Trojaner-Board - GVU Trojaner, zum ersten ...

Gut, (mein name ist übrigens Marius :) )
FRST.txt :

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-08-2013 01

Ran by Steinmetzer (administrator) on 13-08-2013 20:19:47

Running from C:\Users\Steinmetzer\Desktop

Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard

Internet Explorer Version 9

Boot Mode: Normal
 

==================== Processes (Whitelisted) =================
 

(AMD) C:\Windows\system32\atiesrxx.exe

(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe

(Microsoft Corporation) C:\Windows\system32\WLANExt.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe

(AMD) C:\Windows\system32\atieclxx.exe

(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

() C:\Windows\SysWOW64\PnkBstrA.exe

(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

(Bandoo Media, inc) C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngrUI.exe

(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe

(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe

(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2480936 2010-12-17] (Synaptics Incorporated)

HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [524800 2010-12-14] (IDT, Inc.)

HKLM\...\Run: [HPWirelessAssistant] - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-07-21] (Hewlett-Packard Company)

HKLM\...\Run: [IntelPAN] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2012-01-04] (Intel(R) Corporation)

HKCU\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2010-11-22] (Hewlett-Packard Company)

HKCU\...\Run: [Wisdom-soft AutoScreenRecorder 3.1 Free] - 0 [x]

HKCU\...\Run: [Speech Recognition] - C:\Windows\Speech\Common\sapisvr.exe [44544 2009-07-14] (Microsoft Corporation)

HKCU\...\Run: [Steam] - C:\Program Files (x86)\Steam\steam.exe [1671592 2013-07-01] (Valve Corporation)

HKCU\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59240 2012-02-23] (Apple Inc.)

HKCU\...\Run: [ApplePhotoStreams] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59240 2012-02-24] (Apple Inc.)

HKCU\...\Run: [Spotify Web Helper] - C:\Users\Steinmetzer\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1104384 2013-07-10] (Spotify Ltd)

HKCU\...\Run: [GoogleChromeAutoLaunch_86E68EA1987AAE753BE55EE1F8756C88] - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [846288 2013-07-25] (Google Inc.)

HKCU\...\Run: [Spotify] - C:\Users\Steinmetzer\AppData\Roaming\Spotify\spotify.exe [4640768 2013-07-10] (Spotify Ltd)

HKCU\...\Run: [Facebook Update] - C:\Users\Steinmetzer\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-04-07] (Facebook Inc.)

HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19875432 2013-06-21] (Skype Technologies S.A.)

HKCR\...409d6c4515e9\InprocServer32: [Default-shell32] C:\$Recycle.Bin\S-1-5-21-1421421367-465013136-1781341850-1001\$480952bbd06f13c408d8325fcad7e9c6\n. ATTENTION! ====> ZeroAccess?

MountPoints2: {d91713a1-710b-11e1-a309-cc52af076ffa} - G:\pushinst.exe

MountPoints2: {ed468d84-4375-11e1-a638-cc52af076ffa} - G:\fscommand\LS_Start_Launch.cmd

HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-12] (Intel Corporation)

HKLM-x32\...\Run: [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [586296 2010-11-09] (Hewlett-Packard Development Company, L.P.)

HKLM-x32\...\Run: [HPOSD] - C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [318520 2010-12-13] (Hewlett-Packard Development Company, L.P.)

HKLM-x32\...\Run: [ControlCenter3] - C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)

HKLM-x32\...\Run: [BrStsMon00] - C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2621440 2010-02-09] (Brother Industries, Ltd.)

HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [281768 2011-04-21] (Avira GmbH)

HKLM-x32\...\Run: [DATAMNGR] - C:\PROGRA~2\WI3C8A~1\Datamngr\DATAMN~1.EXE [1694608 2011-12-06] (Bandoo Media, inc)

HKU\Mcx1-MARIUS-HP\...\Winlogon: [Shell] C:\Windows\eHome\McrMgr.exe [343552 2009-07-14] (Microsoft Corporation) <==== ATTENTION 

AppInit_DLLs: C:\PROGRA~2\WI3C8A~1\Datamngr\x64\datamngr.dll C:\PROGRA~2\WI3C8A~1\Datamngr\x64\IEBHO.dll  [1791384 2011-12-06] (Bandoo Media, inc)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk

ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

Startup: C:\Users\Steinmetzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

ShortcutTarget: Dropbox.lnk -> C:\Users\Steinmetzer\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

Startup: C:\Users\Steinmetzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk

ShortcutTarget: Facebook Messenger.lnk -> C:\Users\Steinmetzer\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe (Facebook)

Startup: C:\Users\Steinmetzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk

ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

Startup: C:\Users\Steinmetzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Real Desktop.lnk

ShortcutTarget: Real Desktop.lnk -> C:\Program Files (x86)\Real Desktop\Real Desktop.exe (No File)
 

==================== Internet (Whitelisted) ====================
 

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4

URLSearchHook: (No Name) - {77f8c945-4b74-4bd6-a073-e0d1997edce8} -  No File

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=175&systemid=406&sr=0&q={searchTerms}

SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF

SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=175&systemid=406&sr=0&q={searchTerms}

SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF

SearchScopes: HKLM - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}

SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}

SearchScopes: HKLM-x32 - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=175&systemid=406&sr=0&q={searchTerms}

SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF

SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=175&systemid=406&sr=0&q={searchTerms}

SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF

SearchScopes: HKLM-x32 - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}

SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}

SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.holasearch.com/?q={searchTerms}&affID=121962&babsrc=SP_ss&mntrId=5A688CA9824CD555

SearchScopes: HKCU - {1B3E420A-9B6A-42C2-B026-C4D2EA343858} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2795622

SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=175&systemid=406&sr=0&q={searchTerms}

SearchScopes: HKCU - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = 

SearchScopes: HKCU - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = 

SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = 

SearchScopes: HKCU - {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = 

BHO: No Name - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -  No File

BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: DataMngr - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~2\WI3C8A~1\Datamngr\x64\BROWSE~1.DLL (Bandoo Media, inc)

BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO: No Name - {DBC80044-A445-435b-BC74-9C25C1C588A9} -  No File

BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll No File

BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll ()

BHO-x32: DataMngr - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~2\WI3C8A~1\Datamngr\BROWSE~1.DLL (Bandoo Media, inc)

BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Toolbar: HKLM - FireShot - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - C:\Users\Steinmetzer\AppData\Roaming\Mozilla\Firefox\Profiles\oh6nnzts.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fsaddin64-0.96.dll No File

Toolbar: HKLM-x32 - Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll ()

Toolbar: HKLM-x32 - FireShot - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - C:\Users\Steinmetzer\AppData\Roaming\Mozilla\Firefox\Profiles\oh6nnzts.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fsaddin-0.96.dll No File

Toolbar: HKCU - No Name - {77F8C945-4B74-4BD6-A073-E0D1997EDCE8} -  No File

DPF: HKLM-x32 {784797A8-342D-4072-9486-03C8D0F2F0A1} hxxp://www.battlefieldheroes.com/static/updater/BFHUpdater_5.0.127.0.cab

DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.5.0.cab

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
 

FireFox:

========

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin-x32: @java.com/DTPlugin,version=10.9.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.9.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Steinmetzer\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File

FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Steinmetzer\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File

FF Plugin HKCU: facebook.com/fbDesktopPlugin - C:\Users\Steinmetzer\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)

FF HKCU\...\Firefox\Extensions: [{184AA5E6-741D-464a-820E-94B3ABC2F3B4}] C:\Users\Steinmetzer\AppData\Roaming\05035
 

Chrome: 

=======

CHR HomePage: hxxp://www.holasearch.com/?affID=121962&babsrc=HP_ss&mntrId=5A688CA9824CD555

CHR RestoreOnStartup: "hxxp://google.de/"

CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}

CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}

CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\PepperFlash\pepflashplayer.dll ()

CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll ()

CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\pdf.dll ()

CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)

CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File

CHR Plugin: (Java(TM) Platform SE 7 U9) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

CHR Plugin: (Java Deployment Toolkit 7.0.90.5) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File

CHR Extension: (YouTube) - C:\Users\STEINM~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0

CHR Extension: (Google Search) - C:\Users\STEINM~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0

CHR Extension: (DVDVideoSoft Browser Extension) - C:\Users\STEINM~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0

CHR Extension: (Gmail) - C:\Users\STEINM~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1

CHR HKLM-x32\...\Chrome\Extension: [fjdkdjokkloghgmiiibhpkhipdfomgbo] - C:\Users\STEINM~1\AppData\Local\Temp\ccex.crx
 

==================== Services (Whitelisted) =================
 

S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [136360 2011-04-21] (Avira GmbH)

S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [269480 2011-07-21] (Avira GmbH)

S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2012-01-04] ()

S3 npggsvc; C:\Windows\SysWow64\GameMon.des [3889424 2011-08-01] (INCA Internet Co., Ltd.)

R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-06-16] ()

S2 Akamai; c:\program files (x86)\common files\akamai/netsession_win_7de0ed9.dll [x]

S2 ezSharedSvc; 
 

==================== Drivers (Whitelisted) ====================
 

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [88288 2011-07-21] (Avira GmbH)

R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [123784 2011-07-21] (Avira GmbH)

S3 RZMAELSTROMVADService; C:\Windows\System32\drivers\RzMaelstromVAD.sys [40696 2013-05-17] (Windows (R) Win 7 DDK provider)

S3 ss_bserd; C:\Windows\System32\DRIVERS\ss_bserd.sys [128000 2009-09-19] (MCCI Corporation)

S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-01-10] (Anchorfree Inc.)

S3 dump_wmimmc; No ImagePath
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2013-08-13 20:19 - 2000-01-01 00:06 - 01575274 _____ (Farbar) C:\Users\Steinmetzer\Desktop\FRST64.exe

2013-08-10 15:00 - 2013-08-10 15:10 - 139145504 _____ (GIANTS Software                                             ) C:\Users\Steinmetzer\Downloads\FarmingSimulator2013Patch2.0DE_PublicBeta2 (1).exe

2013-08-10 14:38 - 2013-08-10 14:41 - 00009551 _____ C:\Users\Steinmetzer\Downloads\FarmingSimulator2013Patch2.0DE_PublicBeta2.exe

2013-08-07 23:53 - 2013-08-12 18:50 - 00000000 ___RD C:\Users\Steinmetzer\Desktop\,

2013-08-05 16:10 - 2013-08-05 16:13 - 37949670 _____ C:\Users\Steinmetzer\Downloads\fendt13bbgreen.rar

2013-07-31 22:38 - 2013-07-31 22:38 - 00003142 _____ C:\Windows\System32\Tasks\{A2DB886C-B0C6-4D79-B64F-8DDF8A759933}

2013-07-31 22:27 - 2013-07-31 22:36 - 108422648 _____ C:\Users\Steinmetzer\Downloads\avira_free_antivirus884_de.exe

2013-07-31 21:14 - 2013-07-31 21:14 - 00181452 _____ C:\Users\STEINM~1\AppData\Local\9f2c10a0-f56c-464d-b90f-23109eb5be53

2013-07-28 23:11 - 2013-07-28 23:12 - 11342986 _____ C:\Users\Steinmetzer\Downloads\zuerst_entpacken (1).zip

2013-07-28 23:09 - 2013-07-28 23:09 - 05122685 _____ C:\Users\Steinmetzer\Downloads\Holaras_Schild_ENTPACKEN.rar

2013-07-20 21:27 - 2013-07-20 21:27 - 00000000 ____D C:\Games

2013-07-18 11:09 - 2013-07-18 11:11 - 00000000 ____D C:\Windows\system32\MRT

2013-07-14 22:44 - 2013-07-14 22:46 - 18496415 _____ C:\Users\Steinmetzer\Downloads\Lexion 550 UNPACK ME V2.5.rar
 

==================== One Month Modified Files and Folders =======
 

2013-08-14 05:25 - 2013-08-14 05:25 - 00000000 ____D C:\FRST

2013-08-13 20:19 - 2011-01-10 02:49 - 21659390 _____ C:\Windows\system32\perfh007.dat

2013-08-13 20:19 - 2011-01-10 02:49 - 06974518 _____ C:\Windows\system32\perfc007.dat

2013-08-13 20:19 - 2009-07-14 07:13 - 00006678 _____ C:\Windows\system32\PerfStringBackup.INI

2013-08-13 20:17 - 2009-07-14 06:45 - 00023024 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-08-13 20:17 - 2009-07-14 06:45 - 00023024 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-08-13 20:12 - 2012-09-12 21:26 - 00000000 ____D C:\Users\Steinmetzer\AppData\Roaming\Spotify

2013-08-13 20:11 - 2013-02-03 13:54 - 00000000 ____D C:\Users\Steinmetzer\AppData\Roaming\Dropbox

2013-08-13 20:11 - 2011-12-30 02:47 - 00000000 ____D C:\Program Files (x86)\Steam

2013-08-13 20:10 - 2013-01-30 16:58 - 00005366 _____ C:\Windows\setupact.log

2013-08-13 20:10 - 2012-10-24 19:47 - 00001116 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2013-08-13 20:10 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2013-08-13 19:10 - 2011-04-16 04:01 - 01495700 _____ C:\Windows\WindowsUpdate.log

2013-08-13 18:54 - 2011-11-02 23:13 - 00000356 _____ C:\Windows\Tasks\HPCeeScheduleForSteinmetzer.job

2013-08-13 18:47 - 2013-03-13 18:20 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-08-13 18:47 - 2012-10-24 19:47 - 00001120 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2013-08-13 18:47 - 2012-05-16 22:38 - 00001144 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1421421367-465013136-1781341850-1001UA.job

2013-08-13 18:47 - 2012-05-16 22:38 - 00001092 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1421421367-465013136-1781341850-1001Core.job

2013-08-13 18:47 - 2011-09-20 20:44 - 00000952 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1421421367-465013136-1781341850-1001UA.job

2013-08-13 18:47 - 2011-09-20 20:44 - 00000930 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1421421367-465013136-1781341850-1001Core.job

2013-08-12 20:10 - 2013-02-03 19:29 - 00117926 _____ C:\Windows\PFRO.log

2013-08-12 18:53 - 2011-10-29 20:09 - 00000000 ____D C:\Users\Steinmetzer\AppData\Roaming\TS3Client

2013-08-12 18:53 - 2011-09-21 19:23 - 00000000 ____D C:\Users\STEINM~1\AppData\Local\CrashDumps

2013-08-12 18:51 - 2012-10-21 20:54 - 00000000 ____D C:\Users\STEINM~1\AppData\Local\TeamSpeak 3 Client

2013-08-12 18:50 - 2013-08-07 23:53 - 00000000 ___RD C:\Users\Steinmetzer\Desktop\,

2013-08-12 18:32 - 2012-09-12 21:27 - 00000000 ____D C:\Users\STEINM~1\AppData\Local\Spotify

2013-08-10 15:11 - 2012-10-24 20:40 - 00000000 ____D C:\Program Files (x86)\Landwirtschafts Simulator 2013

2013-08-10 15:10 - 2013-08-10 15:00 - 139145504 _____ (GIANTS Software                                             ) C:\Users\Steinmetzer\Downloads\FarmingSimulator2013Patch2.0DE_PublicBeta2 (1).exe

2013-08-10 14:41 - 2013-08-10 14:38 - 00009551 _____ C:\Users\Steinmetzer\Downloads\FarmingSimulator2013Patch2.0DE_PublicBeta2.exe

2013-08-09 12:54 - 2011-11-02 23:13 - 00003222 _____ C:\Windows\System32\Tasks\HPCeeScheduleForSteinmetzer

2013-08-08 00:04 - 2013-02-03 14:00 - 00001036 _____ C:\Users\Steinmetzer\Desktop\Dropbox.lnk

2013-08-08 00:04 - 2013-02-03 14:00 - 00000000 ___RD C:\Users\Steinmetzer\Dropbox

2013-08-08 00:04 - 2013-02-03 13:58 - 00000000 ____D C:\Users\Steinmetzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

2013-08-07 21:12 - 2011-10-05 21:25 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log

2013-08-05 16:13 - 2013-08-05 16:10 - 37949670 _____ C:\Users\Steinmetzer\Downloads\fendt13bbgreen.rar

2013-08-05 12:31 - 2011-12-24 21:37 - 00000000 ____D C:\Users\Steinmetzer\AppData\Roaming\.minecraft

2013-08-02 22:53 - 2012-03-14 20:03 - 00000000 ____D C:\Program Files (x86)\Google

2013-07-31 22:38 - 2013-07-31 22:38 - 00003142 _____ C:\Windows\System32\Tasks\{A2DB886C-B0C6-4D79-B64F-8DDF8A759933}

2013-07-31 22:36 - 2013-07-31 22:27 - 108422648 _____ C:\Users\Steinmetzer\Downloads\avira_free_antivirus884_de.exe

2013-07-31 22:20 - 2011-09-15 13:12 - 00000000 ____D C:\Users\Steinmetzer

2013-07-31 22:20 - 2009-07-14 06:45 - 00417384 _____ C:\Windows\system32\FNTCACHE.DAT

2013-07-31 22:19 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender

2013-07-31 22:19 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender

2013-07-31 22:18 - 2012-01-01 23:05 - 00000000 ____D C:\Users\Mcx1-MARIUS-HP

2013-07-31 22:16 - 2013-03-14 15:21 - 00000000 ____D C:\Program Files\Microsoft Silverlight

2013-07-31 22:16 - 2013-03-14 15:21 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight

2013-07-31 22:16 - 2011-09-16 09:21 - 00000000 ____D C:\ProgramData\Avira

2013-07-31 22:16 - 2011-09-16 09:21 - 00000000 ____D C:\Program Files (x86)\Avira

2013-07-31 22:16 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared

2013-07-31 22:14 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration

2013-07-31 21:14 - 2013-07-31 21:14 - 00181452 _____ C:\Users\STEINM~1\AppData\Local\9f2c10a0-f56c-464d-b90f-23109eb5be53

2013-07-28 23:12 - 2013-07-28 23:11 - 11342986 _____ C:\Users\Steinmetzer\Downloads\zuerst_entpacken (1).zip

2013-07-28 23:09 - 2013-07-28 23:09 - 05122685 _____ C:\Users\Steinmetzer\Downloads\Holaras_Schild_ENTPACKEN.rar

2013-07-23 10:04 - 2012-11-03 17:20 - 00000000 ____D C:\Users\STEINM~1\AppData\Local\Paint.NET

2013-07-20 21:27 - 2013-07-20 21:27 - 00000000 ____D C:\Games

2013-07-18 11:11 - 2013-07-18 11:09 - 00000000 ____D C:\Windows\system32\MRT

2013-07-14 22:46 - 2013-07-14 22:44 - 18496415 _____ C:\Users\Steinmetzer\Downloads\Lexion 550 UNPACK ME V2.5.rar

2013-07-14 01:47 - 2012-11-14 21:32 - 00000000 ____D C:\Users\Steinmetzer\Documents\Neuer Ordner
 

ZeroAccess:

C:\$Recycle.Bin\S-1-5-21-1421421367-465013136-1781341850-1001\$480952bbd06f13c408d8325fcad7e9c6
 

==================== Bamital & volsnap Check =================
 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 

LastRegBack: 2013-08-08 01:03
 

==================== End Of Log ============================

--- --- ---

Addition.txt :

Code:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-08-2013 01

Ran by Steinmetzer at 2013-08-13 20:20:14

Running from C:\Users\Steinmetzer\Desktop

Boot Mode: Normal

==========================================================
 
 

==================== Installed Programs =======================
 

   

ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.3)

Adobe Download Assistant (x32 Version: 1.0.6)

Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.224)

Adobe Reader X (10.1.2) - Deutsch (x32 Version: 10.1.2)

Adobe Shockwave Player 11.5 (x32 Version: 11.5.8.612)

Akamai NetSession Interface (HKCU)

Akamai NetSession Interface Service (x32)

ATI Catalyst Install Manager (Version: 3.0.804.0)

Avira AntiVir Personal - Free Antivirus (x32 Version: 10.2.0.1950)

Bonjour (Version: 3.0.0.10)

Broadcom 2070 Bluetooth 3.0 (Version: 6.3.0.6300)

Brother MFL-Pro Suite MFC-J265W (x32 Version: 1.0.3.0)

Call of Duty: Black Ops II - Multiplayer (x32)

Call of Duty: Black Ops II - Zombies (x32)

Call of Duty: Black Ops II (x32)

Call of Duty: Modern Warfare 2 - Multiplayer (x32)

Call of Duty: Modern Warfare 3 - Dedicated Server (x32)

Call of Duty: Modern Warfare 3 - Multiplayer (x32)

Catalyst Control Center - Branding (x32 Version: 1.00.0000)

Catalyst Control Center Graphics Previews Common (x32 Version: 2010.1217.1530.27758)

Catalyst Control Center InstallProxy (x32 Version: 2010.1217.1530.27758)

Catalyst Control Center Localization All (x32 Version: 2010.1217.1530.27758)

Catalyst Control Center Profiles Mobile (x32 Version: 2010.1217.1530.27758)

CCC Help Chinese Standard (x32 Version: 2010.1217.1529.27758)

CCC Help Chinese Traditional (x32 Version: 2010.1217.1529.27758)

CCC Help Czech (x32 Version: 2010.1217.1529.27758)

CCC Help Danish (x32 Version: 2010.1217.1529.27758)

CCC Help Dutch (x32 Version: 2010.1217.1529.27758)

CCC Help English (x32 Version: 2010.1217.1529.27758)

CCC Help Finnish (x32 Version: 2010.1217.1529.27758)

CCC Help French (x32 Version: 2010.1217.1529.27758)

CCC Help German (x32 Version: 2010.1217.1529.27758)

CCC Help Greek (x32 Version: 2010.1217.1529.27758)

CCC Help Hungarian (x32 Version: 2010.1217.1529.27758)

CCC Help Italian (x32 Version: 2010.1217.1529.27758)

CCC Help Japanese (x32 Version: 2010.1217.1529.27758)

CCC Help Korean (x32 Version: 2010.1217.1529.27758)

CCC Help Norwegian (x32 Version: 2010.1217.1529.27758)

CCC Help Polish (x32 Version: 2010.1217.1529.27758)

CCC Help Portuguese (x32 Version: 2010.1217.1529.27758)

CCC Help Russian (x32 Version: 2010.1217.1529.27758)

CCC Help Spanish (x32 Version: 2010.1217.1529.27758)

CCC Help Swedish (x32 Version: 2010.1217.1529.27758)

CCC Help Thai (x32 Version: 2010.1217.1529.27758)

ccc-core-static (x32 Version: 2010.1217.1530.27758)

ccc-utility64 (Version: 2010.1217.1530.27758)

CyberLink DVD Suite (x32 Version: 7.0.3525)

CyberLink YouCam (x32 Version: 3.2.1.3609)

D3DX10 (x32 Version: 15.4.2368.0902)

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)

Dropbox (HKCU Version: 2.0.22)

ElsterFormular (x32 Version: 13.0.0.8086u)

Energy Star Digital Logo (x32 Version: 1.0.1)

ESU for Microsoft Windows 7 (x32 Version: 1.0.0)

Facebook Messenger 2.0.4478.0 (x32 Version: 2.0.4478.0)

Facebook Messenger 2.1.4814.0 (x32 Version: 2.1.4814.0)

Free YouTube to MP3 Converter version 3.11.37.1212 (x32 Version: 3.11.37.1212)

German Truck Simulator 1.00 (x32 Version: 1.00)

GIANTS Editor 5.0.1 (x32 Version: 5.0.1)

Google Chrome (x32 Version: 28.0.1500.95)

Google Earth Plug-in (x32 Version: 7.1.1.1888)

Google Update Helper (x32 Version: 1.3.21.153)

HP Auto (Version: 1.0.12494.3472)

HP Client Services (Version: 1.0.12656.3472)

HP Customer Experience Enhancements (x32 Version: 6.0.1.7)

HP Documentation (x32 Version: 1.1.0.0)

HP On Screen Display (x32 Version: 1.0.7)

HP Power Manager (x32 Version: 1.1.2)

HP Quick Launch (x32 Version: 2.3.6)

HP Setup (x32 Version: 8.4.4487.3576)

HP Setup Manager (x32 Version: 1.0.12845.3522)

HP Software Framework (x32 Version: 4.1.13.1)

HP Support Assistant (x32 Version: 5.1.11.1)

HP Wireless Assistant (Version: 4.0.10.0)

HPAsset component for HP Active Support Library (x32 Version: 3.0.2.2)

HyperCam 3 (x32 Version: 3.3.1111.16)

iCloud (Version: 1.1.0.40)

ICQ7.6 (x32 Version: 7.6)

IDT Audio (x32 Version: 1.0.6315.0)

iLivid (x32 Version: 1.92.0.118480)

Intel PROSet Wireless

Intel PROSet Wireless (x32)

Intel(R) Control Center (x32 Version: 1.2.1.1007)

Intel(R) Display Audio Driver (x32 Version: 6.14.00.3074)

Intel(R) Management Engine Components (x32 Version: 7.0.0.1144)

Intel(R) PROSet/Wireless WiFi-Software (Version: 14.03.1000)

Intel(R) Rapid Storage Technology (x32 Version: 10.1.2.1004)

Intel(R) Wireless Display

Intel(R) Wireless Display (x32 Version: 2.0.27.0)

Java 7 Update 9 (x32 Version: 7.0.90)

Java Auto Updater (x32 Version: 2.1.9.0)

Junk Mail filter update (x32 Version: 15.4.3502.0922)

LabelPrint (x32 Version: 2.5.3429)

Landwirtschafts Simulator 2011 (x32 Version: 1.0)

Landwirtschafts Simulator 2013 (x32 Version: 1.0)

Left 4 Dead 2 (x32)

LightScribe System Software (x32 Version: 1.18.20.1)

Mesh Runtime (x32 Version: 15.4.5722.2)

Microsoft .NET Framework 1.1 (x32 Version: 1.1.4322)

Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)

Microsoft .NET Framework 4 Extended (Version: 4.0.30319)

Microsoft Application Error Reporting (Version: 12.0.6015.5000)

Microsoft Games for Windows - LIVE Redistributable (x32 Version: 2.0.672.0)

Microsoft Office 2010 Service Pack 1 (SP1) (x32)

Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.6029.1000)

Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.6029.1000)

Microsoft Office Home and Business 2010 (x32 Version: 14.0.6029.1000)

Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000)

Microsoft Office Klick-und-Los 2010 (x32 Version: 14.0.4763.1000)

Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)

Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.6029.1000)

Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.6029.1000)

Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.6029.1000)

Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000)

Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000)

Microsoft Office Proof (German) 2010 (x32 Version: 14.0.6029.1000)

Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.6029.1000)

Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.6029.1000)

Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.6029.1000)

Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.6029.1000)

Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.6029.1000)

Microsoft Office Single Image 2010 (x32 Version: 14.0.6029.1000)

Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.6029.1000)

Microsoft Silverlight (Version: 5.1.20513.0)

Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)

Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)

MSVC80_x64_v2 (Version: 1.0.3.0)

MSVC80_x86_v2 (x32 Version: 1.0.3.0)

MSVC90_x64 (Version: 1.0.1.2)

MSVC90_x86 (x32 Version: 1.0.1.2)

MSVCRT (x32 Version: 15.4.2862.0708)

MSVCRT_amd64 (x32 Version: 15.4.2862.0708)

Notepad++ (x32 Version: 6.2.3)

Paint.NET v3.5.10 (Version: 3.60.0)

Power2Go (x32 Version: 6.1.4725)

PunkBuster Services (x32 Version: 0.993)

PX Profile Update (x32 Version: 1.00.1.)

Realtek Ethernet Controller Driver (x32 Version: 7.26.902.2010)

Realtek PCIE Card Reader (x32 Version: 6.1.7600.69)

Recovery Manager (x32 Version: 1.0.22)

rosoft .NET Framework 4 Client Profile (Version: 4.0.30319)

San Andreas Mod Installer (x32 Version: 1.1)

Skype™ 6.6 (x32 Version: 6.6.106)

Spotify (HKCU Version: 0.9.1.57.ge7405149)

Steam (x32 Version: 1.0.0.0)

Synaptics Pointing Device Driver (Version: 15.2.4.4)

System Requirements Lab for Intel (x32 Version: 4.5.5.0)

TeamSpeak 3 Client (HKCU Version: 3.0.11.1)

The War Z (x32)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)

Update for Microsoft Office 2010 (KB2494150) (x32)

Update for Microsoft Office 2010 (KB2553065) (x32)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (x32)

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32)

Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition (x32)

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32)

Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition (x32)

Update for Microsoft Office 2010 (KB2566458) (x32)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32)

Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (x32)

Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (x32)

Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition (x32)

Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32)

Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (x32)

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32)

Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition (x32)

Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (x32)

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32)

Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition (x32)

Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (x32)

War Thunder Launcher 1.0.1.195 (x32)

Windows iLivid Toolbar (x32 Version: 3.0.0.118320)

Windows Live Communications Platform (x32 Version: 15.4.3502.0922)

Windows Live Essentials (x32 Version: 15.4.3502.0922)

Windows Live Essentials (x32 Version: 15.4.3538.0513)

Windows Live Fotogalerie (x32 Version: 15.4.3502.0922)

Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)

Windows Live Installer (x32 Version: 15.4.3502.0922)

Windows Live Language Selector (Version: 15.4.3538.0513)

Windows Live Mail (x32 Version: 15.4.3502.0922)

Windows Live Mesh (x32 Version: 15.4.3502.0922)

Windows Live Messenger (x32 Version: 15.4.3538.0513)

Windows Live MIME IFilter (Version: 15.4.3502.0922)

Windows Live Movie Maker (x32 Version: 15.4.3502.0922)

Windows Live Photo Common (x32 Version: 15.4.3502.0922)

Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)

Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)

Windows Live Remote Client (Version: 15.4.5722.2)

Windows Live Remote Client Resources (Version: 15.4.5722.2)

Windows Live Remote Service (Version: 15.4.5722.2)

Windows Live Remote Service Resources (Version: 15.4.5722.2)

Windows Live SOXE (x32 Version: 15.4.3502.0922)

Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)

Windows Live UX Platform (x32 Version: 15.4.3502.0922)

Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)

Windows Live Writer (x32 Version: 15.4.3502.0922)

Windows Live Writer Resources (x32 Version: 15.4.3502.0922)

WinRAR 4.20 (64-Bit) (Version: 4.20.0)
 

==================== Restore Points  =========================
 

31-07-2013 20:06:15 Wiederherstellungsvorgang

31-07-2013 20:46:03 Windows Update

06-08-2013 06:39:41 Windows Update

09-08-2013 11:05:19 Windows Update
 

==================== Hosts content: ==========================
 

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 

==================== Scheduled Tasks (whitelisted) =============
 

Task: {0228AF97-2E19-4C81-BE2E-D1FFE7AC2338} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation)

Task: {04278ECD-86B8-40C3-B8C0-2D48143B4124} - System32\Tasks\Hewlett-Packard\HP Support Assistant\GetAssistance Maintenance Events => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\HPSAObjUtil.exe [2013-08-06] (HP)

Task: {10742BC6-D6B2-464E-882D-C812B9287992} - System32\Tasks\HPCeeScheduleForSteinmetzer => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)

Task: {1725990A-3205-40FC-B321-FA4437B5C136} - System32\Tasks\{E1328D7D-1EEF-416D-9D9D-978DE6ABB0DA} => C:\Users\Steinmetzer\Desktop\Xpadder.exe No File

Task: {1C62D03E-371B-4242-A806-E478FB6A27BF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2010-12-01] (Hewlett-Packard Company)

Task: {25B22D72-3539-4688-A89A-FC01A1616EE3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-24] (Google Inc.)

Task: {3B624C4E-9202-4900-8165-9ADBCB7A69CE} - System32\Tasks\DLL-files.com Fixer_UPDATES => C:\Program Files (x86)\Dll-Files.com No File

Task: {447675CD-94AF-48E4-8E53-778FF4918CDD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe [2013-08-06] (Microsoft)

Task: {4C771E91-08F3-4548-8BE1-3C473C78079D} - System32\Tasks\{61B9FDF0-8439-47CA-8858-ECFD193E29B6} => C:\Program Files (x86)\Internet Explorer\iexplore.exe [2013-05-29] (Microsoft Corporation)

Task: {513C6B55-8E4C-4F0E-9E75-5A66ED6FA3A2} - System32\Tasks\{2540633E-1146-4946-AFE5-BBF04C486E7D} => C:\Users\Steinmetzer\Desktop\Xpadder.exe No File

Task: {54C89DD7-4C96-40D2-8314-573F08C2030A} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-23] (Microsoft Corporation)

Task: {603076BE-ACD9-4106-A564-8A861132E547} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2010-12-01] (Hewlett-Packard Company)

Task: {648714AE-AC0F-4D21-96AF-BED915E13C23} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-24] (Google Inc.)

Task: {67FFF3E5-A5B0-45C2-8453-9F9084367CF8} - System32\Tasks\{AEBD690D-5826-40BD-BBF0-40331A5992D1} => C:\Users\Steinmetzer\Desktop\Xpadder.exe No File

Task: {6D69E67F-51DB-45E6-BC77-A87FD19D3576} - System32\Tasks\{E51E0825-2350-4ADB-A56F-03510A1A3FD7} => C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe [2010-12-10] (CyberLink Corp.)

Task: {746D255D-B5C1-47BD-B3A6-E34DE9696B49} - System32\Tasks\Microsoft\Windows\Media Center\Extender\Update media permissions for Mcx1-MARIUS-HP => C:\Windows\ehome\McxTask.exe [2009-07-14] (Microsoft Corporation)

Task: {8184B3D5-4E8E-4D8E-B453-C373C01DFAB0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Total Care Tune-Up => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPTuneUp.exe [2010-12-01] (Hewlett-Packard Company)

Task: {8F9F31F6-0BBD-4096-AE08-E1E0FB83709D} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe [2010-11-20] (Microsoft Corporation)

Task: {99713916-5E3C-4AFA-966D-2F47C9114385} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1421421367-465013136-1781341850-1001UA => C:\Users\Steinmetzer\AppData\Local\Google\Update\GoogleUpdate.exe No File

Task: {9ADC5B46-F164-4CB7-AC10-A6E107FA7CBA} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1421421367-465013136-1781341850-1001Core => C:\Users\Steinmetzer\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-04-07] (Facebook Inc.)

Task: {A0921A97-BE97-4821-9680-578E48BDA9DA} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1421421367-465013136-1781341850-1001UA => C:\Users\Steinmetzer\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-04-07] (Facebook Inc.)

Task: {A4787D51-51CF-4693-A210-90687FAE0647} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1421421367-465013136-1781341850-1001Core => C:\Users\Steinmetzer\AppData\Local\Google\Update\GoogleUpdate.exe No File

Task: {B16D24DC-5EA9-40DD-97E1-BC908992AD2D} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task

Task: {C11631FC-9D60-4709-B82F-BF6DD0F5E02E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-11] (Adobe Systems Incorporated)

Task: {E705D94D-8D3E-44EF-9CC3-EDF4C034199C} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2010-12-10] (CyberLink)

Task: {F6452D24-DDBC-4854-968A-CCCA84B890FF} - System32\Tasks\RDReminder => C:\Program Files (x86)\Dll-Files.com No File

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1421421367-465013136-1781341850-1001Core.job => C:\Users\Steinmetzer\AppData\Local\Facebook\Update\FacebookUpdate.exe

Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1421421367-465013136-1781341850-1001UA.job => C:\Users\Steinmetzer\AppData\Local\Facebook\Update\FacebookUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1421421367-465013136-1781341850-1001Core.job => C:\Users\Steinmetzer\AppData\Local\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1421421367-465013136-1781341850-1001UA.job => C:\Users\Steinmetzer\AppData\Local\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\HPCeeScheduleForSteinmetzer.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
 

==================== Faulty Device Manager Devices =============
 

Name: Microsoft-ISATAP-Adapter #5

Description: Microsoft-ISATAP-Adapter

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: tunnel

Problem: : This device cannot start. (Code10)

Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.

On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 

Name: Teredo Tunneling Pseudo-Interface

Description: Microsoft-Teredo-Tunneling-Adapter

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: tunnel

Problem: : This device cannot start. (Code10)

Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.

On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 

Name: Microsoft-6zu4-Adapter

Description: Microsoft-6zu4-Adapter

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: tunnel

Problem: : This device cannot start. (Code10)

Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.

On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 

Name: Microsoft-ISATAP-Adapter

Description: Microsoft-ISATAP-Adapter

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: tunnel

Problem: : This device cannot start. (Code10)

Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.

On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 

Name: Microsoft-ISATAP-Adapter #2

Description: Microsoft-ISATAP-Adapter

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: tunnel

Problem: : This device cannot start. (Code10)

Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.

On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 

Name: Microsoft-ISATAP-Adapter #3

Description: Microsoft-ISATAP-Adapter

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: tunnel

Problem: : This device cannot start. (Code10)

Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.

On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 

Name: Microsoft-ISATAP-Adapter #4

Description: Microsoft-ISATAP-Adapter

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: tunnel

Problem: : This device cannot start. (Code10)

Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.

On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 

==================== Event log errors: =========================
 

Application errors:

==================

Error: (08/13/2013 08:19:37 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)

Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
 

Error: (08/13/2013 08:19:37 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)

Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
 

Error: (08/13/2013 08:19:37 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)

Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
 

Error: (08/13/2013 08:15:02 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)

Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
 

Error: (08/13/2013 08:15:02 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)

Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
 

Error: (08/13/2013 08:15:02 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)

Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
 

Error: (08/13/2013 08:11:17 PM) (Source: Google Update) (User: MARIUS-HP)

Description: Network Request Error.

Error: 0x80072ee7. Http status code: 0.

Url=https://www.facebook.com/omaha/update.php

Trying config: source=IE, wpad=1, script=.

trying CUP:WinHTTP.

Send request returned 0x80072ee7. Http status code 0.

trying WinHTTP.

Send request returned 0x80072ee7. Http status code 0.

trying CUP:iexplore.

Send request returned 0x80004005. Http status code 0.

Trying config: source=, direct connection.

trying CUP:WinHTTP.

Send request returned 0x80072ee7. Http status code 0.

trying WinHTTP.

Send request returned 0x80072ee7. Http status code 0.

trying CUP:iexplore.

Send request returned 0x80004005. Http status code 0.

Trying config: source=IE, wpad=1, script=.

trying CUP:WinHTTP.

Send request returned 0x80072ee7. Http status code 0.

trying WinHTTP.

Send request returned 0x80072ee7. Http status code 0.

trying CUP:iexplore.

Send request returned 0x80004005. Http status code 0.

Trying config: source=, direct connection.

trying CUP:WinHTTP.

Send request returned 0x80072ee7. Http s
 

Error: (08/13/2013 08:10:29 PM) (Source: Avira AntiVir) (User: NT-AUTORITÄT)

Description: Die Datei AVPREF.DLL konnte nicht geladen werden.

Fehlercode: 0x45a
 

Error: (08/13/2013 07:59:28 PM) (Source: Avira AntiVir) (User: NT-AUTORITÄT)

Description: Die Datei AVPREF.DLL konnte nicht geladen werden.

Fehlercode: 0x45a
 

Error: (08/13/2013 07:18:42 PM) (Source: Avira AntiVir) (User: NT-AUTORITÄT)

Description: Die Datei AVPREF.DLL konnte nicht geladen werden.

Fehlercode: 0x45a
 
 

System errors:

=============

Error: (08/13/2013 08:11:37 PM) (Source: DCOM) (User: NT-AUTORITÄT)

Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
 

Error: (08/13/2013 08:10:28 PM) (Source: Service Control Manager) (User: )

Description: Der Dienst "Easybits Services for Windows" wurde aufgrund folgenden Fehlers nicht gestartet: 

%%3
 

Error: (08/13/2013 08:10:28 PM) (Source: Service Control Manager) (User: )

Description: Der Dienst "Akamai NetSession Interface" wurde mit folgendem Fehler beendet: 

%%126
 

Error: (08/13/2013 08:00:42 PM) (Source: DCOM) (User: NT-AUTORITÄT)

Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
 

Error: (08/13/2013 07:59:27 PM) (Source: Service Control Manager) (User: )

Description: Der Dienst "Easybits Services for Windows" wurde aufgrund folgenden Fehlers nicht gestartet: 

%%3
 

Error: (08/13/2013 07:59:26 PM) (Source: Service Control Manager) (User: )

Description: Der Dienst "Akamai NetSession Interface" wurde mit folgendem Fehler beendet: 

%%126
 

Error: (08/13/2013 07:18:42 PM) (Source: Service Control Manager) (User: )

Description: Der Dienst "Easybits Services for Windows" wurde aufgrund folgenden Fehlers nicht gestartet: 

%%3
 

Error: (08/13/2013 07:18:42 PM) (Source: Service Control Manager) (User: )

Description: Der Dienst "Akamai NetSession Interface" wurde mit folgendem Fehler beendet: 

%%126
 

Error: (08/13/2013 07:18:39 PM) (Source: EventLog) (User: )

Description: Das System wurde zuvor am ‎13.‎08.‎2013 um 19:09:54 unerwartet heruntergefahren.
 

Error: (08/13/2013 06:53:30 PM) (Source: DCOM) (User: NT-AUTORITÄT)

Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
 
 

Microsoft Office Sessions:

=========================

Error: (08/13/2013 08:19:37 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT)

Description: WmiApRplWmiApRpl8F20300004D070000
 

Error: (08/13/2013 08:19:37 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT)

Description: Performance1637070000000000000000000009030000
 

Error: (08/13/2013 08:19:37 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT)

Description: Performance1637070000000000000000000009030000
 

Error: (08/13/2013 08:15:02 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT)

Description: WmiApRplWmiApRpl8F20300004D070000
 

Error: (08/13/2013 08:15:02 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT)

Description: Performance1637070000000000000000000009030000
 

Error: (08/13/2013 08:15:02 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT)

Description: Performance1637070000000000000000000009030000
 

Error: (08/13/2013 08:11:17 PM) (Source: Google Update)(User: MARIUS-HP)

Description: Network Request Error.

Error: 0x80072ee7. Http status code: 0.

Url=https://www.facebook.com/omaha/update.php

Trying config: source=IE, wpad=1, script=.

trying CUP:WinHTTP.

Send request returned 0x80072ee7. Http status code 0.

trying WinHTTP.

Send request returned 0x80072ee7. Http status code 0.

trying CUP:iexplore.

Send request returned 0x80004005. Http status code 0.

Trying config: source=, direct connection.

trying CUP:WinHTTP.

Send request returned 0x80072ee7. Http status code 0.

trying WinHTTP.

Send request returned 0x80072ee7. Http status code 0.

trying CUP:iexplore.

Send request returned 0x80004005. Http status code 0.

Trying config: source=IE, wpad=1, script=.

trying CUP:WinHTTP.

Send request returned 0x80072ee7. Http status code 0.

trying WinHTTP.

Send request returned 0x80072ee7. Http status code 0.

trying CUP:iexplore.

Send request returned 0x80004005. Http status code 0.

Trying config: source=, direct connection.

trying CUP:WinHTTP.

Send request returned 0x80072ee7. Http s
 

Error: (08/13/2013 08:10:29 PM) (Source: Avira AntiVir)(User: NT-AUTORITÄT)

Description: AVPREF.DLL0x45a
 

Error: (08/13/2013 07:59:28 PM) (Source: Avira AntiVir)(User: NT-AUTORITÄT)

Description: AVPREF.DLL0x45a
 

Error: (08/13/2013 07:18:42 PM) (Source: Avira AntiVir)(User: NT-AUTORITÄT)

Description: AVPREF.DLL0x45a
 
 

CodeIntegrity Errors:

===================================

  Date: 2013-06-01 10:39:37.246

  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
 

  Date: 2013-06-01 10:39:37.137

  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
 

  Date: 2013-04-28 16:21:02.100

  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
 

  Date: 2013-04-28 16:21:01.990

  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
 

  Date: 2013-03-13 18:05:01.055

  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
 

  Date: 2013-03-13 18:05:00.953

  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
 

  Date: 2013-03-13 18:03:16.776

  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
 

  Date: 2013-03-13 18:03:16.668

  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
 

  Date: 2013-03-13 18:02:24.824

  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
 

  Date: 2013-03-13 18:02:24.725

  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
 
 

==================== Memory info =========================== 
 

Percentage of memory in use: 42%

Total physical RAM: 4043.86 MB

Available physical RAM: 2335.88 MB

Total Pagefile: 10106.04 MB

Available Pagefile: 8300.3 MB

Total Virtual: 8192 MB

Available Virtual: 8191.82 MB
 

==================== Drives ================================
 

Drive c: () (Fixed) (Total:580.17 GB) (Free:184.88 GB) NTFS (Disk=0 Partition=2) ==>[System with boot components (obtained from reading drive)]

Drive d: (RECOVERY) (Fixed) (Total:15.71 GB) (Free:1.94 GB) NTFS (Disk=0 Partition=3)

Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32 (Disk=0 Partition=4)

Drive g: (MARIUSKLEIN) (Removable) (Total:0.48 GB) (Free:0.48 GB) FAT32 (Disk=1 Partition=1)
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596 GB) (Disk ID: FBCCF9BA)

Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=580 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=16 GB) - (Type=07 NTFS)

Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)
 

========================================================

Disk: 1 (Size: 491 MB) (Disk ID: 643D5C3C)

Partition 1: (Active) - (Size=491 MB) - (Type=0B)
 

==================== End Of Log ============================

Mfg. Marius

So, Log vom Adwcleaner :

Code:

# AdwCleaner v2.306 - Datei am 13/08/2013 um 20:34:13 erstellt

# Aktualisiert am 19/07/2013 von Xplode

# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)

# Benutzer : Steinmetzer - MARIUS-HP

# Bootmodus : Normal

# Ausgeführt unter : C:\Users\Steinmetzer\Desktop\adwcleaner.exe

# Option [Löschen]
 
 

**** [Dienste] ****
 
 

***** [Dateien / Ordner] *****
 

Ordner Gelöscht : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB

Ordner Gelöscht : C:\Program Files (x86)\Conduit

Ordner Gelöscht : C:\Program Files (x86)\Windows iLivid Toolbar

Ordner Gelöscht : C:\ProgramData\{B49A644A-1076-4A3D-B124-DAA7862F2318}

Ordner Gelöscht : C:\ProgramData\~0

Ordner Gelöscht : C:\ProgramData\Babylon

Ordner Gelöscht : C:\ProgramData\boost_interprocess

Ordner Gelöscht : C:\ProgramData\IBUpdaterService

Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ilivid

Ordner Gelöscht : C:\Users\Steinmetzer\AppData\Local\Conduit

Ordner Gelöscht : C:\Users\Steinmetzer\AppData\Local\Ilivid Player

Ordner Gelöscht : C:\Users\Steinmetzer\AppData\Local\PackageAware

Ordner Gelöscht : C:\Users\Steinmetzer\AppData\LocalLow\Conduit

Ordner Gelöscht : C:\Users\Steinmetzer\AppData\LocalLow\searchquband

Ordner Gelöscht : C:\Users\Steinmetzer\AppData\LocalLow\Searchqutoolbar

Ordner Gelöscht : C:\Users\Steinmetzer\AppData\Roaming\Babylon

Ordner Gelöscht : C:\Users\Steinmetzer\AppData\Roaming\dvdvideosoftiehelpers

Ordner Gelöscht : C:\Users\Steinmetzer\AppData\Roaming\PerformerSoft
 

***** [Registrierungsdatenbank] *****
 

Daten Gelöscht : [x64] HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~2\WI3C8A~1\Datamngr\x64\datamngr.dll

Daten Gelöscht : [x64] HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~2\WI3C8A~1\Datamngr\x64\IEBHO.dll

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\ConduitSearchScopes

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\searchqutoolbar

Schlüssel Gelöscht : HKCU\Software\BabylonToolbar

Schlüssel Gelöscht : HKCU\Software\Conduit

Schlüssel Gelöscht : HKCU\Software\DataMngr

Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar

Schlüssel Gelöscht : HKCU\Software\ilivid

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079A25-328F-4BD4-BE04-00955ACAA0A7}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4F12-8568-69135F087DB0}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D717F81-9148-4F12-8568-69135F087DB0}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}

Schlüssel Gelöscht : HKCU\Software\Softonic

Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}

Schlüssel Gelöscht : HKLM\Software\Babylon

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{AC662AF2-4601-4A68-84DF-A3FE83F1A5F9}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\BrowserConnection.dll

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\DNSBHO.dll

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BrowserConnection.Loader

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BrowserConnection.Loader.1

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\DnsBHO.BHO

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\DnsBHO.BHO.1

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ilivid

Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\2B1E51D87B2D71A44BB42DDD5E894160

Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\2B1E51D87B2D71A44BB42DDD5E894160

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{5B4144E1-B61D-495A-9A50-CD1A95D86D15}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{841D5A49-E48D-413C-9C28-EB3D9081D705}

Schlüssel Gelöscht : HKLM\Software\Conduit

Schlüssel Gelöscht : HKLM\Software\DataMngr

Schlüssel Gelöscht : HKLM\Software\ilivid

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS

Schlüssel Gelöscht : HKLM\Software\SearchquMediabarTb

Schlüssel Gelöscht : HKLM\Software\systweak

Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\5e57d8d1b468eb15

Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}

Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9D717F81-9148-4F12-8568-69135F087DB0}

Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}

Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}

Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FEFD3AF5-A346-4451-AA23-A3AD54915515}

Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}

Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{44B619BC-3D2B-4990-AA4F-9AA366921792}

Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079A25-328F-4BD4-BE04-00955ACAA0A7}

Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}

Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}

Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}

Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079A25-328F-4BD4-BE04-00955ACAA0A7}

Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4F12-8568-69135F087DB0}

Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}

Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ilivid

Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Windows Searchqu Toolbar

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{9D717F81-9148-4F12-8568-69135F087DB0}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FEFD3AF5-A346-4451-AA23-A3AD54915515}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{44B619BC-3D2B-4990-AA4F-9AA366921792}

Schlüssel Gelöscht : HKLM\SOFTWARE\DataMngr

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4F12-8568-69135F087DB0}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}

Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [DataMngr]

Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{99079A25-328F-4BD4-BE04-00955ACAA0A7}]

Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [10]

Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10]
 

***** [Internet Browser] *****
 

-\\ Internet Explorer v9.0.8112.16496
 

[OK] Die Registrierungsdatenbank ist sauber.
 

-\\ Google Chrome v28.0.1500.95
 

Datei : C:\Users\Steinmetzer\AppData\Local\Google\Chrome\User Data\Default\Preferences
 

Gelöscht [l.2136] : homepage = "hxxp://www.holasearch.com/?affID=121962&babsrc=HP_ss&mntrId=5A688CA9824CD555",
 

*************************
 

AdwCleaner[S1].txt - [10680 octets] - [13/08/2013 20:34:13]
 

########## EOF - C:\AdwCleaner[S1].txt - [10741 octets] ##########

Log vom Combofix :

Code:

ComboFix 13-08-13.02 - Steinmetzer 13.08.2013  20:44:48.1.4 - x64

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4044.2636 [GMT 2:00]

ausgeführt von:: c:\users\Steinmetzer\Desktop\ComboFix.exe

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\gema

c:\programdata\Roaming

c:\users\Steinmetzer\AppData\Roaming\.#

c:\users\Steinmetzer\AppData\Roaming\AcroIEHelpe.txt

c:\users\Steinmetzer\AppData\Roaming\gema

c:\users\Steinmetzer\AppData\Roaming\Help\coredb\storage

c:\users\Steinmetzer\AppData\Roaming\srvblck5.tmp

c:\windows\SysWow64\frapsvid.dll

.

.

(((((((((((((((((((((((   Dateien erstellt von 2013-07-13 bis 2013-08-13  ))))))))))))))))))))))))))))))

.

.

2013-08-14 03:25 . 2013-08-14 03:25        --------        d-----w-        C:\FRST

2013-08-10 13:23 . 2013-08-10 13:23        76232        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{0D8D187C-0F91-412D-A280-FCCA5F0A7569}\offreg.dll

2013-08-09 11:06 . 2013-07-15 01:34        9460976        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{0D8D187C-0F91-412D-A280-FCCA5F0A7569}\mpengine.dll

2013-07-20 19:27 . 2013-07-20 19:27        --------        d-----w-        C:\Games

2013-07-18 09:09 . 2013-07-18 09:11        --------        d-----w-        c:\windows\system32\MRT

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-07-11 19:35 . 2011-09-15 15:08        78185248        ----a-w-        c:\windows\system32\MRT.exe

2013-06-21 18:56 . 2013-06-16 14:06        291128        ----a-w-        c:\windows\SysWow64\PnkBstrB.exe

2013-06-21 18:56 . 2012-01-03 19:05        291128        ----a-w-        c:\windows\SysWow64\PnkBstrB.xtr

2013-06-20 17:50 . 2012-01-03 18:40        291128        ----a-w-        c:\windows\SysWow64\PnkBstrB.ex0

2013-06-16 14:06 . 2013-06-16 14:06        76888        ----a-w-        c:\windows\SysWow64\PnkBstrA.exe

2013-06-11 18:32 . 2012-04-07 18:15        692104        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe

2013-06-11 18:32 . 2011-09-16 07:00        71048        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-06-05 03:34 . 2013-07-10 22:42        3153920        ----a-w-        c:\windows\system32\win32k.sys

2013-06-04 06:00 . 2013-07-10 22:42        624128        ----a-w-        c:\windows\system32\qedit.dll

2013-06-04 04:53 . 2013-07-10 22:42        509440        ----a-w-        c:\windows\SysWow64\qedit.dll

2013-05-29 06:15 . 2013-07-11 19:33        17829376        ----a-w-        c:\windows\system32\mshtml.dll

2013-05-29 05:50 . 2013-07-11 19:33        10926080        ----a-w-        c:\windows\system32\ieframe.dll

2013-05-29 05:43 . 2013-07-11 19:33        2312704        ----a-w-        c:\windows\system32\jscript9.dll

2013-05-29 05:34 . 2013-07-11 19:33        1494528        ----a-w-        c:\windows\system32\inetcpl.cpl

2013-05-29 05:33 . 2013-07-11 19:33        237056        ----a-w-        c:\windows\system32\url.dll

2013-05-29 05:31 . 2013-07-11 19:33        85504        ----a-w-        c:\windows\system32\jsproxy.dll

2013-05-29 05:29 . 2013-07-11 19:33        173056        ----a-w-        c:\windows\system32\ieUnatt.exe

2013-05-29 05:29 . 2013-07-11 19:33        816640        ----a-w-        c:\windows\system32\jscript.dll

2013-05-29 05:29 . 2013-07-11 19:33        599040        ----a-w-        c:\windows\system32\vbscript.dll

2013-05-29 05:27 . 2013-07-11 19:33        729088        ----a-w-        c:\windows\system32\msfeeds.dll

2013-05-29 05:25 . 2013-07-11 19:33        96768        ----a-w-        c:\windows\system32\mshtmled.dll

2013-05-29 05:25 . 2013-07-11 19:33        2382848        ----a-w-        c:\windows\system32\mshtml.tlb

2013-05-29 05:18 . 2013-07-11 19:33        248320        ----a-w-        c:\windows\system32\ieui.dll

2013-05-29 01:50 . 2013-07-11 19:33        1800704        ----a-w-        c:\windows\SysWow64\jscript9.dll

2013-05-29 01:41 . 2013-07-11 19:33        1427968        ----a-w-        c:\windows\SysWow64\inetcpl.cpl

2013-05-29 01:37 . 2013-07-11 19:33        142848        ----a-w-        c:\windows\SysWow64\ieUnatt.exe

2013-05-29 01:36 . 2013-07-11 19:33        420864        ----a-w-        c:\windows\SysWow64\vbscript.dll

2013-05-29 01:33 . 2013-07-11 19:33        2382848        ----a-w-        c:\windows\SysWow64\mshtml.tlb

2013-05-24 18:38 . 2011-10-09 11:50        22240        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2013-05-17 15:27 . 2013-05-17 15:27        40696        ----a-w-        c:\windows\system32\drivers\RzMaelstromVAD.sys

2013-05-17 15:25 . 2013-05-17 15:25        245248        ----a-w-        c:\windows\system32\DriverInstallCACMD.exe

2013-05-17 15:25 . 2013-05-17 15:25        69120        ----a-w-        c:\windows\system32\DriverInstallCA.dll

2013-05-17 03:02 . 2013-06-13 18:40        1346560        ----a-w-        c:\windows\system32\urlmon.dll

2013-05-17 03:02 . 2013-06-13 18:40        1392128        ----a-w-        c:\windows\system32\wininet.dll

2013-05-17 02:53 . 2013-06-13 18:40        2147840        ----a-w-        c:\windows\system32\iertutil.dll

2013-05-16 22:28 . 2013-06-13 18:40        1129472        ----a-w-        c:\windows\SysWow64\wininet.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Wisdom-soft AutoScreenRecorder 3.1 Free"="0" [X]

"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-11-22 2736128]

"Speech Recognition"="c:\windows\Speech\Common\sapisvr.exe" [2009-07-14 44544]

"Steam"="c:\program files (x86)\Steam\steam.exe" [2013-07-01 1671592]

"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-02-23 59240]

"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2012-02-24 59240]

"Spotify Web Helper"="c:\users\Steinmetzer\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-07-10 1104384]

"GoogleChromeAutoLaunch_86E68EA1987AAE753BE55EE1F8756C88"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2013-07-25 846288]

"Spotify"="c:\users\Steinmetzer\AppData\Roaming\Spotify\spotify.exe" [2013-07-10 4640768]

"Facebook Update"="c:\users\Steinmetzer\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2013-04-07 138096]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-06-21 19875432]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-01-12 283160]

"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-11-09 586296]

"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2010-12-13 318520]

"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]

"BrStsMon00"="c:\program files (x86)\Browny02\Brother\BrStMonW.exe" [2010-02-09 2621440]

"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]

.

c:\users\Steinmetzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Steinmetzer\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-25 27776968]

Facebook Messenger.lnk - c:\users\Steinmetzer\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe [2013-3-7 248240]

OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2013-1-8 228448]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-7-29 1132320]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"EnableShellExecuteHooks"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"mixer2"=wdmaud.drv

.

R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]

R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 ezSharedSvc;Easybits Services for Windows; [x]

R2 gupdate;Google Update-Dienst (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe;c:\program files (x86)\Google\Update\GoogleUpdate.exe [x]

R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [x]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]

R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protokoll;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]

R3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe;c:\program files (x86)\Browny02\BrYNSvc.exe [x]

R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]

R3 dump_wmimmc;dump_wmimmc; [x]

R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe;c:\program files (x86)\Google\Update\GoogleUpdate.exe [x]

R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]

R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]

R3 NETwNv64;___ Intel(R) Wireless WiFi Link der Serie 5000 Adaptertreiber für Windows Vista 64-Bit;c:\windows\system32\DRIVERS\NETwNv64.sys;c:\windows\SYSNATIVE\DRIVERS\NETwNv64.sys [x]

R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]

R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]

R3 RZMAELSTROMVADService;Razer Surround Audio Enhancer Service;c:\windows\system32\drivers\RzMaelstromVAD.sys;c:\windows\SYSNATIVE\drivers\RzMaelstromVAD.sys [x]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]

R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bbus.sys [x]

R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bmdfl.sys [x]

R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bmdm.sys [x]

R3 ss_bserd;SAMSUNG USB Mobile Logging Driver;c:\windows\system32\DRIVERS\ss_bserd.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bserd.sys [x]

R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]

S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]

S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]

S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]

S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x]

S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]

S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]

S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]

S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed - Virtueller Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]

S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]

S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]

S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]

S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys;c:\windows\SYSNATIVE\DRIVERS\igdpmd64.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]

S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys;c:\windows\SYSNATIVE\DRIVERS\WDKMD.sys [x]

.

.

--- Andere Dienste/Treiber im Speicher ---

.

*NewlyCreated* - WS2IFSL

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

Akamai        REG_MULTI_SZ           Akamai

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2010-11-22 12:18        451872        ----a-w-        c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-08-01 22:30        1173456        ----a-w-        c:\program files (x86)\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe

.

Inhalt des "geplante Tasks" Ordners

.

2013-08-13 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 18:32]

.

2013-08-13 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1421421367-465013136-1781341850-1001Core.job

- c:\users\Steinmetzer\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-04-07 20:05]

.

2013-08-13 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1421421367-465013136-1781341850-1001UA.job

- c:\users\Steinmetzer\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-04-07 20:05]

.

2013-08-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-24 17:47]

.

2013-08-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-24 17:47]

.

2013-08-13 c:\windows\Tasks\HPCeeScheduleForSteinmetzer.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 21:15]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-11-29 167960]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-11-29 391704]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-11-29 417304]

"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-12-13 524800]

"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-07-21 8192]

"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2012-01-04 1935120]

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = https://www.google.de/

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>

IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105

IE: Free YouTube to MP3 Converter - c:\users\Steinmetzer\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: {{7644E42D-B096-457F-8B5B-901238FC81AE} - c:\program files (x86)\ICQ7.6\ICQ.exe

TCP: DhcpNameServer = 192.168.2.1

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

URLSearchHooks-{77f8c945-4b74-4bd6-a073-e0d1997edce8} - (no file)

c:\users\Steinmetzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Real Desktop.lnk - c:\program files (x86)\Real Desktop\Real Desktop.exe

WebBrowser-{77F8C945-4B74-4BD6-A073-E0D1997EDCE8} - (no file)

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

AddRemove-{9FEFA8C2-80EB-4B7A-BDE0-E077D94C36C4} - c:\program files (x86)\InstallShield Installation Information\{9FEFA8C2-80EB-4B7A-BDE0-E077D94C36C4}\setup.exe

AddRemove-Akamai - c:\users\Steinmetzer\AppData\Local\Akamai\uninstall.exe

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]

"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_7de0ed9.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]

@Denied: (2) (LocalSystem)

"{99079A25-328F-4BD4-BE04-00955ACAA0A7}"=hex:51,66,7a,6c,4c,1d,38,12,4b,99,14,

   9d,bd,7c,ba,0e,c1,12,43,d5,5f,94,e4,b3

"{77F8C945-4B74-4BD6-A073-E0D1997EDCE8}"=hex:51,66,7a,6c,4c,1d,38,12,2b,ca,eb,

   73,46,05,b8,0e,df,65,a3,91,9c,20,98,fc

"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,

   1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7

"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,

   72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57

"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,

   94,30,02,d1,0f,f1,da,12,24,73,56,27,d2

"{9D717F81-9148-4F12-8568-69135F087DB0}"=hex:51,66,7a,6c,4c,1d,38,12,ef,7c,62,

   99,7a,df,7c,0a,fa,7e,2a,53,5a,56,39,a4

"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,

   aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83

"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,

   b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb

"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,

   df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]

@Denied: (2) (LocalSystem)

"Timestamp"=hex:58,5f,11,0e,19,f0,cc,01

.

[HKEY_USERS\S-1-5-21-1421421367-465013136-1781341850-1001\Software\SecuROM\License information*]

"datasecu"=hex:2c,8f,37,f2,1f,58,0f,99,e9,dc,4e,4e,18,80,12,86,61,df,78,79,76,

   3e,16,fa,82,c7,7f,7d,a4,4d,ac,69,7a,bb,ad,8c,6a,51,a0,5f,f6,28,44,06,06,a2,\

"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Weitere laufende Prozesse ------------------------

.

c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe

c:\windows\SysWOW64\PnkBstrA.exe

c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe

c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

.

**************************************************************************

.

Zeit der Fertigstellung: 2013-08-13  21:02:43 - PC wurde neu gestartet

ComboFix-quarantined-files.txt  2013-08-13 19:02

.

Vor Suchlauf: 16 Verzeichnis(se), 198.604.881.920 Bytes frei

Nach Suchlauf: 25 Verzeichnis(se), 199.598.985.216 Bytes frei

.

- - End Of File - - F34B428F6F659FB178B55DD00124693D

D41D8CD98F00B204E9800998ECF8427E

Log von frst :

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-08-2013 01

Ran by Steinmetzer (administrator) on 13-08-2013 21:07:53

Running from C:\Users\Steinmetzer\Desktop

Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard

Internet Explorer Version 9

Boot Mode: Normal
 

==================== Processes (Whitelisted) =================
 

(AMD) C:\Windows\system32\atiesrxx.exe

(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe

(AMD) C:\Windows\system32\atieclxx.exe

(Microsoft Corporation) C:\Windows\system32\WLANExt.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe

(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

() C:\Windows\SysWOW64\PnkBstrA.exe

(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe

() C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe

(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe

(Intel Corporation) C:\Windows\System32\GfxUI.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(Spotify Ltd) C:\Users\Steinmetzer\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

(Spotify Ltd) C:\Users\Steinmetzer\AppData\Roaming\Spotify\spotify.exe

(Facebook Inc.) C:\Users\Steinmetzer\AppData\Local\Facebook\Update\FacebookUpdate.exe

(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe

(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe

(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

(Dropbox, Inc.) C:\Users\Steinmetzer\AppData\Roaming\Dropbox\bin\Dropbox.exe

(Facebook) C:\Users\Steinmetzer\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE

(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe

(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe

(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe

(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe

(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe

(Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.exe

(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2480936 2010-12-17] (Synaptics Incorporated)

HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [524800 2010-12-14] (IDT, Inc.)

HKLM\...\Run: [HPWirelessAssistant] - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-07-21] (Hewlett-Packard Company)

HKLM\...\Run: [IntelPAN] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2012-01-04] (Intel(R) Corporation)

HKCU\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2010-11-22] (Hewlett-Packard Company)

HKCU\...\Run: [Wisdom-soft AutoScreenRecorder 3.1 Free] - 0 [x]

HKCU\...\Run: [Speech Recognition] - C:\Windows\Speech\Common\sapisvr.exe [44544 2009-07-14] (Microsoft Corporation)

HKCU\...\Run: [Steam] - C:\Program Files (x86)\Steam\steam.exe [1671592 2013-07-01] (Valve Corporation)

HKCU\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59240 2012-02-23] (Apple Inc.)

HKCU\...\Run: [ApplePhotoStreams] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59240 2012-02-24] (Apple Inc.)

HKCU\...\Run: [Spotify Web Helper] - C:\Users\Steinmetzer\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1104384 2013-07-10] (Spotify Ltd)

HKCU\...\Run: [GoogleChromeAutoLaunch_86E68EA1987AAE753BE55EE1F8756C88] - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [846288 2013-07-25] (Google Inc.)

HKCU\...\Run: [Spotify] - C:\Users\Steinmetzer\AppData\Roaming\Spotify\spotify.exe [4640768 2013-07-10] (Spotify Ltd)

HKCU\...\Run: [Facebook Update] - C:\Users\Steinmetzer\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-04-07] (Facebook Inc.)

HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19875432 2013-06-21] (Skype Technologies S.A.)

HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-12] (Intel Corporation)

HKLM-x32\...\Run: [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [586296 2010-11-09] (Hewlett-Packard Development Company, L.P.)

HKLM-x32\...\Run: [HPOSD] - C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [318520 2010-12-13] (Hewlett-Packard Development Company, L.P.)

HKLM-x32\...\Run: [ControlCenter3] - C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)

HKLM-x32\...\Run: [BrStsMon00] - C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2621440 2010-02-09] (Brother Industries, Ltd.)

HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [281768 2011-04-21] (Avira GmbH)

HKU\Mcx1-MARIUS-HP\...\Winlogon: [Shell] C:\Windows\eHome\McrMgr.exe [343552 2009-07-14] (Microsoft Corporation) <==== ATTENTION 

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk

ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

Startup: C:\Users\Steinmetzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

ShortcutTarget: Dropbox.lnk -> C:\Users\Steinmetzer\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

Startup: C:\Users\Steinmetzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk

ShortcutTarget: Facebook Messenger.lnk -> C:\Users\Steinmetzer\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe (Facebook)

Startup: C:\Users\Steinmetzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk

ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
 

==================== Internet (Whitelisted) ====================
 

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

SearchScopes: HKLM - DefaultScope value is missing.

SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}

SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}

SearchScopes: HKCU - {1B3E420A-9B6A-42C2-B026-C4D2EA343858} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2795622

SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = 

SearchScopes: HKCU - {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = 

BHO: No Name - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -  No File

BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO: No Name - {DBC80044-A445-435b-BC74-9C25C1C588A9} -  No File

BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Toolbar: HKLM - FireShot - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - C:\Users\Steinmetzer\AppData\Roaming\Mozilla\Firefox\Profiles\oh6nnzts.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fsaddin64-0.96.dll No File

Toolbar: HKLM-x32 - FireShot - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - C:\Users\Steinmetzer\AppData\Roaming\Mozilla\Firefox\Profiles\oh6nnzts.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fsaddin-0.96.dll No File

DPF: HKLM-x32 {784797A8-342D-4072-9486-03C8D0F2F0A1} hxxp://www.battlefieldheroes.com/static/updater/BFHUpdater_5.0.127.0.cab

DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.5.0.cab

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
 

FireFox:

========

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin-x32: @java.com/DTPlugin,version=10.9.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.9.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Steinmetzer\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File

FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Steinmetzer\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File

FF Plugin HKCU: facebook.com/fbDesktopPlugin - C:\Users\Steinmetzer\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)

FF HKCU\...\Firefox\Extensions: [{184AA5E6-741D-464a-820E-94B3ABC2F3B4}] C:\Users\Steinmetzer\AppData\Roaming\05035
 

Chrome: 

=======

CHR HomePage: hxxp://www.google.com/

CHR RestoreOnStartup: "hxxp://google.de/"

CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}

CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}

CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\PepperFlash\pepflashplayer.dll ()

CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll ()

CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\pdf.dll ()

CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)

CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File

CHR Plugin: (Java(TM) Platform SE 7 U9) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

CHR Plugin: (Java Deployment Toolkit 7.0.90.5) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File

CHR Extension: (YouTube) - C:\Users\STEINM~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0

CHR Extension: (Google Search) - C:\Users\STEINM~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0

CHR Extension: (DVDVideoSoft Browser Extension) - C:\Users\STEINM~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0

CHR Extension: (Gmail) - C:\Users\STEINM~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1

CHR HKLM-x32\...\Chrome\Extension: [fjdkdjokkloghgmiiibhpkhipdfomgbo] - C:\Users\STEINM~1\AppData\Local\Temp\ccex.crx
 

==================== Services (Whitelisted) =================
 

S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [136360 2011-04-21] (Avira GmbH)

S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [269480 2011-07-21] (Avira GmbH)

S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2012-01-04] ()

S3 npggsvc; C:\Windows\SysWow64\GameMon.des [3889424 2011-08-01] (INCA Internet Co., Ltd.)

R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-06-16] ()

S2 Akamai; c:\program files (x86)\common files\akamai/netsession_win_7de0ed9.dll [x]

S2 ezSharedSvc; 
 

==================== Drivers (Whitelisted) ====================
 

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [88288 2011-07-21] (Avira GmbH)

R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [123784 2011-07-21] (Avira GmbH)

S3 RZMAELSTROMVADService; C:\Windows\System32\drivers\RzMaelstromVAD.sys [40696 2013-05-17] (Windows (R) Win 7 DDK provider)

S3 ss_bserd; C:\Windows\System32\DRIVERS\ss_bserd.sys [128000 2009-09-19] (MCCI Corporation)

S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-01-10] (Anchorfree Inc.)

S3 catchme; \??\C:\ComboFix\catchme.sys [x]

S3 dump_wmimmc; No ImagePath
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2013-08-13 21:02 - 2013-08-13 21:02 - 00027798 _____ C:\ComboFix.txt

2013-08-13 20:42 - 2013-08-13 21:02 - 00000000 ____D C:\Qoobox

2013-08-13 20:42 - 2013-08-13 21:01 - 00000000 ____D C:\Windows\erdnt

2013-08-13 20:42 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe

2013-08-13 20:42 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe

2013-08-13 20:42 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe

2013-08-13 20:42 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe

2013-08-13 20:42 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe

2013-08-13 20:42 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe

2013-08-13 20:42 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe

2013-08-13 20:42 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe

2013-08-13 20:40 - 2013-08-13 20:40 - 05103833 ____R (Swearware) C:\Users\Steinmetzer\Desktop\ComboFix.exe

2013-08-13 20:34 - 2013-08-13 20:34 - 00010773 _____ C:\AdwCleaner[S1].txt

2013-08-13 20:32 - 2013-08-13 20:32 - 00666633 _____ C:\Users\Steinmetzer\Desktop\adwcleaner.exe

2013-08-13 20:20 - 2013-08-13 20:20 - 00036544 _____ C:\Users\Steinmetzer\Desktop\Addition.txt

2013-08-13 20:19 - 2000-01-01 00:06 - 01575274 _____ (Farbar) C:\Users\Steinmetzer\Desktop\FRST64.exe

2013-08-10 15:00 - 2013-08-10 15:10 - 139145504 _____ (GIANTS Software                                             ) C:\Users\Steinmetzer\Downloads\FarmingSimulator2013Patch2.0DE_PublicBeta2 (1).exe

2013-08-10 14:38 - 2013-08-10 14:41 - 00009551 _____ C:\Users\Steinmetzer\Downloads\FarmingSimulator2013Patch2.0DE_PublicBeta2.exe

2013-08-07 23:53 - 2013-08-12 18:50 - 00000000 ___RD C:\Users\Steinmetzer\Desktop\,

2013-08-05 16:10 - 2013-08-05 16:13 - 37949670 _____ C:\Users\Steinmetzer\Downloads\fendt13bbgreen.rar

2013-07-31 22:38 - 2013-07-31 22:38 - 00003142 _____ C:\Windows\System32\Tasks\{A2DB886C-B0C6-4D79-B64F-8DDF8A759933}

2013-07-31 22:27 - 2013-07-31 22:36 - 108422648 _____ C:\Users\Steinmetzer\Downloads\avira_free_antivirus884_de.exe

2013-07-31 21:14 - 2013-07-31 21:14 - 00181452 _____ C:\Users\STEINM~1\AppData\Local\9f2c10a0-f56c-464d-b90f-23109eb5be53

2013-07-28 23:11 - 2013-07-28 23:12 - 11342986 _____ C:\Users\Steinmetzer\Downloads\zuerst_entpacken (1).zip

2013-07-28 23:09 - 2013-07-28 23:09 - 05122685 _____ C:\Users\Steinmetzer\Downloads\Holaras_Schild_ENTPACKEN.rar

2013-07-20 21:27 - 2013-07-20 21:27 - 00000000 ____D C:\Games

2013-07-18 11:09 - 2013-07-18 11:11 - 00000000 ____D C:\Windows\system32\MRT

2013-07-14 22:44 - 2013-07-14 22:46 - 18496415 _____ C:\Users\Steinmetzer\Downloads\Lexion 550 UNPACK ME V2.5.rar
 

==================== One Month Modified Files and Folders =======
 

2013-08-13 21:09 - 2012-09-12 21:26 - 00000000 ____D C:\Users\Steinmetzer\AppData\Roaming\Spotify

2013-08-13 21:09 - 2011-10-23 20:15 - 00000000 ____D C:\Users\Steinmetzer\AppData\Roaming\Skype

2013-08-13 21:07 - 2013-02-03 14:00 - 00000000 ___RD C:\Users\Steinmetzer\Dropbox

2013-08-13 21:07 - 2013-02-03 13:54 - 00000000 ____D C:\Users\Steinmetzer\AppData\Roaming\Dropbox

2013-08-13 21:06 - 2012-10-24 19:47 - 00001116 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2013-08-13 21:06 - 2011-12-30 02:47 - 00000000 ____D C:\Program Files (x86)\Steam

2013-08-13 21:05 - 2013-01-30 16:58 - 00005534 _____ C:\Windows\setupact.log

2013-08-13 21:05 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2013-08-13 21:04 - 2011-04-16 04:01 - 01568911 _____ C:\Windows\WindowsUpdate.log

2013-08-13 21:04 - 2011-01-10 02:49 - 21719278 _____ C:\Windows\system32\perfh007.dat

2013-08-13 21:04 - 2011-01-10 02:49 - 06994182 _____ C:\Windows\system32\perfc007.dat

2013-08-13 21:04 - 2009-07-14 07:13 - 00006678 _____ C:\Windows\system32\PerfStringBackup.INI

2013-08-13 21:04 - 2009-07-14 06:45 - 00023024 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-08-13 21:04 - 2009-07-14 06:45 - 00023024 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-08-13 21:02 - 2013-08-13 21:02 - 00027798 _____ C:\ComboFix.txt

2013-08-13 21:02 - 2013-08-13 20:42 - 00000000 ____D C:\Qoobox

2013-08-13 21:01 - 2013-08-13 20:42 - 00000000 ____D C:\Windows\erdnt

2013-08-13 21:01 - 2011-09-15 13:21 - 00000000 ___RD C:\Users\Steinmetzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

2013-08-13 20:57 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini

2013-08-13 20:55 - 2013-02-03 19:29 - 00118478 _____ C:\Windows\PFRO.log

2013-08-13 20:40 - 2013-08-13 20:40 - 05103833 ____R (Swearware) C:\Users\Steinmetzer\Desktop\ComboFix.exe

2013-08-13 20:34 - 2013-08-13 20:34 - 00010773 _____ C:\AdwCleaner[S1].txt

2013-08-13 20:32 - 2013-08-13 20:32 - 00666633 _____ C:\Users\Steinmetzer\Desktop\adwcleaner.exe

2013-08-13 20:20 - 2013-08-13 20:20 - 00036544 _____ C:\Users\Steinmetzer\Desktop\Addition.txt

2013-08-13 18:54 - 2011-11-02 23:13 - 00000356 _____ C:\Windows\Tasks\HPCeeScheduleForSteinmetzer.job

2013-08-13 18:47 - 2013-03-13 18:20 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-08-13 18:47 - 2012-10-24 19:47 - 00001120 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2013-08-13 18:47 - 2011-09-20 20:44 - 00000952 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1421421367-465013136-1781341850-1001UA.job

2013-08-13 18:47 - 2011-09-20 20:44 - 00000930 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1421421367-465013136-1781341850-1001Core.job

2013-08-12 18:53 - 2011-10-29 20:09 - 00000000 ____D C:\Users\Steinmetzer\AppData\Roaming\TS3Client

2013-08-12 18:53 - 2011-09-21 19:23 - 00000000 ____D C:\Users\STEINM~1\AppData\Local\CrashDumps

2013-08-12 18:51 - 2012-10-21 20:54 - 00000000 ____D C:\Users\STEINM~1\AppData\Local\TeamSpeak 3 Client

2013-08-12 18:50 - 2013-08-07 23:53 - 00000000 ___RD C:\Users\Steinmetzer\Desktop\,

2013-08-12 18:32 - 2012-09-12 21:27 - 00000000 ____D C:\Users\STEINM~1\AppData\Local\Spotify

2013-08-10 15:11 - 2012-10-24 20:40 - 00000000 ____D C:\Program Files (x86)\Landwirtschafts Simulator 2013

2013-08-10 15:10 - 2013-08-10 15:00 - 139145504 _____ (GIANTS Software                                             ) C:\Users\Steinmetzer\Downloads\FarmingSimulator2013Patch2.0DE_PublicBeta2 (1).exe

2013-08-10 14:41 - 2013-08-10 14:38 - 00009551 _____ C:\Users\Steinmetzer\Downloads\FarmingSimulator2013Patch2.0DE_PublicBeta2.exe

2013-08-09 12:54 - 2011-11-02 23:13 - 00003222 _____ C:\Windows\System32\Tasks\HPCeeScheduleForSteinmetzer

2013-08-08 00:04 - 2013-02-03 14:00 - 00001036 _____ C:\Users\Steinmetzer\Desktop\Dropbox.lnk

2013-08-08 00:04 - 2013-02-03 13:58 - 00000000 ____D C:\Users\Steinmetzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

2013-08-07 21:12 - 2011-10-05 21:25 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log

2013-08-05 16:13 - 2013-08-05 16:10 - 37949670 _____ C:\Users\Steinmetzer\Downloads\fendt13bbgreen.rar

2013-08-05 12:31 - 2011-12-24 21:37 - 00000000 ____D C:\Users\Steinmetzer\AppData\Roaming\.minecraft

2013-08-02 22:53 - 2012-03-14 20:03 - 00000000 ____D C:\Program Files (x86)\Google

2013-07-31 22:38 - 2013-07-31 22:38 - 00003142 _____ C:\Windows\System32\Tasks\{A2DB886C-B0C6-4D79-B64F-8DDF8A759933}

2013-07-31 22:36 - 2013-07-31 22:27 - 108422648 _____ C:\Users\Steinmetzer\Downloads\avira_free_antivirus884_de.exe

2013-07-31 22:20 - 2011-09-15 13:12 - 00000000 ____D C:\Users\Steinmetzer

2013-07-31 22:20 - 2009-07-14 06:45 - 00417384 _____ C:\Windows\system32\FNTCACHE.DAT

2013-07-31 22:19 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender

2013-07-31 22:19 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender

2013-07-31 22:18 - 2012-01-01 23:05 - 00000000 ____D C:\Users\Mcx1-MARIUS-HP

2013-07-31 22:16 - 2013-03-14 15:21 - 00000000 ____D C:\Program Files\Microsoft Silverlight

2013-07-31 22:16 - 2013-03-14 15:21 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight

2013-07-31 22:16 - 2011-09-16 09:21 - 00000000 ____D C:\ProgramData\Avira

2013-07-31 22:16 - 2011-09-16 09:21 - 00000000 ____D C:\Program Files (x86)\Avira

2013-07-31 22:16 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared

2013-07-31 22:14 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration

2013-07-31 21:14 - 2013-07-31 21:14 - 00181452 _____ C:\Users\STEINM~1\AppData\Local\9f2c10a0-f56c-464d-b90f-23109eb5be53

2013-07-28 23:12 - 2013-07-28 23:11 - 11342986 _____ C:\Users\Steinmetzer\Downloads\zuerst_entpacken (1).zip

2013-07-28 23:09 - 2013-07-28 23:09 - 05122685 _____ C:\Users\Steinmetzer\Downloads\Holaras_Schild_ENTPACKEN.rar

2013-07-23 10:04 - 2012-11-03 17:20 - 00000000 ____D C:\Users\STEINM~1\AppData\Local\Paint.NET

2013-07-20 21:27 - 2013-07-20 21:27 - 00000000 ____D C:\Games

2013-07-18 11:11 - 2013-07-18 11:09 - 00000000 ____D C:\Windows\system32\MRT

2013-07-14 22:46 - 2013-07-14 22:44 - 18496415 _____ C:\Users\Steinmetzer\Downloads\Lexion 550 UNPACK ME V2.5.rar

2013-07-14 01:47 - 2012-11-14 21:32 - 00000000 ____D C:\Users\Steinmetzer\Documents\Neuer Ordner
 

==================== Bamital & volsnap Check =================
 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 

LastRegBack: 2013-08-08 01:03
 

==================== End Of Log ============================

--- --- ---

Mfg. Marius