| pascal1994 | 03.09.2013 18:41 |
AdwCleaner : Code:
# AdwCleaner v3.002 - Bericht erstellt am 03/09/2013 um 19:01:51
# Updated 01/09/2013 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzername : noli - PASCAL-PC
# Gestartet von : C:\Users\noli\Desktop\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\Babylon
[!] Ordner Gelöscht : C:\ProgramData\Browser Manager
Ordner Gelöscht : C:\ProgramData\clsoft ltd
Ordner Gelöscht : C:\ProgramData\ICQ\ICQToolbar
Ordner Gelöscht : C:\ProgramData\Premium
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeyDownload
Ordner Gelöscht : C:\Program Files\1ClickDownload
Ordner Gelöscht : C:\Program Files\BrowserCompanion
Ordner Gelöscht : C:\Program Files\KeyDownload-Addon
Ordner Gelöscht : C:\Program Files\TornTV.com
Ordner Gelöscht : C:\Windows\assembly\GAC_MSIL\QuickStoresToolbar
Ordner Gelöscht : C:\Windows\system32\WNLT
Ordner Gelöscht : C:\Users\noli\AppData\Local\AskToolbar
Ordner Gelöscht : C:\Users\noli\AppData\Local\cre
Ordner Gelöscht : C:\Users\noli\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\noli\AppData\Local\SwvUpdater
Ordner Gelöscht : C:\Users\noli\AppData\Local\Temp\OCS
Ordner Gelöscht : C:\Users\noli\AppData\LocalLow\BabylonToolbar
Ordner Gelöscht : C:\Users\noli\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\noli\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\noli\AppData\Roaming\BrowserCompanion
Ordner Gelöscht : C:\Users\noli\AppData\Roaming\DesktopIconForAmazon
Ordner Gelöscht : C:\Users\noli\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\noli\AppData\Roaming\file scout
Ordner Gelöscht : C:\Users\noli\AppData\Roaming\OneTab
Ordner Gelöscht : C:\Users\noli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com
Ordner Gelöscht : C:\Program Files\Mozilla Firefox\Extensions\quickstores@quickstores.de
Ordner Gelöscht : C:\Users\noli\AppData\Local\Google\Chrome\User Data\Default\Extensions\bicnnkjibmphdeigoodpjlcklcnaobdj
Ordner Gelöscht : C:\Users\noli\AppData\Local\Google\Chrome\User Data\Default\Extensions\bodddioamolcibagionmmobehnbhiakf
Datei Gelöscht : C:\Users\noli\AppData\Roaming\Microsoft\Windows\Start Menu\QuickStores.url
Datei Gelöscht : C:\Users\noli\AppData\Roaming\Microsoft\Windows\Start Menu\Startfenster.lnk
Datei Gelöscht : C:\Program Files\Mozilla Firefox\searchplugins\Babylon.xml
Datei Gelöscht : C:\Windows\Tasks\AmiUpdXp.job
Datei Gelöscht : C:\Windows\System32\Tasks\AmiUpdXp
Datei Gelöscht : C:\Windows\System32\Tasks\Browser Manager
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\bicnnkjibmphdeigoodpjlcklcnaobdj
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\bodddioamolcibagionmmobehnbhiakf
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AmiUpdXp
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1AD58865-1C62-4E0A-BBB9-35FD8D61D429}
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1AD58865-1C62-4E0A-BBB9-35FD8D61D429}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Main [BrowserMngr Start Page]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [BrowserMngrDefaultScope]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\ICQ Service.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\KeyDownload.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ICQToolBar.IEHook
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ICQToolBar.IEHook.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\oneclick
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\oneclickmg
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Updater.AmiUpd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Updater.AmiUpd.1
Schlüssel Gelöscht : HKCU\Software\592de8cbd35b840
Schlüssel Gelöscht : HKLM\SOFTWARE\592de8cbd35b840
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{5D723752-5899-47E8-99B4-62C824EF9E13}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C2178B36-2955-479B-818C-A2AE8E500454}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{0C9F4179-6CE2-4C6A-A3E5-67FF3592A12E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{16ADEA98-D215-4F51-80AF-5E5ED660B9C0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C1EA4179-A319-4C6A-A3E5-67FF3592A12E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7DDBC31B-22BD-4BBD-9F65-E8623814F3BB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{16ADEA98-D215-4F51-80AF-5E5ED660B9C0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1EA4179-A319-4C6A-A3E5-67FF3592A12E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00CBB66B-1D3B-46D3-9577-323A336ACB50}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0C9F4179-6CE2-4C6A-A3E5-67FF3592A12E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{16ADEA98-D215-4F51-80AF-5E5ED660B9C0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{963B125B-8B21-49A2-A3A8-E37092276531}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1EA4179-A319-4C6A-A3E5-67FF3592A12E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00CBB66B-1D3B-46D3-9577-323A336ACB50}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0C9F4179-6CE2-4C6A-A3E5-67FF3592A12E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{16ADEA98-D215-4F51-80AF-5E5ED660B9C0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{963B125B-8B21-49A2-A3A8-E37092276531}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1EA4179-A319-4C6A-A3E5-67FF3592A12E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4B71-B0A3-3D82E62A6909}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Schlüssel Gelöscht : HKCU\Software\1ClickDownload
Schlüssel Gelöscht : HKCU\Software\BabSolution
Schlüssel Gelöscht : HKCU\Software\BFlix
Schlüssel Gelöscht : HKCU\Software\BrowserCompanion
Schlüssel Gelöscht : HKCU\Software\BrowserMngr
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\DataMngr
[#] Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\filescout
Schlüssel Gelöscht : HKCU\Software\ICQ\ICQToolbar
Schlüssel Gelöscht : HKCU\Software\IM
Schlüssel Gelöscht : HKCU\Software\ImInstaller
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\PrivitizeVPNInstallDates
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\StartSearch
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\SProtector
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\Software\BFlix
Schlüssel Gelöscht : HKLM\Software\BrowserMngr
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\eRightSoft\OpenCandy
Schlüssel Gelöscht : HKLM\Software\ICQ\ICQToolbar
Schlüssel Gelöscht : HKLM\Software\KeyDownload
Schlüssel Gelöscht : HKLM\Software\SP Global
Schlüssel Gelöscht : HKLM\Software\SProtector
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BFlix
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KeyDownload
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BFlix
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\KeyDownload
Produkt Gelöscht : Google Update Helper
***** [ Browser ] *****
-\\ Internet Explorer v9.0.8112.16502
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [BrowserMngr Start Page]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]
-\\ Mozilla Firefox v
-\\ Google Chrome v
[ Datei : C:\Users\noli\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [13403 octets] - [03/09/2013 19:01:14]
AdwCleaner[S0].txt - [12917 octets] - [03/09/2013 19:01:51]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [12978 octets] ##########
Combo Fix Code:
ComboFix 13-09-02.02 - noli 03.09.2013 19:15:03.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3066.1607 [GMT 2:00]
ausgeführt von:: c:\users\noli\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
ADS - Windows: deleted 24 bytes in 1 streams.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\noli\AppData\Local\fjbmfxb.dat
c:\users\noli\AppData\Local\fjbmfxb_nav.dat
c:\users\noli\AppData\Local\fjbmfxb_navps.dat
c:\users\noli\AppData\Roaming\.#
c:\users\noli\AppData\Roaming\AcroIEHelpe.txt
c:\users\noli\AppData\Roaming\Google Talk
c:\users\noli\AppData\Roaming\Microsoft\Windows\Recent\desktop_15847540.ico
c:\users\noli\AppData\Roaming\srvblck2.tmp
c:\users\noli\AppData\Roaming\system32
c:\users\noli\AppData\Roaming\winupdate
c:\windows\PFRO.log
c:\windows\security\Database\tmp.edb
c:\windows\system32\cnmA825.tmp
c:\windows\system32\frapsvid.dll
c:\windows\system32\tmp3C26.tmp
c:\windows\system32\tmp3C56.tmp
D:\install.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-08-03 bis 2013-09-03 ))))))))))))))))))))))))))))))
.
.
2013-09-03 17:24 . 2013-09-03 17:28 -------- d-----w- c:\users\noli\AppData\Local\temp
2013-09-03 17:00 . 2013-09-03 17:02 -------- d-----w- C:\AdwCleaner
2013-08-28 18:17 . 2013-08-02 04:09 1548288 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-08-18 01:37 . 2013-08-18 01:40 -------- d-----w- c:\windows\system32\MRT
2013-08-17 17:20 . 2013-06-15 13:22 15872 ----a-w- c:\windows\system32\icaapi.dll
2013-08-17 17:20 . 2013-06-15 11:23 24064 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
2013-08-17 17:20 . 2013-07-05 04:53 905664 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-08-17 17:20 . 2013-07-17 19:41 2048 ----a-w- c:\windows\system32\tzres.dll
2013-08-17 17:19 . 2013-07-10 09:47 783360 ----a-w- c:\windows\system32\rpcrt4.dll
2013-08-17 17:19 . 2013-07-08 04:55 3551680 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-08-17 17:19 . 2013-07-09 12:10 1205168 ----a-w- c:\windows\system32\ntdll.dll
2013-08-17 17:19 . 2013-07-08 04:55 3603904 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-08-17 17:19 . 2013-07-08 04:16 992768 ----a-w- c:\windows\system32\crypt32.dll
2013-08-17 17:19 . 2013-07-08 04:20 172544 ----a-w- c:\windows\system32\wintrust.dll
2013-08-17 17:19 . 2013-07-08 04:16 98304 ----a-w- c:\windows\system32\cryptnet.dll
2013-08-17 17:19 . 2013-07-08 04:16 133120 ----a-w- c:\windows\system32\cryptsvc.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-06 07:28 . 2013-09-03 16:26 7166848 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{168195EC-3F43-42B9-B9B6-C3502F00981C}\mpengine.dll
2013-06-23 01:24 . 2012-02-27 20:53 139832 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2013-06-23 01:23 . 2012-02-27 20:53 281768 ----a-w- c:\windows\system32\PnkBstrB.exe
2013-06-23 01:23 . 2011-07-11 14:00 281768 ----a-w- c:\windows\system32\PnkBstrB.xtr
2013-06-23 01:23 . 2012-02-27 20:53 271200 ----a-w- c:\windows\system32\PnkBstrB.ex0
2013-06-11 20:06 . 2012-12-01 01:43 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-06-11 20:06 . 2011-05-24 04:56 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-17 68856]
"Spotify Web Helper"="c:\users\noli\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-07-04 1104384]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2012-11-06 3673728]
"icq"="c:\users\noli\AppData\Roaming\ICQM\icq.exe" [2013-01-10 26606072]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2013-02-04 3093624]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-06-03 19603048]
"Spotify"="c:\users\noli\AppData\Roaming\Spotify\Spotify.exe" [2013-07-04 4640768]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-11-28 417792]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-03 281768]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"PrivitizeVPN"="c:\program files\PrivitizeVPN\PrivitizeVPN.exe" [2013-03-27 196784]
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2009-01-29 57344]
"RoccatKoneXTD"="c:\program files\ROCCAT\Kone XTD Mouse\KoneXTDMonitor.EXE" [2012-11-30 558944]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
SetPointII.lnk - c:\program files\Logitech\SetPoint II\SetpointII.exe [2009-7-21 323584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\spba]
2009-05-28 12:27 568072 ----a-w- c:\program files\Common Files\SPBA\homefus2.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2012-11-06 10:46 3673728 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2013-06-03 14:27 19603048 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2013-06-06 22:06 1641896 ----a-w- d:\steam\Steam.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
"Sidebar"=c:\program files\Windows Sidebar\sidebar.exe /autoRun
"RGSC"=c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
"Microsoft® Windows® Operating System"=c:\users\noli\AppData\Local\Temp\System\audiodgi.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"eDataSecurity Loader"=c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
"Windows Mobile-based device management"=%WINDIR%\WindowsMobile\wmdcBase.exe
"Launch LCore"=c:\program files\Logitech Gaming Software\LCore.exe /minimized
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2013-09-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-01 13:05]
.
2013-09-01 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-17 19:18]
.
2013-09-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-05 11:25]
.
2013-09-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-05 11:25]
.
2013-09-03 c:\windows\Tasks\User_Feed_Synchronization-{554606CE-D107-4EE5-AABB-1AF42D0B6EE7}.job
- c:\windows\system32\msfeedssync.exe [2012-02-24 02:02]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Alles mit FDM herunterladen - file://c:\program files\Free Download Manager\dlall.htm
IE: Auswahl mit FDM herunterladen - file://c:\program files\Free Download Manager\dlselected.htm
IE: Datei mit FDM herunterladen - file://c:\program files\Free Download Manager\dllink.htm
IE: Free YouTube to MP3 Converter - c:\users\noli\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Videos mit FDM herunterladen - file://c:\program files\Free Download Manager\dlfvideo.htm
TCP: DhcpNameServer = 192.168.1.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-blank - c:\users\noli\AppData\Roaming\update.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-LogMeIn Hamachi Ui - c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
HKLM_ActiveSetup-blank - c:\users\noli\AppData\Roaming\update.exe
AddRemove-OneTab - c:\users\noli\AppData\Roaming\OneTab\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2013-09-03 19:28
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WMP11.AssocFile.ASF"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WMP11.AssocFile.ASX"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WMP11.AssocFile.AU"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WMP11.AssocFile.avi"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WMP11.AssocFile.CDA"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1v\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2v\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WMP11.AssocFile.M3U"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mod\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WMP11.AssocFile.MP3"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpe\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WMP11.AssocFile.AU"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WMP11.AssocFile.WAV"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WMP11.AssocFile.WAX"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WMP11.AssocFile.ASF"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WMP11.AssocFile.WMA"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WMP11.AssocFile.WMD"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WMP11.AssocFile.WMS"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WMP11.AssocFile.WMV"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WMP11.AssocFile.ASX"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WMP11.AssocFile.WMZ"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WMP11.AssocFile.WPL"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WMP11.AssocFile.WVX"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-592751880-1825424791-3935690576-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:25,8e,1a,d7,e4,0b,72,01,39,9b,a9,aa,8e,38,32,f5,a0,72,92,00,45,bd,d7,
5e,16,cf,57,b1,ad,90,fc,5c,3c,21,46,6c,0d,b1,e0,46,8c,3b,58,a7,6c,ff,4c,75,\
"??"=hex:a1,5e,47,db,25,65,bb,27,8b,92,55,34,10,3f,d9,49
.
[HKEY_USERS\S-1-5-21-592751880-1825424791-3935690576-1000\Software\SecuROM\License information*]
"datasecu"=hex:a2,24,3f,2b,99,22,29,47,c0,79,fe,f7,15,ff,b6,b1,4e,33,31,46,63,
0a,32,0e,d0,d9,94,75,53,d2,06,77,48,14,50,ec,a7,bf,ba,fb,08,63,1d,93,10,cc,\
"rkeysecu"=hex:bc,f8,bb,be,c0,c8,fc,2b,2d,a7,28,8a,a3,c9,75,cd
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Avira\AntiVir Desktop\sched.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\SPBA\upeksvr.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
c:\program files\Acer\Empowering Technology\Service\ETService.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\hasplms.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\acer\Mobility Center\MobilityService.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\DRIVERS\xaudio.exe
c:\windows\System32\WUDFHost.exe
c:\program files\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\conime.exe
c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
c:\program files\TuneUp Utilities 2013\OneClick.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-09-03 19:35:27 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2013-09-03 17:35
.
Vor Suchlauf: 2.183.901.184 Bytes frei
Nach Suchlauf: 4.661.956.608 Bytes frei
.
- - End Of File - - F99FAB9E2C3687838DEB51FC3CF0A8B6
BB9D3A6A13C5010348DA7C900BB6AF50
FRST :
FRST Logfile:
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-09-2013 02
Ran by noli (administrator) on PASCAL-PC on 03-09-2013 19:39:56
Running from C:\Users\noli\Desktop
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Avira GmbH) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(UPEK Inc.) C:\Program Files\Common Files\SPBA\upeksvr.exe
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
(Avira GmbH) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Egis Incorporated) C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
() C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
(Avira GmbH) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Aladdin Knowledge Systems Ltd.) C:\Windows\system32\hasplms.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
() C:\Acer\Mobility Center\MobilityService.exe
() C:\Windows\system32\PnkBstrA.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Conexant Systems, Inc.) C:\Windows\system32\DRIVERS\xaudio.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Windows\system32\conime.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2013\OneClick.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Microsoft Corporation) C:\Windows\system32\wuauclt.exe
(Opera Software) C:\Program Files\Opera\opera.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [PLFSetI] - C:\Windows\PLFSetI.exe [200704 2007-10-23] ()
HKLM\...\Run: [ePower_DMC] - C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe [417792 2008-11-28] (Acer Inc.)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [281768 2010-11-03] (Avira GmbH)
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] - C:\Windows\KHALMNPR.EXE [55824 2009-06-17] (Logitech, Inc.)
HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [PrivitizeVPN] - C:\Program Files\PrivitizeVPN\PrivitizeVPN.exe [196784 2013-03-27] (OOO Industry)
HKLM\...\Run: [CloneCDTray] - C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe [57344 2009-01-30] (SlySoft, Inc.)
HKLM\...\Run: [RoccatKone+] - C:\Program Files\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.EXE [552960 2011-07-12] (ROCCAT GmbH)
HKLM\...\Run: [RoccatKoneXTD] - C:\Program Files\ROCCAT\Kone XTD Mouse\KoneXTDMonitor.EXE [558944 2012-11-30] (ROCCAT GmbH)
Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll [X]
HKLM\...\Policies\Explorer: [NoDrives] 0
HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKCU\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [68856 2009-03-17] (Google Inc.)
HKCU\...\Run: [Spotify Web Helper] - C:\Users\noli\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1104384 2013-07-04] (Spotify Ltd)
HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files\DAEMON Tools Lite\DTLite.exe [3673728 2012-11-06] (DT Soft Ltd)
HKCU\...\Run: [icq] - C:\Users\noli\AppData\Roaming\ICQM\icq.exe [26606072 2013-01-11] (ICQ)
HKCU\...\Run: [Pando Media Booster] - C:\Program Files\Pando Networks\Media Booster\PMB.exe [3093624 2013-02-04] ()
HKCU\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [19603048 2013-06-03] (Skype Technologies S.A.)
HKCU\...\Run: [Spotify] - C:\Users\noli\AppData\Roaming\Spotify\Spotify.exe [4640768 2013-07-04] (Spotify Ltd)
HKCU\...\Policies\system: [LogonHoursAction] 2
HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKCU\...\Policies\Explorer: [NoDrives] 0
HKU\Default\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2009-04-11] (Microsoft Corporation)
HKU\Default\...\Run: [ProductReg] - C:\Program Files\Acer\WR_PopUp\ProductReg.exe [ 2008-11-17] (Acer)
HKU\Default\...\RunOnce: [AcerScrSav] - C:\Windows\Acer\run_NB.exe [ 2007-08-21] ()
HKU\Default User\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2009-04-11] (Microsoft Corporation)
HKU\Default User\...\Run: [ProductReg] - C:\Program Files\Acer\WR_PopUp\ProductReg.exe [ 2008-11-17] (Acer)
HKU\Default User\...\RunOnce: [AcerScrSav] - C:\Windows\Acer\run_NB.exe [ 2007-08-21] ()
HKU\TEMP\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2009-04-11] (Microsoft Corporation)
HKU\TEMP\...\Run: [ProductReg] - C:\Program Files\Acer\WR_PopUp\ProductReg.exe [ 2008-11-17] (Acer)
HKU\TEMP\...\RunOnce: [AcerScrSav] - C:\Windows\Acer\run_NB.exe [ 2007-08-21] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SetPointII.lnk
ShortcutTarget: SetPointII.lnk -> C:\Program Files\Logitech\SetPoint II\SetpointII.exe (Logitech Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {3298200A-1465-40F2-82CB-5BB005F4249D} URL = ${SEARCH_URL}{searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {3298200A-1465-40F2-82CB-5BB005F4249D} URL = hxxp://search.babylon.com/?q={searchTerms}&affID=114435&tt=120912_cpc_3712_1&babsrc=SP_ss&mntrId=240e99d1000000000000001d72ee7cfc
SearchScopes: HKCU - {EA7D3F39-CBE6-42E3-BAF5-7DEDD8860C77} URL = hxxp://www.mysearchresults.com/search?&c=4002&t=10&q={searchTerms}
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKCU -No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=1.6.0_33 - C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @ngm.nexoneu.com/NxGame - C:\ProgramData\NexonEU\NGM\npNxGameeu.dll No File
FF Plugin: @pack.google.com/Google Updater;version=14 - C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Extension: No Name - C:\Users\noli\AppData\Roaming\Mozilla\Firefox\profiles\extensions\extensions
FF Extension: No Name - C:\Users\noli\AppData\Roaming\Mozilla\Firefox\profiles\extensions\extensions.sqlite
FF Extension: trtv3 - C:\Users\noli\AppData\Roaming\Mozilla\Firefox\profiles\extensions\trtv3@trtv.com.xpi
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKCU\...\Firefox\Extensions: [{E5886C91-CDD7-4832-B32D-0830705A9C60}] C:\Users\noli\AppData\Roaming\5014
FF Extension: Java String Helper - C:\Users\noli\AppData\Roaming\5014
FF HKCU\...\Firefox\Extensions: [{184AA5E6-741D-464a-820E-94B3ABC2F3B4}] C:\Users\noli\AppData\Roaming\5015
FF Extension: Java String Helper - C:\Users\noli\AppData\Roaming\5015
FF HKCU\...\Firefox\Extensions: [onetab@onetab.net] C:\Users\noli\AppData\Roaming\OneTab\xpi
Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR HKLM\...\Chrome\Extension: [cbnocfnjkmlljbfgpkbhefnlpbiemhif] - C:\Users\noli\AppData\Roaming\OneTab\OneTab.crx
CHR HKLM\...\Chrome\Extension: [engeblojhfeingnjnfpiceofljnjpldp] - C:\Users\noli\AppData\Local\CRE\engeblojhfeingnjnfpiceofljnjpldp.crx
CHR HKLM\...\Chrome\Extension: [jlfihafpijfdgmojeeigcldgchhojpfp] - C:\Program Files\BFlix\BFlix.crx
========================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [136360 2011-04-27] (Avira GmbH)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [269480 2011-06-28] (Avira GmbH)
R2 ETService; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [24576 2008-11-28] ()
R2 hasplms; C:\Windows\system32\hasplms.exe [2869760 2009-04-21] (Aladdin Knowledge Systems Ltd.)
R2 MobilityService; C:\Acer\Mobility Center\MobilityService.exe [110592 2007-12-06] ()
R2 nvUpdatusService; C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2253120 2011-10-15] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76888 2012-05-15] ()
R2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe [1723744 2012-11-29] (TuneUp Software)
==================== Drivers (Whitelisted) ====================
R2 aksfridge; C:\Windows\system32\drivers\aksfridge.sys [352256 2009-01-16] (Aladdin Knowledge Systems Ltd.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [66616 2011-06-28] (Avira GmbH)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [138192 2011-06-28] (Avira GmbH)
R0 CLFS; C:\Windows\System32\CLFS.sys [245736 2009-04-11] (Microsoft Corporation)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2012-11-24] (DT Soft Ltd)
R3 ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [34760 2007-02-16] (SlySoft, Inc.)
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [24232 2009-02-17] (Elaborate Bytes AG)
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [587776 2009-07-09] (Aladdin Knowledge Systems Ltd.)
R3 hidshim; C:\Windows\System32\DRIVERS\hidshim.sys [5632 2008-10-08] (Windows (R) Codename Longhorn DDK provider)
R2 int15; C:\Windows\system32\drivers\int15.sys [69632 2008-03-12] ()
S3 LADF_CaptureOnly; C:\Windows\System32\DRIVERS\ladfGSCi386.sys [378568 2011-04-11] (Logitech)
S3 LADF_DHP2; C:\Windows\System32\DRIVERS\ladfDHP2i386.sys [53976 2010-09-29] (Logitech)
S3 LADF_RenderOnly; C:\Windows\System32\DRIVERS\ladfGSRi386.sys [317384 2011-04-11] (Logitech)
S3 LADF_SBVM; C:\Windows\System32\DRIVERS\ladfSBVMi386.sys [335064 2010-09-29] (Logitech)
R3 LGBusEnum; C:\Windows\System32\drivers\LGBusEnum.sys [19720 2009-11-24] (Logitech Inc.)
S3 LGVirHid; C:\Windows\System32\drivers\LGVirHid.sys [14856 2009-11-24] (Logitech Inc.)
R3 nuvotonhidgeneric; C:\Windows\System32\DRIVERS\nuvotonhidgeneric.sys [22528 2008-10-08] (Nuvoton Technology Corporation)
S3 SCREAMINGBDRIVER; C:\Windows\System32\drivers\ScreamingBAudio.sys [34896 2010-07-01] (Screaming Bee LLC)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [466008 2012-11-23] (Duplex Secure Ltd.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2009-05-11] (Avira GmbH)
R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys [10088 2012-11-16] (TuneUp Software)
S3 USB_RNDIS; C:\Windows\System32\DRIVERS\usb8023.sys [15872 2013-02-12] (Microsoft Corporation)
R3 VCSVADHWSer; C:\Windows\System32\DRIVERS\vcsvad.sys [17792 2008-12-26] (Avnex)
S3 WSVD; C:\Windows\system32\drivers\WSVD.sys [81704 2008-05-26] (CyberLink)
S3 xnacc; C:\Windows\System32\DRIVERS\xnacc.sys [521216 2008-01-21] (Microsoft Corporation)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
R3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys [x]
S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 nmwcd; system32\drivers\ccdcmb.sys [x]
S3 nmwcdc; system32\drivers\ccdcmbo.sys [x]
S3 nmwcdnsu; system32\drivers\nmwcdnsu.sys [x]
S3 nmwcdnsuc; system32\drivers\nmwcdnsuc.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 upperdev; system32\DRIVERS\usbser_lowerflt.sys [x]
S3 UsbserFilt; system32\DRIVERS\usbser_lowerfltj.sys [x]
S3 WDC_SAM; system32\DRIVERS\wdcsam.sys [x]
S3 WisINT15; \??\C:\Elements\1stboot\WisINT15.SYS [x]
U3 mbr; \??\C:\Users\noli\AppData\Local\Temp\mbr.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-09-03 19:35 - 2013-09-03 19:35 - 00019606 _____ C:\ComboFix.txt
2013-09-03 19:12 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-09-03 19:12 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-09-03 19:12 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-09-03 19:12 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-09-03 19:12 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-09-03 19:12 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-09-03 19:12 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-09-03 19:12 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-09-03 19:11 - 2013-09-03 19:35 - 00000000 ____D C:\Qoobox
2013-09-03 19:10 - 2013-09-03 19:34 - 00000000 ____D C:\Windows\erdnt
2013-09-03 19:00 - 2013-09-03 19:02 - 00000000 ____D C:\AdwCleaner
2013-09-03 18:42 - 2013-09-03 18:42 - 01084573 _____ (Farbar) C:\Users\noli\Desktop\FRST.exe
2013-08-28 20:17 - 2013-08-02 06:09 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-18 03:37 - 2013-08-18 03:40 - 00000000 ____D C:\Windows\system32\MRT
2013-08-18 03:05 - 2013-07-25 04:40 - 12334080 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-18 03:05 - 2013-07-25 04:32 - 01800704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-18 03:05 - 2013-07-25 04:30 - 09738752 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-18 03:05 - 2013-07-25 04:26 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-18 03:05 - 2013-07-25 04:26 - 01104384 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-18 03:05 - 2013-07-25 04:25 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-08-18 03:05 - 2013-07-25 04:24 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-08-18 03:05 - 2013-07-25 04:24 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-18 03:05 - 2013-07-25 04:23 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-18 03:05 - 2013-07-25 04:23 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-18 03:05 - 2013-07-25 04:23 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-18 03:05 - 2013-07-25 04:23 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-08-18 03:05 - 2013-07-25 04:23 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-08-18 03:05 - 2013-07-25 04:22 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-18 03:05 - 2013-07-25 04:22 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-18 03:05 - 2013-07-25 04:22 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-08-17 19:20 - 2013-07-17 21:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-17 19:20 - 2013-07-05 06:53 - 00905664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-17 19:20 - 2013-06-15 15:22 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll
2013-08-17 19:20 - 2013-06-15 13:23 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-17 19:19 - 2013-07-10 11:47 - 00783360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-17 19:19 - 2013-07-09 14:10 - 01205168 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-17 19:19 - 2013-07-08 06:55 - 03603904 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2013-08-17 19:19 - 2013-07-08 06:55 - 03551680 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-17 19:19 - 2013-07-08 06:20 - 00172544 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-17 19:19 - 2013-07-08 06:16 - 00992768 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-17 19:19 - 2013-07-08 06:16 - 00133120 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-17 19:19 - 2013-07-08 06:16 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
==================== One Month Modified Files and Folders =======
2013-09-03 19:40 - 2009-07-01 21:56 - 00000430 ____H C:\Windows\Tasks\User_Feed_Synchronization-{554606CE-D107-4EE5-AABB-1AF42D0B6EE7}.job
2013-09-03 19:37 - 2009-01-16 17:51 - 01597784 _____ C:\Windows\WindowsUpdate.log
2013-09-03 19:35 - 2013-09-03 19:35 - 00019606 _____ C:\ComboFix.txt
2013-09-03 19:35 - 2013-09-03 19:11 - 00000000 ____D C:\Qoobox
2013-09-03 19:35 - 2006-11-02 13:18 - 00000000 __RHD C:\Users\Default
2013-09-03 19:35 - 2006-11-02 13:18 - 00000000 ___RD C:\Users\Public
2013-09-03 19:34 - 2013-09-03 19:10 - 00000000 ____D C:\Windows\erdnt
2013-09-03 19:34 - 2006-11-02 12:33 - 00005780 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-03 19:27 - 2010-06-05 13:26 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-03 19:27 - 2009-01-16 18:08 - 00000000 _____ C:\Windows\system32\LogConfigTemp.xml
2013-09-03 19:27 - 2006-11-02 14:47 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-03 19:27 - 2006-11-02 14:47 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-03 19:27 - 2006-11-02 12:23 - 00000215 _____ C:\Windows\system.ini
2013-09-03 19:26 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-03 19:25 - 2012-05-22 18:17 - 00000000 ____D C:\Users\noli\AppData\Local\PMB Files
2013-09-03 19:25 - 2006-11-02 15:01 - 00032562 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-09-03 19:11 - 2010-06-05 13:26 - 00001098 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-03 19:08 - 2012-03-25 23:14 - 00000000 ____D C:\Users\noli\AppData\Roaming\Spotify
2013-09-03 19:07 - 2010-06-06 12:19 - 00000000 ____D C:\Users\noli\AppData\Roaming\Skype
2013-09-03 19:06 - 2012-12-01 03:43 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-03 19:02 - 2013-09-03 19:00 - 00000000 ____D C:\AdwCleaner
2013-09-03 19:01 - 2010-06-16 20:57 - 00000000 ____D C:\ProgramData\ICQ
2013-09-03 18:55 - 2012-01-21 20:05 - 00000000 ____D C:\ProgramData\InstallMate
2013-09-03 18:42 - 2013-09-03 18:42 - 01084573 _____ (Farbar) C:\Users\noli\Desktop\FRST.exe
2013-09-03 18:40 - 2011-12-11 23:59 - 00000000 ___RD C:\Users\noli\Desktop\Pascal
2013-09-01 13:11 - 2010-10-26 20:00 - 00001052 _____ C:\Windows\Tasks\Google Software Updater.job
2013-08-29 03:00 - 2012-03-25 23:14 - 00000000 ____D C:\Users\noli\AppData\Local\Spotify
2013-08-18 04:16 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\rescache
2013-08-18 04:15 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-08-18 03:56 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\system32\de-DE
2013-08-18 03:40 - 2013-08-18 03:37 - 00000000 ____D C:\Windows\system32\MRT
2013-08-18 03:37 - 2006-11-02 12:24 - 75778376 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-08-18 03:34 - 2008-11-20 05:57 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-08-17 19:00 - 2010-10-03 19:15 - 00000680 __RSH C:\Users\noli\ntuser.pol
2013-08-17 19:00 - 2009-03-17 19:10 - 00000000 ____D C:\Users\noli
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-09-03 19:39
==================== End Of Log ============================
--- --- ---
--- --- ---
Addition: Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 03-09-2013 02
Ran by noli at 2013-09-03 19:40:32
Running from C:\Users\noli\Desktop
Boot Mode: Normal
==========================================================
==================== Installed Programs =======================
Update for Microsoft Office 2007 (KB2508958)
Acer Crystal Eye webcam Ver:1.1.57.409 (Version: 1.1.57.409)
Acer eDataSecurity Management (Version: 3.0.3065)
Acer Empowering Technology (Version: 3.0.3013)
Acer ePower Management (Version: 3.0.3016)
Acer eRecovery Management (Version: 3.0.3014)
Acer eSettings Management (Version: 3.0.3007)
Acer GridVista (Version: 2.72.317)
Acer Mobility Center Plug-In (Version: 3.0.3000)
Acer Product Registration (Version: 3.0.0.10)
Acer ScreenSaver (Version: 1.01.1111)
Adobe Flash Player 11 ActiveX (Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (Version: 11.7.700.224)
Adobe Reader X (10.1.4) - Deutsch (Version: 10.1.4)
Amnesia - The Dark Descent (Version: 1.0.0)
Application Suite
Avira AntiVir Personal - Free Antivirus (Version: 10.2.0.2100)
Broadcom Gigabit Integrated Controller (Version: 11.32.03)
Burnout(TM) Paradise The Ultimate Box (Version: 1.0.0.0)
C:\Program Files\Acer GameZone\GameConsole (Version: 2.0.1.2)
Call of Duty 4: Modern Warfare
Call of Duty: Modern Warfare 2 - Multiplayer
CDBurnerXP (Version: 4.5.0.3717)
CloneCD
Cool MOV To 3GP Converter 1.0
Counter-Strike: Global Offensive Beta
Crysis(R) (Version: 1.00.0000)
CSE Demoplayer (Version: 4.1)
DAEMON Tools Lite (Version: 4.46.1.0327)
Deus Ex: Human Revolution
DivX-Setup (Version: 2.6.1.9)
Driver San Francisco (Version: 1.0.0.0)
DVD-Cover Printmaster 1.4 (Version: 1.4)
EAX4 Unified Redist (Version: 4.001)
eReg (Version: 1.20.138.34)
erLT (Version: 1.20.0137)
Favorit
Free Video to DVD Converter version 5.0.23.320 (Version: 5.0.23.320)
Free YouTube to DVD Converter version 3.1.1.320 (Version: 3.1.1.320)
Free YouTube to MP3 Converter version 3.12.8.717 (Version: 3.12.8.717)
Google Earth (Version: 7.1.1.1888)
Google SketchUp 8 (Version: 3.0.3196)
Google Updater (Version: 2.4.2432.1652)
Grand Theft Auto San Andreas (Version: 1.00.00001)
Grand Theft Auto: Episodes From Liberty City (Version: 1.1.0.0)
HDAUDIO Soft Data Fax Modem with SmartCP
ICQ 8.0 (build 5981, für aktuellen Benutzer) (HKCU Version: 8.0.5981.0)
ICQ7.4 (Version: 7.4)
Java Auto Updater (Version: 2.0.7.1)
Java(TM) 6 Update 33 (Version: 6.0.330)
Junk Mail filter update (Version: 14.0.8117.416)
Just Cause 2
League of Legends (Version: 1.3)
Left 4 Dead 2
LightScribe 1.4.142.1 (Version: 1.4.142.1)
Logitech Gaming Software (Version: 8.20.74)
Logitech SetPoint 5.20 (Version: 5.20)
Magic Bullet Editors 2.0 Vegas
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Games for Windows - LIVE Redistributable (Version: 3.5.88.0)
Microsoft Games for Windows Marketplace (Version: 3.5.50.0)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Groove MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Sync Framework Runtime Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Sync Framework Services Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Works (Version: 08.05.0822)
MSVC80_x86_v2 (Version: 1.0.3.0)
MSVC90_x86 (Version: 1.0.1.2)
MSVCRT (Version: 14.0.1468.721)
MSVCRT Redists (Version: 1.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP2 Parser und SDK (Version: 4.20.9818.0)
Nuvoton EC Generic HID Driver (Version: 7.80.5000)
NVIDIA Grafiktreiber 285.62 (Version: 285.62)
NVIDIA HD-Audiotreiber 1.2.24.0 (Version: 1.2.24.0)
NVIDIA Install Application (Version: 2.1002.46.235)
NVIDIA PhysX (Version: 9.10.0513)
NVIDIA Systemsteuerung 285.62 (Version: 285.62)
NVIDIA Update 1.5.20 (Version: 1.5.20)
NVIDIA Update Components (Version: 1.5.20)
OJOsoft Total Video Converter (Version: 2.7.6.0419)
OpenAL
Opera 12.16 (Version: 12.16.1860)
Pando Media Booster (Version: 2.6.0.8)
PC Connectivity Solution (Version: 10.33.1.0)
Picasa 3 (Version: 3.8)
PrivitizeVPN (Version: 1.0.0)
PunkBuster Services (Version: 0.986)
Realtek High Definition Audio Driver (Version: 6.0.1.6602)
Realtek USB 2.0 Card Reader (Version: 3.0.1.3)
ROCCAT Kone XTD Mouse Driver
ROCCAT Kone[+] Mouse Driver
Rockstar Games Social Club (Version: 1.00.0000)
SEE Electrical Schulversion V4R1
Skype™ 6.5 (Version: 6.5.158)
Sony Eyetoy Webcam
Sony Vegas Pro 8.0 (Version: 8.0.179)
SPBA 5.8 (Version: 5.8.2.5506)
Spotify (HKCU Version: 0.9.1.57.ge7405149)
Steam (Version: 1.0.0.0)
Street Racing Syndicate (TM) (Version: 1.00.0000)
System Requirements Lab
TeamSpeak 3 Client (HKCU Version: 3.0.9.2)
TuneUp Utilities 2013 (Version: 13.0.3000.132)
TuneUp Utilities Language Pack (de-DE) (Version: 13.0.3000.132)
Ubisoft Game Launcher (Version: 1.0.0.0)
UnderCoverXP 1.23
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB2836940) (Version: 1)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2768023) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817642) 32-Bit Edition
Update für Microsoft Office Excel 2007 Help (KB963678)
Update für Microsoft Office Outlook 2007 Help (KB963677)
Update für Microsoft Office Powerpoint 2007 Help (KB963669)
Update für Microsoft Office Word 2007 Help (KB963665)
User's Guides (Version: 1.20.0000)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)
Vegas Pro 11.0 (Version: 11.0.700)
VLC media player 2.0.3 (Version: 2.0.3)
Vuze (Version: 4.7)
Warsow 1.02 (Version: 1.02)
Windows Live Call (Version: 14.0.8117.0416)
Windows Live Communications Platform (Version: 14.0.8117.416)
Windows Live Essentials (Version: 14.0.8117.0416)
Windows Live Essentials (Version: 14.0.8117.416)
Windows Live Fotogalerie (Version: 14.0.8117.416)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
Windows Live Mail (Version: 14.0.8117.0416)
Windows Live Messenger (Version: 14.0.8117.0416)
Windows Live Movie Maker (Version: 14.0.8117.0416)
Windows Live OneCare safety scanner
Windows Live OneCare safety scanner (Version: 1.0.0.0)
Windows Live Sync (Version: 14.0.8117.416)
Windows Live Writer (Version: 14.0.8117.0416)
Windows Live-Uploadtool (Version: 14.0.8014.1029)
Windows Vista Upgrade Advisor (Version: 1.0.4)
WinRAR
==================== Restore Points =========================
18-08-2013 01:00:51 Windows Update
19-08-2013 11:14:48 Geplanter Prüfpunkt
22-08-2013 19:40:26 Geplanter Prüfpunkt
23-08-2013 13:12:11 Windows Update
27-08-2013 13:43:35 Windows Update
29-08-2013 01:00:31 Windows Update
29-08-2013 17:24:19 Geplanter Prüfpunkt
03-09-2013 16:25:10 Windows Update
==================== Hosts content: ==========================
2006-11-02 12:23 - 2013-09-03 19:27 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {00485BB0-09E6-4BBC-8F5A-0FC4CC29712B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-05-28] (Adobe Systems Incorporated)
Task: {0CB05C3C-8DCF-42E4-9741-7B9E8477B990} - System32\Tasks\User_Feed_Synchronization-{8E1C6E26-E047-4EF5-BB85-C927836AB4C3} => C:\Windows\system32\msfeedssync.exe [2012-02-24] (Microsoft Corporation)
Task: {1526A7F8-6F6C-41EC-86EE-707CEFD846D7} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-07-27] (Adobe Systems Incorporated)
Task: {158B9165-300C-4FE2-8C44-94C47174ABDB} - System32\Tasks\AdobeFlashPlayerUpdate => C:\Windows\system32\FlashPlayerUpdateService.exe [2013-05-28] (Adobe Systems Incorporated)
Task: {17BC6D51-E718-466E-9A5A-BF5D1A373B15} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-06-05] (Google Inc.)
Task: {1AC7FCC4-9EC0-4BAD-923E-65D47B0A9534} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => C:\Windows\System32\sdengin2.dll [2008-01-21] (Microsoft Corporation)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {493FDDB0-646C-4DB3-A3D6-DD4311FB360D} - System32\Tasks\Adobe Reader and Acrobat Manager => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-07-27] (Adobe Systems Incorporated)
Task: {5795626A-349E-47A2-AFE3-E0B130A6ED10} - System32\Tasks\User_Feed_Synchronization-{554606CE-D107-4EE5-AABB-1AF42D0B6EE7} => C:\Windows\system32\msfeedssync.exe [2012-02-24] (Microsoft Corporation)
Task: {71549CD0-79F6-4909-8DBC-E2C5D2E12123} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2011 => C:\Program Files\TuneUp Utilities 2011\OneClick.exe No File
Task: {74EDB3A1-A2FF-4F48-BE0E-E80CF4C52098} - System32\Tasks\{35C32423-C903-4EAA-A634-84C1BF750E48} => C:\Program Files\Skype\Phone\Skype.exe [2013-06-03] (Skype Technologies S.A.)
Task: {88DA86D2-9DD3-4B0C-BF07-9233BB5194C7} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\schtasks.exe [2008-01-21] (Microsoft Corporation)
Task: {9005404B-3507-4BE2-886D-4544F98F770D} - System32\Tasks\AdobeFlashPlayerUpdate 2 => C:\Windows\system32\FlashPlayerUpdateService.exe [2013-05-28] (Adobe Systems Incorporated)
Task: {90826A97-1B7D-441B-9A20-2FF5CE9DA49C} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2008-01-21] (Microsoft Corporation)
Task: {9AA27778-7E7A-4A57-B679-8876C9F758B4} - System32\Tasks\Microsoft\Windows\WindowsBackup\CheckFull => C:\Windows\System32\sdclt.exe [2010-12-14] (Microsoft Corporation)
Task: {A4462617-C952-4813-B540-8001C90DD710} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => start osppsvc
Task: {A61555D3-7840-45C1-A5A9-0D49851DE37A} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\OptinNotification => C:\Windows\System32\wsqmcons.exe [2008-01-21] (Microsoft Corporation)
Task: {B3B94310-8DB0-47F7-B0AF-A998E5A5AA04} - System32\Tasks\Microsoft\Windows\Defrag\ManualDefrag => C:\Windows\system32\defrag.exe [2008-01-21] (Microsoft Corp.)
Task: {B9AF46F4-88D1-47E5-B23C-E20FE88BBB14} - System32\Tasks\DivX-Online-Aktualisierungsprogramm => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2011-07-29] ()
Task: {C1AD2807-029C-4CD8-8430-09633644592F} - System32\Tasks\Google Software Updater => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-09-06] (Google)
Task: {C4189D4F-1800-4F5A-AFEF-BC51F125B660} - System32\Tasks\User_Feed_Synchronization-{90BC2046-8813-4DEC-A570-4C3927F420B1} => C:\Windows\system32\msfeedssync.exe [2012-02-24] (Microsoft Corporation)
Task: {DE9156C9-F801-4342-92D0-CFC5AD3B777C} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files\TuneUp Utilities 2013\OneClick.exe [2012-11-29] (TuneUp Software)
Task: {E4169DC6-D750-4DC8-8EFF-DCECFE05E4B6} - System32\Tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor => C:\Windows\System32\sdclt.exe [2010-12-14] (Microsoft Corporation)
Task: {E4E2AF30-88C9-4958-A151-BFF4611D253B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-06-05] (Google Inc.)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: {FF46F9AB-0DBF-4E24-ADFC-0D19EFBAC469} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2012-01-18] (Sun Microsystems, Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Google Software Updater.job => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\User_Feed_Synchronization-{554606CE-D107-4EE5-AABB-1AF42D0B6EE7}.job => C:\Windows\system32\msfeedssync.exe
==================== Loaded Modules (whitelisted) =============
2009-09-17 11:08 - 2009-04-11 08:28 - 02012160 _____ (Microsoft Corporation) C:\Windows\system32\milcore.dll
2011-10-25 17:49 - 2011-10-15 10:53 - 13205312 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dum.dll
2010-10-14 12:24 - 2010-08-31 17:43 - 01686016 _____ (Microsoft Corporation) C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
2008-01-21 04:23 - 2008-01-21 04:23 - 01298432 _____ (Microsoft Corporation) C:\Windows\System32\TMM.dll
2011-10-25 17:49 - 2011-10-15 10:53 - 02458432 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi.dll
2006-11-02 10:45 - 2006-11-02 11:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\pautoenr.dll
2009-09-17 11:08 - 2009-04-11 08:28 - 01112064 _____ (Microsoft Corporation) C:\Windows\system32\certenroll.dll
2010-10-14 12:24 - 2010-08-31 17:43 - 01686016 _____ (Microsoft Corporation) C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\COMCTL32.dll
2012-11-16 17:35 - 2012-11-16 17:35 - 01098752 _____ (Embarcadero Technologies, Inc.) C:\Program Files\TuneUp Utilities 2013\rtl120.bpl
2012-11-29 17:01 - 2012-11-29 17:01 - 00228192 _____ (TuneUp Software) C:\Program Files\TuneUp Utilities 2013\ProgramRating.bpl
2012-11-16 17:35 - 2012-11-16 17:35 - 01998336 _____ (Embarcadero Technologies, Inc.) C:\Program Files\TuneUp Utilities 2013\vcl120.bpl
2012-11-29 17:01 - 2012-11-29 17:01 - 00785760 _____ (TuneUp Software) C:\Program Files\TuneUp Utilities 2013\MainControls.bpl
2012-11-29 17:01 - 2012-11-29 17:01 - 00444256 _____ (TuneUp Software) C:\Program Files\TuneUp Utilities 2013\GR32_D6.bpl
2012-11-16 17:35 - 2012-11-16 17:35 - 00270336 _____ (Embarcadero Technologies, Inc.) C:\Program Files\TuneUp Utilities 2013\vclimg120.bpl
2012-11-29 17:01 - 2012-11-29 17:01 - 00160608 _____ (TuneUp Software) C:\Program Files\TuneUp Utilities 2013\PerlRegEx.bpl
2012-11-29 17:01 - 2012-11-29 17:01 - 00210272 _____ (TuneUp Software) C:\Program Files\TuneUp Utilities 2013\XMLComponents.bpl
2012-11-29 17:01 - 2012-11-29 17:01 - 00062304 _____ (TuneUp Software) C:\Program Files\TuneUp Utilities 2013\TUTransl.bpl
2012-11-29 17:01 - 2012-11-29 17:01 - 00215392 _____ (TuneUp Software) C:\Program Files\TuneUp Utilities 2013\TUKernel.bpl
2012-11-29 17:01 - 2012-11-29 17:01 - 00096608 _____ (TuneUp Software) C:\Program Files\TuneUp Utilities 2013\TUBasic.bpl
2012-11-29 17:01 - 2012-11-29 17:01 - 00128864 _____ (TuneUp Software) C:\Program Files\TuneUp Utilities 2013\SchedAgent_2007.bpl
2012-11-29 17:01 - 2012-11-29 17:01 - 00335200 _____ (TuneUp Software) C:\Program Files\TuneUp Utilities 2013\TUCompression.bpl
2012-11-29 17:01 - 2012-11-29 17:01 - 00307040 _____ (TuneUp Software) C:\Program Files\TuneUp Utilities 2013\DEC.bpl
2012-11-29 17:01 - 2012-11-29 17:01 - 00492384 _____ (TuneUp Software) C:\Program Files\TuneUp Utilities 2013\Html.bpl
2012-11-29 17:01 - 2012-11-29 17:01 - 00307040 _____ (TuneUp Software) C:\Program Files\TuneUp Utilities 2013\ntrtl60.bpl
2012-11-29 17:01 - 2012-11-29 17:01 - 00416608 _____ (TuneUp Software) C:\Program Files\TuneUp Utilities 2013\VisControls.bpl
2012-11-29 17:01 - 2012-11-29 17:01 - 00032608 _____ (TuneUp Software) C:\Program Files\TuneUp Utilities 2013\TUBase.bpl
2012-11-29 17:01 - 2012-11-29 17:01 - 01145184 _____ (TuneUp Software) C:\Program Files\TuneUp Utilities 2013\dxBarD12.bpl
2012-11-29 17:01 - 2012-11-29 17:01 - 00044384 _____ (TuneUp Software) C:\Program Files\TuneUp Utilities 2013\dxCoreD12.bpl
2012-11-29 17:01 - 2012-11-29 17:01 - 00015712 _____ (TuneUp Software) C:\Program Files\TuneUp Utilities 2013\dxComnD12.bpl
2012-11-29 17:01 - 2012-11-29 17:01 - 00055136 _____ (TuneUp Software) C:\Program Files\TuneUp Utilities 2013\dxThemeD12.bpl
2012-11-29 17:01 - 2012-11-29 17:01 - 00852320 _____ (TuneUp Software) C:\Program Files\TuneUp Utilities 2013\cxLibraryD12.bpl
2012-11-29 17:01 - 2012-11-29 17:01 - 00069984 _____ (TuneUp Software) C:\Program Files\TuneUp Utilities 2013\dxGDIPlusD12.bpl
2012-11-29 17:01 - 2012-11-29 17:01 - 00066400 _____ (TuneUp Software) C:\Program Files\TuneUp Utilities 2013\SysControls.bpl
2012-11-29 17:01 - 2012-11-29 17:01 - 00142176 _____ (TuneUp Software) C:\Program Files\TuneUp Utilities 2013\TUIcoEngineerDirTree.bpl
2012-11-29 17:01 - 2012-11-29 17:01 - 00075104 _____ (TuneUp Software) C:\Program Files\TuneUp Utilities 2013\TUShell.bpl
2012-11-29 17:01 - 2012-11-29 17:01 - 00154464 _____ (TuneUp Software) C:\Program Files\TuneUp Utilities 2013\cefcomponent.bpl
2012-11-16 17:35 - 2012-11-16 17:35 - 00952832 _____ (Embarcadero Technologies, Inc.) C:\Program Files\TuneUp Utilities 2013\xmlrtl120.bpl
2012-11-29 17:01 - 2012-11-29 17:01 - 00462176 _____ (TuneUp Software) C:\Program Files\TuneUp Utilities 2013\PowerManager.bpl
2012-11-29 17:01 - 2012-11-29 17:01 - 00471392 _____ (TuneUp Software) C:\Program Files\TuneUp Utilities 2013\SysInfo.bpl
2012-11-29 17:01 - 2012-11-29 17:01 - 00655712 _____ (TuneUp Software) C:\Program Files\TuneUp Utilities 2013\MSI_D6.bpl
2012-11-29 17:01 - 2012-11-29 17:01 - 00283488 _____ (TuneUp Software) C:\Program Files\TuneUp Utilities 2013\AppInitialization.bpl
2012-11-29 17:06 - 2012-11-29 17:06 - 00495456 _____ (TuneUp Software) C:\Program Files\TuneUp Utilities 2013\tulic.dll
2012-11-29 17:01 - 2012-11-29 17:01 - 00106336 _____ (TuneUp Software) C:\Program Files\TuneUp Utilities 2013\TUShredder.bpl
2009-09-17 11:07 - 2009-04-11 08:28 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll
2012-11-29 17:01 - 2012-11-29 17:01 - 00605024 _____ (TuneUp Software) C:\Program Files\TuneUp Utilities 2013\TUDiskCleanerClass.bpl
2012-11-29 17:01 - 2012-11-29 17:01 - 00091488 _____ (TuneUp Software) C:\Program Files\TuneUp Utilities 2013\TUApps.bpl
2012-11-29 17:01 - 2012-11-29 17:01 - 00042336 _____ (TuneUp Software) C:\Program Files\TuneUp Utilities 2013\TURar.bpl
2012-11-29 17:01 - 2012-11-29 17:01 - 00543584 _____ (TuneUp Software) C:\Program Files\TuneUp Utilities 2013\Traces.bpl
2012-11-29 17:01 - 2012-11-29 17:01 - 00079712 _____ (TuneUp Software) C:\Program Files\TuneUp Utilities 2013\TUOperaClass.bpl
2012-11-29 17:01 - 2012-11-29 17:01 - 00046432 _____ (TuneUp Software) C:\Program Files\TuneUp Utilities 2013\TUApplications.bpl
2012-11-29 17:01 - 2012-11-29 17:01 - 00041312 _____ (TuneUp Software) C:\Program Files\TuneUp Utilities 2013\TUSafariClass.bpl
2012-11-29 17:01 - 2012-11-29 17:01 - 00148320 _____ (TuneUp Software) C:\Program Files\TuneUp Utilities 2013\CommonForms.bpl
2012-11-29 17:01 - 2012-11-29 17:01 - 00596320 _____ (TuneUp Software) C:\Program Files\TuneUp Utilities 2013\VirtualTreesR.bpl
2012-11-16 17:35 - 2012-11-16 17:35 - 00208896 _____ (Embarcadero Technologies, Inc.) C:\Program Files\TuneUp Utilities 2013\vclx120.bpl
2012-11-29 17:01 - 2012-11-29 17:01 - 00064864 _____ (TuneUp Software) C:\Program Files\TuneUp Utilities 2013\TUIECacheClass.bpl
2012-11-29 17:06 - 2012-11-29 17:06 - 00192352 _____ (TuneUp Software) C:\Program Files\TuneUp Utilities 2013\TuneUpRPC32.dll
2012-11-29 17:01 - 2012-11-29 17:01 - 00101216 _____ (TuneUp Software) C:\Program Files\TuneUp Utilities 2013\TUDefragClient.bpl
2012-11-29 17:01 - 2012-11-29 17:01 - 00994656 _____ (TuneUp Software) C:\Program Files\TuneUp Utilities 2013\TuningWizard.bpl
2012-11-29 17:01 - 2012-11-29 17:01 - 00103776 _____ (TuneUp Software) C:\Program Files\TuneUp Utilities 2013\Internet.bpl
2012-11-29 17:01 - 2012-11-29 17:01 - 00207712 _____ (TuneUp Software) C:\Program Files\TuneUp Utilities 2013\dxBarExtItemsD12.bpl
2012-11-29 17:01 - 2012-11-29 17:01 - 00335712 _____ (TuneUp Software) C:\Program Files\TuneUp Utilities 2013\RegCleaner.bpl
2012-11-29 17:01 - 2012-11-29 17:01 - 00023392 _____ (TuneUp Software) C:\Program Files\TuneUp Utilities 2013\IEControl.bpl
2012-11-29 17:06 - 2012-11-29 17:06 - 00567648 _____ (TuneUp Software) C:\Program Files\TuneUp Utilities 2013\TUSqlDB32.dll
2013-07-10 15:51 - 2013-04-03 05:56 - 01748992 _____ (Microsoft Corporation) C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18813_none_9e51e050ca1696a4\gdiplus.dll
2006-11-02 10:43 - 2006-11-02 11:46 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\pstorec.dll
2012-11-29 17:06 - 2012-11-29 17:06 - 00846176 _____ (TuneUp Software) C:\Program Files\TuneUp Utilities 2013\TUPSAPI.dll
2006-11-02 10:57 - 2006-11-02 11:44 - 00418816 _____ (Microsoft Corporation) C:\Windows\system32\irprops.cpl
2009-02-26 19:36 - 2009-02-26 19:36 - 02217832 _____ (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
2011-07-27 06:14 - 2011-07-27 06:14 - 00967008 _____ (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveUtil.DLL
2011-06-17 03:02 - 2011-06-17 03:02 - 00632656 _____ (Microsoft Corporation) C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll
2009-02-26 19:36 - 2009-02-26 19:36 - 00021856 _____ (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveNew.DLL
2011-06-17 03:02 - 2011-06-17 03:02 - 00097280 _____ (Microsoft Corporation) C:\Windows\WinSxS\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d1cb102c435421de\ATL80.DLL
2012-11-29 17:06 - 2012-11-29 17:06 - 00681824 _____ (TuneUp Software) C:\Program Files\TuneUp Utilities 2013\TUTuningIndex.dll
2009-07-21 01:05 - 2009-07-21 01:05 - 01348432 _____ (Microsoft Corporation) c:\Windows\system32\msxml4.dll
2008-01-21 04:24 - 2008-01-21 04:24 - 00206336 _____ (Microsoft Corporation) C:\Windows\System32\mstask.dll
2006-10-27 15:10 - 2006-10-27 15:10 - 00044304 _____ (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXEV.DLL
2010-10-14 12:27 - 2010-05-04 21:13 - 00231424 _____ (Microsoft Corporation) C:\Windows\System32\msshsq.dll
2009-02-26 19:37 - 2009-02-26 19:37 - 00178040 _____ (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
2009-09-17 11:08 - 2009-04-11 08:28 - 00223744 _____ (Microsoft Corporation) C:\Windows\system32\wscntfy.dll
2009-09-17 11:09 - 2009-04-11 08:28 - 02134528 _____ (Microsoft Corporation) C:\Windows\system32\FunctionDiscoveryFolder.dll
2009-02-26 19:36 - 2009-02-26 19:36 - 01560912 _____ (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMisc.dll
2013-04-07 21:49 - 2013-07-10 21:32 - 16192864 _____ (Opera Software) C:\Program Files\Opera\Opera.dll
==================== Alternate Data Streams (whitelisted) ==========
AlternateDataStreams: C:\ProgramData\Temp:4D066AD2
AlternateDataStreams: C:\ProgramData\Temp:798A3728
AlternateDataStreams: C:\ProgramData\Temp:888AFB86
AlternateDataStreams: C:\ProgramData\Temp:A42A9F39
==================== Faulty Device Manager Devices =============
Name: Microsoft-6zu4-Adapter
Description: Microsoft-6zu4-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
Name: Microsoft-6zu4-Adapter #2
Description: Microsoft-6zu4-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
Name: Microsoft-6zu4-Adapter #3
Description: Microsoft-6zu4-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
Name: PS/2-kompatible Maus
Description: PS/2-kompatible Maus
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
==================== Event log errors: =========================
Application errors:
==================
Error: (09/03/2013 07:34:31 PM) (Source: LoadPerf) (User: )
Description: WmiApRplWmiApRpl8
Error: (09/03/2013 07:34:31 PM) (Source: LoadPerf) (User: )
Description: Performance16
Error: (09/03/2013 07:34:31 PM) (Source: LoadPerf) (User: )
Description: Performance16
Error: (09/03/2013 07:28:21 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/03/2013 07:10:29 PM) (Source: LoadPerf) (User: )
Description: WmiApRplWmiApRpl8
Error: (09/03/2013 07:10:29 PM) (Source: LoadPerf) (User: )
Description: Performance16
Error: (09/03/2013 07:10:29 PM) (Source: LoadPerf) (User: )
Description: Performance16
Error: (09/03/2013 07:08:39 PM) (Source: Application Error) (User: )
Description: Fehlerhafte Anwendung wmplayer.exe, Version 11.0.6002.18311, Zeitstempel 0x4c8e2d72, fehlerhaftes Modul kernel32.dll, Version 6.0.6002.18704, Zeitstempel 0x5065ccb6, Ausnahmecode 0x0000046b, Fehleroffset 0x0003fc16,
Prozess-ID 0x12dc, Anwendungsstartzeit wmplayer.exe0.
Error: (09/03/2013 07:06:40 PM) (Source: Application Error) (User: )
Description: Fehlerhafte Anwendung FlashPlayerUpdateService.exe, Version 11.6.602.180, Zeitstempel 0x51a4ab8c, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18881, Zeitstempel 0x51da3e27, Ausnahmecode 0xc0000005, Fehleroffset 0x0004881b,
Prozess-ID 0x1750, Anwendungsstartzeit FlashPlayerUpdateService.exe0.
Error: (09/03/2013 07:05:20 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (09/03/2013 07:33:46 PM) (Source: Service Control Manager) (User: )
Description: Windows Update
Error: (09/03/2013 07:28:23 PM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058
Error: (09/03/2013 07:24:21 PM) (Source: Service Control Manager) (User: )
Description: PEVSystemStart
Error: (09/03/2013 07:19:44 PM) (Source: Service Control Manager) (User: )
Description: PEVSystemStart
Error: (09/03/2013 07:14:37 PM) (Source: Service Control Manager) (User: )
Description: PEVSystemStart
Error: (09/03/2013 07:13:52 PM) (Source: Service Control Manager) (User: )
Description: XAudioService1
Error: (09/03/2013 07:05:21 PM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058
Error: (09/03/2013 06:16:37 PM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058
Error: (09/03/2013 06:15:22 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am 03.09.2013 um 16:02:09 unerwartet heruntergefahren.
Error: (09/03/2013 04:01:09 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am 03.09.2013 um 14:27:24 unerwartet heruntergefahren.
Microsoft Office Sessions:
=========================
CodeIntegrity Errors:
===================================
Date: 2013-07-02 20:57:28.486
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\SysHook.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-07-02 20:57:28.182
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\SysHook.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-07-02 20:57:06.282
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\jmdp\lmrn.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-07-02 20:57:05.820
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\jmdp\lmrn.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2012-02-05 00:10:31.122
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\SysHook.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2012-02-05 00:10:30.905
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\SysHook.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2011-08-13 22:56:14.821
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\SysHook.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2011-08-13 22:56:14.646
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\SysHook.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2011-07-11 20:45:38.007
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\wbload.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2011-07-11 18:15:21.837
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\wbload.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Percentage of memory in use: 50%
Total physical RAM: 3066.12 MB
Available physical RAM: 1519.09 MB
Total Pagefile: 6336.56 MB
Available Pagefile: 4803.57 MB
Total Virtual: 2047.88 MB
Available Virtual: 1909.64 MB
==================== Drives ================================
Drive c: (ACER) (Fixed) (Total:142.65 GB) (Free:4.2 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:142.67 GB) (Free:24.45 GB) NTFS
Drive g: (LEXAR) (Removable) (Total:3.73 GB) (Free:2.1 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 298 GB) (Disk ID: 18C07842)
Partition 1: (Not Active) - (Size=10 GB) - (Type=27)
Partition 2: (Active) - (Size=143 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=143 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=3 GB) - (Type=12)
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 4 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=4 GB) - (Type=0B)
==================== End Of Log ============================
|
+ R Taste und schreibe notepad in das Ausführen Fenster.
AdwCleaner auf deinen Desktop.
Warnung: Infostealer
Malwarebytes Anti-Malware 
TFC (TempFileCleaner von Oldtimer) herunter und speichere es auf den Desktop.
