZillaServer.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
() C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
(Microsoft Corporation) C:\Windows\System32\alg.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [12445288 2012-01-16] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4  [1156712 2011-11-15] (Realtek Semiconductor)
HKLM\...\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices [x]
HKCU\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [x]
HKCU\...\Run: [SoftAuto.exe] "C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe" [405504 2008-08-13] (Creative Technology Ltd)
HKCU\...\Run: [09A805B4B4084C6D2883140717841177DEF7C9D3._service_run] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=service [825808 2013-06-15] (Google Inc.)
HKCU\...\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"  /MINIMIZED [1045072 2013-05-29] (BitTorrent Inc.)
HKCU\...\Run: [Google Update] "C:\Users\Janus.Magnus\AppData\Local\Google\Update\GoogleUpdate.exe" /c [x]
MountPoints2: H - H:\setup_vmb_lite.exe /checkApplicationPresence
MountPoints2: {10193f48-a0af-11e1-91f9-50e549e7b467} - H:\.\Autorun.exe AUTORUN=1
MountPoints2: {10193f58-a0af-11e1-91f9-50e549e7b467} - H:\.\Autorun.exe AUTORUN=1
MountPoints2: {2745813f-a55f-11e1-8571-50e549e7b467} - H:\.\Autorun.exe AUTORUN=1
MountPoints2: {432915e9-baad-11e1-b727-50e549e7b467} - H:\.\Autorun.exe AUTORUN=1
MountPoints2: {490f12cd-824e-11e2-a40c-001e101f2b52} - L:\Startme.exe
MountPoints2: {4aaad533-8ed7-11e1-8af7-806e6f6e6963} - G:\Run.exe
MountPoints2: {5220ed26-c548-11e1-bd4e-50e549e7b467} - H:\setup_vmb_lite.exe /checkApplicationPresence
MountPoints2: {5220edbf-c548-11e1-bd4e-50e549e7b467} - I:\setup_vmb_lite.exe /checkApplicationPresence
MountPoints2: {73c73bbf-0ebe-11e2-b1e4-50e549e7b467} - I:\setup_vmb_lite.exe /checkApplicationPresence
HKLM-x32\...\Run: [Dolby Home Theater v4] "C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe" -autostart [506712 2011-06-01] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [x]
HKLM-x32\...\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [345144 2013-06-25] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [BambooCore] C:\Program Files (x86)\Bamboo Dock\BambooCore.exe [646744 2012-10-16] ()
HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2009-11-18] (Hewlett-Packard)
HKLM-x32\...\Run: []  [x]
HKLM-x32\...\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume [x]
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [x]
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [x]
HKU\Admin\...\Run: [PrivatVPN] C:\Program Files (x86)\PrivatVPN\PrivatVPN.exe [x]
AppInit_DLLs: C:\Windows\system32\nvinitx.dll [1475584 2010-11-20] ()
AppInit_DLLs-x32: c:\progra~3\browse~1\261095~1.52\{c16c1~1\browse~1.dll,C:\Windows\SysWOW64\nvinit.dll [1475584 2010-11-20] ()
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://startpage.com/deu/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp
HKCU SearchScopes: DefaultScope {F724C14F-F0A9-4C6C-AAE0-08C6F2DC5EA5} URL = https://startpage.com/do/search?query={searchTerms}&cat=web&pl=ie&language=deutsch
SearchScopes: HKCU - {16FFE4DA-54CA-498B-AB19-A708675A4044} URL = https://duckduckgo.com/?q={searchTerms}
SearchScopes: HKCU - {44E18901-B77A-4FD4-9CF9-4873517C831F} URL = https://startpage.com/do/metasearch.pl?query={searchTerms}&cat=web&pl=ie&language=english
SearchScopes: HKCU - {F724C14F-F0A9-4C6C-AAE0-08C6F2DC5EA5} URL = https://startpage.com/do/search?query={searchTerms}&cat=web&pl=ie&language=deutsch
BHO: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll No File
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll No File
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~4\Office14\URLREDIR.DLL No File
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll No File
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll No File
BHO-x32: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
BHO-x32: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll No File
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll No File
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll No File
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL No File
BHO-x32: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll No File
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll No File
Toolbar: HKLM-x32 - @C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll No File
DPF: HKLM-x32 {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} hxxp://download.gigabyte.com.tw/object/Dldrv.ocx
Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL No File
Tcpip\..\Interfaces\{A6232BBA-B895-48DA-ABD2-E2B7C93F8ABF}: [NameServer]213.94.78.17 213.94.78.16
Tcpip\..\Interfaces\{E9ED39F1-AE6A-4ADB-8B49-DCE1DCB71DAB}: [NameServer]213.94.78.17 213.94.78.16

FireFox:
========
FF ProfilePath: C:\Users\Janus.Magnus\AppData\Roaming\Mozilla\Firefox\Profiles\2k78lphr.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @java.com/DTPlugin,version=10.11.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.11.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll No File
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL No File
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.2 - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll No File
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll No File
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll No File
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll No File
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No File
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
FF Plugin-x32: @Microsoft.com/NpWinExt,version=5.0 - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL No File
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File
FF Plugin-x32: @wacom.com/wacom-plugin,version=1.1.0.10 - C:\Program Files (x86)\TabletPlugins\npwacom.dll No File
FF Plugin-x32: @wacom.com/wtPlugin,version=2.0.0.1 - C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll No File
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.2 - C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll No File
FF HKLM-x32\...\Firefox\Extensions: [msntoolbar@msn.com] C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\Firefox
FF Extension: No Name - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\Firefox
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: No Name - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKLM-x32\...\Firefox\Extensions: [{27182e60-b5f3-411c-b545-b44205977502}] C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\
FF Extension: No Name - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: No Name - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome:
=======
CHR HomePage: hxxp://www.google.at/ig
CHR DefaultSearchURL: (DuckDuckGo) - https://duckduckgo.com/?q={searchTerms}
CHR DefaultSuggestURL: (DuckDuckGo) -      "suggest_url": "",
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\pdf.dll ()
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL No File
CHR Plugin: (Foxit Reader Plugin for Mozilla) - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll No File
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U17) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No File
CHR Plugin: (Bing Bar) - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll No File
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll No File
CHR Plugin: (WacomTabletPlugin) - C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll No File
CHR Plugin: ( Wacom Dynamic Link Library) - C:\Program Files (x86)\TabletPlugins\npwacom.dll No File
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.170.2) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Extension: () - C:\Users\Janus.Magnus\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\1.2.4_0
CHR Extension: () - C:\Users\Janus.Magnus\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahggffalhoajbhlaogbplamaaghnncle\3_0
CHR Extension: () - C:\Users\Janus.Magnus\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla\1.0.25_0
CHR Extension: () - C:\Users\Janus.Magnus\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: () - C:\Users\Janus.Magnus\AppData\Local\Google\Chrome\User Data\Default\Extensions\apboafhkiegglekeafbckfjldecefkhn\16_0
CHR Extension: () - C:\Users\Janus.Magnus\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: () - C:\Users\Janus.Magnus\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: () - C:\Users\Janus.Magnus\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbdjiinahkdjdcdlgfimlcolkjpbooja\2.6.15_0
CHR Extension: () - C:\Users\Janus.Magnus\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.4.1_0
CHR Extension: () - C:\Users\Janus.Magnus\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: () - C:\Users\Janus.Magnus\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgjmngbfeoahignmbagincnmpgodpfjm\2013.4.13.52243_0
CHR Extension: () - C:\Users\Janus.Magnus\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhmlplceigplahbkhifeaeinaeppccef\1.3.1_0
CHR Extension: () - C:\Users\Janus.Magnus\AppData\Local\Google\Chrome\User Data\Default\Extensions\djjkppdfofjnpcbnkkangbhanjdnoocd\2.81_0
CHR Extension: () - C:\Users\Janus.Magnus\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlppkpafhbajpcmmoheippocdidnckmm\1.2.0.418_0
CHR Extension: () - C:\Users\Janus.Magnus\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.3_0
CHR Extension: () - C:\Users\Janus.Magnus\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfnjfpcmnoabmbhponbioedjceaddaa\0.6.0.6_0
CHR Extension: () - C:\Users\Janus.Magnus\AppData\Local\Google\Chrome\User Data\Default\Extensions\fepbnnnkkadjhjahcafoaglimekefifl\0.9.1_0
CHR Extension: () - C:\Users\Janus.Magnus\AppData\Local\Google\Chrome\User Data\Default\Extensions\ickaeddjnhfofihhibhnjemlphjmnchl\1.0.4_0
CHR Extension: () - C:\Users\Janus.Magnus\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfppgkomfopklagggkjiaddgndkgopgl\1.1.7_0
CHR Extension: () - C:\Users\Janus.Magnus\AppData\Local\Google\Chrome\User Data\Default\Extensions\kajibbejlbohfaggdiogboambcijhkke\0.6.3_0
CHR Extension: () - C:\Users\Janus.Magnus\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljjokggmkajmbofnianfkfnnllmgfpge\2013.4.10.27705_0
CHR Extension: () - C:\Users\Janus.Magnus\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh\5.2.7_0
CHR Extension: () - C:\Users\Janus.Magnus\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdanidgdpmkimeiiojknlnekblgmpdll\1.2_0
CHR Extension: () - C:\Users\Janus.Magnus\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd\2013.612.433.5_0
CHR Extension: () - C:\Users\Janus.Magnus\AppData\Local\Google\Chrome\User Data\Default\Extensions\onlgmecjpnejhfeofkgbfgnmdlipdejb\6.2.2_0
CHR Extension: () - C:\Users\Janus.Magnus\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

==================== Services (Whitelisted) =================

R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe [371768 2013-06-25] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-06-25] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-06-25] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [589368 2013-06-25] (Avira Operations GmbH & Co. KG)
R2 CTDevice_Srv; C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe [61440 2007-04-02] (Creative Technology Ltd)
R2 DirMngr; C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [221696 2012-05-02] ()
R2 FileZilla Server; C:\xampp\FileZillaFTP\FileZillaServer.exe [630272 2011-06-07] (FileZilla Project)
S3 sppuinotify; C:\Windows\system32\sppuinotify.dll [0 2013-06-29] ()
R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [619904 2012-11-14] (Wacom Technology, Corp.)
S3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [x]
S3 aspnet_state; %SystemRoot%\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [x]
S2 clr_optimization_v4.0.30319_32; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [x]
S2 clr_optimization_v4.0.30319_64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
S3 cphs; %SystemRoot%\SysWow64\IntelCpHeciSvc.exe [x]
S3 CTUPnPSv; C:\Program Files (x86)\Creative\Creative Centrale\CTUPnPSv.exe [x]
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [x]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [x]
S3 gusvc; "C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe" [x]
S3 MozillaMaintenance; "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe" [x]
S4 NetMsmqActivator; "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe" -NetMsmqActivator [x]
S4 NetPipeActivator; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [x]
S4 NetTcpActivator; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [x]
S4 NetTcpPortSharing; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [x]
S3 ose64; "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE" [x]
S2 SkypeUpdate; "C:\Program Files (x86)\Skype\Updater\Updater.exe" [x]
S3 Sony PC Companion; "C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe" [x]

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-03-25] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-03-25] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-03-25] (Avira Operations GmbH & Co. KG)
R3 avmaura; C:\Windows\System32\DRIVERS\avmaura.sys [116480 2013-02-22] (AVM Berlin)
R1 cbfs3; C:\Windows\system32\drivers\cbfs3.sys [352144 2012-04-09] (EldoS Corporation)
R3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [415232 2011-10-18] (Huawei Technologies Co., Ltd.)
R3 RTL8023x64; C:\Windows\System32\DRIVERS\Rtnic64.sys [51712 2009-06-10] (Realtek Semiconductor Corporation                          )
S3 zte_cdc_acm; C:\Windows\System32\DRIVERS\zte_cdc_acm.sys [78336 2012-05-24] (ZTE)
S3 zte_cdc_ecm; C:\Windows\System32\DRIVERS\zte_cdc_ecm.sys [52224 2012-05-24] (ZTE)
S3 zte_cpo; C:\Windows\System32\DRIVERS\zte_cpo.sys [14336 2012-05-24] (ZTE)
S3 zte_ecm_enum; C:\Windows\System32\DRIVERS\zte_ecm_enum.sys [53248 2012-05-24] (ZTE)
S3 zte_ecm_enum_filter; C:\Windows\System32\DRIVERS\zte_ecm_enum_filter.sys [53248 2012-05-24] (ZTE)
S3 gdrv; \??\C:\Windows\gdrv.sys [x]
S4 NVHDA; system32\drivers\nvhda64v.sys [x]
S4 nvlddmkm; system32\DRIVERS\nvlddmkm.sys [x]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]
S3 wacommousefilter; system32\DRIVERS\wacommousefilter.sys [x]
S3 wacomvhid; system32\DRIVERS\wacomvhid.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-06-30 15:43 - 2013-06-30 15:43 - 00000000 ___DC C:\FRST
2013-06-30 15:42 - 2013-06-30 15:42 - 00000022 ___AC C:\Windows\S.dirmngr
2013-06-30 11:56 - 2013-06-30 11:56 - 801329998 ____A C:\Windows\MEMORY.DMP
2013-06-30 11:56 - 2013-06-30 11:56 - 00279472 ___AC C:\Windows\Minidump\063013-13868-01.dmp
2013-06-30 10:50 - 2013-06-30 10:50 - 00000000 ___AC C:\Users\Janus.Magnus\defogger_reenable
2013-06-30 09:54 - 2013-06-30 10:14 - 00003360 ___AC C:\Users\Janus.Magnus\Desktop\unhide.txt
2013-06-29 16:35 - 2013-06-29 16:35 - 00000174 __SHC C:\Users\Public\desktop.ini
2013-06-29 16:09 - 2013-06-29 16:09 - 00026768 ___AC C:\Users\Janus.Magnus\AppData\Local\GDIPFONTCACHEV1.DAT
2013-06-29 13:01 - 2013-06-30 15:42 - 00004268 ___AC C:\Users\Janus.Magnus\.pia_manager_crash.log
2013-06-29 13:01 - 2013-06-30 15:42 - 00001176 ___AC C:\Windows\setupact.log
2013-06-29 13:01 - 2013-06-30 15:42 - 00000006 __AHC C:\Windows\Tasks\SA.DAT
2013-06-29 13:01 - 2013-06-29 13:01 - 00000020 __SHC C:\Users\Janus.Magnus\ntuser.ini
2013-06-29 13:01 - 2013-06-29 13:01 - 00000000 ___AC C:\Windows\setuperr.log
2013-06-29 13:01 - 2013-06-29 13:01 - 00000000 ___AC C:\Windows\ativpsrm.bin
2013-06-10 18:19 - 2013-06-10 18:19 - 00000000 ___DC C:\ProgramData\ABBYY
2013-06-10 18:16 - 2013-06-10 18:26 - 00000000 ___DC C:\Program Files (x86)\MagicScan
2013-06-03 22:22 - 2013-06-29 11:41 - 00000000 ___DC C:\Program Files (x86)\QuickTime
2013-06-03 22:22 - 2013-06-03 22:22 - 00000000 ___DC C:\ProgramData\Apple Computer
2013-05-31 08:21 - 2013-06-29 11:41 - 00000000 ___DC C:\Program Files (x86)\TVRename

==================== One Month Modified Files and Folders =======

2013-06-30 15:43 - 2013-06-30 15:43 - 00000000 ___DC C:\FRST
2013-06-30 15:42 - 2013-06-30 15:42 - 00000022 ___AC C:\Windows\S.dirmngr
2013-06-30 15:42 - 2013-06-29 13:01 - 00004268 ___AC C:\Users\Janus.Magnus\.pia_manager_crash.log
2013-06-30 15:42 - 2013-06-29 13:01 - 00001176 ___AC C:\Windows\setupact.log
2013-06-30 15:42 - 2013-06-29 13:01 - 00000006 __AHC C:\Windows\Tasks\SA.DAT
2013-06-30 15:42 - 2013-04-21 11:21 - 00000497 ___AC C:\Windows\System32\Drivers\etc\hosts.ics
2013-06-30 15:42 - 2012-04-26 21:43 - 00000000 ___DC C:\Users\Janus.Magnus\AppData\Roaming\uTorrent
2013-06-30 15:32 - 2012-04-25 14:51 - 00078497 ___AC C:\Windows\WindowsUpdate.log
2013-06-30 15:32 - 2009-07-14 06:45 - 00025024 __AHC C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-30 15:32 - 2009-07-14 06:45 - 00025024 __AHC C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-30 14:07 - 2009-07-14 19:58 - 00696620 ___AC C:\Windows\System32\perfh007.dat
2013-06-30 14:07 - 2009-07-14 19:58 - 00147916 ___AC C:\Windows\System32\perfc007.dat
2013-06-30 14:07 - 2009-07-14 07:13 - 01612484 ___AC C:\Windows\System32\PerfStringBackup.INI
2013-06-30 11:56 - 2013-06-30 11:56 - 801329998 ____A C:\Windows\MEMORY.DMP
2013-06-30 11:56 - 2013-06-30 11:56 - 00279472 ___AC C:\Windows\Minidump\063013-13868-01.dmp
2013-06-30 11:56 - 2012-07-03 10:43 - 00000000 ___DC C:\Windows\Minidump
2013-06-30 10:50 - 2013-06-30 10:50 - 00000000 ___AC C:\Users\Janus.Magnus\defogger_reenable
2013-06-30 10:50 - 2012-04-26 13:27 - 00000000 ___DC C:\users\Janus.Magnus
2013-06-30 10:14 - 2013-06-30 09:54 - 00003360 ___AC C:\Users\Janus.Magnus\Desktop\unhide.txt
2013-06-29 16:35 - 2013-06-29 16:35 - 00000174 __SHC C:\Users\Public\desktop.ini
2013-06-29 16:35 - 2009-07-14 05:20 - 00000000 __RDC C:\Users\Public\Libraries
2013-06-29 16:09 - 2013-06-29 16:09 - 00026768 ___AC C:\Users\Janus.Magnus\AppData\Local\GDIPFONTCACHEV1.DAT
2013-06-29 13:01 - 2013-06-29 13:01 - 00000020 __SHC C:\Users\Janus.Magnus\ntuser.ini
2013-06-29 13:01 - 2013-06-29 13:01 - 00000000 ___AC C:\Windows\setuperr.log
2013-06-29 13:01 - 2013-06-29 13:01 - 00000000 ___AC C:\Windows\ativpsrm.bin
2013-06-29 13:01 - 2012-12-26 13:16 - 00000000 ___DC C:\Users\Janus.Magnus\AppData\Roaming\Wacom
2013-06-29 13:01 - 2012-12-26 13:14 - 00000000 ___DC C:\Users\Janus.Magnus\AppData\Roaming\WTablet
2013-06-29 13:00 - 2012-04-26 21:58 - 00000000 ___DC C:\Program Files (x86)\Trillian
2013-06-29 11:47 - 2012-05-26 14:18 - 00000000 ___DC C:\xampp
2013-06-29 11:47 - 2012-04-27 09:54 - 00000000 ____A C:\Windows\System32\user32.dll.bak
2013-06-29 11:47 - 2012-04-27 09:54 - 00000000 ____A C:\Windows\System32\systemcpl.dll.bak
2013-06-29 11:47 - 2012-04-27 09:54 - 00000000 ____A C:\Windows\System32\slwga.dll.bak
2013-06-29 11:47 - 2012-04-27 09:54 - 00000000 ____A C:\Windows\System32\slui.exe
2013-06-29 11:47 - 2009-07-14 01:52 - 00000000 ____A C:\Windows\System32\sppuinotify.dll
2013-06-29 11:46 - 2012-04-25 15:46 - 00000000 ___DC C:\Windows\Panther
2013-06-29 11:46 - 2012-04-25 15:13 - 00000000 ___DC C:\Windows\SysWOW64\RTCOM
2013-06-29 11:46 - 2009-07-14 20:18 - 00000000 ___DC C:\Windows\ShellNew
2013-06-29 11:46 - 2009-07-14 07:32 - 00000000 ___DC C:\Windows\Offline Web Pages
2013-06-29 11:46 - 2009-07-14 05:20 - 00000000 _RSDC C:\Windows\Media
2013-06-29 11:46 - 2009-07-14 05:20 - 00000000 ___DC C:\Windows\TAPI
2013-06-29 11:46 - 2009-07-14 05:20 - 00000000 ___DC C:\Windows\SysWOW64\Recovery
2013-06-29 11:46 - 2009-07-14 05:20 - 00000000 ___DC C:\Windows\Registration
2013-06-29 11:45 - 2012-04-28 09:33 - 00000000 ___DC C:\Users\Janus.Magnus\AppData\Roaming\Wuala
2013-06-29 11:45 - 2012-04-27 00:25 - 00000000 ___DC C:\Windows\GBD
2013-06-29 11:45 - 2012-04-27 00:11 - 00000000 ___DC C:\Users\Janus.Magnus\AppData\Roaming\TrueCrypt
2013-06-29 11:45 - 2012-04-26 21:53 - 00000000 ___DC C:\Users\Janus.Magnus\AppData\Roaming\vlc
2013-06-29 11:45 - 2009-07-14 20:18 - 00000000 __RDC C:\Users\Public\Recorded TV
2013-06-29 11:44 - 2013-04-11 15:54 - 00000000 ___DC C:\Users\Janus.Magnus\AppData\Roaming\poclbm
2013-06-29 11:44 - 2013-01-06 18:59 - 00000000 ___DC C:\Users\Janus.Magnus\AppData\Roaming\Stereoscopic Player
2013-06-29 11:44 - 2012-12-04 17:53 - 00000000 ___DC C:\Users\Janus.Magnus\AppData\Roaming\Skype
2013-06-29 11:44 - 2012-11-21 13:41 - 00000000 ___DC C:\Users\Janus.Magnus\AppData\Roaming\ProgSense
2013-06-29 11:44 - 2012-11-21 13:39 - 00000000 ___DC C:\Users\Janus.Magnus\AppData\Roaming\Orbit
2013-06-29 11:44 - 2012-08-08 13:47 - 00000000 ___DC C:\Users\Janus.Magnus\AppData\Roaming\MyPhoneExplorer
2013-06-29 11:44 - 2012-04-26 13:33 - 00000000 ___DC C:\Users\Janus.Magnus\AppData\Roaming\TeraCopy
2013-06-29 11:44 - 2011-08-04 11:19 - 00000000 ___DC C:\Users\Janus.Magnus\AppData\Roaming\Thunderbird
2013-06-29 11:43 - 2013-05-03 07:46 - 00000000 ___DC C:\Users\Janus.Magnus\AppData\Roaming\FreeCAD
2013-06-29 11:43 - 2013-03-29 10:16 - 00000000 ___DC C:\Users\Janus.Magnus\AppData\Roaming\gnupg
2013-06-29 11:43 - 2013-02-22 10:24 - 00000000 ___DC C:\Users\Janus.Magnus\AppData\Roaming\HpUpdate
2013-06-29 11:43 - 2013-02-13 15:44 - 00000000 ___DC C:\Users\Janus.Magnus\AppData\Roaming\Babylon
2013-06-29 11:43 - 2012-11-16 16:48 - 00000000 ___DC C:\Users\Janus.Magnus\AppData\Roaming\EAC
2013-06-29 11:43 - 2012-11-16 16:48 - 00000000 ___DC C:\Users\Janus.Magnus\AppData\Roaming\AccurateRip
2013-06-29 11:43 - 2012-09-23 13:21 - 00000000 ___DC C:\Users\Janus.Magnus\AppData\Roaming\HD Tune Pro
2013-06-29 11:43 - 2012-05-27 15:07 - 00000000 ___DC C:\Users\Janus.Magnus\AppData\Roaming\FileZilla
2013-06-29 11:43 - 2012-05-07 21:53 - 00000000 ___DC C:\Users\Janus.Magnus\AppData\Roaming\dvdcss
2013-06-29 11:43 - 2012-04-28 09:02 - 00000000 ___DC C:\Users\Janus.Magnus\AppData\Roaming\MediaMonkey
2013-06-29 11:43 - 2012-04-28 08:49 - 00000000 ___DC C:\Users\Janus.Magnus\AppData\Roaming\Dropbox
2013-06-29 11:43 - 2012-04-26 23:43 - 00000000 ___DC C:\Users\Janus.Magnus\AppData\Roaming\GonVisor
2013-06-29 11:43 - 2012-04-14 00:04 - 00000000 ___DC C:\Users\Janus.Magnus\AppData\Roaming\calibre
2013-06-29 11:42 - 2013-03-12 17:27 - 00000000 ___DC C:\Users\Janus.Magnus\.android
2013-06-29 11:42 - 2012-10-18 23:22 - 00000000 ___DC C:\Users\Janus.Magnus\AppData\Local\SniperV2
2013-06-29 11:42 - 2012-07-04 13:37 - 00000000 ___DC C:\Users\Janus.Magnus\AppData\Local\{B4669539-5DA2-4696-8A6F-DD19DF7CFB58}
2013-06-29 11:42 - 2012-05-19 11:19 - 00000000 ___DC C:\Users\Janus.Magnus\AppData\Local\sabnzbd
2013-06-29 11:42 - 2012-04-28 09:33 - 00000000 ___DC C:\Users\Janus.Magnus\AppData\Local\Wuala
2013-06-29 11:42 - 2012-04-26 23:39 - 00000000 ___DC C:\Users\Janus.Magnus\AppData\Local\GHISLER
2013-06-29 11:42 - 2009-07-14 05:20 - 00000000 __RDC C:\users\Default
2013-06-29 11:41 - 2013-06-03 22:22 - 00000000 ___DC C:\Program Files (x86)\QuickTime
2013-06-29 11:41 - 2013-05-31 08:21 - 00000000 ___DC C:\Program Files (x86)\TVRename
2013-06-29 11:41 - 2013-05-24 09:57 - 00000000 ___DC C:\Program Files (x86)\Mozilla Thunderbird
2013-06-29 11:41 - 2013-05-21 22:54 - 00000000 ___DC C:\Program Files (x86)\Mozilla Firefox
2013-06-29 11:41 - 2013-03-11 00:14 - 00000000 ___DC C:\Program Files (x86)\PicGrab
2013-06-29 11:41 - 2013-03-10 23:55 - 00000000 ___DC C:\Program Files (x86)\Mihov Picture Downloader
2013-06-29 11:41 - 2013-02-22 11:34 - 00000000 ___DC C:\ProgramData\HP Product Assistant
2013-06-29 11:41 - 2013-02-22 10:34 - 00000000 ___DC C:\ProgramData\WEBREG
2013-06-29 11:41 - 2013-02-22 10:22 - 00000000 ___DC C:\ProgramData\HP
2013-06-29 11:41 - 2013-02-13 14:02 - 00000000 ___DC C:\Program Files (x86)\StreamTransport
2013-06-29 11:41 - 2013-02-08 12:59 - 00000000 ___DC C:\ProgramData\{B7FA0661-862B-4AE4-A12A-F08D226ED546}
2013-06-29 11:41 - 2013-02-08 12:59 - 00000000 ___DC C:\ProgramData\{26D901A1-2540-4430-81DC-0317F01BD7BE}
2013-06-29 11:41 - 2012-12-26 13:16 - 00000000 ___DC C:\ProgramData\Wacom
2013-06-29 11:41 - 2012-12-26 13:14 - 00000000 ___DC C:\Program Files (x86)\TabletPlugins
2013-06-29 11:41 - 2012-12-04 17:53 - 00000000 __RDC C:\Program Files (x86)\Skype
2013-06-29 11:41 - 2012-11-14 23:07 - 00000000 ___DC C:\Program Files (x86)\Scrivener
2013-06-29 11:41 - 2012-09-01 20:47 - 00000000 ___DC C:\Program Files (x86)\MKVToolNix
2013-06-29 11:41 - 2012-08-13 15:59 - 00000000 ___DC C:\Program Files (x86)\XMind
2013-06-29 11:41 - 2012-08-08 13:47 - 00000000 ___DC C:\Program Files (x86)\MyPhoneExplorer
2013-06-29 11:41 - 2012-07-13 00:25 - 00000000 ___DC C:\ProgramData\Avira
2013-06-29 11:41 - 2012-07-04 13:38 - 00000000 ___DC C:\ProgramData\Vodafone
2013-06-29 11:41 - 2012-06-04 16:41 - 00000000 ___DC C:\Program Files (x86)\Wunderlist
2013-06-29 11:41 - 2012-05-19 11:19 - 00000000 ___DC C:\Program Files (x86)\SABnzbd
2013-06-29 11:41 - 2012-05-19 09:13 - 00000000 ___DC C:\Program Files (x86)\Microsoft Silverlight
2013-06-29 11:41 - 2012-04-28 22:44 - 00000000 ___DC C:\Program Files (x86)\Stanza
2013-06-29 11:41 - 2012-04-28 09:33 - 00000000 ___DC C:\Program Files (x86)\Wuala OverlayIcons
2013-06-29 11:41 - 2012-04-28 09:33 - 00000000 ___DC C:\Program Files (x86)\Wuala CBFS
2013-06-29 11:41 - 2012-04-27 10:38 - 00000000 ___DC C:\ProgramData\Microsoft Help
2013-06-29 11:41 - 2012-04-27 00:25 - 00000000 ___DC C:\Program Files (x86)\obj
2013-06-29 11:41 - 2012-04-26 23:05 - 00000000 __SDC C:\Program Files (x86)\Total CMA Pack
2013-06-29 11:41 - 2012-04-26 22:40 - 00000000 ___DC C:\ProgramData\eDocPrintPro
2013-06-29 11:41 - 2012-04-26 22:11 - 00000000 ___DC C:\Program Files (x86)\Mozilla Maintenance Service
2013-06-29 11:41 - 2012-04-26 08:07 - 00000000 ___DC C:\Program Files (x86)\PrivatVPN
2013-06-29 11:41 - 2012-04-25 14:49 - 00000000 ___DC C:\users\Admin
2013-06-29 11:41 - 2009-07-14 07:32 - 00000000 ___DC C:\Program Files (x86)\Windows Sidebar
2013-06-29 11:40 - 2013-05-09 19:23 - 00000000 ___DC C:\Program Files (x86)\Kunigunde
2013-06-29 11:40 - 2013-04-29 15:16 - 00000000 ___DC C:\Program Files\pia_manager
2013-06-29 11:40 - 2013-02-22 10:24 - 00000000 ___DC C:\Program Files (x86)\HP
2013-06-29 11:40 - 2012-12-26 13:20 - 00000000 ___DC C:\Program Files\TabletPlugins
2013-06-29 11:40 - 2012-12-26 13:15 - 00000000 ___DC C:\Program Files (x86)\Bamboo Dock
2013-06-29 11:40 - 2012-12-26 13:14 - 00000000 ___DC C:\Program Files\Tablet
2013-06-29 11:40 - 2012-11-16 16:48 - 00000000 ___DC C:\Program Files (x86)\Exact Audio Copy
2013-06-29 11:40 - 2012-09-14 12:08 - 00000000 ___DC C:\Program Files (x86)\A-PDF Page Cut
2013-06-29 11:40 - 2012-09-04 00:31 - 00000000 ___DC C:\Program Files (x86)\Maketorrent 2
2013-06-29 11:40 - 2012-06-28 08:30 - 00000000 ___DC C:\Program Files\Unlocker
2013-06-29 11:40 - 2012-06-20 10:47 - 00000000 ___DC C:\Program Files (x86)\3DataManager
2013-06-29 11:40 - 2012-06-02 23:41 - 00000000 ___DC C:\Program Files (x86)\focus booster
2013-06-29 11:40 - 2012-05-27 15:07 - 00000000 ___DC C:\Program Files (x86)\FileZilla FTP Client
2013-06-29 11:40 - 2012-05-25 14:21 - 00000000 ___DC C:\Program Files (x86)\ImgBurn
2013-06-29 11:40 - 2012-05-19 09:13 - 00000000 ___DC C:\Program Files\Microsoft Silverlight
2013-06-29 11:40 - 2012-04-28 09:30 - 00000000 ___DC C:\Program Files (x86)\KaraNet Client
2013-06-29 11:40 - 2012-04-28 09:01 - 00000000 ___DC C:\Program Files (x86)\MediaMonkey
2013-06-29 11:40 - 2012-04-27 11:04 - 00000000 ___DC C:\Program Files (x86)\Everything
2013-06-29 11:40 - 2012-04-27 10:12 - 00000000 ___DC C:\Program Files (x86)\MagicDisc
2013-06-29 11:40 - 2012-04-27 00:07 - 00000000 ___DC C:\Program Files\TrueCrypt
2013-06-29 11:40 - 2012-04-26 23:43 - 00000000 ___DC C:\Program Files (x86)\GonVisor
2013-06-29 11:40 - 2012-04-26 23:02 - 00000000 ___DC C:\Program Files (x86)\Apple Software Update
2013-06-29 11:40 - 2012-04-26 22:39 - 00000000 ___DC C:\Program Files (x86)\Calibre2
2013-06-29 11:40 - 2012-04-26 13:33 - 00000000 ___DC C:\Program Files\TeraCopy
2013-06-29 11:40 - 2012-04-25 15:13 - 00000000 ___DC C:\Program Files (x86)\Dolby Home Theater v4
2013-06-29 11:40 - 2009-07-14 07:32 - 00000000 ___DC C:\Program Files\Windows Sidebar
2013-06-29 11:39 - 2013-04-21 10:36 - 00000000 ___DC C:\Program Files\ATI Technologies
2013-06-29 11:39 - 2013-04-16 11:00 - 00000000 ___DC C:\Program Files\File Shredder
2013-06-29 11:39 - 2013-03-28 19:21 - 00000000 ___DC C:\Program Files\CCleaner
2013-06-29 11:39 - 2013-02-25 00:31 - 00000000 ___DC C:\Program Files\Microsoft Mouse and Keyboard Center
2013-06-29 11:39 - 2012-10-17 22:13 - 00000000 ___DC C:\Program Files\Common Files\DESIGNER
2013-06-29 11:39 - 2012-08-01 21:29 - 00000000 ___DC C:\firearms
2013-06-29 11:39 - 2012-04-27 10:38 - 00000000 ___DC C:\Program Files\Microsoft Office
2013-06-29 11:39 - 2012-04-26 23:41 - 00000000 ___DC C:\Program Files\7-Zip
2013-06-27 01:41 - 2012-04-26 22:06 - 00000000 ___DC C:\Users\Janus.Magnus\AppData\Roaming\Mozilla
2013-06-25 11:01 - 2009-07-14 07:32 - 00000000 ___DC C:\Windows\System32\FxsTmp
2013-06-25 10:56 - 2013-05-02 10:52 - 00083672 ___AC (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avnetflt.sys
2013-06-20 22:36 - 2012-04-26 23:00 - 00000000 ___DC C:\Program Files (x86)\Java
2013-06-20 12:00 - 2009-07-14 05:20 - 00000000 ___DC C:\Windows\System32\NDF
2013-06-10 18:26 - 2013-06-10 18:16 - 00000000 ___DC C:\Program Files (x86)\MagicScan
2013-06-10 18:19 - 2013-06-10 18:19 - 00000000 ___DC C:\ProgramData\ABBYY
2013-06-10 08:35 - 2012-04-27 10:56 - 00000000 ___DC C:\Users\Janus.Magnus\AppData\Local\Google
2013-06-03 22:22 - 2013-06-03 22:22 - 00000000 ___DC C:\ProgramData\Apple Computer

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-06-29 16:28

==================== End Of Log ============================
--- --- ---

--- --- ---



Addition:
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-06-2013 01
Ran by Janus at 2013-06-30 15:43:57
Running from D:\Janus\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

µTorrent (x32 Version: 3.3.0.29677)
64 Bit HP CIO Components Installer (Version: 7.2.8)
6500_E709_eDocs (x32 Version: 1.00.0000)
6500_E709_Help (x32 Version: 1.00.0000)
6500_E709n (x32 Version: 140.0.000.000)
7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
Adobe AIR (x32 Version: 3.7.0.2090)
Adobe Digital Editions 2.0 (x32 Version: 2.0)
Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.224)
Adobe Shockwave Player 11.6 (x32 Version: 11.6.8.638)
AMD Accelerated Video Transcoding (Version: 12.10.100.30416)
AMD APP SDK Runtime (Version: 10.0.1124.2)
AMD Catalyst Install Manager (Version: 8.0.911.0)
AMD Drag and Drop Transcoding (Version: 2.00.0000)
AMD Media Foundation Decoders (Version: 1.0.80416.1146)
A-PDF Page Cut (x32)
Apple Application Support (x32 Version: 2.3)
Apple Software Update (x32 Version: 2.1.3.127)
Avery Wizard 4.0 (Version: 4.0.201)
Avira Antivirus Premium (x32 Version: 13.0.0.3736)
Bamboo (Version: 5.3.0-3)
Bamboo Dock (x32 Version: 4.1)
Bamboo Dock (x32 Version: 4.1.0)
Bamboo Tablets Tutorial (x32 Version: 3.0.20)
Bing Bar (x32 Version: 5.0.1449.0)
Bing Bar Platform (x32 Version: 5.0.1449.0)
bpd_scan (x32 Version: 3.00.0000)
BPDSoftware (x32 Version: 140.0.000.000)
BPDSoftware_Ini (x32 Version: 1.00.0000)
BufferChm (x32 Version: 140.0.213.000)
calibre (x32 Version: 0.9.30)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center (x32 Version: 2013.0416.1149.19347)
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.0416.1149.19347)
Catalyst Control Center InstallProxy (x32 Version: 2013.0416.1149.19347)
Catalyst Control Center Localization All (x32 Version: 2013.0416.1149.19347)
CCC Help Chinese Standard (x32 Version: 2013.0416.1148.19347)
CCC Help Chinese Traditional (x32 Version: 2013.0416.1148.19347)
CCC Help Czech (x32 Version: 2013.0416.1148.19347)
CCC Help Danish (x32 Version: 2013.0416.1148.19347)
CCC Help Dutch (x32 Version: 2013.0416.1148.19347)
CCC Help English (x32 Version: 2013.0416.1148.19347)
CCC Help Finnish (x32 Version: 2013.0416.1148.19347)
CCC Help French (x32 Version: 2013.0416.1148.19347)
CCC Help German (x32 Version: 2013.0416.1148.19347)
CCC Help Greek (x32 Version: 2013.0416.1148.19347)
CCC Help Hungarian (x32 Version: 2013.0416.1148.19347)
CCC Help Italian (x32 Version: 2013.0416.1148.19347)
CCC Help Japanese (x32 Version: 2013.0416.1148.19347)
CCC Help Korean (x32 Version: 2013.0416.1148.19347)
CCC Help Norwegian (x32 Version: 2013.0416.1148.19347)
CCC Help Polish (x32 Version: 2013.0416.1148.19347)
CCC Help Portuguese (x32 Version: 2013.0416.1148.19347)
CCC Help Russian (x32 Version: 2013.0416.1148.19347)
CCC Help Spanish (x32 Version: 2013.0416.1148.19347)
CCC Help Swedish (x32 Version: 2013.0416.1148.19347)
CCC Help Thai (x32 Version: 2013.0416.1148.19347)
CCC Help Turkish (x32 Version: 2013.0416.1148.19347)
ccc-utility64 (Version: 2013.0416.1149.19347)
CCleaner (Version: 4.00)
Creative Centrale (x32 Version: 1.19.02)
Creative Software Update (x32 Version: 1.03.01)
Creative ZEN MX Dokumentation (x32)
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition
Destinations (x32 Version: 130.0.0.0)
DeviceDiscovery (x32 Version: 140.0.213.000)
DocMgr (x32 Version: 140.0.65.000)
DocProc (x32 Version: 140.0.100.000)
Dolby Home Theater v4 (x32 Version: 7.2.7000.7)
Dropbox (HKCU Version: 2.0.22)
eDocPrintPro v3.17.5 (Version: 3.17.5)
Etron USB3.0 Host Controller (x32 Version: 0.109)
EuroTalk Talk Now! (x32 Version: 2.5.6.1)
Everything 1.2.1.371 (x32)
Exact Audio Copy 1.0beta3 (x32 Version: 1.0beta3)
Fax (x32 Version: 140.0.213.000)
File Shredder 2.5
FileZilla Client 3.5.3 (x32 Version: 3.5.3)
focus booster (x32 Version: 1.2)
Foxit Reader (x32 Version: 6.0.3.524)
FreeCAD 0.13 (x32 Version: 0.13.1828)
GonVisor 2.22.01 (x32)
Google Chrome (x32 Version: 27.0.1453.116)
Google Earth (x32 Version: 7.0.3.8542)
Google Talk Plugin (x32 Version: 4.1.3.13728)
Google Update Helper (x32 Version: 1.3.21.145)
GPBaseService2 (x32 Version: 140.0.212.000)
Gpg4win (2.1.1-34299-beta) (x32 Version: 2.1.1-34299-beta)
gs_x64 (Version: 9.00)
HP Customer Participation Program 14.0 (Version: 14.0)
HP Document Manager 2.0 (Version: 2.0)
HP Imaging Device Functions 14.0 (Version: 14.0)
HP Officejet 6500 E709 Series (Version: 14.0)
HP Smart Web Printing 4.60 (Version: 4.60)
HP Solution Center 14.0 (Version: 14.0)
HP Update (x32 Version: 5.002.002.002)
HPDiagnosticAlert (x32 Version: 1.00.0000)
HPProductAssistant (x32 Version: 140.0.213.000)
HPSSupply (x32 Version: 140.0.212.000)
ImgBurn (x32 Version: 2.5.7.0)
Intel(R) Control Center (x32 Version: 1.2.1.1007)
Intel(R) Management Engine Components (x32 Version: 7.1.21.1134)
Intel(R) OpenCL CPU Runtime (x32)
Intel(R) Processor Graphics (x32 Version: 8.15.10.2618)
Java 7 Update 11 (64-bit) (Version: 7.0.110)
Java 7 Update 25 (x32 Version: 7.0.250)
Java Auto Updater (x32 Version: 2.1.9.5)
Kcast Desktop (x32 Version: 1.2.5)
Kunigunde V1.5 (x32)
MagicDisc 2.7.106 (x32)
MakeTorrent v2.1 (x32)
MarketResearch (x32 Version: 140.0.214.000)
marvell 91xx driver (x32 Version: 1.2.0.1027)
MediaMonkey 4.0 (x32 Version: 4.0)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Default Manager (x32 Version: 2.1.55.0)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Groove MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Office 32-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Italian) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 32-bit MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Search Enhancement Pack (x32 Version: 3.0.126.0)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft-Maus- und Tastatur-Center (Version: 2.1.177.0)
MKVToolNix 5.7.0 (x32 Version: 5.7.0)
Mozilla Firefox 21.0 (x86 de) (x32 Version: 21.0)
Mozilla Maintenance Service (x32 Version: 17.0.6)
Mozilla Thunderbird 17.0.6 (x86 de) (x32 Version: 17.0.6)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MyPhoneExplorer (x32 Version: 1.8.4)
Network Meter version 9.0 (x32 Version: 9.0)
Network64 (Version: 140.0.215.000)
Network64 (Version: 140.0.221.000)
NirSoft BlueScreenView (x32)
OCR Software by I.R.I.S. 14.0 (Version: 14.0)
Picasa 3 (x32 Version: 3.9)
PicGrab 2.8.0 (x32 Version: 2.8.0)
Private Internet Access Support Files (x32 Version: 1.0.0.0)
ProductContext (x32 Version: 140.0.000.000)
QuickTime (x32 Version: 7.74.80.86)
Realtek Ethernet Controller Driver (x32 Version: 7.53.216.2012)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6554)
RockTrader Pro (x32 Version: 2.60.12.0)
SABnzbd 0.6.15 (x32 Version: 0.6.15)
Scan (x32 Version: 140.0.167.000)
Scrivener Update (x32 Version: 1530)
Shop for HP Supplies (Version: 14.0)
SketchUp 8 (x32 Version: 3.0.16846)
Skype™ 6.0 (x32 Version: 6.0.126)
SmartWebPrinting (x32 Version: 140.0.213.000)
Sniper Elite V2 (x32)
SolutionCenter (x32 Version: 140.0.214.000)
Sony Ericsson Update Engine (x32 Version: 2.12.9.24)
Sony PC Companion 2.10.136 (x32 Version: 2.10.136)
Stanza (x32)
Status (x32 Version: 140.0.256.000)
StreamTransport version: 1.0.2.2171 (x32)
swMSM (x32 Version: 12.0.0.1)
TeraCopy 2.27
Toolbox (x32 Version: 140.0.428.000)
Total CMA Pack 0.57 (x32 Version: 0.57)
TrayApp (x32 Version: 140.0.213.000)
Tresorit (x32 Version: 0.5.1.76)
Trillian (x32)
TrueCrypt (x32 Version: 7.0a)
TV Rename (x32)
Unlocker 1.9.1-x64 (Version: 1.9.1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 64-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2598242) 64-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 64-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 64-Bit Edition
Update for Microsoft OneNote 2010 (KB2687277) 64-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 64-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 64-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 64-Bit Edition
VLC media player 2.0.5 (x32 Version: 2.0.5)
WebReg (x32 Version: 140.0.213.017)
WebTablet FB Plugin 32 bit (x32 Version: 2.1.0.2)
WebTablet FB Plugin 64 bit (Version: 2.1.0.2)
WebTablet IE Plugin (x32 Version: 1.1.0.12)
WebTablet Netscape Plugin (x32 Version: 1.1.0.10)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
Winsome File Renamer version 8.0 (x32 Version: 8.0)
Wuala (HKCU Version: 1.0.391.0)
Wuala CBFS (x32 Version: 3.2.107.0)
Wuala OverlayIcons (x32 Version: 1.0.0.2)
Wunderlist (x32 Version: 1.2.4)
XAMPP 1.7.7 (x32)
XMind (x32 Version: 3.2.1)

==================== Restore Points  =========================

29-06-2013 15:55:25 Geplanter Prüfpunkt

==================== Scheduled Tasks (whitelisted) =============

Task: {01792268-5C68-4FEC-8F82-4D56BE7D3A09} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4042712820-1691623583-3515648659-1005UA => C:\Users\Janus.Magnus\AppData\Local\Google\Update\GoogleUpdate.exe No File
Task: {244EE4B7-C66D-4ECC-87DF-B1A8BA7A736F} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-23] (Microsoft Corporation)
Task: {3E99FBE2-6E9B-4051-AF64-6FC3B53E582E} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => C:\Program Files\Microsoft IntelliPoint\IPoint.exe No File
Task: {440A253A-335D-4B8D-82B9-E33E4C7E5400} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe No File
Task: {529FD398-3CE9-4227-9348-4963D308265F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe No File
Task: {6B071159-27A4-4143-A516-88D387369CF6} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4042712820-1691623583-3515648659-1005Core => C:\Users\Janus.Magnus\AppData\Local\Google\Update\GoogleUpdate.exe No File
Task: {9B830A6A-5E21-4991-B036-FD348A27AA43} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe No File
Task: {9CF32335-79C5-4916-86FE-3EC24A348030} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-01-29] (Microsoft Corporation)
Task: {A254FDB5-C31A-4F69-BAC4-00385FEE19B4} - System32\Tasks\AutoKMSDaily => C:\Windows\AutoKMS\AutoKMS.exe No File
Task: {A83155CC-0144-4AE0-9483-BF6125CEB320} - System32\Tasks\Private Internet Access Startup => C:\Program Files\pia_manager\pia_manager.exe [2013-06-17] ()
Task: {A99795E5-E3F9-4F66-8B71-ED4EB0C7732F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe No File
Task: {A997C77B-1336-44A7-B855-D7FBC4393CD8} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe No File
Task: {BD315DF7-68B7-4596-8959-562FF79731C9} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-01-29] (Microsoft Corporation)
Task: {C21E4323-62C6-4C17-B5D6-5C1BE0A27C7F} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-14] (Microsoft Corporation)
Task: {D6E82B07-3B6D-4B9C-BB2D-58F40FEEB302} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe No File
Task: {DF8D21CD-0174-489C-9663-CD2A54FEF7B2} - System32\Tasks\Microsoft_Hardware_Launch_rundll32_exe => C:\Windows\System32\rundll32.exe [2009-07-14] (Microsoft Corporation)

==================== Faulty Device Manager Devices =============

Name: Officejet 6500 E709n
Description: Officejet 6500 E709n
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/30/2013 03:42:17 PM) (Source: Winlogon) (User: )
Description: Fehler bei der Windows-Lizenzaktivierung. Fehler 0x80070005.

Error: (06/30/2013 02:03:18 PM) (Source: Winlogon) (User: )
Description: Fehler bei der Windows-Lizenzaktivierung. Fehler 0x80070005.

Error: (06/30/2013 11:56:45 AM) (Source: Winlogon) (User: )
Description: Fehler bei der Windows-Lizenzaktivierung. Fehler 0x80070005.

Error: (06/30/2013 11:13:10 AM) (Source: Winlogon) (User: )
Description: Fehler bei der Windows-Lizenzaktivierung. Fehler 0x80070005.

Error: (06/30/2013 10:16:19 AM) (Source: Winlogon) (User: )
Description: Fehler bei der Windows-Lizenzaktivierung. Fehler 0x80070005.

Error: (06/30/2013 09:53:19 AM) (Source: Winlogon) (User: )
Description: Fehler bei der Windows-Lizenzaktivierung. Fehler 0x80070005.

Error: (06/30/2013 09:04:07 AM) (Source: Winlogon) (User: )
Description: Fehler bei der Windows-Lizenzaktivierung. Fehler 0x80070005.

Error: (06/30/2013 08:36:29 AM) (Source: Winlogon) (User: )
Description: Fehler bei der Windows-Lizenzaktivierung. Fehler 0x80070005.

Error: (06/29/2013 07:36:44 PM) (Source: Winlogon) (User: )
Description: Fehler bei der Windows-Lizenzaktivierung. Fehler 0x80070005.

Error: (06/29/2013 03:56:16 PM) (Source: Winlogon) (User: )
Description: Fehler bei der Windows-Lizenzaktivierung. Fehler 0x80070005.


System errors:
=============
Error: (06/30/2013 02:47:44 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "SPP-Benachrichtigungsdienst" wurde mit folgendem Fehler beendet:
%%193

Error: (06/30/2013 02:05:25 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (06/30/2013 02:03:28 PM) (Source: ipnathlp) (User: )
Description: 0

Error: (06/30/2013 02:03:17 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ?30.?06.?2013 um 12:39:44 unerwartet heruntergefahren.

Error: (06/30/2013 11:58:53 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (06/30/2013 11:56:45 AM) (Source: BugCheck) (User: )
Description: 0x00000109 (0xa3a039d8a7e4f69e, 0xb3b7465efa633170, 0xfffff80000b95080, 0x0000000000000002)C:\Windows\MEMORY.DMP063013-13868-01

Error: (06/30/2013 11:56:44 AM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ?30.?06.?2013 um 11:26:10 unerwartet heruntergefahren.

Error: (06/30/2013 11:15:18 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (06/30/2013 10:18:26 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (06/30/2013 09:55:26 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2


Microsoft Office Sessions:
=========================
Error: (06/30/2013 03:42:17 PM) (Source: Winlogon)(User: )
Description: 0x800700050x00000000

Error: (06/30/2013 02:03:18 PM) (Source: Winlogon)(User: )
Description: 0x800700050x00000000

Error: (06/30/2013 11:56:45 AM) (Source: Winlogon)(User: )
Description: 0x800700050x00000000

Error: (06/30/2013 11:13:10 AM) (Source: Winlogon)(User: )
Description: 0x800700050x00000000

Error: (06/30/2013 10:16:19 AM) (Source: Winlogon)(User: )
Description: 0x800700050x00000000

Error: (06/30/2013 09:53:19 AM) (Source: Winlogon)(User: )
Description: 0x800700050x00000000

Error: (06/30/2013 09:04:07 AM) (Source: Winlogon)(User: )
Description: 0x800700050x00000000

Error: (06/30/2013 08:36:29 AM) (Source: Winlogon)(User: )
Description: 0x800700050x00000000

Error: (06/29/2013 07:36:44 PM) (Source: Winlogon)(User: )
Description: 0x800700050x00000000

Error: (06/29/2013 03:56:16 PM) (Source: Winlogon)(User: )
Description: 0x800700050x00000000


CodeIntegrity Errors:
===================================
  Date: 2013-06-30 10:51:09.501
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\fveapibase.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-06-30 10:51:09.501
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\fveapibase.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-06-30 10:51:09.501
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\fveapibase.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-06-30 10:51:09.501
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\fveapibase.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-06-30 10:51:09.501
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\fveapibase.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-06-30 10:51:09.485
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\fveapibase.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-06-30 10:51:09.485
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\fveapibase.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-06-30 10:51:09.485
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\fveapibase.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-06-30 10:51:09.485
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\fveapibase.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-06-30 10:51:09.485
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\fveapibase.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info ===========================

Percentage of memory in use: 17%
Total physical RAM: 8109.11 MB
Available physical RAM: 6727.19 MB
Total Pagefile: 16216.41 MB
Available Pagefile: 14742.13 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: (System) (Fixed) (Total:55.9 GB) (Free:25.85 GB) NTFS (Disk=1 Partition=1)
Drive d: (Sparta) (Fixed) (Total:1863.01 GB) (Free:166.06 GB) NTFS (Disk=0 Partition=1)
Drive e: (Bruce) (Fixed) (Total:279.46 GB) (Free:82.79 GB) NTFS (Disk=4 Partition=1)
Drive f: (Goliath) (Fixed) (Total:1397.26 GB) (Free:112.46 GB) NTFS (Disk=3 Partition=1) ==>[System with boot components (obtained from reading drive)]
Drive g: (Merkur) (Fixed) (Total:931.51 GB) (Free:372.05 GB) NTFS (Disk=2 Partition=1)
Drive i: (10.3.2.34962_RC1) (CDROM) (Total:0.04 GB) (Free:0 GB) CDFS
Drive k: (Stick) (Removable) (Total:1.92 GB) (Free:1.61 GB) NTFS (Disk=6 Partition=1)
Drive n: (System) (Network) (Total:465.76 GB) (Free:155.33 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 1863 GB) (Disk ID: 3CF29E19)
Partition 1: (Not Active) - (Size=-198626508800) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 56 GB) (Disk ID: EA7161DD)
Partition 1: (Not Active) - (Size=56 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 1D1E1D1D)
Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (MBR Code: Windows 7 or 8) (Size: 1397 GB) (Disk ID: DD5108FA)
Partition 1: (Active) - (Size=-698723990528) - (Type=07 NTFS)

========================================================
Disk: 4 (MBR Code: Windows 7 or Vista) (Size: 279 GB) (Disk ID: AAF0AAF0)
Partition 1: (Not Active) - (Size=279 GB) - (Type=07 NTFS)

========================================================
Disk: 6 (Size: 2 GB) (Disk ID: 00000000)
Partition 1: (Active) - (Size=2 GB) - (Type=07 NTFS)

==================== End Of Log ============================
Ich hoffe damit dir (und der Problemlösung) geholfen zu haben... ;)
Wenn ich noch weiter helfen kann, bitte melden.
DANKE. :)

schrauber 30.06.2013 16:11
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!
Downloade dir bitte Combofix vom folgenden Downloadspiegel

Link 1


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Panthera7 30.06.2013 17:38
Ok, auch erledigt...

--- Die Logdatei ist als zip angehängt, da sie offenbar zu lang ist... ---

Ich hoffe das hilft...
Ich sehe noch keine Änderungen, aber wenn diese Analyse-Tools (euch) helfen, ok...

Kann mir vielleicht auch wer (bei Gelegenheit) erklären was eigentlich das Problem / die Ursache für diese Schlamassel ist? Danke. :)

schrauber 30.06.2013 19:37
Bitte noch die Datei

C:\Qoobox\ComboFix-quarantined-files.txt 2013-06-30 16:23
posten. Wenn möglich in den Thread.

Panthera7 30.06.2013 19:42
Sie wünschen ... ich poste... ;)

Code:
2013-06-30 16:04:22 . 2013-06-30 16:04:23              512 -c--a-w-  C:\Qoobox\Quarantine\MBR_HardDisk0.mbr
2013-06-30 16:03:49 . 2013-06-30 16:03:49            1,034 -c--a-w-  C:\Qoobox\Quarantine\Registry_backups\AddRemove-Wuala.reg.dat
2013-06-30 16:03:49 . 2013-06-30 16:03:49            2,554 -c--a-w-  C:\Qoobox\Quarantine\Registry_backups\AddRemove-Dropbox.reg.dat
2013-06-30 16:03:49 . 2013-06-30 16:03:49              832 -c--a-w-  C:\Qoobox\Quarantine\Registry_backups\AddRemove-Wacom WebTabletPlugin for Internet Explorer and Netscape.reg.dat
2013-06-30 16:03:44 . 2013-06-30 16:03:44              80 -c--a-w-  C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-BCSSync.reg.dat
2013-06-30 16:03:42 . 2013-06-30 16:03:42              439 -c--a-w-  C:\Qoobox\Quarantine\Registry_backups\HKLM_Wow6432Node-ActiveSetup-{8A69D345-D564-463c-AFF1-A69D9E530F96}.reg.dat
2013-06-30 16:03:38 . 2013-06-30 16:03:38              175 -c--a-w-  C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-HKLM-Run-QuickTime Task.reg.dat
2013-06-30 16:03:38 . 2013-06-30 16:03:38              224 -c--a-w-  C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-HKLM-Run-Microsoft Default Manager.reg.dat
2013-06-30 16:03:38 . 2013-06-30 16:03:38              194 -c--a-w-  C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-HKLM-Run-StartCCC.reg.dat
2013-06-30 16:03:38 . 2013-06-30 16:03:38              198 -c--a-w-  C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-HKLM-Run-APSDaemon.reg.dat
2013-06-30 16:03:37 . 2013-06-30 16:03:37              162 -c--a-w-  C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-HKCU-Run-Skype.reg.dat
2013-06-30 15:58:48 . 2013-06-30 16:19:16            7,419 -c--a-w-  C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2013-06-30 15:56:51 . 2013-06-30 16:17:23              102 -c--a-w-  C:\Qoobox\Quarantine\catchme.log

schrauber 30.06.2013 19:54
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST Log bitte.

Panthera7 30.06.2013 20:31
Adwcleaner:

Code:
# AdwCleaner v2.303 - Datei am 30/06/2013 um 21:05:38 erstellt
# Aktualisiert am 08/06/2013 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzer : Janus - MAGNUS
# Bootmodus : Normal
# Ausgeführt unter : D:\Janus\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\Tarma Installer

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\APN PIP
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKCU\Software\526dcdee13fed10
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\Software\PIP
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}

***** [Internet Browser] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v21.0 (de)

-\\ Google Chrome v27.0.1453.116

*************************

AdwCleaner[S1].txt - [2896 octets] - [30/06/2013 21:05:38]

########## EOF - C:\AdwCleaner[S1].txt - [2956 octets] ##########

Junkware:

Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Ultimate x64
Ran by Janus on 30.06.2013 at 21:14:29,28
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 30.06.2013 at 21:16:11,37
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Den JRT Scan mußte ich 2x machen da das Log nicht automatisch gespeichert wird und ich den Editor zu schnell wieder geschlosen hatte... :( Beim 2. Mal habe ich das Log dann manuell gespeichert. Ich hoffe das verursacht keine Probleme...

FRST neu:


FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-06-2013 01
Ran by Janus (administrator) on 30-06-2013 21:19:56
Running from D:\Janus\Desktop
Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe
() C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
(FileZilla Project) C:\xampp\FileZillaFTP\FileZillaServer.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe
() C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [12445288 2012-01-16] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4  [1156712 2011-11-15] (Realtek Semiconductor)
HKLM\...\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices [x]
HKCU\...\Run: [SoftAuto.exe] "C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe" [405504 2008-08-13] (Creative Technology Ltd)
HKCU\...\Run: [09A805B4B4084C6D2883140717841177DEF7C9D3._service_run] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=service [825808 2013-06-15] (Google Inc.)
HKCU\...\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"  /MINIMIZED [1045072 2013-05-29] (BitTorrent Inc.)
HKCU\...\Policies\system: [DisableRegistryTools] 0
HKCU\...\Policies\system: [DisableTaskMgr] 0
HKLM-x32\...\Run: [Dolby Home Theater v4] "C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe" -autostart [506712 2011-06-01] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [BambooCore] C:\Program Files (x86)\Bamboo Dock\BambooCore.exe [646744 2012-10-16] ()
HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2009-11-18] (Hewlett-Packard)
HKLM-x32\...\Run: []  [x]
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKU\Admin\...\Run: [PrivatVPN] C:\Program Files (x86)\PrivatVPN\PrivatVPN.exe [x]
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://startpage.com/deu/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKCU - {16FFE4DA-54CA-498B-AB19-A708675A4044} URL = https://duckduckgo.com/?q={searchTerms}
SearchScopes: HKCU - {44E18901-B77A-4FD4-9CF9-4873517C831F} URL = https://startpage.com/do/metasearch.pl?query={searchTerms}&cat=web&pl=ie&language=english
SearchScopes: HKCU - {F724C14F-F0A9-4C6C-AAE0-08C6F2DC5EA5} URL = https://startpage.com/do/search?query={searchTerms}&cat=web&pl=ie&language=deutsch
BHO: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll No File
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll No File
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~4\Office14\URLREDIR.DLL No File
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll No File
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll No File
BHO-x32: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
BHO-x32: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll No File
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll No File
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll No File
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL No File
BHO-x32: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll No File
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll No File
Toolbar: HKLM-x32 - @C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll No File
DPF: HKLM-x32 {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} hxxp://download.gigabyte.com.tw/object/Dldrv.ocx
Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL No File
Tcpip\..\Interfaces\{A6232BBA-B895-48DA-ABD2-E2B7C93F8ABF}: [NameServer]213.94.78.17 213.94.78.16
Tcpip\..\Interfaces\{E9ED39F1-AE6A-4ADB-8B49-DCE1DCB71DAB}: [NameServer]213.94.78.17 213.94.78.16

FireFox:
========
FF ProfilePath: C:\Users\Janus.Magnus\AppData\Roaming\Mozilla\Firefox\Profiles\2k78lphr.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @java.com/DTPlugin,version=10.11.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.11.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll No File
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL No File
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.2 - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll No File
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll No File
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll No File
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll No File
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No File
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
FF Plugin-x32: @Microsoft.com/NpWinExt,version=5.0 - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL No File
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File
FF Plugin-x32: @wacom.com/wacom-plugin,version=1.1.0.10 - C:\Program Files (x86)\TabletPlugins\npwacom.dll No File
FF Plugin-x32: @wacom.com/wtPlugin,version=2.0.0.1 - C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll No File
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.2 - C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll No File
FF HKLM-x32\...\Firefox\Extensions: [msntoolbar@msn.com] C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\Firefox
FF Extension: No Name - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\Firefox
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: No Name - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKLM-x32\...\Firefox\Extensions: [{27182e60-b5f3-411c-b545-b44205977502}] C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\
FF Extension: No Name - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: No Name - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome:
=======
CHR HomePage: hxxp://www.google.at/ig
CHR DefaultSearchURL: (DuckDuckGo) - https://duckduckgo.com/?q={searchTerms}
CHR DefaultSuggestURL: (DuckDuckGo) -      "suggest_url": "",
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\pdf.dll ()
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL No File
CHR Plugin: (Foxit Reader Plugin for Mozilla) - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll No File
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U17) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No File
CHR Plugin: (Bing Bar) - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll No File
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll No File
CHR Plugin: (WacomTabletPlugin) - C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll No File
CHR Plugin: ( Wacom Dynamic Link Library) - C:\Program Files (x86)\TabletPlugins\npwacom.dll No File
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.170.2) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Extension: () - C:\Users\Janus.Magnus\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\1.2.4_0
CHR Extension: () - C:\Users\Janus.Magnus\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahggffalhoajbhlaogbplamaaghnncle\3_0
CHR Extension: () - C:\Users\Janus.Magnus\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla\1.0.25_0
CHR Extension: () - C:\Users\Janus.Magnus\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: () - C:\Users\Janus.Magnus\AppData\Local\Google\Chrome\User Data\Default\Extensions\apboafhkiegglekeafbckfjldecefkhn\16_0
CHR Extension: () - C:\Users\Janus.Magnus\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: () - C:\Users\Janus.Magnus\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: () - C:\Users\Janus.Magnus\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbdjiinahkdjdcdlgfimlcolkjpbooja\2.6.15_0
CHR Extension: () - C:\Users\Janus.Magnus\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.4.1_0
CHR Extension: () - C:\Users\Janus.Magnus\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: () - C:\Users\Janus.Magnus\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgjmngbfeoahignmbagincnmpgodpfjm\2013.4.13.52243_0
CHR Extension: () - C:\Users\Janus.Magnus\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhmlplceigplahbkhifeaeinaeppccef\1.3.1_0
CHR Extension: () - C:\Users\Janus.Magnus\AppData\Local\Google\Chrome\User Data\Default\Extensions\djjkppdfofjnpcbnkkangbhanjdnoocd\2.81_0
CHR Extension: () - C:\Users\Janus.Magnus\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlppkpafhbajpcmmoheippocdidnckmm\1.2.0.418_0
CHR Extension: () - C:\Users\Janus.Magnus\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.3_0
CHR Extension: () - C:\Users\Janus.Magnus\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfnjfpcmnoabmbhponbioedjceaddaa\0.6.0.6_0
CHR Extension: () - C:\Users\Janus.Magnus\AppData\Local\Google\Chrome\User Data\Default\Extensions\fepbnnnkkadjhjahcafoaglimekefifl\0.9.1_0
CHR Extension: () - C:\Users\Janus.Magnus\AppData\Local\Google\Chrome\User Data\Default\Extensions\ickaeddjnhfofihhibhnjemlphjmnchl\1.0.4_0
CHR Extension: () - C:\Users\Janus.Magnus\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfppgkomfopklagggkjiaddgndkgopgl\1.1.7_0
CHR Extension: () - C:\Users\Janus.Magnus\AppData\Local\Google\Chrome\User Data\Default\Extensions\kajibbejlbohfaggdiogboambcijhkke\0.6.3_0
CHR Extension: () - C:\Users\Janus.Magnus\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljjokggmkajmbofnianfkfnnllmgfpge\2013.4.10.27705_0
CHR Extension: () - C:\Users\Janus.Magnus\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh\5.2.7_0
CHR Extension: () - C:\Users\Janus.Magnus\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdanidgdpmkimeiiojknlnekblgmpdll\1.2_0
CHR Extension: () - C:\Users\Janus.Magnus\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd\2013.612.433.5_0
CHR Extension: () - C:\Users\Janus.Magnus\AppData\Local\Google\Chrome\User Data\Default\Extensions\onlgmecjpnejhfeofkgbfgnmdlipdejb\6.2.2_0
CHR Extension: () - C:\Users\Janus.Magnus\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

==================== Services (Whitelisted) =================

R2 CTDevice_Srv; C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe [61440 2007-04-02] (Creative Technology Ltd)
R2 DirMngr; C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [221696 2012-05-02] ()
R2 FileZilla Server; C:\xampp\FileZillaFTP\FileZillaServer.exe [630272 2011-06-07] (FileZilla Project)
S3 sppuinotify; C:\Windows\system32\sppuinotify.dll [0 2013-06-29] ()
R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [619904 2012-11-14] (Wacom Technology, Corp.)
S3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [x]
S3 aspnet_state; %SystemRoot%\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [x]
S2 clr_optimization_v4.0.30319_32; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [x]
S2 clr_optimization_v4.0.30319_64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
S3 cphs; %SystemRoot%\SysWow64\IntelCpHeciSvc.exe [x]
S3 CTUPnPSv; C:\Program Files (x86)\Creative\Creative Centrale\CTUPnPSv.exe [x]
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [x]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [x]
S3 gusvc; "C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe" [x]
S3 MozillaMaintenance; "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe" [x]
S4 NetMsmqActivator; "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe" -NetMsmqActivator [x]
S4 NetPipeActivator; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [x]
S4 NetTcpActivator; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [x]
S4 NetTcpPortSharing; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [x]
S3 ose64; "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE" [x]
S2 SkypeUpdate; "C:\Program Files (x86)\Skype\Updater\Updater.exe" [x]
S3 Sony PC Companion; "C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe" [x]

==================== Drivers (Whitelisted) ====================

R3 avmaura; C:\Windows\System32\DRIVERS\avmaura.sys [116480 2013-02-22] (AVM Berlin)
R1 cbfs3; C:\Windows\system32\drivers\cbfs3.sys [352144 2012-04-09] (EldoS Corporation)
R3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [415232 2011-10-18] (Huawei Technologies Co., Ltd.)
R3 RTL8023x64; C:\Windows\System32\DRIVERS\Rtnic64.sys [51712 2009-06-10] (Realtek Semiconductor Corporation                          )
S3 zte_cdc_acm; C:\Windows\System32\DRIVERS\zte_cdc_acm.sys [78336 2012-05-24] (ZTE)
S3 zte_cdc_ecm; C:\Windows\System32\DRIVERS\zte_cdc_ecm.sys [52224 2012-05-24] (ZTE)
S3 zte_cpo; C:\Windows\System32\DRIVERS\zte_cpo.sys [14336 2012-05-24] (ZTE)
S3 zte_ecm_enum; C:\Windows\System32\DRIVERS\zte_ecm_enum.sys [53248 2012-05-24] (ZTE)
S3 zte_ecm_enum_filter; C:\Windows\System32\DRIVERS\zte_ecm_enum_filter.sys [53248 2012-05-24] (ZTE)
S3 gdrv; \??\C:\Windows\gdrv.sys [x]
S4 NVHDA; system32\drivers\nvhda64v.sys [x]
S4 nvlddmkm; system32\DRIVERS\nvlddmkm.sys [x]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]
S3 wacommousefilter; system32\DRIVERS\wacommousefilter.sys [x]
S3 wacomvhid; system32\DRIVERS\wacomvhid.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-06-30 21:16 - 2013-06-30 21:16 - 00000621 ___AC C:\Users\Janus.Magnus\Desktop\JRT.txt
2013-06-30 21:08 - 2013-06-30 21:14 - 00000000 ___DC C:\JRT
2013-06-30 21:08 - 2013-06-30 21:08 - 00000000 ___DC C:\Windows\ERUNT
2013-06-30 21:05 - 2013-06-30 21:05 - 00002997 ___AC C:\AdwCleaner[S1].txt
2013-06-30 18:16 - 2013-06-30 21:07 - 00000022 ___AC C:\Windows\S.dirmngr
2013-06-30 18:06 - 2013-06-30 21:07 - 00001426 ___AC C:\Windows\PFRO.log
2013-06-30 17:56 - 2013-06-30 18:23 - 00000000 ___DC C:\Qoobox
2013-06-30 17:56 - 2013-06-30 18:00 - 00000000 ___DC C:\Windows\erdnt
2013-06-30 17:56 - 2011-06-26 08:45 - 00256000 ___AC C:\Windows\PEV.exe
2013-06-30 17:56 - 2010-11-07 19:20 - 00208896 ___AC C:\Windows\MBR.exe
2013-06-30 17:56 - 2009-04-20 06:56 - 00060416 ___AC (NirSoft) C:\Windows\NIRCMD.exe
2013-06-30 17:56 - 2000-08-31 02:00 - 00518144 ___AC (SteelWerX) C:\Windows\SWREG.exe
2013-06-30 17:56 - 2000-08-31 02:00 - 00406528 ___AC (SteelWerX) C:\Windows\SWSC.exe
2013-06-30 17:56 - 2000-08-31 02:00 - 00098816 ___AC C:\Windows\sed.exe
2013-06-30 17:56 - 2000-08-31 02:00 - 00080412 ___AC C:\Windows\grep.exe
2013-06-30 17:56 - 2000-08-31 02:00 - 00068096 ___AC C:\Windows\zip.exe
2013-06-30 15:43 - 2013-06-30 15:43 - 00000000 ___DC C:\FRST
2013-06-30 11:56 - 2013-06-30 11:56 - 801329998 ____A C:\Windows\MEMORY.DMP
2013-06-30 11:56 - 2013-06-30 11:56 - 00279472 ___AC C:\Windows\Minidump\063013-13868-01.dmp
2013-06-30 10:50 - 2013-06-30 10:50 - 00000000 ___AC C:\Users\Janus.Magnus\defogger_reenable
2013-06-30 09:54 - 2013-06-30 10:14 - 00003360 ___AC C:\Users\Janus.Magnus\Desktop\unhide.txt
2013-06-29 16:35 - 2013-06-29 16:35 - 00000174 __SHC C:\Users\Public\desktop.ini
2013-06-29 16:09 - 2013-06-29 16:09 - 00026768 ___AC C:\Users\Janus.Magnus\AppData\Local\GDIPFONTCACHEV1.DAT
2013-06-29 13:01 - 2013-06-30 21:07 - 00005432 ___AC C:\Users\Janus.Magnus\.pia_manager_crash.log
2013-06-29 13:01 - 2013-06-30 21:07 - 00001792 ___AC C:\Windows\setupact.log
2013-06-29 13:01 - 2013-06-30 21:07 - 00000006 __AHC C:\Windows\Tasks\SA.DAT
2013-06-29 13:01 - 2013-06-29 13:01 - 00000020 __SHC C:\Users\Janus.Magnus\ntuser.ini
2013-06-29 13:01 - 2013-06-29 13:01 - 00000000 ___AC C:\Windows\setuperr.log
2013-06-29 13:01 - 2013-06-29 13:01 - 00000000 ___AC C:\Windows\ativpsrm.bin
2013-06-10 18:19 - 2013-06-10 18:19 - 00000000 ___DC C:\ProgramData\ABBYY
2013-06-10 18:16 - 2013-06-10 18:26 - 00000000 ___DC C:\Program Files (x86)\MagicScan
2013-06-03 22:22 - 2013-06-29 11:41 - 00000000 ___DC C:\Program Files (x86)\QuickTime
2013-06-03 22:22 - 2013-06-03 22:22 - 00000000 ___DC C:\ProgramData\Apple Computer
2013-05-31 08:21 - 2013-06-29 11:41 - 00000000 ___DC C:\Program Files (x86)\TVRename

==================== One Month Modified Files and Folders =======

2013-06-30 21:16 - 2013-06-30 21:16 - 00000621 ___AC C:\Users\Janus.Magnus\Desktop\JRT.txt
2013-06-30 21:14 - 2013-06-30 21:08 - 00000000 ___DC C:\JRT
2013-06-30 21:11 - 2009-07-14 19:58 - 00696620 ___AC C:\Windows\System32\perfh007.dat
2013-06-30 21:11 - 2009-07-14 19:58 - 00147916 ___AC C:\Windows\System32\perfc007.dat
2013-06-30 21:11 - 2009-07-14 07:13 - 01612484 ___AC C:\Windows\System32\PerfStringBackup.INI
2013-06-30 21:08 - 2013-06-30 21:08 - 00000000 ___DC C:\Windows\ERUNT
2013-06-30 21:08 - 2012-04-26 21:43 - 00000000 ___DC C:\Users\Janus.Magnus\AppData\Roaming\uTorrent
2013-06-30 21:07 - 2013-06-30 18:16 - 00000022 ___AC C:\Windows\S.dirmngr
2013-06-30 21:07 - 2013-06-30 18:06 - 00001426 ___AC C:\Windows\PFRO.log
2013-06-30 21:07 - 2013-06-29 13:01 - 00005432 ___AC C:\Users\Janus.Magnus\.pia_manager_crash.log
2013-06-30 21:07 - 2013-06-29 13:01 - 00001792 ___AC C:\Windows\setupact.log
2013-06-30 21:07 - 2013-06-29 13:01 - 00000006 __AHC C:\Windows\Tasks\SA.DAT
2013-06-30 21:07 - 2013-04-21 11:21 - 00000497 ___AC C:\Windows\System32\Drivers\etc\hosts.ics
2013-06-30 21:06 - 2012-04-25 14:51 - 00126791 ___AC C:\Windows\WindowsUpdate.log
2013-06-30 21:05 - 2013-06-30 21:05 - 00002997 ___AC C:\AdwCleaner[S1].txt
2013-06-30 18:23 - 2013-06-30 17:56 - 00000000 ___DC C:\Qoobox
2013-06-30 18:00 - 2013-06-30 17:56 - 00000000 ___DC C:\Windows\erdnt
2013-06-30 15:43 - 2013-06-30 15:43 - 00000000 ___DC C:\FRST
2013-06-30 15:32 - 2009-07-14 06:45 - 00025024 __AHC C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-30 15:32 - 2009-07-14 06:45 - 00025024 __AHC C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-30 11:56 - 2013-06-30 11:56 - 801329998 ____A C:\Windows\MEMORY.DMP
2013-06-30 11:56 - 2013-06-30 11:56 - 00279472 ___AC C:\Windows\Minidump\063013-13868-01.dmp
2013-06-30 11:56 - 2012-07-03 10:43 - 00000000 ___DC C:\Windows\Minidump
2013-06-30 10:50 - 2013-06-30 10:50 - 00000000 ___AC C:\Users\Janus.Magnus\defogger_reenable
2013-06-30 10:50 - 2012-04-26 13:27 - 00000000 ___DC C:\users\Janus.Magnus
2013-06-30 10:14 - 2013-06-30 09:54 - 00003360 ___AC C:\Users\Janus.Magnus\Desktop\unhide.txt
2013-06-29 16:35 - 2013-06-29 16:35 - 00000174 __SHC C:\Users\Public\desktop.ini
2013-06-29 16:35 - 2009-07-14 05:20 - 00000000 __RDC C:\Users\Public\Libraries
2013-06-29 16:09 - 2013-06-29 16:09 - 00026768 ___AC C:\Users\Janus.Magnus\AppData\Local\GDIPFONTCACHEV1.DAT
2013-06-29 13:01 - 2013-06-29 13:01 - 00000020 __SHC C:\Users\Janus.Magnus\ntuser.ini
2013-06-29 13:01 - 2013-06-29 13:01 - 00000000 ___AC C:\Windows\setuperr.log
2013-06-29 13:01 - 2013-06-29 13:01 - 00000000 ___AC C:\Windows\ativpsrm.bin
2013-06-29 13:01 - 2012-12-26 13:16 - 00000000 ___DC C:\Users\Janus.Magnus\AppData\Roaming\Wacom
2013-06-29 13:01 - 2012-12-26 13:14 - 00000000 ___DC C:\Users\Janus.Magnus\AppData\Roaming\WTablet
2013-06-29 13:00 - 2012-04-26 21:58 - 00000000 ___DC C:\Program Files (x86)\Trillian
2013-06-29 11:47 - 2012-05-26 14:18 - 00000000 ___DC C:\xampp
2013-06-29 11:47 - 2012-04-27 09:54 - 00000000 ____A C:\Windows\System32\user32.dll.bak
2013-06-29 11:47 - 2012-04-27 09:54 - 00000000 ____A C:\Windows\System32\systemcpl.dll.bak
2013-06-29 11:47 - 2012-04-27 09:54 - 00000000 ____A C:\Windows\System32\slwga.dll.bak
2013-06-29 11:47 - 2012-04-27 09:54 - 00000000 ____A C:\Windows\System32\slui.exe
2013-06-29 11:47 - 2009-07-14 01:52 - 00000000 ____A C:\Windows\System32\sppuinotify.dll
2013-06-29 11:46 - 2012-04-25 15:46 - 00000000 ___DC C:\Windows\Panther
2013-06-29 11:46 - 2012-04-25 15:13 - 00000000 ___DC C:\Windows\SysWOW64\RTCOM
2013-06-29 11:46 - 2009-07-14 20:18 - 00000000 ___DC C:\Windows\ShellNew
2013-06-29 11:46 - 2009-07-14 07:32 - 00000000 ___DC C:\Windows\Offline Web Pages
2013-06-29 11:46 - 2009-07-14 05:20 - 00000000 _RSDC C:\Windows\Media
2013-06-29 11:46 - 2009-07-14 05:20 - 00000000 ___DC C:\Windows\TAPI
2013-06-29 11:46 - 2009-07-14 05:20 - 00000000 ___DC C:\Windows\SysWOW64\Recovery
2013-06-29 11:46 - 2009-07-14 05:20 - 00000000 ___DC C:\Windows\Registration
2013-06-29 11:45 - 2012-04-28 09:33 - 00000000 ___DC C:\Users\Janus.Magnus\AppData\Roaming\Wuala
2013-06-29 11:45 - 2012-04-27 00:25 - 00000000 ___DC C:\Windows\GBD
2013-06-29 11:45 - 2012-04-27 00:11 - 00000000 ___DC C:\Users\Janus.Magnus\AppData\Roaming\TrueCrypt
2013-06-29 11:45 - 2012-04-26 21:53 - 00000000 ___DC C:\Users\Janus.Magnus\AppData\Roaming\vlc
2013-06-29 11:45 - 2009-07-14 20:18 - 00000000 __RDC C:\Users\Public\Recorded TV
2013-06-29 11:44 - 2013-01-06 18:59 - 00000000 ___DC C:\Users\Janus.Magnus\AppData\Roaming\Stereoscopic Player
2013-06-29 11:44 - 2012-12-04 17:53 - 00000000 ___DC C:\Users\Janus.Magnus\AppData\Roaming\Skype
2013-06-29 11:44 - 2012-11-21 13:41 - 00000000 ___DC C:\Users\Janus.Magnus\AppData\Roaming\ProgSense
2013-06-29 11:44 - 2012-11-21 13:39 - 00000000 ___DC C:\Users\Janus.Magnus\AppData\Roaming\Orbit
2013-06-29 11:44 - 2012-08-08 13:47 - 00000000 ___DC C:\Users\Janus.Magnus\AppData\Roaming\MyPhoneExplorer
2013-06-29 11:44 - 2012-04-26 13:33 - 00000000 ___DC C:\Users\Janus.Magnus\AppData\Roaming\TeraCopy
2013-06-29 11:44 - 2011-08-04 11:19 - 00000000 ___DC C:\Users\Janus.Magnus\AppData\Roaming\Thunderbird
2013-06-29 11:43 - 2013-05-03 07:46 - 00000000 ___DC C:\Users\Janus.Magnus\AppData\Roaming\FreeCAD
2013-06-29 11:43 - 2013-03-29 10:16 - 00000000 ___DC C:\Users\Janus.Magnus\AppData\Roaming\gnupg
2013-06-29 11:43 - 2013-02-22 10:24 - 00000000 ___DC C:\Users\Janus.Magnus\AppData\Roaming\HpUpdate
2013-06-29 11:43 - 2012-11-16 16:48 - 00000000 ___DC C:\Users\Janus.Magnus\AppData\Roaming\EAC
2013-06-29 11:43 - 2012-11-16 16:48 - 00000000 ___DC C:\Users\Janus.Magnus\AppData\Roaming\AccurateRip
2013-06-29 11:43 - 2012-09-23 13:21 - 00000000 ___DC C:\Users\Janus.Magnus\AppData\Roaming\HD Tune Pro
2013-06-29 11:43 - 2012-05-27 15:07 - 00000000 ___DC C:\Users\Janus.Magnus\AppData\Roaming\FileZilla
2013-06-29 11:43 - 2012-05-07 21:53 - 00000000 ___DC C:\Users\Janus.Magnus\AppData\Roaming\dvdcss
2013-06-29 11:43 - 2012-04-28 09:02 - 00000000 ___DC C:\Users\Janus.Magnus\AppData\Roaming\MediaMonkey
2013-06-29 11:43 - 2012-04-28 08:49 - 00000000 ___DC C:\Users\Janus.Magnus\AppData\Roaming\Dropbox
2013-06-29 11:43 - 2012-04-26 23:43 - 00000000 ___DC C:\Users\Janus.Magnus\AppData\Roaming\GonVisor
2013-06-29 11:43 - 2012-04-14 00:04 - 00000000 ___DC C:\Users\Janus.Magnus\AppData\Roaming\calibre
2013-06-29 11:42 - 2013-03-12 17:27 - 00000000 ___DC C:\Users\Janus.Magnus\.android
2013-06-29 11:42 - 2012-10-18 23:22 - 00000000 ___DC C:\Users\Janus.Magnus\AppData\Local\SniperV2
2013-06-29 11:42 - 2012-05-19 11:19 - 00000000 ___DC C:\Users\Janus.Magnus\AppData\Local\sabnzbd
2013-06-29 11:42 - 2012-04-28 09:33 - 00000000 ___DC C:\Users\Janus.Magnus\AppData\Local\Wuala
2013-06-29 11:42 - 2012-04-26 23:39 - 00000000 ___DC C:\Users\Janus.Magnus\AppData\Local\GHISLER
2013-06-29 11:42 - 2009-07-14 05:20 - 00000000 __RDC C:\users\Default
2013-06-29 11:41 - 2013-06-03 22:22 - 00000000 ___DC C:\Program Files (x86)\QuickTime
2013-06-29 11:41 - 2013-05-31 08:21 - 00000000 ___DC C:\Program Files (x86)\TVRename
2013-06-29 11:41 - 2013-05-24 09:57 - 00000000 ___DC C:\Program Files (x86)\Mozilla Thunderbird
2013-06-29 11:41 - 2013-05-21 22:54 - 00000000 ___DC C:\Program Files (x86)\Mozilla Firefox
2013-06-29 11:41 - 2013-03-11 00:14 - 00000000 ___DC C:\Program Files (x86)\PicGrab
2013-06-29 11:41 - 2013-03-10 23:55 - 00000000 ___DC C:\Program Files (x86)\Mihov Picture Downloader
2013-06-29 11:41 - 2013-02-22 11:34 - 00000000 ___DC C:\ProgramData\HP Product Assistant
2013-06-29 11:41 - 2013-02-22 10:34 - 00000000 ___DC C:\ProgramData\WEBREG
2013-06-29 11:41 - 2013-02-22 10:22 - 00000000 ___DC C:\ProgramData\HP
2013-06-29 11:41 - 2013-02-13 14:02 - 00000000 ___DC C:\Program Files (x86)\StreamTransport
2013-06-29 11:41 - 2013-02-08 12:59 - 00000000 ___DC C:\ProgramData\{B7FA0661-862B-4AE4-A12A-F08D226ED546}
2013-06-29 11:41 - 2013-02-08 12:59 - 00000000 ___DC C:\ProgramData\{26D901A1-2540-4430-81DC-0317F01BD7BE}
2013-06-29 11:41 - 2012-12-26 13:16 - 00000000 ___DC C:\ProgramData\Wacom
2013-06-29 11:41 - 2012-12-26 13:14 - 00000000 ___DC C:\Program Files (x86)\TabletPlugins
2013-06-29 11:41 - 2012-12-04 17:53 - 00000000 __RDC C:\Program Files (x86)\Skype
2013-06-29 11:41 - 2012-11-14 23:07 - 00000000 ___DC C:\Program Files (x86)\Scrivener
2013-06-29 11:41 - 2012-09-01 20:47 - 00000000 ___DC C:\Program Files (x86)\MKVToolNix
2013-06-29 11:41 - 2012-08-13 15:59 - 00000000 ___DC C:\Program Files (x86)\XMind
2013-06-29 11:41 - 2012-08-08 13:47 - 00000000 ___DC C:\Program Files (x86)\MyPhoneExplorer
2013-06-29 11:41 - 2012-07-04 13:38 - 00000000 ___DC C:\ProgramData\Vodafone
2013-06-29 11:41 - 2012-06-04 16:41 - 00000000 ___DC C:\Program Files (x86)\Wunderlist
2013-06-29 11:41 - 2012-05-19 11:19 - 00000000 ___DC C:\Program Files (x86)\SABnzbd
2013-06-29 11:41 - 2012-05-19 09:13 - 00000000 ___DC C:\Program Files (x86)\Microsoft Silverlight
2013-06-29 11:41 - 2012-04-28 22:44 - 00000000 ___DC C:\Program Files (x86)\Stanza
2013-06-29 11:41 - 2012-04-28 09:33 - 00000000 ___DC C:\Program Files (x86)\Wuala OverlayIcons
2013-06-29 11:41 - 2012-04-28 09:33 - 00000000 ___DC C:\Program Files (x86)\Wuala CBFS
2013-06-29 11:41 - 2012-04-27 10:38 - 00000000 ___DC C:\ProgramData\Microsoft Help
2013-06-29 11:41 - 2012-04-27 00:25 - 00000000 ___DC C:\Program Files (x86)\obj
2013-06-29 11:41 - 2012-04-26 23:05 - 00000000 __SDC C:\Program Files (x86)\Total CMA Pack
2013-06-29 11:41 - 2012-04-26 22:40 - 00000000 ___DC C:\ProgramData\eDocPrintPro
2013-06-29 11:41 - 2012-04-26 22:11 - 00000000 ___DC C:\Program Files (x86)\Mozilla Maintenance Service
2013-06-29 11:41 - 2012-04-26 08:07 - 00000000 ___DC C:\Program Files (x86)\PrivatVPN
2013-06-29 11:41 - 2012-04-25 14:49 - 00000000 ___DC C:\users\Admin
2013-06-29 11:41 - 2009-07-14 07:32 - 00000000 ___DC C:\Program Files (x86)\Windows Sidebar
2013-06-29 11:40 - 2013-05-09 19:23 - 00000000 ___DC C:\Program Files (x86)\Kunigunde
2013-06-29 11:40 - 2013-04-29 15:16 - 00000000 ___DC C:\Program Files\pia_manager
2013-06-29 11:40 - 2013-02-22 10:24 - 00000000 ___DC C:\Program Files (x86)\HP
2013-06-29 11:40 - 2012-12-26 13:20 - 00000000 ___DC C:\Program Files\TabletPlugins
2013-06-29 11:40 - 2012-12-26 13:15 - 00000000 ___DC C:\Program Files (x86)\Bamboo Dock
2013-06-29 11:40 - 2012-12-26 13:14 - 00000000 ___DC C:\Program Files\Tablet
2013-06-29 11:40 - 2012-11-16 16:48 - 00000000 ___DC C:\Program Files (x86)\Exact Audio Copy
2013-06-29 11:40 - 2012-09-14 12:08 - 00000000 ___DC C:\Program Files (x86)\A-PDF Page Cut
2013-06-29 11:40 - 2012-09-04 00:31 - 00000000 ___DC C:\Program Files (x86)\Maketorrent 2
2013-06-29 11:40 - 2012-06-28 08:30 - 00000000 ___DC C:\Program Files\Unlocker
2013-06-29 11:40 - 2012-06-20 10:47 - 00000000 ___DC C:\Program Files (x86)\3DataManager
2013-06-29 11:40 - 2012-06-02 23:41 - 00000000 ___DC C:\Program Files (x86)\focus booster
2013-06-29 11:40 - 2012-05-27 15:07 - 00000000 ___DC C:\Program Files (x86)\FileZilla FTP Client
2013-06-29 11:40 - 2012-05-25 14:21 - 00000000 ___DC C:\Program Files (x86)\ImgBurn
2013-06-29 11:40 - 2012-05-19 09:13 - 00000000 ___DC C:\Program Files\Microsoft Silverlight
2013-06-29 11:40 - 2012-04-28 09:30 - 00000000 ___DC C:\Program Files (x86)\KaraNet Client
2013-06-29 11:40 - 2012-04-28 09:01 - 00000000 ___DC C:\Program Files (x86)\MediaMonkey
2013-06-29 11:40 - 2012-04-27 11:04 - 00000000 ___DC C:\Program Files (x86)\Everything
2013-06-29 11:40 - 2012-04-27 10:12 - 00000000 ___DC C:\Program Files (x86)\MagicDisc
2013-06-29 11:40 - 2012-04-27 00:07 - 00000000 ___DC C:\Program Files\TrueCrypt
2013-06-29 11:40 - 2012-04-26 23:43 - 00000000 ___DC C:\Program Files (x86)\GonVisor
2013-06-29 11:40 - 2012-04-26 23:02 - 00000000 ___DC C:\Program Files (x86)\Apple Software Update
2013-06-29 11:40 - 2012-04-26 22:39 - 00000000 ___DC C:\Program Files (x86)\Calibre2
2013-06-29 11:40 - 2012-04-26 13:33 - 00000000 ___DC C:\Program Files\TeraCopy
2013-06-29 11:40 - 2012-04-25 15:13 - 00000000 ___DC C:\Program Files (x86)\Dolby Home Theater v4
2013-06-29 11:40 - 2009-07-14 07:32 - 00000000 ___DC C:\Program Files\Windows Sidebar
2013-06-29 11:39 - 2013-04-21 10:36 - 00000000 ___DC C:\Program Files\ATI Technologies
2013-06-29 11:39 - 2013-04-16 11:00 - 00000000 ___DC C:\Program Files\File Shredder
2013-06-29 11:39 - 2013-03-28 19:21 - 00000000 ___DC C:\Program Files\CCleaner
2013-06-29 11:39 - 2013-02-25 00:31 - 00000000 ___DC C:\Program Files\Microsoft Mouse and Keyboard Center
2013-06-29 11:39 - 2012-10-17 22:13 - 00000000 ___DC C:\Program Files\Common Files\DESIGNER
2013-06-29 11:39 - 2012-08-01 21:29 - 00000000 ___DC C:\firearms
2013-06-29 11:39 - 2012-04-27 10:38 - 00000000 ___DC C:\Program Files\Microsoft Office
2013-06-29 11:39 - 2012-04-26 23:41 - 00000000 ___DC C:\Program Files\7-Zip
2013-06-27 01:41 - 2012-04-26 22:06 - 00000000 ___DC C:\Users\Janus.Magnus\AppData\Roaming\Mozilla
2013-06-25 11:01 - 2009-07-14 07:32 - 00000000 ___DC C:\Windows\System32\FxsTmp
2013-06-20 22:36 - 2012-04-26 23:00 - 00000000 ___DC C:\Program Files (x86)\Java
2013-06-20 12:00 - 2009-07-14 05:20 - 00000000 ___DC C:\Windows\System32\NDF
2013-06-10 18:26 - 2013-06-10 18:16 - 00000000 ___DC C:\Program Files (x86)\MagicScan
2013-06-10 18:19 - 2013-06-10 18:19 - 00000000 ___DC C:\ProgramData\ABBYY
2013-06-10 08:35 - 2012-04-27 10:56 - 00000000 ___DC C:\Users\Janus.Magnus\AppData\Local\Google
2013-06-03 22:22 - 2013-06-03 22:22 - 00000000 ___DC C:\ProgramData\Apple Computer

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-06-29 16:28

==================== End Of Log ============================
--- --- ---

--- --- ---



FRST Addition neu:

Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-06-2013 01
Ran by Janus at 2013-06-30 21:20:14
Running from D:\Janus\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

µTorrent (x32 Version: 3.3.0.29677)
64 Bit HP CIO Components Installer (Version: 7.2.8)
6500_E709_eDocs (x32 Version: 1.00.0000)
6500_E709_Help (x32 Version: 1.00.0000)
6500_E709n (x32 Version: 140.0.000.000)
7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
Adobe AIR (x32 Version: 3.7.0.2090)
Adobe Digital Editions 2.0 (x32 Version: 2.0)
Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.224)
Adobe Shockwave Player 11.6 (x32 Version: 11.6.8.638)
AMD Accelerated Video Transcoding (Version: 12.10.100.30416)
AMD APP SDK Runtime (Version: 10.0.1124.2)
AMD Catalyst Install Manager (Version: 8.0.911.0)
AMD Drag and Drop Transcoding (Version: 2.00.0000)
AMD Media Foundation Decoders (Version: 1.0.80416.1146)
A-PDF Page Cut (x32)
Apple Application Support (x32 Version: 2.3)
Apple Software Update (x32 Version: 2.1.3.127)
Avery Wizard 4.0 (Version: 4.0.201)
Bamboo (Version: 5.3.0-3)
Bamboo Dock (x32 Version: 4.1)
Bamboo Dock (x32 Version: 4.1.0)
Bamboo Tablets Tutorial (x32 Version: 3.0.20)
Bing Bar (x32 Version: 5.0.1449.0)
Bing Bar Platform (x32 Version: 5.0.1449.0)
bpd_scan (x32 Version: 3.00.0000)
BPDSoftware (x32 Version: 140.0.000.000)
BPDSoftware_Ini (x32 Version: 1.00.0000)
BufferChm (x32 Version: 140.0.213.000)
calibre (x32 Version: 0.9.30)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center (x32 Version: 2013.0416.1149.19347)
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.0416.1149.19347)
Catalyst Control Center InstallProxy (x32 Version: 2013.0416.1149.19347)
Catalyst Control Center Localization All (x32 Version: 2013.0416.1149.19347)
CCC Help Chinese Standard (x32 Version: 2013.0416.1148.19347)
CCC Help Chinese Traditional (x32 Version: 2013.0416.1148.19347)
CCC Help Czech (x32 Version: 2013.0416.1148.19347)
CCC Help Danish (x32 Version: 2013.0416.1148.19347)
CCC Help Dutch (x32 Version: 2013.0416.1148.19347)
CCC Help English (x32 Version: 2013.0416.1148.19347)
CCC Help Finnish (x32 Version: 2013.0416.1148.19347)
CCC Help French (x32 Version: 2013.0416.1148.19347)
CCC Help German (x32 Version: 2013.0416.1148.19347)
CCC Help Greek (x32 Version: 2013.0416.1148.19347)
CCC Help Hungarian (x32 Version: 2013.0416.1148.19347)
CCC Help Italian (x32 Version: 2013.0416.1148.19347)
CCC Help Japanese (x32 Version: 2013.0416.1148.19347)
CCC Help Korean (x32 Version: 2013.0416.1148.19347)
CCC Help Norwegian (x32 Version: 2013.0416.1148.19347)
CCC Help Polish (x32 Version: 2013.0416.1148.19347)
CCC Help Portuguese (x32 Version: 2013.0416.1148.19347)
CCC Help Russian (x32 Version: 2013.0416.1148.19347)
CCC Help Spanish (x32 Version: 2013.0416.1148.19347)
CCC Help Swedish (x32 Version: 2013.0416.1148.19347)
CCC Help Thai (x32 Version: 2013.0416.1148.19347)
CCC Help Turkish (x32 Version: 2013.0416.1148.19347)
ccc-utility64 (Version: 2013.0416.1149.19347)
CCleaner (Version: 4.00)
Creative Centrale (x32 Version: 1.19.02)
Creative Software Update (x32 Version: 1.03.01)
Creative ZEN MX Dokumentation (x32)
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition
Destinations (x32 Version: 130.0.0.0)
DeviceDiscovery (x32 Version: 140.0.213.000)
DocMgr (x32 Version: 140.0.65.000)
DocProc (x32 Version: 140.0.100.000)
Dolby Home Theater v4 (x32 Version: 7.2.7000.7)
eDocPrintPro v3.17.5 (Version: 3.17.5)
Etron USB3.0 Host Controller (x32 Version: 0.109)
EuroTalk Talk Now! (x32 Version: 2.5.6.1)
Everything 1.2.1.371 (x32)
Exact Audio Copy 1.0beta3 (x32 Version: 1.0beta3)
Fax (x32 Version: 140.0.213.000)
File Shredder 2.5
FileZilla Client 3.5.3 (x32 Version: 3.5.3)
focus booster (x32 Version: 1.2)
Foxit Reader (x32 Version: 6.0.3.524)
FreeCAD 0.13 (x32 Version: 0.13.1828)
GonVisor 2.22.01 (x32)
Google Chrome (x32 Version: 27.0.1453.116)
Google Earth (x32 Version: 7.0.3.8542)
Google Talk Plugin (x32 Version: 4.1.3.13728)
Google Update Helper (x32 Version: 1.3.21.145)
GPBaseService2 (x32 Version: 140.0.212.000)
Gpg4win (2.1.1-34299-beta) (x32 Version: 2.1.1-34299-beta)
gs_x64 (Version: 9.00)
HP Customer Participation Program 14.0 (Version: 14.0)
HP Document Manager 2.0 (Version: 2.0)
HP Imaging Device Functions 14.0 (Version: 14.0)
HP Officejet 6500 E709 Series (Version: 14.0)
HP Smart Web Printing 4.60 (Version: 4.60)
HP Solution Center 14.0 (Version: 14.0)
HP Update (x32 Version: 5.002.002.002)
HPDiagnosticAlert (x32 Version: 1.00.0000)
HPProductAssistant (x32 Version: 140.0.213.000)
HPSSupply (x32 Version: 140.0.212.000)
ImgBurn (x32 Version: 2.5.7.0)
Intel(R) Control Center (x32 Version: 1.2.1.1007)
Intel(R) Management Engine Components (x32 Version: 7.1.21.1134)
Intel(R) OpenCL CPU Runtime (x32)
Intel(R) Processor Graphics (x32 Version: 8.15.10.2618)
Java 7 Update 11 (64-bit) (Version: 7.0.110)
Java 7 Update 25 (x32 Version: 7.0.250)
Java Auto Updater (x32 Version: 2.1.9.5)
Kcast Desktop (x32 Version: 1.2.5)
Kunigunde V1.5 (x32)
MagicDisc 2.7.106 (x32)
MakeTorrent v2.1 (x32)
MarketResearch (x32 Version: 140.0.214.000)
marvell 91xx driver (x32 Version: 1.2.0.1027)
MediaMonkey 4.0 (x32 Version: 4.0)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Default Manager (x32 Version: 2.1.55.0)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Groove MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Office 32-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Italian) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 32-bit MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Search Enhancement Pack (x32 Version: 3.0.126.0)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft-Maus- und Tastatur-Center (Version: 2.1.177.0)
MKVToolNix 5.7.0 (x32 Version: 5.7.0)
Mozilla Firefox 21.0 (x86 de) (x32 Version: 21.0)
Mozilla Maintenance Service (x32 Version: 17.0.6)
Mozilla Thunderbird 17.0.6 (x86 de) (x32 Version: 17.0.6)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MyPhoneExplorer (x32 Version: 1.8.4)
Network Meter version 9.0 (x32 Version: 9.0)
Network64 (Version: 140.0.215.000)
Network64 (Version: 140.0.221.000)
NirSoft BlueScreenView (x32)
OCR Software by I.R.I.S. 14.0 (Version: 14.0)
Picasa 3 (x32 Version: 3.9)
PicGrab 2.8.0 (x32 Version: 2.8.0)
Private Internet Access Support Files (x32 Version: 1.0.0.0)
ProductContext (x32 Version: 140.0.000.000)
QuickTime (x32 Version: 7.74.80.86)
Realtek Ethernet Controller Driver (x32 Version: 7.53.216.2012)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6554)
RockTrader Pro (x32 Version: 2.60.12.0)
SABnzbd 0.6.15 (x32 Version: 0.6.15)
Scan (x32 Version: 140.0.167.000)
Scrivener Update (x32 Version: 1530)
Shop for HP Supplies (Version: 14.0)
SketchUp 8 (x32 Version: 3.0.16846)
Skype™ 6.0 (x32 Version: 6.0.126)
SmartWebPrinting (x32 Version: 140.0.213.000)
Sniper Elite V2 (x32)
SolutionCenter (x32 Version: 140.0.214.000)
Sony Ericsson Update Engine (x32 Version: 2.12.9.24)
Sony PC Companion 2.10.136 (x32 Version: 2.10.136)
Stanza (x32)
Status (x32 Version: 140.0.256.000)
StreamTransport version: 1.0.2.2171 (x32)
swMSM (x32 Version: 12.0.0.1)
TeraCopy 2.27
Toolbox (x32 Version: 140.0.428.000)
Total CMA Pack 0.57 (x32 Version: 0.57)
TrayApp (x32 Version: 140.0.213.000)
Tresorit (x32 Version: 0.5.1.76)
Trillian (x32)
TrueCrypt (x32 Version: 7.0a)
TV Rename (x32)
Unlocker 1.9.1-x64 (Version: 1.9.1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 64-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2598242) 64-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 64-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 64-Bit Edition
Update for Microsoft OneNote 2010 (KB2687277) 64-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 64-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 64-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 64-Bit Edition
VLC media player 2.0.5 (x32 Version: 2.0.5)
WebReg (x32 Version: 140.0.213.017)
WebTablet FB Plugin 32 bit (x32 Version: 2.1.0.2)
WebTablet IE Plugin (x32 Version: 1.1.0.12)
WebTablet Netscape Plugin (x32 Version: 1.1.0.10)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
Winsome File Renamer version 8.0 (x32 Version: 8.0)
Wuala CBFS (x32 Version: 3.2.107.0)
Wuala OverlayIcons (x32 Version: 1.0.0.2)
Wunderlist (x32 Version: 1.2.4)
XAMPP 1.7.7 (x32)
XMind (x32 Version: 3.2.1)

==================== Restore Points  =========================

29-06-2013 15:55:25 Geplanter Prüfpunkt

==================== Scheduled Tasks (whitelisted) =============

Task: {01792268-5C68-4FEC-8F82-4D56BE7D3A09} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4042712820-1691623583-3515648659-1005UA => C:\Users\Janus.Magnus\AppData\Local\Google\Update\GoogleUpdate.exe No File
Task: {244EE4B7-C66D-4ECC-87DF-B1A8BA7A736F} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-23] (Microsoft Corporation)
Task: {3E99FBE2-6E9B-4051-AF64-6FC3B53E582E} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => C:\Program Files\Microsoft IntelliPoint\IPoint.exe No File
Task: {440A253A-335D-4B8D-82B9-E33E4C7E5400} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe No File
Task: {529FD398-3CE9-4227-9348-4963D308265F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe No File
Task: {6B071159-27A4-4143-A516-88D387369CF6} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4042712820-1691623583-3515648659-1005Core => C:\Users\Janus.Magnus\AppData\Local\Google\Update\GoogleUpdate.exe No File
Task: {9B830A6A-5E21-4991-B036-FD348A27AA43} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe No File
Task: {9CF32335-79C5-4916-86FE-3EC24A348030} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-01-29] (Microsoft Corporation)
Task: {A254FDB5-C31A-4F69-BAC4-00385FEE19B4} - System32\Tasks\AutoKMSDaily => C:\Windows\AutoKMS\AutoKMS.exe No File
Task: {A83155CC-0144-4AE0-9483-BF6125CEB320} - System32\Tasks\Private Internet Access Startup => C:\Program Files\pia_manager\pia_manager.exe [2013-06-17] ()
Task: {A99795E5-E3F9-4F66-8B71-ED4EB0C7732F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe No File
Task: {A997C77B-1336-44A7-B855-D7FBC4393CD8} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe No File
Task: {BD315DF7-68B7-4596-8959-562FF79731C9} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-01-29] (Microsoft Corporation)
Task: {C21E4323-62C6-4C17-B5D6-5C1BE0A27C7F} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-14] (Microsoft Corporation)
Task: {D6E82B07-3B6D-4B9C-BB2D-58F40FEEB302} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe No File
Task: {DF8D21CD-0174-489C-9663-CD2A54FEF7B2} - System32\Tasks\Microsoft_Hardware_Launch_rundll32_exe => C:\Windows\System32\rundll32.exe [2009-07-14] (Microsoft Corporation)

==================== Faulty Device Manager Devices =============

Name: Officejet 6500 E709n
Description: Officejet 6500 E709n
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: HP
Service: StillCam
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Officejet 6500 E709n
Description: Officejet 6500 E709n
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2013-06-30 10:51:09.501
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\fveapibase.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-06-30 10:51:09.501
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\fveapibase.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-06-30 10:51:09.501
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\fveapibase.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-06-30 10:51:09.501
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\fveapibase.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-06-30 10:51:09.501
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\fveapibase.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-06-30 10:51:09.485
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\fveapibase.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-06-30 10:51:09.485
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\fveapibase.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-06-30 10:51:09.485
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\fveapibase.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-06-30 10:51:09.485
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\fveapibase.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-06-30 10:51:09.485
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\fveapibase.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info ===========================

Percentage of memory in use: 15%
Total physical RAM: 8109.11 MB
Available physical RAM: 6883.52 MB
Total Pagefile: 16216.41 MB
Available Pagefile: 14932.03 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (System) (Fixed) (Total:55.9 GB) (Free:26.02 GB) NTFS (Disk=1 Partition=1)
Drive d: (Sparta) (Fixed) (Total:1863.01 GB) (Free:166.57 GB) NTFS (Disk=0 Partition=1)
Drive e: (Bruce) (Fixed) (Total:279.46 GB) (Free:82.79 GB) NTFS (Disk=4 Partition=1)
Drive f: (Goliath) (Fixed) (Total:1397.26 GB) (Free:112.46 GB) NTFS (Disk=3 Partition=1) ==>[System with boot components (obtained from reading drive)]
Drive g: (Merkur) (Fixed) (Total:931.51 GB) (Free:372.04 GB) NTFS (Disk=2 Partition=1)
Drive i: (10.3.2.34962_RC1) (CDROM) (Total:0.04 GB) (Free:0 GB) CDFS
Drive k: (Stick) (Removable) (Total:1.92 GB) (Free:1.61 GB) NTFS (Disk=6 Partition=1)
Drive n: (System) (Network) (Total:465.76 GB) (Free:155.29 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 1863 GB) (Disk ID: 3CF29E19)
Partition 1: (Not Active) - (Size=-198626508800) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 56 GB) (Disk ID: EA7161DD)
Partition 1: (Not Active) - (Size=56 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 1D1E1D1D)
Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (MBR Code: Windows 7 or 8) (Size: 1397 GB) (Disk ID: DD5108FA)
Partition 1: (Active) - (Size=-698723990528) - (Type=07 NTFS)

========================================================
Disk: 4 (MBR Code: Windows 7 or Vista) (Size: 279 GB) (Disk ID: AAF0AAF0)
Partition 1: (Not Active) - (Size=279 GB) - (Type=07 NTFS)

========================================================
Disk: 6 (Size: 2 GB) (Disk ID: 00000000)
Partition 1: (Active) - (Size=2 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Herzlichen Dank für deine Hilfe... :) Vielleicht schon eine Idee was hier eigentlich los ist?

schrauber 01.07.2013 07:21
Infektion mit Trojanern, aber das Meiste ist schon runter. Noch Probleme?


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST Logfile bitte.

Panthera7 01.07.2013 11:40
Auf ein neues...

ESET Log:
Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=7581cc1651d1d24aaf13fb4d2deee669
# engine=14215
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-07-01 09:33:19
# local_time=2013-07-01 11:33:19 (+0100, Mitteleuropäische Sommerzeit)
# country="Austria"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 66 85 37157478 124301049 0 0
# scanned=363855
# found=2
# cleaned=0
# scan_time=10136
sh=FD498C22B58A2E737B403C42E98B0D0C0654F326 ft=1 fh=07f8ef1ba5839c5c vn="multiple threats" ac=I fn="D:\Janus\Downloads\Software\pdf + doc\Foxit Phantom\Foxit Phantom 2.2.3 + PDF Editor\[phantom-add-on] Foxit.PDF.Editor221.1119\FoxitPDFEditor221.1119_enu_Setup.exe"
sh=2EA5EA8EFA48EEB6332ED7345E8B2EB5F428B1B8 ft=0 fh=0000000000000000 vn="a variant of Android/Adware.AirPush.G application" ac=I fn="E:\Xperia\X 10\last apps\Solitaire_3.2.apk"
Was immer ESET da gefunden haben will... die dinger sind steinalt... das x10 hab ich schon seit monaten nicht mehr und diese foxit software ist auch schon sicher 1-2 Jahre alt...


Security Ceck Log:
Code:
Results of screen317's Security Check version 0.99.68 
 Windows 7 Service Pack 1 x64 (UAC is disabled!) 
``````````````Antivirus/Firewall Check:``````````````
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Java 7 Update 25 
 Adobe Flash Player 11.7.700.224 
 Mozilla Firefox 21.0 Firefox out of Date! 
 Mozilla Thunderbird (17.0.6)
 Google Chrome 27.0.1453.110 
 Google Chrome 27.0.1453.116 
````````Process Check: objlist.exe by Laurent```````` 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 
````````````````````End of Log``````````````````````

neues FRST Log:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-06-2013 03
Ran by Janus (administrator) on 01-07-2013 12:12:47
Running from D:\Janus\Desktop
Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe
() C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
(FileZilla Project) C:\xampp\FileZillaFTP\FileZillaServer.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe
() C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [12445288 2012-01-16] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4  [1156712 2011-11-15] (Realtek Semiconductor)
HKLM\...\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices [x]
HKCU\...\Run: [SoftAuto.exe] "C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe" [405504 2008-08-13] (Creative Technology Ltd)
HKCU\...\Run: [09A805B4B4084C6D2883140717841177DEF7C9D3._service_run] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=service [825808 2013-06-15] (Google Inc.)
HKCU\...\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"  /MINIMIZED [1045072 2013-05-29] (BitTorrent Inc.)
HKCU\...\Policies\system: [DisableRegistryTools] 0
HKCU\...\Policies\system: [DisableTaskMgr] 0
HKLM-x32\...\Run: [Dolby Home Theater v4] "C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe" -autostart [506712 2011-06-01] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [BambooCore] C:\Program Files (x86)\Bamboo Dock\BambooCore.exe [646744 2012-10-16] ()
HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2009-11-18] (Hewlett-Packard)
HKLM-x32\...\Run: []  [x]
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKU\Admin\...\Run: [PrivatVPN] C:\Program Files (x86)\PrivatVPN\PrivatVPN.exe [x]
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://startpage.com/deu/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU SearchScopes: DefaultScope {F724C14F-F0A9-4C6C-AAE0-08C6F2DC5EA5} URL = https://startpage.com/do/search?query={searchTerms}&cat=web&pl=ie&language=deutsch
SearchScopes: HKCU - {16FFE4DA-54CA-498B-AB19-A708675A4044} URL = https://duckduckgo.com/?q={searchTerms}
SearchScopes: HKCU - {44E18901-B77A-4FD4-9CF9-4873517C831F} URL = https://startpage.com/do/metasearch.pl?query={searchTerms}&cat=web&pl=ie&language=english
SearchScopes: HKCU - {F724C14F-F0A9-4C6C-AAE0-08C6F2DC5EA5} URL = https://startpage.com/do/search?query={searchTerms}&cat=web&pl=ie&language=deutsch
BHO: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll No File
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll No File
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~4\Office14\URLREDIR.DLL No File
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll No File
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll No File
BHO-x32: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
BHO-x32: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll No File
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll No File
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll No File
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL No File
BHO-x32: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll No File
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll No File
Toolbar: HKLM-x32 - @C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll No File
DPF: HKLM-x32 {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} hxxp://download.gigabyte.com.tw/object/Dldrv.ocx
Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL No File
Tcpip\..\Interfaces\{A6232BBA-B895-48DA-ABD2-E2B7C93F8ABF}: [NameServer]213.94.78.17 213.94.78.16
Tcpip\..\Interfaces\{E9ED39F1-AE6A-4ADB-8B49-DCE1DCB71DAB}: [NameServer]213.94.78.17 213.94.78.16

FireFox:
========
FF ProfilePath: C:\Users\Janus.Magnus\AppData\Roaming\Mozilla\Firefox\Profiles\2k78lphr.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @java.com/DTPlugin,version=10.11.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.11.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll No File
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL No File
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.2 - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll No File
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll No File
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll No File
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll No File
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No File
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
FF Plugin-x32: @Microsoft.com/NpWinExt,version=5.0 - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL No File
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File
FF Plugin-x32: @wacom.com/wacom-plugin,version=1.1.0.10 - C:\Program Files (x86)\TabletPlugins\npwacom.dll No File
FF Plugin-x32: @wacom.com/wtPlugin,version=2.0.0.1 - C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll No File
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.2 - C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll No File
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Janus.Magnus\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Janus.Magnus\AppData\Roaming\Mozilla\plugins\npo1d.dll No File
FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\Janus.Magnus\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll No File
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Janus.Magnus\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Janus.Magnus\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
FF Plugin HKCU: wacom.com/WacomTabletPlugin - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll No File
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [msntoolbar@msn.com] C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\Firefox
FF Extension: No Name - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\Firefox
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: No Name - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKLM-x32\...\Firefox\Extensions: [{27182e60-b5f3-411c-b545-b44205977502}] C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\
FF Extension: No Name - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: No Name - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome:
=======
CHR HomePage: hxxp://www.google.at/ig
CHR DefaultSearchURL: (DuckDuckGo) - https://duckduckgo.com/?q={searchTerms}
CHR DefaultSuggestURL: (DuckDuckGo) -      "suggest_url": "",
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\pdf.dll ()
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL No File
CHR Plugin: (Foxit Reader Plugin for Mozilla) - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll No File
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U17) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No File
CHR Plugin: (Bing Bar) - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll No File
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll No File
CHR Plugin: (WacomTabletPlugin) - C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll No File
CHR Plugin: ( Wacom Dynamic Link Library) - C:\Program Files (x86)\TabletPlugins\npwacom.dll No File
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.170.2) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Extension: () - C:\Users\Janus.Magnus\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\1.2.4_0
CHR Extension: () - C:\Users\Janus.Magnus\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahggffalhoajbhlaogbplamaaghnncle\3_0
CHR Extension: () - C:\Users\Janus.Magnus\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla\1.0.25_0
CHR Extension: () - C:\Users\Janus.Magnus\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: () - C:\Users\Janus.Magnus\AppData\Local\Google\Chrome\User Data\Default\Extensions\apboafhkiegglekeafbckfjldecefkhn\16_0
CHR Extension: () - C:\Users\Janus.Magnus\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: () - C:\Users\Janus.Magnus\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: () - C:\Users\Janus.Magnus\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbdjiinahkdjdcdlgfimlcolkjpbooja\2.6.15_0
CHR Extension: () - C:\Users\Janus.Magnus\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.4.1_0
CHR Extension: () - C:\Users\Janus.Magnus\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: () - C:\Users\Janus.Magnus\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgjmngbfeoahignmbagincnmpgodpfjm\2013.4.13.52243_0
CHR Extension: () - C:\Users\Janus.Magnus\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhmlplceigplahbkhifeaeinaeppccef\1.3.1_0
CHR Extension: () - C:\Users\Janus.Magnus\AppData\Local\Google\Chrome\User Data\Default\Extensions\djjkppdfofjnpcbnkkangbhanjdnoocd\2.81_0
CHR Extension: () - C:\Users\Janus.Magnus\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlppkpafhbajpcmmoheippocdidnckmm\1.2.0.418_0
CHR Extension: () - C:\Users\Janus.Magnus\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.3_0
CHR Extension: () - C:\Users\Janus.Magnus\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfnjfpcmnoabmbhponbioedjceaddaa\0.6.0.6_0
CHR Extension: () - C:\Users\Janus.Magnus\AppData\Local\Google\Chrome\User Data\Default\Extensions\fepbnnnkkadjhjahcafoaglimekefifl\0.9.1_0
CHR Extension: () - C:\Users\Janus.Magnus\AppData\Local\Google\Chrome\User Data\Default\Extensions\ickaeddjnhfofihhibhnjemlphjmnchl\1.0.4_0
CHR Extension: () - C:\Users\Janus.Magnus\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfppgkomfopklagggkjiaddgndkgopgl\1.1.7_0
CHR Extension: () - C:\Users\Janus.Magnus\AppData\Local\Google\Chrome\User Data\Default\Extensions\kajibbejlbohfaggdiogboambcijhkke\0.6.3_0
CHR Extension: () - C:\Users\Janus.Magnus\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljjokggmkajmbofnianfkfnnllmgfpge\2013.4.10.27705_0
CHR Extension: () - C:\Users\Janus.Magnus\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh\5.2.7_0
CHR Extension: () - C:\Users\Janus.Magnus\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdanidgdpmkimeiiojknlnekblgmpdll\1.2_0
CHR Extension: () - C:\Users\Janus.Magnus\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd\2013.612.433.5_0
CHR Extension: () - C:\Users\Janus.Magnus\AppData\Local\Google\Chrome\User Data\Default\Extensions\onlgmecjpnejhfeofkgbfgnmdlipdejb\6.2.2_0
CHR Extension: () - C:\Users\Janus.Magnus\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

==================== Services (Whitelisted) =================

R2 CTDevice_Srv; C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe [61440 2007-04-02] (Creative Technology Ltd)
R2 DirMngr; C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [221696 2012-05-02] ()
R2 FileZilla Server; C:\xampp\FileZillaFTP\FileZillaServer.exe [630272 2011-06-07] (FileZilla Project)
S3 sppuinotify; C:\Windows\system32\sppuinotify.dll [0 2013-06-29] ()
R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [619904 2012-11-14] (Wacom Technology, Corp.)
S3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [x]
S3 aspnet_state; %SystemRoot%\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [x]
S2 clr_optimization_v4.0.30319_32; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [x]
S2 clr_optimization_v4.0.30319_64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
S3 cphs; %SystemRoot%\SysWow64\IntelCpHeciSvc.exe [x]
S3 CTUPnPSv; C:\Program Files (x86)\Creative\Creative Centrale\CTUPnPSv.exe [x]
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [x]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [x]
S3 gusvc; "C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe" [x]
S3 MozillaMaintenance; "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe" [x]
S4 NetMsmqActivator; "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe" -NetMsmqActivator [x]
S4 NetPipeActivator; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [x]
S4 NetTcpActivator; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [x]
S4 NetTcpPortSharing; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [x]
S3 ose64; "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE" [x]
S2 SkypeUpdate; "C:\Program Files (x86)\Skype\Updater\Updater.exe" [x]
S3 Sony PC Companion; "C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe" [x]

==================== Drivers (Whitelisted) ====================

R3 avmaura; C:\Windows\System32\DRIVERS\avmaura.sys [116480 2013-02-22] (AVM Berlin)
R1 cbfs3; C:\Windows\system32\drivers\cbfs3.sys [352144 2012-04-09] (EldoS Corporation)
R3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [415232 2011-10-18] (Huawei Technologies Co., Ltd.)
R3 RTL8023x64; C:\Windows\System32\DRIVERS\Rtnic64.sys [51712 2009-06-10] (Realtek Semiconductor Corporation                          )
S3 zte_cdc_acm; C:\Windows\System32\DRIVERS\zte_cdc_acm.sys [78336 2012-05-24] (ZTE)
S3 zte_cdc_ecm; C:\Windows\System32\DRIVERS\zte_cdc_ecm.sys [52224 2012-05-24] (ZTE)
S3 zte_cpo; C:\Windows\System32\DRIVERS\zte_cpo.sys [14336 2012-05-24] (ZTE)
S3 zte_ecm_enum; C:\Windows\System32\DRIVERS\zte_ecm_enum.sys [53248 2012-05-24] (ZTE)
S3 zte_ecm_enum_filter; C:\Windows\System32\DRIVERS\zte_ecm_enum_filter.sys [53248 2012-05-24] (ZTE)
S3 gdrv; \??\C:\Windows\gdrv.sys [x]
S4 NVHDA; system32\drivers\nvhda64v.sys [x]
S4 nvlddmkm; system32\DRIVERS\nvlddmkm.sys [x]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]
S3 wacommousefilter; system32\DRIVERS\wacommousefilter.sys [x]
S3 wacomvhid; system32\DRIVERS\wacomvhid.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-01 08:31 - 2013-07-01 08:31 - 00000022 ___AC C:\Windows\S.dirmngr
2013-06-30 21:16 - 2013-06-30 21:16 - 00000621 ___AC C:\Users\Janus.Magnus\Desktop\JRT.txt
2013-06-30 21:08 - 2013-06-30 21:14 - 00000000 ___DC C:\JRT
2013-06-30 21:08 - 2013-06-30 21:08 - 00000000 ___DC C:\Windows\ERUNT
2013-06-30 21:05 - 2013-06-30 21:05 - 00002997 ___AC C:\AdwCleaner[S1].txt
2013-06-30 18:06 - 2013-06-30 21:07 - 00001426 ___AC C:\Windows\PFRO.log
2013-06-30 17:56 - 2013-06-30 18:23 - 00000000 ___DC C:\Qoobox
2013-06-30 17:56 - 2013-06-30 18:00 - 00000000 ___DC C:\Windows\erdnt
2013-06-30 17:56 - 2011-06-26 08:45 - 00256000 ___AC C:\Windows\PEV.exe
2013-06-30 17:56 - 2010-11-07 19:20 - 00208896 ___AC C:\Windows\MBR.exe
2013-06-30 17:56 - 2009-04-20 06:56 - 00060416 ___AC (NirSoft) C:\Windows\NIRCMD.exe
2013-06-30 17:56 - 2000-08-31 02:00 - 00518144 ___AC (SteelWerX) C:\Windows\SWREG.exe
2013-06-30 17:56 - 2000-08-31 02:00 - 00406528 ___AC (SteelWerX) C:\Windows\SWSC.exe
2013-06-30 17:56 - 2000-08-31 02:00 - 00098816 ___AC C:\Windows\sed.exe
2013-06-30 17:56 - 2000-08-31 02:00 - 00080412 ___AC C:\Windows\grep.exe
2013-06-30 17:56 - 2000-08-31 02:00 - 00068096 ___AC C:\Windows\zip.exe
2013-06-30 15:43 - 2013-06-30 15:43 - 00000000 ___DC C:\FRST
2013-06-30 11:56 - 2013-06-30 11:56 - 801329998 ____A C:\Windows\MEMORY.DMP
2013-06-30 11:56 - 2013-06-30 11:56 - 00279472 ___AC C:\Windows\Minidump\063013-13868-01.dmp
2013-06-30 10:50 - 2013-06-30 10:50 - 00000000 ___AC C:\Users\Janus.Magnus\defogger_reenable
2013-06-30 09:54 - 2013-06-30 10:14 - 00003360 ___AC C:\Users\Janus.Magnus\Desktop\unhide.txt
2013-06-29 16:35 - 2013-06-29 16:35 - 00000174 __SHC C:\Users\Public\desktop.ini
2013-06-29 16:09 - 2013-06-29 16:09 - 00026768 ___AC C:\Users\Janus.Magnus\AppData\Local\GDIPFONTCACHEV1.DAT
2013-06-29 13:01 - 2013-07-01 12:01 - 00002520 ___AC C:\Windows\setupact.log
2013-06-29 13:01 - 2013-07-01 08:31 - 00005820 ___AC C:\Users\Janus.Magnus\.pia_manager_crash.log
2013-06-29 13:01 - 2013-07-01 08:31 - 00000006 __AHC C:\Windows\Tasks\SA.DAT
2013-06-29 13:01 - 2013-06-29 13:01 - 00000020 __SHC C:\Users\Janus.Magnus\ntuser.ini
2013-06-29 13:01 - 2013-06-29 13:01 - 00000000 ___AC C:\Windows\setuperr.log
2013-06-29 13:01 - 2013-06-29 13:01 - 00000000 ___AC C:\Windows\ativpsrm.bin
2013-06-10 18:19 - 2013-06-10 18:19 - 00000000 ___DC C:\ProgramData\ABBYY
2013-06-10 18:16 - 2013-06-10 18:26 - 00000000 ___DC C:\Program Files (x86)\MagicScan
2013-06-03 22:22 - 2013-06-29 11:41 - 00000000 ___DC C:\Program Files (x86)\QuickTime
2013-06-03 22:22 - 2013-06-03 22:22 - 00000000 ___DC C:\ProgramData\Apple Computer

==================== One Month Modified Files and Folders =======

2013-07-01 12:01 - 2013-06-29 13:01 - 00002520 ___AC C:\Windows\setupact.log
2013-07-01 08:38 - 2009-07-14 19:58 - 00696620 ___AC C:\Windows\System32\perfh007.dat
2013-07-01 08:38 - 2009-07-14 19:58 - 00147916 ___AC C:\Windows\System32\perfc007.dat
2013-07-01 08:38 - 2009-07-14 07:13 - 01612484 ___AC C:\Windows\System32\PerfStringBackup.INI
2013-07-01 08:35 - 2012-04-25 14:51 - 00143917 ___AC C:\Windows\WindowsUpdate.log
2013-07-01 08:32 - 2012-04-26 21:43 - 00000000 ___DC C:\Users\Janus.Magnus\AppData\Roaming\uTorrent
2013-07-01 08:31 - 2013-07-01 08:31 - 00000022 ___AC C:\Windows\S.dirmngr
2013-07-01 08:31 - 2013-06-29 13:01 - 00005820 ___AC C:\Users\Janus.Magnus\.pia_manager_crash.log
2013-07-01 08:31 - 2013-06-29 13:01 - 00000006 __AHC C:\Windows\Tasks\SA.DAT
2013-07-01 08:31 - 2013-04-21 11:21 - 00000497 ___AC C:\Windows\System32\Drivers\etc\hosts.ics
2013-06-30 21:16 - 2013-06-30 21:16 - 00000621 ___AC C:\Users\Janus.Magnus\Desktop\JRT.txt
2013-06-30 21:14 - 2013-06-30 21:08 - 00000000 ___DC C:\JRT
2013-06-30 21:08 - 2013-06-30 21:08 - 00000000 ___DC C:\Windows\ERUNT
2013-06-30 21:07 - 2013-06-30 18:06 - 00001426 ___AC C:\Windows\PFRO.log
2013-06-30 21:05 - 2013-06-30 21:05 - 00002997 ___AC C:\AdwCleaner[S1].txt
2013-06-30 18:23 - 2013-06-30 17:56 - 00000000 ___DC C:\Qoobox
2013-06-30 18:00 - 2013-06-30 17:56 - 00000000 ___DC C:\Windows\erdnt
2013-06-30 15:43 - 2013-06-30 15:43 - 00000000 ___DC C:\FRST
2013-06-30 15:32 - 2009-07-14 06:45 - 00025024 __AHC C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-30 15:32 - 2009-07-14 06:45 - 00025024 __AHC C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-30 11:56 - 2013-06-30 11:56 - 801329998 ____A C:\Windows\MEMORY.DMP
2013-06-30 11:56 - 2013-06-30 11:56 - 00279472 ___AC C:\Windows\Minidump\063013-13868-01.dmp
2013-06-30 11:56 - 2012-07-03 10:43 - 00000000 ___DC C:\Windows\Minidump
2013-06-30 10:50 - 2013-06-30 10:50 - 00000000 ___AC C:\Users\Janus.Magnus\defogger_reenable
2013-06-30 10:50 - 2012-04-26 13:27 - 00000000 ___DC C:\users\Janus.Magnus
2013-06-30 10:14 - 2013-06-30 09:54 - 00003360 ___AC C:\Users\Janus.Magnus\Desktop\unhide.txt
2013-06-29 16:35 - 2013-06-29 16:35 - 00000174 __SHC C:\Users\Public\desktop.ini
2013-06-29 16:35 - 2009-07-14 05:20 - 00000000 __RDC C:\Users\Public\Libraries
2013-06-29 16:09 - 2013-06-29 16:09 - 00026768 ___AC C:\Users\Janus.Magnus\AppData\Local\GDIPFONTCACHEV1.DAT
2013-06-29 13:01 - 2013-06-29 13:01 - 00000020 __SHC C:\Users\Janus.Magnus\ntuser.ini
2013-06-29 13:01 - 2013-06-29 13:01 - 00000000 ___AC C:\Windows\setuperr.log
2013-06-29 13:01 - 2013-06-29 13:01 - 00000000 ___AC C:\Windows\ativpsrm.bin
2013-06-29 13:01 - 2012-12-26 13:16 - 00000000 ___DC C:\Users\Janus.Magnus\AppData\Roaming\Wacom
2013-06-29 13:01 - 2012-12-26 13:14 - 00000000 ___DC C:\Users\Janus.Magnus\AppData\Roaming\WTablet
2013-06-29 13:00 - 2012-04-26 21:58 - 00000000 ___DC C:\Program Files (x86)\Trillian
2013-06-29 11:47 - 2012-05-26 14:18 - 00000000 ___DC C:\xampp
2013-06-29 11:47 - 2012-04-27 09:54 - 00000000 ____A C:\Windows\System32\user32.dll.bak
2013-06-29 11:47 - 2012-04-27 09:54 - 00000000 ____A C:\Windows\System32\systemcpl.dll.bak
2013-06-29 11:47 - 2012-04-27 09:54 - 00000000 ____A C:\Windows\System32\slwga.dll.bak
2013-06-29 11:47 - 2012-04-27 09:54 - 00000000 ____A C:\Windows\System32\slui.exe
2013-06-29 11:47 - 2009-07-14 01:52 - 00000000 ____A C:\Windows\System32\sppuinotify.dll
2013-06-29 11:46 - 2012-04-25 15:46 - 00000000 ___DC C:\Windows\Panther
2013-06-29 11:46 - 2012-04-25 15:13 - 00000000 ___DC C:\Windows\SysWOW64\RTCOM
2013-06-29 11:46 - 2009-07-14 20:18 - 00000000 ___DC C:\Windows\ShellNew
2013-06-29 11:46 - 2009-07-14 07:32 - 00000000 ___DC C:\Windows\Offline Web Pages
2013-06-29 11:46 - 2009-07-14 05:20 - 00000000 _RSDC C:\Windows\Media
2013-06-29 11:46 - 2009-07-14 05:20 - 00000000 ___DC C:\Windows\TAPI
2013-06-29 11:46 - 2009-07-14 05:20 - 00000000 ___DC C:\Windows\SysWOW64\Recovery
2013-06-29 11:46 - 2009-07-14 05:20 - 00000000 ___DC C:\Windows\Registration
2013-06-29 11:45 - 2012-04-28 09:33 - 00000000 ___DC C:\Users\Janus.Magnus\AppData\Roaming\Wuala
2013-06-29 11:45 - 2012-04-27 00:25 - 00000000 ___DC C:\Windows\GBD
2013-06-29 11:45 - 2012-04-27 00:11 - 00000000 ___DC C:\Users\Janus.Magnus\AppData\Roaming\TrueCrypt
2013-06-29 11:45 - 2012-04-26 21:53 - 00000000 ___DC C:\Users\Janus.Magnus\AppData\Roaming\vlc
2013-06-29 11:45 - 2009-07-14 20:18 - 00000000 __RDC C:\Users\Public\Recorded TV
2013-06-29 11:44 - 2013-01-06 18:59 - 00000000 ___DC C:\Users\Janus.Magnus\AppData\Roaming\Stereoscopic Player
2013-06-29 11:44 - 2012-12-04 17:53 - 00000000 ___DC C:\Users\Janus.Magnus\AppData\Roaming\Skype
2013-06-29 11:44 - 2012-11-21 13:41 - 00000000 ___DC C:\Users\Janus.Magnus\AppData\Roaming\ProgSense
2013-06-29 11:44 - 2012-11-21 13:39 - 00000000 ___DC C:\Users\Janus.Magnus\AppData\Roaming\Orbit
2013-06-29 11:44 - 2012-08-08 13:47 - 00000000 ___DC C:\Users\Janus.Magnus\AppData\Roaming\MyPhoneExplorer
2013-06-29 11:44 - 2012-04-26 13:33 - 00000000 ___DC C:\Users\Janus.Magnus\AppData\Roaming\TeraCopy
2013-06-29 11:44 - 2011-08-04 11:19 - 00000000 ___DC C:\Users\Janus.Magnus\AppData\Roaming\Thunderbird
2013-06-29 11:43 - 2013-05-03 07:46 - 00000000 ___DC C:\Users\Janus.Magnus\AppData\Roaming\FreeCAD
2013-06-29 11:43 - 2013-03-29 10:16 - 00000000 ___DC C:\Users\Janus.Magnus\AppData\Roaming\gnupg
2013-06-29 11:43 - 2013-02-22 10:24 - 00000000 ___DC C:\Users\Janus.Magnus\AppData\Roaming\HpUpdate
2013-06-29 11:43 - 2012-11-16 16:48 - 00000000 ___DC C:\Users\Janus.Magnus\AppData\Roaming\EAC
2013-06-29 11:43 - 2012-11-16 16:48 - 00000000 ___DC C:\Users\Janus.Magnus\AppData\Roaming\AccurateRip
2013-06-29 11:43 - 2012-09-23 13:21 - 00000000 ___DC C:\Users\Janus.Magnus\AppData\Roaming\HD Tune Pro
2013-06-29 11:43 - 2012-05-27 15:07 - 00000000 ___DC C:\Users\Janus.Magnus\AppData\Roaming\FileZilla
2013-06-29 11:43 - 2012-05-07 21:53 - 00000000 ___DC C:\Users\Janus.Magnus\AppData\Roaming\dvdcss
2013-06-29 11:43 - 2012-04-28 09:02 - 00000000 ___DC C:\Users\Janus.Magnus\AppData\Roaming\MediaMonkey
2013-06-29 11:43 - 2012-04-28 08:49 - 00000000 ___DC C:\Users\Janus.Magnus\AppData\Roaming\Dropbox
2013-06-29 11:43 - 2012-04-26 23:43 - 00000000 ___DC C:\Users\Janus.Magnus\AppData\Roaming\GonVisor
2013-06-29 11:43 - 2012-04-14 00:04 - 00000000 ___DC C:\Users\Janus.Magnus\AppData\Roaming\calibre
2013-06-29 11:42 - 2013-03-12 17:27 - 00000000 ___DC C:\Users\Janus.Magnus\.android
2013-06-29 11:42 - 2012-10-18 23:22 - 00000000 ___DC C:\Users\Janus.Magnus\AppData\Local\SniperV2
2013-06-29 11:42 - 2012-05-19 11:19 - 00000000 ___DC C:\Users\Janus.Magnus\AppData\Local\sabnzbd
2013-06-29 11:42 - 2012-04-28 09:33 - 00000000 ___DC C:\Users\Janus.Magnus\AppData\Local\Wuala
2013-06-29 11:42 - 2012-04-26 23:39 - 00000000 ___DC C:\Users\Janus.Magnus\AppData\Local\GHISLER
2013-06-29 11:42 - 2009-07-14 05:20 - 00000000 __RDC C:\users\Default
2013-06-29 11:41 - 2013-06-03 22:22 - 00000000 ___DC C:\Program Files (x86)\QuickTime
2013-06-29 11:41 - 2013-05-31 08:21 - 00000000 ___DC C:\Program Files (x86)\TVRename
2013-06-29 11:41 - 2013-05-24 09:57 - 00000000 ___DC C:\Program Files (x86)\Mozilla Thunderbird
2013-06-29 11:41 - 2013-05-21 22:54 - 00000000 ___DC C:\Program Files (x86)\Mozilla Firefox
2013-06-29 11:41 - 2013-03-11 00:14 - 00000000 ___DC C:\Program Files (x86)\PicGrab
2013-06-29 11:41 - 2013-03-10 23:55 - 00000000 ___DC C:\Program Files (x86)\Mihov Picture Downloader
2013-06-29 11:41 - 2013-02-22 11:34 - 00000000 ___DC C:\ProgramData\HP Product Assistant
2013-06-29 11:41 - 2013-02-22 10:34 - 00000000 ___DC C:\ProgramData\WEBREG
2013-06-29 11:41 - 2013-02-22 10:22 - 00000000 ___DC C:\ProgramData\HP
2013-06-29 11:41 - 2013-02-13 14:02 - 00000000 ___DC C:\Program Files (x86)\StreamTransport
2013-06-29 11:41 - 2013-02-08 12:59 - 00000000 ___DC C:\ProgramData\{B7FA0661-862B-4AE4-A12A-F08D226ED546}
2013-06-29 11:41 - 2013-02-08 12:59 - 00000000 ___DC C:\ProgramData\{26D901A1-2540-4430-81DC-0317F01BD7BE}
2013-06-29 11:41 - 2012-12-26 13:16 - 00000000 ___DC C:\ProgramData\Wacom
2013-06-29 11:41 - 2012-12-26 13:14 - 00000000 ___DC C:\Program Files (x86)\TabletPlugins
2013-06-29 11:41 - 2012-12-04 17:53 - 00000000 __RDC C:\Program Files (x86)\Skype
2013-06-29 11:41 - 2012-11-14 23:07 - 00000000 ___DC C:\Program Files (x86)\Scrivener
2013-06-29 11:41 - 2012-09-01 20:47 - 00000000 ___DC C:\Program Files (x86)\MKVToolNix
2013-06-29 11:41 - 2012-08-13 15:59 - 00000000 ___DC C:\Program Files (x86)\XMind
2013-06-29 11:41 - 2012-08-08 13:47 - 00000000 ___DC C:\Program Files (x86)\MyPhoneExplorer
2013-06-29 11:41 - 2012-07-04 13:38 - 00000000 ___DC C:\ProgramData\Vodafone
2013-06-29 11:41 - 2012-06-04 16:41 - 00000000 ___DC C:\Program Files (x86)\Wunderlist
2013-06-29 11:41 - 2012-05-19 11:19 - 00000000 ___DC C:\Program Files (x86)\SABnzbd
2013-06-29 11:41 - 2012-05-19 09:13 - 00000000 ___DC C:\Program Files (x86)\Microsoft Silverlight
2013-06-29 11:41 - 2012-04-28 22:44 - 00000000 ___DC C:\Program Files (x86)\Stanza
2013-06-29 11:41 - 2012-04-28 09:33 - 00000000 ___DC C:\Program Files (x86)\Wuala OverlayIcons
2013-06-29 11:41 - 2012-04-28 09:33 - 00000000 ___DC C:\Program Files (x86)\Wuala CBFS
2013-06-29 11:41 - 2012-04-27 10:38 - 00000000 ___DC C:\ProgramData\Microsoft Help
2013-06-29 11:41 - 2012-04-27 00:25 - 00000000 ___DC C:\Program Files (x86)\obj
2013-06-29 11:41 - 2012-04-26 23:05 - 00000000 __SDC C:\Program Files (x86)\Total CMA Pack
2013-06-29 11:41 - 2012-04-26 22:40 - 00000000 ___DC C:\ProgramData\eDocPrintPro
2013-06-29 11:41 - 2012-04-26 22:11 - 00000000 ___DC C:\Program Files (x86)\Mozilla Maintenance Service
2013-06-29 11:41 - 2012-04-26 08:07 - 00000000 ___DC C:\Program Files (x86)\PrivatVPN
2013-06-29 11:41 - 2012-04-25 14:49 - 00000000 ___DC C:\users\Admin
2013-06-29 11:41 - 2009-07-14 07:32 - 00000000 ___DC C:\Program Files (x86)\Windows Sidebar
2013-06-29 11:40 - 2013-05-09 19:23 - 00000000 ___DC C:\Program Files (x86)\Kunigunde
2013-06-29 11:40 - 2013-04-29 15:16 - 00000000 ___DC C:\Program Files\pia_manager
2013-06-29 11:40 - 2013-02-22 10:24 - 00000000 ___DC C:\Program Files (x86)\HP
2013-06-29 11:40 - 2012-12-26 13:20 - 00000000 ___DC C:\Program Files\TabletPlugins
2013-06-29 11:40 - 2012-12-26 13:15 - 00000000 ___DC C:\Program Files (x86)\Bamboo Dock
2013-06-29 11:40 - 2012-12-26 13:14 - 00000000 ___DC C:\Program Files\Tablet
2013-06-29 11:40 - 2012-11-16 16:48 - 00000000 ___DC C:\Program Files (x86)\Exact Audio Copy
2013-06-29 11:40 - 2012-09-14 12:08 - 00000000 ___DC C:\Program Files (x86)\A-PDF Page Cut
2013-06-29 11:40 - 2012-09-04 00:31 - 00000000 ___DC C:\Program Files (x86)\Maketorrent 2
2013-06-29 11:40 - 2012-06-28 08:30 - 00000000 ___DC C:\Program Files\Unlocker
2013-06-29 11:40 - 2012-06-20 10:47 - 00000000 ___DC C:\Program Files (x86)\3DataManager
2013-06-29 11:40 - 2012-06-02 23:41 - 00000000 ___DC C:\Program Files (x86)\focus booster
2013-06-29 11:40 - 2012-05-27 15:07 - 00000000 ___DC C:\Program Files (x86)\FileZilla FTP Client
2013-06-29 11:40 - 2012-05-25 14:21 - 00000000 ___DC C:\Program Files (x86)\ImgBurn
2013-06-29 11:40 - 2012-05-19 09:13 - 00000000 ___DC C:\Program Files\Microsoft Silverlight
2013-06-29 11:40 - 2012-04-28 09:30 - 00000000 ___DC C:\Program Files (x86)\KaraNet Client
2013-06-29 11:40 - 2012-04-28 09:01 - 00000000 ___DC C:\Program Files (x86)\MediaMonkey
2013-06-29 11:40 - 2012-04-27 11:04 - 00000000 ___DC C:\Program Files (x86)\Everything
2013-06-29 11:40 - 2012-04-27 10:12 - 00000000 ___DC C:\Program Files (x86)\MagicDisc
2013-06-29 11:40 - 2012-04-27 00:07 - 00000000 ___DC C:\Program Files\TrueCrypt
2013-06-29 11:40 - 2012-04-26 23:43 - 00000000 ___DC C:\Program Files (x86)\GonVisor
2013-06-29 11:40 - 2012-04-26 23:02 - 00000000 ___DC C:\Program Files (x86)\Apple Software Update
2013-06-29 11:40 - 2012-04-26 22:39 - 00000000 ___DC C:\Program Files (x86)\Calibre2
2013-06-29 11:40 - 2012-04-26 13:33 - 00000000 ___DC C:\Program Files\TeraCopy
2013-06-29 11:40 - 2012-04-25 15:13 - 00000000 ___DC C:\Program Files (x86)\Dolby Home Theater v4
2013-06-29 11:40 - 2009-07-14 07:32 - 00000000 ___DC C:\Program Files\Windows Sidebar
2013-06-29 11:39 - 2013-04-21 10:36 - 00000000 ___DC C:\Program Files\ATI Technologies
2013-06-29 11:39 - 2013-04-16 11:00 - 00000000 ___DC C:\Program Files\File Shredder
2013-06-29 11:39 - 2013-03-28 19:21 - 00000000 ___DC C:\Program Files\CCleaner
2013-06-29 11:39 - 2013-02-25 00:31 - 00000000 ___DC C:\Program Files\Microsoft Mouse and Keyboard Center
2013-06-29 11:39 - 2012-10-17 22:13 - 00000000 ___DC C:\Program Files\Common Files\DESIGNER
2013-06-29 11:39 - 2012-08-01 21:29 - 00000000 ___DC C:\firearms
2013-06-29 11:39 - 2012-04-27 10:38 - 00000000 ___DC C:\Program Files\Microsoft Office
2013-06-29 11:39 - 2012-04-26 23:41 - 00000000 ___DC C:\Program Files\7-Zip
2013-06-27 01:41 - 2012-04-26 22:06 - 00000000 ___DC C:\Users\Janus.Magnus\AppData\Roaming\Mozilla
2013-06-25 11:01 - 2009-07-14 07:32 - 00000000 ___DC C:\Windows\System32\FxsTmp
2013-06-20 22:36 - 2012-04-26 23:00 - 00000000 ___DC C:\Program Files (x86)\Java
2013-06-20 12:00 - 2009-07-14 05:20 - 00000000 ___DC C:\Windows\System32\NDF
2013-06-10 18:26 - 2013-06-10 18:16 - 00000000 ___DC C:\Program Files (x86)\MagicScan
2013-06-10 18:19 - 2013-06-10 18:19 - 00000000 ___DC C:\ProgramData\ABBYY
2013-06-10 08:35 - 2012-04-27 10:56 - 00000000 ___DC C:\Users\Janus.Magnus\AppData\Local\Google
2013-06-03 22:22 - 2013-06-03 22:22 - 00000000 ___DC C:\ProgramData\Apple Computer

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-06-29 16:28

==================== End Of Log ============================
--- --- ---

--- --- ---



Neues FRST Addition Log:
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-06-2013 03
Ran by Janus at 2013-07-01 12:13:05
Running from D:\Janus\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

µTorrent (x32 Version: 3.3.0.29677)
64 Bit HP CIO Components Installer (Version: 7.2.8)
6500_E709_eDocs (x32 Version: 1.00.0000)
6500_E709_Help (x32 Version: 1.00.0000)
6500_E709n (x32 Version: 140.0.000.000)
7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
Adobe AIR (x32 Version: 3.7.0.2090)
Adobe Digital Editions 2.0 (x32 Version: 2.0)
Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.224)
Adobe Shockwave Player 11.6 (x32 Version: 11.6.8.638)
AMD Accelerated Video Transcoding (Version: 12.10.100.30416)
AMD APP SDK Runtime (Version: 10.0.1124.2)
AMD Catalyst Install Manager (Version: 8.0.911.0)
AMD Drag and Drop Transcoding (Version: 2.00.0000)
AMD Media Foundation Decoders (Version: 1.0.80416.1146)
A-PDF Page Cut (x32)
Apple Application Support (x32 Version: 2.3)
Apple Software Update (x32 Version: 2.1.3.127)
Avery Wizard 4.0 (Version: 4.0.201)
Bamboo (Version: 5.3.0-3)
Bamboo Dock (x32 Version: 4.1)
Bamboo Dock (x32 Version: 4.1.0)
Bamboo Tablets Tutorial (x32 Version: 3.0.20)
Bing Bar (x32 Version: 5.0.1449.0)
Bing Bar Platform (x32 Version: 5.0.1449.0)
bpd_scan (x32 Version: 3.00.0000)
BPDSoftware (x32 Version: 140.0.000.000)
BPDSoftware_Ini (x32 Version: 1.00.0000)
BufferChm (x32 Version: 140.0.213.000)
calibre (x32 Version: 0.9.30)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center (x32 Version: 2013.0416.1149.19347)
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.0416.1149.19347)
Catalyst Control Center InstallProxy (x32 Version: 2013.0416.1149.19347)
Catalyst Control Center Localization All (x32 Version: 2013.0416.1149.19347)
CCC Help Chinese Standard (x32 Version: 2013.0416.1148.19347)
CCC Help Chinese Traditional (x32 Version: 2013.0416.1148.19347)
CCC Help Czech (x32 Version: 2013.0416.1148.19347)
CCC Help Danish (x32 Version: 2013.0416.1148.19347)
CCC Help Dutch (x32 Version: 2013.0416.1148.19347)
CCC Help English (x32 Version: 2013.0416.1148.19347)
CCC Help Finnish (x32 Version: 2013.0416.1148.19347)
CCC Help French (x32 Version: 2013.0416.1148.19347)
CCC Help German (x32 Version: 2013.0416.1148.19347)
CCC Help Greek (x32 Version: 2013.0416.1148.19347)
CCC Help Hungarian (x32 Version: 2013.0416.1148.19347)
CCC Help Italian (x32 Version: 2013.0416.1148.19347)
CCC Help Japanese (x32 Version: 2013.0416.1148.19347)
CCC Help Korean (x32 Version: 2013.0416.1148.19347)
CCC Help Norwegian (x32 Version: 2013.0416.1148.19347)
CCC Help Polish (x32 Version: 2013.0416.1148.19347)
CCC Help Portuguese (x32 Version: 2013.0416.1148.19347)
CCC Help Russian (x32 Version: 2013.0416.1148.19347)
CCC Help Spanish (x32 Version: 2013.0416.1148.19347)
CCC Help Swedish (x32 Version: 2013.0416.1148.19347)
CCC Help Thai (x32 Version: 2013.0416.1148.19347)
CCC Help Turkish (x32 Version: 2013.0416.1148.19347)
ccc-utility64 (Version: 2013.0416.1149.19347)
CCleaner (Version: 4.00)
Creative Centrale (x32 Version: 1.19.02)
Creative Software Update (x32 Version: 1.03.01)
Creative ZEN MX Dokumentation (x32)
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition
Destinations (x32 Version: 130.0.0.0)
DeviceDiscovery (x32 Version: 140.0.213.000)
DocMgr (x32 Version: 140.0.65.000)
DocProc (x32 Version: 140.0.100.000)
Dolby Home Theater v4 (x32 Version: 7.2.7000.7)
eDocPrintPro v3.17.5 (Version: 3.17.5)
Etron USB3.0 Host Controller (x32 Version: 0.109)
EuroTalk Talk Now! (x32 Version: 2.5.6.1)
Everything 1.2.1.371 (x32)
Exact Audio Copy 1.0beta3 (x32 Version: 1.0beta3)
Fax (x32 Version: 140.0.213.000)
File Shredder 2.5
FileZilla Client 3.5.3 (x32 Version: 3.5.3)
focus booster (x32 Version: 1.2)
Foxit Reader (x32 Version: 6.0.3.524)
FreeCAD 0.13 (x32 Version: 0.13.1828)
GonVisor 2.22.01 (x32)
Google Chrome (x32 Version: 27.0.1453.116)
Google Earth (x32 Version: 7.0.3.8542)
Google Talk Plugin (x32 Version: 4.1.3.13728)
Google Update Helper (x32 Version: 1.3.21.145)
GPBaseService2 (x32 Version: 140.0.212.000)
Gpg4win (2.1.1-34299-beta) (x32 Version: 2.1.1-34299-beta)
gs_x64 (Version: 9.00)
HP Customer Participation Program 14.0 (Version: 14.0)
HP Document Manager 2.0 (Version: 2.0)
HP Imaging Device Functions 14.0 (Version: 14.0)
HP Officejet 6500 E709 Series (Version: 14.0)
HP Smart Web Printing 4.60 (Version: 4.60)
HP Solution Center 14.0 (Version: 14.0)
HP Update (x32 Version: 5.002.002.002)
HPDiagnosticAlert (x32 Version: 1.00.0000)
HPProductAssistant (x32 Version: 140.0.213.000)
HPSSupply (x32 Version: 140.0.212.000)
ImgBurn (x32 Version: 2.5.7.0)
Intel(R) Control Center (x32 Version: 1.2.1.1007)
Intel(R) Management Engine Components (x32 Version: 7.1.21.1134)
Intel(R) OpenCL CPU Runtime (x32)
Intel(R) Processor Graphics (x32 Version: 8.15.10.2618)
Java 7 Update 11 (64-bit) (Version: 7.0.110)
Java 7 Update 25 (x32 Version: 7.0.250)
Java Auto Updater (x32 Version: 2.1.9.5)
Kcast Desktop (x32 Version: 1.2.5)
Kunigunde V1.5 (x32)
MagicDisc 2.7.106 (x32)
MakeTorrent v2.1 (x32)
MarketResearch (x32 Version: 140.0.214.000)
marvell 91xx driver (x32 Version: 1.2.0.1027)
MediaMonkey 4.0 (x32 Version: 4.0)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Default Manager (x32 Version: 2.1.55.0)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Groove MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Office 32-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Italian) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 32-bit MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Search Enhancement Pack (x32 Version: 3.0.126.0)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft-Maus- und Tastatur-Center (Version: 2.1.177.0)
MKVToolNix 5.7.0 (x32 Version: 5.7.0)
Mozilla Firefox 21.0 (x86 de) (x32 Version: 21.0)
Mozilla Maintenance Service (x32 Version: 17.0.6)
Mozilla Thunderbird 17.0.6 (x86 de) (x32 Version: 17.0.6)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MyPhoneExplorer (x32 Version: 1.8.4)
Network Meter version 9.0 (x32 Version: 9.0)
Network64 (Version: 140.0.215.000)
Network64 (Version: 140.0.221.000)
NirSoft BlueScreenView (x32)
OCR Software by I.R.I.S. 14.0 (Version: 14.0)
Picasa 3 (x32 Version: 3.9)
PicGrab 2.8.0 (x32 Version: 2.8.0)
Private Internet Access Support Files (x32 Version: 1.0.0.0)
ProductContext (x32 Version: 140.0.000.000)
QuickTime (x32 Version: 7.74.80.86)
Realtek Ethernet Controller Driver (x32 Version: 7.53.216.2012)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6554)
RockTrader Pro (x32 Version: 2.60.12.0)
SABnzbd 0.6.15 (x32 Version: 0.6.15)
Scan (x32 Version: 140.0.167.000)
Scrivener Update (x32 Version: 1530)
Shop for HP Supplies (Version: 14.0)
SketchUp 8 (x32 Version: 3.0.16846)
Skype™ 6.0 (x32 Version: 6.0.126)
SmartWebPrinting (x32 Version: 140.0.213.000)
Sniper Elite V2 (x32)
SolutionCenter (x32 Version: 140.0.214.000)
Sony Ericsson Update Engine (x32 Version: 2.12.9.24)
Sony PC Companion 2.10.136 (x32 Version: 2.10.136)
Stanza (x32)
Status (x32 Version: 140.0.256.000)
StreamTransport version: 1.0.2.2171 (x32)
swMSM (x32 Version: 12.0.0.1)
TeraCopy 2.27
Toolbox (x32 Version: 140.0.428.000)
Total CMA Pack 0.57 (x32 Version: 0.57)
TrayApp (x32 Version: 140.0.213.000)
Tresorit (x32 Version: 0.5.1.76)
Trillian (x32)
TrueCrypt (x32 Version: 7.0a)
TV Rename (x32)
Unlocker 1.9.1-x64 (Version: 1.9.1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 64-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2598242) 64-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 64-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 64-Bit Edition
Update for Microsoft OneNote 2010 (KB2687277) 64-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 64-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 64-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 64-Bit Edition
VLC media player 2.0.5 (x32 Version: 2.0.5)
WebReg (x32 Version: 140.0.213.017)
WebTablet FB Plugin 32 bit (x32 Version: 2.1.0.2)
WebTablet IE Plugin (x32 Version: 1.1.0.12)
WebTablet Netscape Plugin (x32 Version: 1.1.0.10)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
Winsome File Renamer version 8.0 (x32 Version: 8.0)
Wuala CBFS (x32 Version: 3.2.107.0)
Wuala OverlayIcons (x32 Version: 1.0.0.2)
Wunderlist (x32 Version: 1.2.4)
XAMPP 1.7.7 (x32)
XMind (x32 Version: 3.2.1)

==================== Restore Points  =========================

29-06-2013 15:55:25 Geplanter Prüfpunkt

==================== Scheduled Tasks (whitelisted) =============

Task: {01792268-5C68-4FEC-8F82-4D56BE7D3A09} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4042712820-1691623583-3515648659-1005UA => C:\Users\Janus.Magnus\AppData\Local\Google\Update\GoogleUpdate.exe No File
Task: {244EE4B7-C66D-4ECC-87DF-B1A8BA7A736F} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-23] (Microsoft Corporation)
Task: {3E99FBE2-6E9B-4051-AF64-6FC3B53E582E} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => C:\Program Files\Microsoft IntelliPoint\IPoint.exe No File
Task: {440A253A-335D-4B8D-82B9-E33E4C7E5400} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe No File
Task: {529FD398-3CE9-4227-9348-4963D308265F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe No File
Task: {6B071159-27A4-4143-A516-88D387369CF6} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4042712820-1691623583-3515648659-1005Core => C:\Users\Janus.Magnus\AppData\Local\Google\Update\GoogleUpdate.exe No File
Task: {9B830A6A-5E21-4991-B036-FD348A27AA43} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe No File
Task: {9CF32335-79C5-4916-86FE-3EC24A348030} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-01-29] (Microsoft Corporation)
Task: {A254FDB5-C31A-4F69-BAC4-00385FEE19B4} - System32\Tasks\AutoKMSDaily => C:\Windows\AutoKMS\AutoKMS.exe No File
Task: {A83155CC-0144-4AE0-9483-BF6125CEB320} - System32\Tasks\Private Internet Access Startup => C:\Program Files\pia_manager\pia_manager.exe [2013-06-17] ()
Task: {A99795E5-E3F9-4F66-8B71-ED4EB0C7732F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe No File
Task: {A997C77B-1336-44A7-B855-D7FBC4393CD8} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe No File
Task: {BD315DF7-68B7-4596-8959-562FF79731C9} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-01-29] (Microsoft Corporation)
Task: {C21E4323-62C6-4C17-B5D6-5C1BE0A27C7F} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-14] (Microsoft Corporation)
Task: {D6E82B07-3B6D-4B9C-BB2D-58F40FEEB302} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe No File
Task: {DF8D21CD-0174-489C-9663-CD2A54FEF7B2} - System32\Tasks\Microsoft_Hardware_Launch_rundll32_exe => C:\Windows\System32\rundll32.exe [2009-07-14] (Microsoft Corporation)

==================== Faulty Device Manager Devices =============

Name: Officejet 6500 E709n
Description: Officejet 6500 E709n
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: HP
Service: StillCam
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Officejet 6500 E709n
Description: Officejet 6500 E709n
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/01/2013 00:12:13 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (07/01/2013 00:03:59 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (07/01/2013 11:49:25 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (07/01/2013 08:41:56 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (07/01/2013 08:36:18 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (07/01/2013 08:36:06 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (07/01/2013 08:31:43 AM) (Source: Winlogon) (User: )
Description: Fehler bei der Windows-Lizenzaktivierung. Fehler 0x80070005.


System errors:
=============
Error: (07/01/2013 08:33:45 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (07/01/2013 08:31:56 AM) (Source: ipnathlp) (User: )
Description: 0

Error: (07/01/2013 08:31:45 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Defender" wurde mit folgendem Fehler beendet:
%%-2146762496


Microsoft Office Sessions:
=========================
Error: (07/01/2013 00:12:13 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestD:\Janus\Desktop\esetsmartinstaller_enu.exe

Error: (07/01/2013 00:03:59 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (07/01/2013 11:49:25 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (07/01/2013 08:41:56 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestD:\Janus\Desktop\esetsmartinstaller_enu.exe

Error: (07/01/2013 08:36:18 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestD:\Janus\Desktop\esetsmartinstaller_enu.exe

Error: (07/01/2013 08:36:06 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestK:\temp\esetsmartinstaller_enu.exe

Error: (07/01/2013 08:31:43 AM) (Source: Winlogon)(User: )
Description: 0x800700050x00000000


CodeIntegrity Errors:
===================================
  Date: 2013-06-30 10:51:09.501
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\fveapibase.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-06-30 10:51:09.501
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\fveapibase.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-06-30 10:51:09.501
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\fveapibase.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-06-30 10:51:09.501
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\fveapibase.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-06-30 10:51:09.501
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\fveapibase.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-06-30 10:51:09.485
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\fveapibase.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-06-30 10:51:09.485
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\fveapibase.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-06-30 10:51:09.485
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\fveapibase.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-06-30 10:51:09.485
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\fveapibase.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-06-30 10:51:09.485
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\fveapibase.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info ===========================

Percentage of memory in use: 32%
Total physical RAM: 8109.11 MB
Available physical RAM: 5508.89 MB
Total Pagefile: 16216.41 MB
Available Pagefile: 13849.78 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (System) (Fixed) (Total:55.9 GB) (Free:26.06 GB) NTFS (Disk=1 Partition=1)
Drive d: (Sparta) (Fixed) (Total:1863.01 GB) (Free:166.57 GB) NTFS (Disk=0 Partition=1)
Drive e: (Bruce) (Fixed) (Total:279.46 GB) (Free:82.79 GB) NTFS (Disk=4 Partition=1)
Drive f: (Goliath) (Fixed) (Total:1397.26 GB) (Free:112.46 GB) NTFS (Disk=3 Partition=1) ==>[System with boot components (obtained from reading drive)]
Drive g: (Merkur) (Fixed) (Total:931.51 GB) (Free:372.04 GB) NTFS (Disk=2 Partition=1)
Drive i: (10.3.2.34962_RC1) (CDROM) (Total:0.04 GB) (Free:0 GB) CDFS
Drive k: (Stick) (Removable) (Total:1.92 GB) (Free:1.6 GB) NTFS (Disk=6 Partition=1)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 1863 GB) (Disk ID: 3CF29E19)
Partition 1: (Not Active) - (Size=-198626508800) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 56 GB) (Disk ID: EA7161DD)
Partition 1: (Not Active) - (Size=56 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 1D1E1D1D)
Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (MBR Code: Windows 7 or 8) (Size: 1397 GB) (Disk ID: DD5108FA)
Partition 1: (Active) - (Size=-698723990528) - (Type=07 NTFS)

========================================================
Disk: 4 (MBR Code: Windows 7 or Vista) (Size: 279 GB) (Disk ID: AAF0AAF0)
Partition 1: (Not Active) - (Size=279 GB) - (Type=07 NTFS)

========================================================
Disk: 6 (Size: 2 GB) (Disk ID: 00000000)
Partition 1: (Active) - (Size=2 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Ok, das wären die gewünschten Logs...
Geändert/verbessert hat sich allerdings noch nix...
- Der Desktop ist noch immer schwarz (vernachlässigbar)
- Meine Programme (inkl. dem Großteil aller Programmdateien) sind nach wie vor verschwunden
- Dementsprechend sind auch alle Dateityp Verknüpfungen weg (z.B.: txt->Editor, doc(x)->Word, ...)
- Auch alle anderen Links zu den Programmen (Desktop, Startmenu, Schnellstartleiste, ...) sind weg
- Mein System behauptet noch immer keine Originalversion zu sein :(
- Beim Starten bekomme ich nach wie vor die gleichen Fehlermeldungen:
"Dolby Profile Selector funktioniert nicht mehr" + 2 Fehlermeldungen vom "Microsoft Maus + Tastatur Center" (was ja vermutlich an dem generellen Problem mit den Programmen liegt)

Also im Prinzip noch immer die gleiche Situation... noch keine Lösung :(

Grundsatzfragen:
Sind meine Programmdateien (inkl. im Programm gespeicherte Benutzerdaten, z.B. Thunderbird Profil) endgültig weg oder hat dieser Trojaner die "nur" so versteckt das sie momentan vom System einfach nicht mehr gefunden werden?
Ich habe auch den Eindruck auf meiner Systemplatte (eigene SSD) habe ich jetzt etwas mehr Platz als vorher... :/ ?
Verursacht der Trojaner auch diese Meldung(en) das mein Windows nicht original ist, oder ist da wirklich was nicht ganz in Ordnung? (Eine neue 100% legal Version ist sicherheitshalber schon unterwegs, aber würde mich interessieren... und auch wie das evtl. das Trojaner-Problem beinflußt? ...oder auch nicht.

schrauber 01.07.2013 13:00
Änderungen der Hardware oder eben durch Malware kann sowas hervorufen.

Windows Repair (All In One) - Download - Filepony

Windows All in One repair laden und laufen lassen, jeden Step durchgehen, immer alles durchführen, am Schlus alles anhaken und laufen lassen.

Downloade bitte Grinlers unhide.exe auf deinem Desktop
  • Starte das Tool mit Doppelklick.
  • Wenn es seine Arbeit getan hat, wir eine Nachricht mit Finished aufpoppen. Bestätige diese mit Ok.
  • Das Tool erstellt eine Unhide.txt. Poste deren Inhalt mit deiner nächsten Antwort.

Panthera7 01.07.2013 14:50
Ok, das werd ich gleich so machen...
Nur eine Frage dazu... Sollte das (Windows Repair + Unhide) dann meine Programme/Dateien wieder aus der Versenkung holen oder sind die eh schon weg/vernichtet?
Der Punkt ist ja das ich meine Einstellungen, Benutzerdaten, usw. (so viele wie möglich) retten will und ich gerne wissen würde wie realistisch das (noch) ist?

Da die Lage sich (anscheinend) bisher nicht wirklich geändert hat (aus meiner Amateur-Perspektive) würde mich interessieren was als erfolgreiche Lösung gewertet wird? Ist es (noch) machbar das System tatsächlich wieder in den Zustand vor diesem Trojaner-Zwischenfall zu bringen oder müssen Abstriche gemacht werden? Welche?

Auf jeden Fall herzlichen Dank für deine Hilfe bisher! :)
Ich würde mich freuen wenn ich (man), neben den nächsten Anweisungen, etwas mehr Informationen darüber kriegen könnte was dabei so alles im Hintergrund (für uns simple User ungesehen) passiert. ;) Danke!

So, es gibt ein Problem mit Windows Repair...
Ich habe das Archiv heruntergeladen, den Ordner im root auf C:\ entpackt und dann versucht das Programm (Repair_Windows) in diesem Ordner zu starten.
Als erstes versucht als Admin auszuführen... Fehlermeldung wegen "Overflow"...
Dann nochmal "normal" gestartet... Hat zwar gestartet aber mit massiven Darstellungsproblemen:
Keine Schrift (nirgends!), nur eine paar Logos und (auch leere) Knöpfe + 7 Tabs ohne Beschriftung :/
Wie kann man das lösen? Evtl. im Abgesicherten Modus ausführen?

schrauber 01.07.2013 16:10
Sehr komisch. Also verloren ist noch gar nichts. Erstmal Malware entfernen, erledigt, jetzt schauen wir uns die Einstellungen an :).

Eigentlich sollte Windows All in One ein Installer sein, heißt ein Tool das man installiert.

Mach mal Unhide.

Panthera7 01.07.2013 17:00
Liste der Anhänge anzeigen (Anzahl: 1)
Ich würde sagen seltsam... komisch ist das nicht (mehr) unbedingt. :/

Das Windows Repair Tool war ein zip Archiv mit einem Ordner darin...

Und mit unhide.exe kann ich auch keine positive Meldung geben.
Hat weder irgendwelche Dateien sichtbar gemacht noch eine Log Datei erstellt. :(
Daher habe ich unhide ein 2.Mal laufen lassen und einen screenshot davon gemacht...

Also von meiner (Amateur-)Sicht aus hat sich leider (noch) nix geändert... :(

Was nun?


Alle Zeitangaben in WEZ +1. Es ist jetzt 15:34 Uhr.
Seite 1 von 3 1 23
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131