Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Werbefenster öffnet sich im Firefox (https://www.trojaner-board.de/147750-werbefenster-oeffnet-firefox.html)

antifa 10.01.2014 22:26
Werbefenster öffnet sich im Firefox
 
Hallo Leute,
folgendes Problem tritt bei mir auf.
Firefox öffnet selbstständig ein neues Fenster in dem Werbung abgespielt wird, bei diesem gibt es keine Schaltflächen anzuklicken. Weiters, wenn eine von mir angewählte Seite geöffnet ist, wird diese nicht korrekt angezeigt. Sie ist z.b. von Werbeeinschaltungen oder Scanwarnungen unterbrochen. Ebenfalls sind bestimmte Keywörter hervorgehoben und mit links unterlegt.
Leider finde ich die aviralogs nicht :headbang: so habe ich sie ebenfalls als code eingefügt.
Hoffe das geht so in Ordnung.

Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-01-2014
Ran by User at 2014-01-10 20:53:05
Running from C:\Users\User\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Disabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Disabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

 Update for Microsoft Office 2007 (KB2508958) (x32 Version:  - Microsoft)
7-Zip 9.20 (x32 Version:  - )
Acer Arcade Deluxe (x32 Version: 3.2.7116 - CyberLink Corp.)
Acer Arcade Deluxe (x32 Version: 3.2.7116 - CyberLink Corp.) Hidden
Acer Backup Manager (x32 Version: 2.0.2.19 - NewTech Infosystems)
Acer eRecovery Management (x32 Version: 4.05.3005 - Acer Incorporated)
Acer Registration (x32 Version: 1.02.3006 - Acer Incorporated)
Acer ScreenSaver (x32 Version: 1.1.0812 - Acer Incorporated)
Acer System Information (x32 Version: 1.0.0 - Acer)
Acer Updater (x32 Version: 1.01.3017 - Acer Incorporated)
Acrobat.com (x32 Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 1.5.3.9130 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.3.9130 - Adobe Systems Inc.) Hidden
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Reader X (10.1.8) - Deutsch (x32 Version: 10.1.8 - Adobe Systems Incorporated)
Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden
AMD Accelerated Video Transcoding (Version: 12.5.100.21219 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.1084.4 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (Version: 8.0.903.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.71219.1540 - Advanced Micro Devices, Inc.) Hidden
Apple Application Support (x32 Version: 2.1.9 - Apple Inc.)
Apple Mobile Device Support (Version: 5.2.0.6 - Apple Inc.)
Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)
ArcSoft Print Creations - Album Page (x32 Version:  - ArcSoft)
ArcSoft Print Creations - Photo Book (x32 Version:  - ArcSoft)
ArcSoft Print Creations (x32 Version: 3.0.255.407 - ArcSoft)
ArcSoft TotalMedia HDCam (x32 Version:  - ArcSoft)
ATI AVIVO64 Codecs (Version: 10.11.0.41019 - ATI Technologies Inc.) Hidden
Avira Free Antivirus (x32 Version: 14.0.2.286 - Avira)
Avira SearchFree Toolbar (x32 Version: 12.6.0.1900 - APN, LLC)
Backup Manager Advance (x32 Version: 2.0.2.19 - NewTech Infosystems) Hidden
Battlefield 1942™ (x32 Version: 1.6.20.0 - Electronic Arts)
Black ICE Mk VII r1046 (x32 Version: Mk VII r1046 - Panzeroo, Inc.)
Bonjour (Version: 3.0.0.10 - Apple Inc.)
Canon MP550 series MP Drivers (Version:  - )
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center (x32 Version: 2012.1219.1521.27485 - Ihr Firmenname) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2009.1019.2131.36819 - ATI Technologies, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
Compatibility Pack für 2007 Office System (x32 Version: 12.0.6612.1000 - Microsoft Corporation)
Darkest Hour: Europe '44-'45 (x32 Version:  - Darkest Hour Team)
Dota 2 (x32 Version:  - Valve)
Dungeons & Dragons Online® (x32 Version:  - )
EA Download Manager (x32 Version: 6.0.4.10 - Electronic Arts, Inc.)
Enhanced Wheel Mouse V 1.7.1 (x32 Version:  - )
Europa Universalis III (x32 Version:  - )
FIFA 13 (x32 Version: 1.7.0.0 - Electronic Arts)
FIFA 14 (x32 Version: 1.0.0.4 - Electronic Arts)
FormatFactory 3.0.1 (x32 Version: 3.0.1 - Free Time)
Free RAR Extract Frog (x32 Version: 2.10 - Philipp Winterberg)
FUSSBALL MANAGER 13 (x32 Version: 1.0.3.0 - Electronic Arts)
Gary Grigsby's War in the East (x32 Version: 1.04.36 - Matrix Games)
Google Earth (x32 Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
Hearts of Iron III (x32 Version:  - )
HiJackThis (x32 Version: 1.0.0 - Trend Micro)
HijackThis 2.0.2 (x32 Version: 2.0.2 - TrendMicro)
Hotkey Utility (x32 Version: 1.00.3004 - Acer Incorporated)
iCloud (Version: 1.1.0.40 - Apple Inc.)
Identity Card (x32 Version: 1.00.3002 - Acer Incorporated)
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
Intel(R) Management Engine Components (x32 Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Network Connections 17.3.63.0 (Version: 17.3.63.0 - Intel)
Intel(R) Network Connections 17.3.63.0 (Version: 17.3.63.0 - Intel) Hidden
Intel(R) Rapid Storage Technology (x32 Version: 12.0.0.1013 - Intel Corporation)
iTunes (Version: 10.6.3.25 - Apple Inc.)
Java 7 Update 17 (x32 Version: 7.0.170 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.0 - Sun Microsystems, Inc.) Hidden
JMicron JMB36X Driver (x32 Version: 1.00.0000 - JMicron Technology Corp.)
KeyRocket (HKCU Version: 1.1.0.3185 - Veodin)
Logitech Gaming Software 8.12 (Version: 8.12.030 - Logitech Inc.)
Men of War: Red Tide (Nur entfernen) (x32 Version: 1.0.0.1 - 1C Company)
MFC RunTime files (x32 Version: 1.0.0 - Extensoft) Hidden
Microsoft .NET Framework 1.1 (x32 Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (x32 Version: 3.5.30730.0 - Microsoft Corporation)
Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (x32 Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (x32 Version: 9.7.0621 - Microsoft Corporation)
MobileMe Control Panel (Version: 3.1.8.0 - Apple Inc.)
MobileWiFi (x32 Version: TOOL-ConnLaucher_WIN1.09.02.00 - Huawei Technologies Co.,Ltd)
Mozilla Firefox 26.0 (x86 de) (x32 Version: 26.0 - Mozilla)
Mozilla Maintenance Service (x32 Version: 26.0 - Mozilla)
Mp3tag v2.43 (x32 Version: v2.43 - Florian Heidenreich)
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0 - Microsoft Corporation)
My Driver Updater v3.0 (x32 Version: 3.0 - Large Software)
MyFreeCodec (HKCU Version:  - )
MyWinLocker (x32 Version: 3.1.76.0 - Egis Technology Inc.)
Nero 9 Essentials (x32 Version:  - Nero AG)
Nero ControlCenter (x32 Version: 9.0.0.1 - Nero AG) Hidden
Nero DiscSpeed (x32 Version: 5.4.7.201 - Nero AG) Hidden
Nero DiscSpeed Help (x32 Version: 5.4.4.100 - Nero AG) Hidden
Nero DriveSpeed (x32 Version: 4.4.7.201 - Nero AG) Hidden
Nero DriveSpeed Help (x32 Version: 4.4.4.100 - Nero AG) Hidden
Nero Express Help (x32 Version: 9.4.9.100 - Nero AG) Hidden
Nero InfoTool (x32 Version: 6.4.7.201 - Nero AG) Hidden
Nero InfoTool Help (x32 Version: 6.4.4.100 - Nero AG) Hidden
Nero Installer (x32 Version: 4.4.8.1 - Nero AG) Hidden
Nero Online Upgrade (x32 Version: 1.3.0.0 - Nero AG) Hidden
Nero StartSmart (x32 Version: 9.4.11.209 - Nero AG) Hidden
Nero StartSmart Help (x32 Version: 9.4.11.208 - Nero AG) Hidden
Nero StartSmart OEM (x32 Version: 9.16.0.100 - Nero AG) Hidden
NeroExpress (x32 Version: 9.4.10.505 - Nero AG) Hidden
neroxml (x32 Version: 1.0.0 - Nero AG) Hidden
NVIDIA PhysX (x32 Version: 9.10.0224 - NVIDIA Corporation)
Origin (x32 Version: 9.1.15.109 - Electronic Arts, Inc.)
Patrizier 4 (x32 Version: 1.3.0 - Kalypso Media)
PDF To Excel Converter V2.0 (x32 Version:  - hxxp://www.PDFExcelConverter.com)
PlayReady PC Runtime amd64 (Version: 1.3.0 - Microsoft Corporation)
PokerStars (x32 Version:  - PokerStars)
Presto! PVR (x32 Version: 5.40.02 - NewSoft)
ProtectDisc Driver, Version 11 (x32 Version: 11.0.0.14 - ProtectDisc Software GmbH)
PunkBuster Services (x32 Version: 0.992 - Even Balance, Inc.)
QuickTime (x32 Version: 7.72.80.56 - Apple Inc.)
Railroad Tycoon 3 (x32 Version: 1.0 - )
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (x32 Version: 6.1.8400.30136 - Realtek Semiconductor Corp.)
Red Orchestra 2: Heroes of Stalingrad (x32 Version:  - Tripwire)
Red Orchestra 2: Heroes of Stalingrad Beta (x32 Version:  - )
Red Orchestra: Ostfront 41-45 (x32 Version:  - Tripwire Interactive)
RedOrchestra SDK Beta (x32 Version:  - Tripwire Interactive)
Revo Uninstaller 1.95 (x32 Version: 1.95 - VS Revo Group)
Samsung Kies (x32 Version: 2.5.2.13021_10 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.5.2.13021_10 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.23.0 - SAMSUNG Electronics Co., Ltd.)
Scratch Live 1.9.2 (19222) (x32 Version: 1.9.2 - Serato Audio Research)
SearchAnonymizer (Version: 1.0.1 (de) - )
Sid Meier's Civilization V (x32 Version:  - 2K Games, Inc.)
Silent Hunter III (x32 Version:  - Ubisoft)
SimCity™ (x32 Version: 1.0.0.0 - Electronic Arts)
Software Version Updater (x32 Version: 1.1.3.8 - ) <==== ATTENTION
Steam (x32 Version: 1.0.0.0 - Valve)
Steganos Safe 14 (x32 Version: 14.1 - Steganos Software GmbH)
Stronghold Kingdoms (x32 Version:  - Firefly Studios Ltd)
Trojan Killer (x32 Version: 2.2.0.0 - Gridinsoft LLC)
TuneUp Utilities 2013 (x32 Version: 13.0.4000.179 - TuneUp Software)
TuneUp Utilities 2013 (x32 Version: 13.0.4000.179 - TuneUp Software) Hidden
TuneUp Utilities Language Pack (de-DE) (x32 Version: 13.0.4000.179 - TuneUp Software) Hidden
tvBuddy (Version: 1.1.0 - MEKmedia GmbH)
Überwachungstool für die Intel® Turbo-Boost-Technologie (Version: 1.0.115.11 - Intel)
Unity Web Player (HKCU Version:  - Unity Technologies ApS)
Update for 2007 Microsoft Office System (KB967642) (x32 Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition (x32 Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (x32 Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (x32 Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (x32 Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (x32 Version:  - Microsoft)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Video Player (x32 Version: 1.1 - Video Player)
VLC media player 1.1.10 (x32 Version: 1.1.10 - VideoLAN)
watchmi (x32 Version: 3.0.0 - Axel Springer Digital TV Guide GmbH)
Webexp Enhanced (x32 Version: 1.1 - Webexp Enhanced) <==== ATTENTION
Windows Live Call (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Media Player Firefox Plugin (x32 Version: 1.0.0.8 - Microsoft Corp)
WinUHA 2.0 RC1 (2005.02.27) (x32 Version:  - Klaimsoft)
WinZip 17.5 (Version: 17.5.10562 - WinZip Computing, S.L. )
Xfire (remove only) (x32 Version:  - )
YTD Video Downloader 4.0 (x32 Version: 4.0 - GreenTree Applications SRL)

==================== Restore Points  =========================

25-12-2013 23:09:29 Geplanter Prüfpunkt
29-12-2013 10:26:58 Wiederherstellungsvorgang
06-01-2014 22:39:09 Geplanter Prüfpunkt

==================== Hosts content: ==========================

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {037EC25A-E3DF-4BD3-8FC7-A6A4F634B48D} - System32\Tasks\{FC2E36A9-4BA1-4D36-B29A-CBEA385148FC} => E:\setup.exe [2010-07-29] ()
Task: {0511720D-368C-4C0C-B219-597505C6FDD3} - System32\Tasks\{3E937DC1-F5F9-4258-AB7C-75F03C68A065} => E:\setup.exe [2010-07-29] ()
Task: {0B759516-C788-4E8C-8C8F-23E65618ADE4} - System32\Tasks\{46327B71-3519-4F9F-ADC5-675F0592D76F} => E:\setup.exe [2010-07-29] ()
Task: {2BE8B792-8678-4181-971B-3FADEE599F74} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\TuneUp Utilities 2013\OneClick.exe [2013-12-10] (TuneUp Software)
Task: {34E6C70E-A5BD-4310-B350-6735840D591A} - System32\Tasks\{9891C0AE-A4E7-488F-8C5C-B293EB0EC2E9} => E:\setup.exe [2010-07-29] ()
Task: {3B860BBE-E828-4E6B-A525-2DE61133BA82} - System32\Tasks\{D260A612-DF67-4487-8EF0-B3C9E6142DF7} => E:\setup.exe [2010-07-29] ()
Task: {44953FBD-6561-4CAB-9718-3049EA8DAC85} - System32\Tasks\{71A2B46F-9907-4812-9E6A-8BB75C60C507} => E:\setup.exe [2010-07-29] ()
Task: {48BA27C1-8693-4D82-A652-BBD173AB1831} - System32\Tasks\{83FF96F8-59FD-428A-A328-42BCCC699916} => E:\setup.exe [2010-07-29] ()
Task: {5409807B-CADC-4084-B6BE-6311FEE19FBA} - System32\Tasks\{7BEE57FA-A916-4FED-AB17-EAE8E8731B81} => E:\setup.exe [2010-07-29] ()
Task: {5C88B78C-F4F7-438E-943A-7B1BDD2D2D48} - System32\Tasks\{0A4E5DFA-1C7C-44F9-A95B-BD12C0170181} => E:\setup.exe [2010-07-29] ()
Task: {616CE764-D890-4780-9AF4-E7268D3BF75A} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {6D1452B2-7AB9-48C6-889B-3C82AFD40FC1} - System32\Tasks\ArcSoft Connect Daemon => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2010-10-27] (ArcSoft Inc.)
Task: {6D2BAD29-79B8-4C79-9685-031BAC4D06DE} - System32\Tasks\{3ACF0099-9471-4307-A3AE-697CE99F1807} => E:\setup.exe [2010-07-29] ()
Task: {6E587766-8D03-429F-A865-EF12113416E0} - System32\Tasks\{12CC13A6-A8B4-4ED3-BCD0-A76B951447EB} => C:\Users\User\Desktop\docula_1.4.2.exe
Task: {70D12DB2-6DFC-4069-9488-764E88C7943C} - System32\Tasks\{5C3A79E7-FD88-4105-B853-1A35FD0E04F4} => E:\setup.exe [2010-07-29] ()
Task: {7C74F272-52F2-41E9-944C-6C3A95FB4BC5} - System32\Tasks\{0E1882D2-49D9-45AF-B4CD-06F456BF021D} => E:\setup.exe [2010-07-29] ()
Task: {7C855793-0093-409D-B435-CEB311628387} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04] (Adobe Systems Incorporated)
Task: {80C483AC-CD5D-4340-993C-4ADA71427006} - System32\Tasks\{7C0BB836-BAE2-41D9-95F8-50D0BFCB15F1} => E:\setup.exe [2010-07-29] ()
Task: {84787B00-9C0E-48E4-AD5E-2D3DAE595DA8} - System32\Tasks\{127BFB5E-AFC7-4DD9-AF67-FC53383EB646} => E:\setup.exe [2010-07-29] ()
Task: {8AA4CA44-8FA8-456B-B71B-1A7346904FD4} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {9251A992-8FB4-46DE-A6B0-3510FF695728} - System32\Tasks\{FEB2D5CB-C27B-476E-8B0D-74CB957E0972} => E:\setup.exe [2010-07-29] ()
Task: {941A857E-EDE3-4C2A-AFBE-F533752EF8E1} - System32\Tasks\{4D5E49AB-077C-4CD5-BDFC-904CD4D8F707} => E:\setup.exe [2010-07-29] ()
Task: {AA915C61-2492-4229-95AC-2756009DCCC6} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2012-07-03] (Sun Microsystems, Inc.)
Task: {B7C0A2BE-A9B4-453D-9231-DA226BED8789} - System32\Tasks\{152CC412-26DF-444C-8A0F-3F032C335705} => E:\setup.exe [2010-07-29] ()
Task: {BC78EC34-CD65-4E45-8A95-8B03FF5AE7FA} - System32\Tasks\{9F4B3EB1-B092-4EF1-BAB2-BC9D8FAC011F} => E:\setup.exe [2010-07-29] ()
Task: {C19126C8-4302-405F-A717-73BB1221C43C} - System32\Tasks\{1F555623-59C6-461C-BBFB-45B9CDAF949E} => C:\Program Files (x86)\Skype\Phone\Skype.exe
Task: {C25ED4B6-13AE-4D05-8DCA-BE94150EA698} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-03-27] (Google Inc.)
Task: {C8456ED2-BFFE-485B-8AF0-01E52D57BD5A} - System32\Tasks\{21AFF277-0441-41C7-9CAF-46955FF3518D} => E:\setup.exe [2010-07-29] ()
Task: {C87E8480-91C7-46B8-96DE-D828B8F95D51} - System32\Tasks\{76FA9C47-6582-4AC6-8FBF-05F639673C7B} => E:\setup.exe [2010-07-29] ()
Task: {CD7B7E49-73F0-4BAB-A252-1428277D5952} - System32\Tasks\{C197E3FA-9DBD-43D9-AB0D-846A731E8591} => E:\setup.exe [2010-07-29] ()
Task: {CE7BAF67-5AFB-4DF6-BFB3-9F5657EBE3B2} - System32\Tasks\{17F959C1-13D3-46DE-8396-69D81F9D0450} => E:\setup.exe [2010-07-29] ()
Task: {D165AEB1-8779-42E3-A36F-DEB89C7E3C78} - System32\Tasks\Egis technology-Online-Aktualisierungsprogramm => C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe [2009-08-04] (Egis Technology Inc.)
Task: {D5B0A6A2-71AB-483E-8F26-C0E1AEA4F9D4} - System32\Tasks\Recovery Management\Burn Notification => C:\Program Files\Acer\Acer eRecovery Management\NotificationCenter\Notification.exe [2009-10-01] (Acer)
Task: {E0EB90D6-6282-44E5-ACC8-A6298FD95CCC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-03-27] (Google Inc.)
Task: {E7BEF584-A19C-4D02-9337-9AFEFCBB90F9} - System32\Tasks\{5A22E025-4C32-4070-910D-2CE134510836} => E:\setup.exe [2010-07-29] ()
Task: {FB043AC2-D4DC-4780-BA96-86A4188FD61A} - System32\Tasks\AmiUpdXp => C:\Users\User\AppData\Local\SwvUpdater\Updater.exe [2013-10-17] (Amonetizé Ltd) <==== ATTENTION
Task: {FF2BA9EB-62FD-4E3B-BEE8-35E25E452249} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-11] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AmiUpdXp.job => C:\Users\User\AppData\Local\SwvUpdater\Updater.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2011-12-02 19:15 - 2011-12-02 19:15 - 00118784 _____ () C:\Program Files\Logitech Gaming Software\plugins\DevMgr-8.12.077\DevMgr.dll
2011-12-02 19:15 - 2011-12-02 19:15 - 00705536 _____ () C:\Program Files\Logitech Gaming Software\plugins\MainUI-8.12.179\MainUI.dll
2011-12-02 19:15 - 2011-12-02 19:15 - 00123904 _____ () C:\Program Files\Logitech Gaming Software\plugins\DevBusBulk-8.12.076\DevBusBulk.dll
2011-12-02 19:15 - 2011-12-02 19:15 - 00125952 _____ () C:\Program Files\Logitech Gaming Software\plugins\DevBusHid-8.12.078\DevBusHid.dll
2011-12-02 19:15 - 2011-12-02 19:15 - 00098304 _____ () C:\Program Files\Logitech Gaming Software\plugins\SimInput-8.12.068\SimInput.dll
2011-12-02 19:15 - 2011-12-02 19:15 - 00272384 _____ () C:\Program Files\Logitech Gaming Software\plugins\G13Device-8.12.155\G13Device.dll
2011-12-02 19:15 - 2011-12-02 19:15 - 00297984 _____ () C:\Program Files\Logitech Gaming Software\plugins\G19Device-8.12.147\G19Device.dll
2011-12-02 19:15 - 2011-12-02 19:15 - 00034304 _____ () C:\Program Files\Logitech Gaming Software\plugins\PnpGamePanelDevices-8.12.049\PnpGamePanelDevices.dll
2013-07-31 11:41 - 2013-07-31 11:41 - 00394824 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2011-09-27 07:23 - 2011-09-27 07:23 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-09-27 07:22 - 2011-09-27 07:22 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2009-02-03 02:33 - 2009-02-03 02:33 - 00460199 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
2008-09-29 02:55 - 2008-09-29 02:55 - 01076224 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\ACE.dll
2012-12-13 10:28 - 2007-08-24 14:59 - 00030016 _____ () C:\Program Files (x86)\Enhanced Wheel Mouse\MouFilt.dll
2012-12-13 10:28 - 2007-08-24 14:59 - 00054592 _____ () C:\Program Files (x86)\Enhanced Wheel Mouse\UsbDesc.dll
2009-08-18 08:31 - 2009-08-18 08:31 - 00163840 _____ () C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyHook.dll
2013-12-14 17:48 - 2013-12-14 17:48 - 00017920 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\PSIClient\0998b7edc9ead7e597cf9aac6a1940d7\PSIClient.ni.dll
2013-12-20 12:46 - 2013-12-20 12:46 - 03559024 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-12-11 07:23 - 2013-12-11 07:23 - 16242056 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\Temp:0B9176C0
AlternateDataStreams: C:\ProgramData\Temp:4CF61E54
AlternateDataStreams: C:\ProgramData\Temp:4D066AD2
AlternateDataStreams: C:\ProgramData\Temp:5D7E5A8F
AlternateDataStreams: C:\ProgramData\Temp:7FB6A46D
AlternateDataStreams: C:\ProgramData\Temp:8173A019
AlternateDataStreams: C:\ProgramData\Temp:93DE1838
AlternateDataStreams: C:\ProgramData\Temp:ABE89FFE
AlternateDataStreams: C:\ProgramData\Temp:E1F04E8D
AlternateDataStreams: C:\ProgramData\Temp:E3C56885

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"

==================== Faulty Device Manager Devices =============

Name: Standardtastatur (PS/2)
Description: Standardtastatur (PS/2)
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standardtastaturen)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Elan 4D Mouse Filter
Description: Elan 4D Mouse Filter
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Elan 4D Mouse Filter
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/10/2014 09:47:18 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 24308793

Error: (01/10/2014 09:47:18 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 24308793

Error: (01/10/2014 09:47:18 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/10/2014 09:47:03 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 24293879

Error: (01/10/2014 09:47:03 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 24293879

Error: (01/10/2014 09:47:03 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/10/2014 09:46:53 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 24283630

Error: (01/10/2014 09:46:53 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 24283630

Error: (01/10/2014 09:46:53 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/10/2014 09:46:43 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 24273630


System errors:
=============
Error: (01/10/2014 06:15:05 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (01/10/2014 06:15:05 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht.

Error: (01/10/2014 07:26:49 AM) (Source: volmgr) (User: )
Description: Das System konnte den Treiber für das Speicherabbild nicht laden.

Error: (01/10/2014 06:11:04 AM) (Source: volmgr) (User: )
Description: Das System konnte den Treiber für das Speicherabbild nicht laden.

Error: (01/10/2014 05:40:49 AM) (Source: volmgr) (User: )
Description: Das System konnte den Treiber für das Speicherabbild nicht laden.

Error: (01/10/2014 04:50:05 AM) (Source: volmgr) (User: )
Description: Das System konnte den Treiber für das Speicherabbild nicht laden.

Error: (01/10/2014 04:19:49 AM) (Source: volmgr) (User: )
Description: Das System konnte den Treiber für das Speicherabbild nicht laden.

Error: (01/10/2014 03:32:20 AM) (Source: volmgr) (User: )
Description: Das System konnte den Treiber für das Speicherabbild nicht laden.

Error: (01/10/2014 03:02:15 AM) (Source: volmgr) (User: )
Description: Das System konnte den Treiber für das Speicherabbild nicht laden.

Error: (01/09/2014 09:51:58 AM) (Source: volmgr) (User: )
Description: Das System konnte den Treiber für das Speicherabbild nicht laden.


Microsoft Office Sessions:
=========================
Error: (08/13/2013 06:59:29 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 134 seconds with 120 seconds of active time.  This session ended with a crash.

Error: (05/22/2013 07:00:02 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 4 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (01/13/2013 00:58:55 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 5 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (01/13/2013 00:58:41 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 6 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (01/13/2013 00:58:26 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 9 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (02/25/2012 03:15:09 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6654.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 6 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (02/25/2012 03:14:54 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6654.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 6 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (01/30/2011 04:17:30 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 2, Application Name: Microsoft Office Access, Application Version: 12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 24 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (01/30/2011 04:16:56 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 2, Application Name: Microsoft Office Access, Application Version: 12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 110 seconds with 60 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2011-07-13 12:14:03.004
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\atikmpag.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2011-07-13 12:14:02.957
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\atikmpag.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2010-11-23 14:08:40.146
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\lirsgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2010-11-23 14:08:40.130
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\lirsgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2010-11-23 14:08:38.820
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\atksgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2010-11-23 14:08:38.804
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\atksgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2010-11-23 03:28:59.772
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\lirsgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2010-11-23 03:28:59.772
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\lirsgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2010-11-23 03:28:59.382
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\atksgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2010-11-23 03:28:59.366
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\atksgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info ===========================

Percentage of memory in use: 45%
Total physical RAM: 4055.06 MB
Available physical RAM: 2217.8 MB
Total Pagefile: 8108.3 MB
Available Pagefile: 5682.23 MB
Total Virtual: 8192 MB
Available Virtual: 8191.78 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:458.45 GB) (Free:133.98 GB) NTFS
Drive d: (DATA) (Fixed) (Total:458.96 GB) (Free:438.66 GB) NTFS
Drive e: (Patrician IV) (CDROM) (Total:2.99 GB) (Free:0 GB) UDF
Drive f: (MobileWiFi) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS
Drive g: (Iomega HDD) (Fixed) (Total:1397.26 GB) (Free:540.99 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: C5BA9D19)
Partition 1: (Not Active) - (Size=14 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=458 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=459 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 1397 GB) (Disk ID: 27E9BFE8)
Partition 1: (Not Active) - (Size=-698723990528) - (Type=07 NTFS)

==================== End Of Log ============================
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-01-2014
Ran by User (administrator) on USER-PC on 10-01-2014 20:51:55
Running from C:\Users\User\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe
(Acer) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
() C:\OEM\USBDECTION\USBS3S4Detection.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\WMPSideShowGadget.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Samsung) D:\Kies\External\FirmwareUpdate\KiesPDLR.exe
(Steganos Software GmbH) C:\Program Files (x86)\Steganos Safe 14\SteganosBrowserMonitor.exe
() C:\Program Files (x86)\Enhanced Wheel Mouse\MouCon.exe
() C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
(Steganos Software GmbH) C:\Program Files (x86)\Steganos Safe 14\SteganosHotKeyService.exe
(Steganos Software GmbH) C:\Program Files (x86)\Steganos Safe 14\fredirstarter.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Ocs_SM] - C:\Users\User\AppData\Roaming\OCS\SM\SearchAnonymizer.exe [106496 2011-08-31] (OCS)
HKLM\...\Run: [Launch LCore] - C:\Program Files\Logitech Gaming Software\LCore.exe [110360 2011-09-29] (Logitech Inc.)
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM-x32\...\Run: [JMB36X IDE Setup] - C:\Windows\RaidTool\xInsIDE.exe [36864 2007-03-20] ()
HKLM-x32\...\Run: [Hotkey Utility] - C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [629280 2009-08-18] ()
HKLM-x32\...\Run: [ArcadeDeluxeAgent] - C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [128296 2009-11-16] (CyberLink Corp.)
HKLM-x32\...\Run: [AppleSyncNotifier] - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-11-02] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-05-30] (Apple Inc.)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [277504 2012-03-12] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Steganos HotKeys] - C:\Program Files (x86)\Steganos Safe 14\SteganosHotKeyService.exe [103424 2013-05-16] (Steganos Software GmbH)
HKLM-x32\...\Run: [SAFE14 File Redirection Starter] - C:\Program Files (x86)\Steganos Safe 14\fredirstarter.exe [17408 2013-05-16] (Steganos Software GmbH)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-12] (Avira Operations GmbH & Co. KG)
HKCU\...\Run: [My Driver Updater] - C:\Program Files (x86)\Large Software\My Driver Updater\MDULauncher.exe [388240 2012-03-06] (Large Software)
HKCU\...\Run: [] - D:\Kies\External\FirmwareUpdate\KiesPDLR.exe [844144 2013-04-23] (Samsung)
HKCU\...\Run: [SAFE14 Browser Monitor] - C:\Program Files (x86)\Steganos Safe 14\SteganosBrowserMonitor.exe [73216 2013-05-16] (Steganos Software GmbH)
HKCU\...0c966feabec1\InprocServer32: [Default-shell32] C:\Users\User\AppData\Local\{250af3ee-cb75-2e9b-3f50-c4e07a8074a8}\n. ATTENTION! ====> ZeroAccess?
MountPoints2: E - E:\Autorun.exe
MountPoints2: F - F:\AutoRun.exe
MountPoints2: H - H:\AutoRun.exe
MountPoints2: K - K:\AutoRun.exe
MountPoints2: L - L:\AutoRun.exe
MountPoints2: {01bae5c6-5321-11df-b5a3-90fba647330b} - L:\AutoRun.exe
MountPoints2: {01bae5d1-5321-11df-b5a3-90fba647330b} - L:\AutoRun.exe
MountPoints2: {0bcb1cb0-450d-11e2-a95c-806e6f6e6963} - E:\Autorun.exe
MountPoints2: {267f2fe3-c36b-11e1-bd11-806e6f6e6963} - F:\AutoRun.exe
MountPoints2: {37c9b069-2ee5-11e3-81db-806e6f6e6963} - F:\AutoRun.exe
MountPoints2: {3cfa638b-39be-11df-8fed-90fba647330b} - L:\AutoRun.exe
MountPoints2: {401f27e4-2ee9-11e3-9c50-c43dc7bc097f} - F:\AutoRun.exe
MountPoints2: {401f2822-2ee9-11e3-9c50-90fba647330b} - F:\AutoRun.exe
MountPoints2: {4adda77b-46a0-11e2-be49-c43dc7bc097f} - F:\AutoRun.exe
MountPoints2: {6a9e531a-1b8a-11e3-b890-90fba647330b} - H:\AutoRun.exe
MountPoints2: {7b2b407e-165a-11df-8415-806e6f6e6963} - E:\Autorun.exe
MountPoints2: {808a3182-39bb-11df-8c81-90fba647330b} - L:\AutoRun.exe
MountPoints2: {82eae830-9601-11e1-ac0a-90fba647330b} - F:\AutoRun.exe
MountPoints2: {aadd18b3-a4f0-11e1-9499-90fba647330b} - F:\AutoRun.exe
MountPoints2: {c1bcea7d-5ca9-11df-968d-90fba647330b} - K:\AutoRun.exe
MountPoints2: {c1bcea8a-5ca9-11df-968d-90fba647330b} - K:\AutoRun.exe
MountPoints2: {c23580f3-a109-11e2-903b-806e6f6e6963} - F:\AutoRun.exe
MountPoints2: {d865a7c3-4291-11e2-b3b7-806e6f6e6963} - F:\AutoRun.exe
MountPoints2: {e72f9652-74f1-11e2-91c1-806e6f6e6963} - H:\AutoRun.exe
MountPoints2: {eac33148-5d42-11e3-b9a2-90fba647330b} - F:\AutoRun.exe
MountPoints2: {f0ad4680-b384-11e1-b60c-90fba647330b} - F:\AutoRun.exe
MountPoints2: {f9e56348-6a06-11e2-825b-c43dc7bc097f} - F:\AutoRun.exe
MountPoints2: {f9e5634f-6a06-11e2-825b-c43dc7bc097f} - F:\AutoRun.exe
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162336 2009-07-22] ()
HKU\postgres\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162336 2009-07-22] ()
AppInit_DLLs:    [ ] ()
AppInit_DLLs-x32:    [ ] ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.at/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0c07&m=aspire_m5811&r=17360310m905pe426v185w4491u28o
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?publisher=Vittalia&dpid=Vittalia&co=AT&userid=fc495aa5-5103-2a32-ea3f-a67d0f1e7362&searchtype=ds&q={searchTerms}&installDate=13/12/2013
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snapdo.com/?publisher=Vittalia&dpid=Vittalia&co=AT&userid=fc495aa5-5103-2a32-ea3f-a67d0f1e7362&searchtype=ds&q={searchTerms}&installDate=13/12/2013
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2413} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=413&sr=0&q={searchTerms}
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2413} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=413&sr=0&q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=Vittalia&dpid=Vittalia&co=AT&userid=fc495aa5-5103-2a32-ea3f-a67d0f1e7362&searchtype=ds&q={searchTerms}&installDate=13/12/2013
SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=Vittalia&dpid=Vittalia&co=AT&userid=fc495aa5-5103-2a32-ea3f-a67d0f1e7362&searchtype=ds&q={searchTerms}&installDate=13/12/2013
SearchScopes: HKCU - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=Vittalia&dpid=Vittalia&co=AT&userid=fc495aa5-5103-2a32-ea3f-a67d0f1e7362&searchtype=ds&q={searchTerms}&installDate=13/12/2013
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=Vittalia&dpid=Vittalia&co=AT&userid=fc495aa5-5103-2a32-ea3f-a67d0f1e7362&searchtype=ds&q={searchTerms}&installDate=13/12/2013
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {41564952-412D-5637-00A7-7A786E7484D7} -  No File
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ae8kv44d.default
FF NewTab: about:blank
FF DefaultSearchEngine: Web Search
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: Web Search
FF Homepage: hxxp://google.at/
FF Keyword.URL: hxxp://feed.snapdo.com/?publisher=Vittalia&dpid=Vittalia&co=AT&userid=fc495aa5-5103-2a32-ea3f-a67d0f1e7362&searchtype=ds&installDate={installDate}&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll No File
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll No File
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\User\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: RSS Icon In Awesombar - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ae8kv44d.default\Extensions\rssicon@jasnapaka.com.xpi
FF Extension: NoScript - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ae8kv44d.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF Extension: Adblock Plus - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ae8kv44d.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF HKLM-x32\...\Firefox\Extensions: [xz123@ya456.com] - C:\Program Files (x86)\BetterSurf\ff
FF Extension: BetterSurf - C:\Program Files (x86)\BetterSurf\ff
FF HKLM-x32\...\Firefox\Extensions: [12x3q@3244516.com] - C:\Program Files (x86)\Better-Surf\ff
FF Extension: Better-Surf - C:\Program Files (x86)\Better-Surf\ff
FF HKLM-x32\...\Firefox\Extensions: [ext@WebexpEnhancedV1alpha422.net] - C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha422\ff
FF Extension: Webexp Enhanced - C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha422\ff
FF HKLM-x32\...\Firefox\Extensions: [ext@VideoPlayerV3beta321.net] - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta321\ff
FF Extension: Video Player - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta321\ff

Chrome:
=======
CHR Extension: (BittorrentBar_DE) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\hempmfkijmahkaddljkmchcmjbojoedl\2.0.1.4_0
CHR HKLM-x32\...\Chrome\Extension: [aaaaacalgebmfelllfiaoknifldpngjh] - C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7\CRX\ToolbarCR.crx
CHR HKLM-x32\...\Chrome\Extension: [bikgopnjkdkacjcldjgbonccfdibbafc] - C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha422\ch\WebexpEnhancedV1alpha422.crx
CHR HKLM-x32\...\Chrome\Extension: [dedmngkbaffkenlfdcbganndoghblmap] - C:\Program Files (x86)\BetterSurf\ch\Chrome.crx
CHR HKLM-x32\...\Chrome\Extension: [hempmfkijmahkaddljkmchcmjbojoedl] - C:\Users\User\AppData\Local\Temp\crx1FF4.tmp
CHR HKLM-x32\...\Chrome\Extension: [lbaimmpbelciohjddmihnhmbbgjbpecj] - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta321\ch\VideoPlayerV3beta321.crx
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx
CHR HKLM-x32\...\Chrome\Extension: [poheodfamflhhhdcmjfeggbgigeefaco] - C:\Program Files (x86)\Better-Surf\ch\Chrome.crx

==================== Services (Whitelisted) =================

R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-12] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-19] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1011768 2013-12-12] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2013-10-23] (APN LLC.)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
S4 MWLService; C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [305448 2009-09-10] (Egis Technology Inc.)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-07-31] ()
S4 SearchAnonymizer; C:\Users\User\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe [40960 2011-08-31] ()
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [2409272 2013-12-10] (TuneUp Software)
R2 USBS3S4Detection; C:\OEM\USBDECTION\USBS3S4Detection.exe [76320 2009-12-09] ()
S4 watchmi; C:\Program Files (x86)\watchmi\TvdService.exe [70144 2012-01-31] ()

==================== Drivers (Whitelisted) ====================

R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2010-11-23] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-12] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-12] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-19] (Avira Operations GmbH & Co. KG)
S3 elanmouf; C:\Windows\System32\DRIVERS\elanmouf.sys [16512 2008-06-04] (Windows (R) Codename Longhorn DDK provider)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [24344 2012-03-12] (Intel Corporation)
S3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [66328 2011-12-02] (Logitech Inc.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2010-11-23] ()
R1 SLEE_18_DRIVER; C:\Windows\Sleen1864.sys [108648 2012-07-24] (Softwareentwicklung Remus - ArchiCrypt - )
S3 TrojanKillerDriver; C:\Windows\System32\DRIVERS\gtkdrv.sys [16640 2013-11-13] (Windows (R) Win 7 DDK provider)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [11880 2012-09-19] (TuneUp Software)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-08-06] ()

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-10 20:51 - 2014-01-10 20:52 - 00019565 _____ C:\Users\User\Downloads\FRST.txt
2014-01-10 20:51 - 2014-01-10 20:51 - 00000000 ____D C:\FRST
2014-01-10 20:50 - 2014-01-10 20:51 - 01932166 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe
2014-01-10 20:48 - 2014-01-10 20:48 - 00000470 _____ C:\Users\User\Downloads\defogger_disable.log
2014-01-10 20:48 - 2014-01-10 20:48 - 00000000 _____ C:\Users\User\defogger_reenable
2014-01-10 20:47 - 2014-01-10 20:47 - 00050477 _____ C:\Users\User\Downloads\Defogger.exe
2014-01-10 02:52 - 2014-01-10 02:52 - 00000000 ____D C:\Program Files (x86)\VideoPlayerV3
2013-12-20 17:52 - 2013-12-20 17:52 - 00000000 ____D C:\Program Files (x86)\WebexpEnhancedV1
2013-12-20 12:46 - 2013-12-20 12:46 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-16 02:13 - 2013-12-16 02:13 - 00002176 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-12-14 17:22 - 2013-05-10 06:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2013-12-14 17:22 - 2013-05-10 06:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2013-12-14 17:22 - 2013-05-10 05:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2013-12-14 17:22 - 2013-05-10 05:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2013-12-14 17:21 - 2013-11-26 12:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-14 17:21 - 2013-11-26 11:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-14 17:21 - 2013-11-26 11:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-12-14 17:21 - 2013-11-26 11:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-12-14 17:21 - 2013-11-26 10:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-12-14 17:21 - 2013-11-26 10:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-12-14 17:21 - 2013-11-26 10:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-14 17:21 - 2013-11-26 10:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-14 17:21 - 2013-11-26 10:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-12-14 17:21 - 2013-11-26 10:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-12-14 17:21 - 2013-11-26 10:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-14 17:21 - 2013-11-26 10:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-14 17:21 - 2013-11-26 10:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-12-14 17:21 - 2013-11-26 10:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-12-14 17:21 - 2013-11-26 09:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-14 17:21 - 2013-11-26 09:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-12-14 17:21 - 2013-11-26 09:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-12-14 17:21 - 2013-11-26 09:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-14 17:21 - 2013-11-26 09:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-12-14 17:21 - 2013-11-26 09:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-12-14 17:21 - 2013-11-26 09:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-12-14 17:21 - 2013-11-26 09:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-14 17:21 - 2013-11-26 08:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-14 17:21 - 2013-11-26 08:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-12-14 17:21 - 2013-11-26 08:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-12-14 17:21 - 2013-11-26 08:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-14 17:21 - 2013-11-26 07:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-14 17:21 - 2013-11-26 07:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-12-14 17:21 - 2013-11-26 07:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-12-14 17:21 - 2013-11-26 07:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-12-14 17:21 - 2013-11-26 07:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-12-14 17:17 - 2013-11-23 19:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-12-14 17:17 - 2013-11-23 18:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-12-14 17:17 - 2013-11-12 03:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-12-14 17:17 - 2013-11-12 03:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-12-14 17:17 - 2013-10-30 03:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2013-12-14 17:17 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2013-12-14 17:17 - 2013-10-30 02:24 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-14 17:17 - 2013-10-19 03:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-14 17:17 - 2013-10-19 02:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2013-12-14 17:17 - 2013-10-12 03:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-14 17:17 - 2013-10-12 03:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-14 17:17 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2013-12-14 17:17 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2013-12-14 17:17 - 2013-10-12 02:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-14 17:17 - 2013-10-12 02:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-14 17:17 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2013-12-14 17:17 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2013-12-14 17:17 - 2013-10-04 03:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-14 17:17 - 2013-10-04 02:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2013-12-14 13:09 - 2013-12-14 13:09 - 04646635 _____ C:\Users\User\Downloads\hoi3_tfh(2).zip
2013-12-14 11:08 - 2013-12-10 18:43 - 00026936 _____ (TuneUp Software) C:\Windows\system32\authuitu.dll
2013-12-14 11:08 - 2013-12-10 18:43 - 00022328 _____ (TuneUp Software) C:\Windows\SysWOW64\authuitu.dll
2013-12-14 10:50 - 2013-12-14 11:24 - 00000000 ____D C:\Program Files\GridinSoft Trojan Killer
2013-12-14 10:50 - 2013-12-14 10:50 - 00000948 _____ C:\Users\Public\Desktop\Trojan Killer.lnk
2013-12-14 10:31 - 2013-12-14 10:31 - 00001124 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2013-12-13 02:37 - 2013-12-13 02:37 - 08661537 _____ C:\Users\User\Downloads\Patch-AHOI-Mod-TFH-402c.zip
2013-12-13 01:02 - 2013-12-13 01:02 - 00000000 ____D C:\Users\User\AppData\Local\WinZip
2013-12-13 01:01 - 2013-12-13 01:01 - 00002265 _____ C:\Users\Public\Desktop\WinZip.lnk
2013-12-13 01:01 - 2013-12-13 01:01 - 00000000 ____D C:\Program Files\WinZip
2013-12-11 07:23 - 2013-12-11 07:23 - 09272200 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe

==================== One Month Modified Files and Folders =======

2014-01-10 20:52 - 2014-01-10 20:51 - 00019565 _____ C:\Users\User\Downloads\FRST.txt
2014-01-10 20:51 - 2014-01-10 20:51 - 00000000 ____D C:\FRST
2014-01-10 20:51 - 2014-01-10 20:50 - 01932166 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe
2014-01-10 20:48 - 2014-01-10 20:48 - 00000470 _____ C:\Users\User\Downloads\defogger_disable.log
2014-01-10 20:48 - 2014-01-10 20:48 - 00000000 _____ C:\Users\User\defogger_reenable
2014-01-10 20:47 - 2014-01-10 20:47 - 00050477 _____ C:\Users\User\Downloads\Defogger.exe
2014-01-10 20:44 - 2009-07-14 05:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-10 20:44 - 2009-07-14 05:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-10 20:40 - 2010-02-10 16:44 - 01876192 _____ C:\Windows\WindowsUpdate.log
2014-01-10 20:36 - 2013-10-17 15:45 - 00000352 _____ C:\Windows\Tasks\AmiUpdXp.job
2014-01-10 20:36 - 2013-10-07 02:37 - 00012691 _____ C:\Windows\setupact.log
2014-01-10 20:36 - 2010-03-27 18:30 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-10 20:36 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-10 20:23 - 2012-04-04 22:11 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-10 20:20 - 2011-04-19 11:23 - 00000000 ____D C:\Program Files (x86)\Steam
2014-01-10 20:12 - 2010-03-27 18:30 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-10 18:27 - 2011-09-17 06:50 - 00280792 _____ C:\Windows\SysWOW64\PnkBstrB.xtr
2014-01-10 18:27 - 2011-09-17 06:40 - 00280792 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2014-01-10 18:16 - 2011-09-17 06:40 - 00281032 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
2014-01-10 18:09 - 2013-09-25 23:02 - 00000000 ____D C:\Users\User\Documents\FIFA 14
2014-01-10 16:51 - 2013-05-21 12:06 - 00000000 ____D C:\Program Files (x86)\Origin
2014-01-10 14:37 - 2013-06-16 01:29 - 00000000 ____D C:\Users\User\AppData\Local\PokerStars
2014-01-10 02:52 - 2014-01-10 02:52 - 00000000 ____D C:\Program Files (x86)\VideoPlayerV3
2014-01-09 10:32 - 2010-02-04 22:10 - 00714610 _____ C:\Windows\system32\perfh007.dat
2014-01-09 10:32 - 2010-02-04 22:10 - 00156044 _____ C:\Windows\system32\perfc007.dat
2014-01-09 10:32 - 2009-07-14 06:13 - 01662242 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-09 10:26 - 2013-10-07 02:36 - 00108916 _____ C:\Windows\PFRO.log
2014-01-09 01:31 - 2010-03-27 18:14 - 00000000 ____D C:\Users\User\AppData\Local\Microsoft Help
2013-12-31 07:15 - 2013-11-28 20:09 - 00004096 _____ C:\Users\Public\Documents\00001726.LCS
2013-12-29 11:30 - 2013-07-05 14:50 - 00000000 ____D C:\Users\postgres
2013-12-29 11:30 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration
2013-12-29 11:30 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\AppCompat
2013-12-21 06:36 - 2012-05-25 11:25 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-20 17:52 - 2013-12-20 17:52 - 00000000 ____D C:\Program Files (x86)\WebexpEnhancedV1
2013-12-20 12:46 - 2013-12-20 12:46 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-18 11:37 - 2011-02-24 15:05 - 01635586 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-12-16 02:13 - 2013-12-16 02:13 - 00002176 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-12-16 02:13 - 2009-11-18 22:56 - 00000000 ____D C:\Program Files (x86)\Google
2013-12-14 19:09 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-12-14 17:26 - 2013-10-07 02:37 - 00442232 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-14 17:22 - 2009-11-18 22:48 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-12-14 17:20 - 2013-07-24 17:19 - 00000000 ____D C:\Windows\system32\MRT
2013-12-14 17:18 - 2010-03-27 18:16 - 90708896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-12-14 13:09 - 2013-12-14 13:09 - 04646635 _____ C:\Users\User\Downloads\hoi3_tfh(2).zip
2013-12-14 11:24 - 2013-12-14 10:50 - 00000000 ____D C:\Program Files\GridinSoft Trojan Killer
2013-12-14 11:08 - 2012-12-10 07:31 - 00000000 ____D C:\Program Files (x86)\TuneUp Utilities 2013
2013-12-14 10:50 - 2013-12-14 10:50 - 00000948 _____ C:\Users\Public\Desktop\Trojan Killer.lnk
2013-12-14 10:32 - 2013-11-17 02:52 - 00000000 ____D C:\Program Files (x86)\BetterSurf
2013-12-14 10:31 - 2013-12-14 10:31 - 00001124 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2013-12-14 10:28 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2013-12-13 02:37 - 2013-12-13 02:37 - 08661537 _____ C:\Users\User\Downloads\Patch-AHOI-Mod-TFH-402c.zip
2013-12-13 01:02 - 2013-12-13 01:02 - 00000000 ____D C:\Users\User\AppData\Local\WinZip
2013-12-13 01:02 - 2013-07-04 19:23 - 00000000 ____D C:\ProgramData\WinZip
2013-12-13 01:01 - 2013-12-13 01:01 - 00002265 _____ C:\Users\Public\Desktop\WinZip.lnk
2013-12-13 01:01 - 2013-12-13 01:01 - 00000000 ____D C:\Program Files\WinZip
2013-12-13 00:54 - 2011-12-15 18:26 - 00000000 ____D C:\ProgramData\eMule
2013-12-12 13:29 - 2013-07-31 17:47 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-12-12 13:29 - 2013-07-31 11:41 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-12-12 13:29 - 2013-07-31 11:41 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-12-11 07:23 - 2013-12-11 07:23 - 09272200 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-12-11 07:23 - 2012-04-04 22:11 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-11 07:23 - 2012-04-04 22:11 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-12-11 07:23 - 2011-07-02 01:18 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

ZeroAccess:
C:\Users\User\AppData\Local\{250af3ee-cb75-2e9b-3f50-c4e07a8074a8}
C:\Users\User\AppData\Local\{250af3ee-cb75-2e9b-3f50-c4e07a8074a8}\@
C:\Users\User\AppData\Local\{250af3ee-cb75-2e9b-3f50-c4e07a8074a8}\U\00000004.@
C:\Users\User\AppData\Local\{250af3ee-cb75-2e9b-3f50-c4e07a8074a8}\U\00000008.@
C:\Users\User\AppData\Local\{250af3ee-cb75-2e9b-3f50-c4e07a8074a8}\U\000000cb.@

Files to move or delete:
====================
C:\ProgramData\31g7.pad
C:\ProgramData\7g13.dat
C:\ProgramData\z7_0ytr.pad
C:\ProgramData\zak_lo0i7g.pad
C:\Users\User\AppData\Roaming\skype.dat


Some content of TEMP:
====================
C:\Users\User\AppData\Local\Temp\avgnt.exe
C:\Users\User\AppData\Local\Temp\Setup1.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-09 04:46

==================== End Of Log ============================
Code:
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2014-01-10 21:30:18
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000073 ATA_____ rev.0A01 931,51GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\User\AppData\Local\Temp\kwldapob.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528                                                                              fffff800035af000 45 bytes [00, 00, 00, 00, 00, 00, 00, ...]
INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 575                                                                              fffff800035af02f 17 bytes {ADD [RAX], AL; SHL BYTE [RAX-0x57ff455], 0xff; JMP QWORD [RAX-0x7ff45461]}

---- User code sections - GMER 2.1 ----

.text    C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1924] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69  0000000074c31465 2 bytes [C3, 74]
.text    C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1924] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  0000000074c314bb 2 bytes [C3, 74]
.text    ...                                                                                                                                              * 2
.text    C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[2168] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69    0000000074c31465 2 bytes [C3, 74]
.text    C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[2168] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  0000000074c314bb 2 bytes [C3, 74]
.text    ...                                                                                                                                              * 2
.text    C:\Windows\SysWOW64\PnkBstrA.exe[2252] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322                                                          0000000072d31a22 2 bytes [D3, 72]
.text    C:\Windows\SysWOW64\PnkBstrA.exe[2252] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496                                                          0000000072d31ad0 2 bytes [D3, 72]
.text    C:\Windows\SysWOW64\PnkBstrA.exe[2252] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552                                                          0000000072d31b08 2 bytes [D3, 72]
.text    C:\Windows\SysWOW64\PnkBstrA.exe[2252] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730                                                          0000000072d31bba 2 bytes [D3, 72]
.text    C:\Windows\SysWOW64\PnkBstrA.exe[2252] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762                                                          0000000072d31bda 2 bytes [D3, 72]
.text    C:\Windows\SysWOW64\PnkBstrA.exe[2252] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                  0000000074c31465 2 bytes [C3, 74]
.text    C:\Windows\SysWOW64\PnkBstrA.exe[2252] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                  0000000074c314bb 2 bytes [C3, 74]
.text    ...                                                                                                                                              * 2
.text    D:\Kies\External\FirmwareUpdate\KiesPDLR.exe[3496] C:\Windows\SysWOW64\ntdll.dll!DbgBreakPoint                                                  00000000770b000c 1 byte [C3]
.text    D:\Kies\External\FirmwareUpdate\KiesPDLR.exe[3496] C:\Windows\SysWOW64\ntdll.dll!DbgUiRemoteBreakin                                              000000007713f8ea 5 bytes JMP 00000001770ed5c1

---- EOF - GMER 2.1 ----
Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 20:48 on 10/01/2014 (User)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
Code:
Die Datei 'C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta321\ie\VideoPlayerV3beta321.dll'
enthielt einen Virus oder unerwünschtes Programm 'ADWARE/Adware.Gen' [adware].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '59690712.qua' verschoben!

In der Datei 'C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta321\ie\VideoPlayerV3beta321.dll'
wurde ein Virus oder unerwünschtes Programm 'ADWARE/Adware.Gen' [adware] gefunden.
Ausgeführte Aktion: Übergeben an Scanner

In der Datei 'C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta321\ie\VideoPlayerV3beta321.dll'
wurde ein Virus oder unerwünschtes Programm 'ADWARE/Adware.Gen' [adware] gefunden.
Ausgeführte Aktion: Zugriff verweigern

Die Datei 'C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha422\ie\WebexpEnhancedV1alpha422.dll'
enthielt einen Virus oder unerwünschtes Programm 'ADWARE/Adware.Gen' [adware].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '57fa3de8.qua' verschoben!

In der Datei 'C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha422\ie\WebexpEnhancedV1alpha422.dll'
wurde ein Virus oder unerwünschtes Programm 'ADWARE/Adware.Gen' [adware] gefunden.
Ausgeführte Aktion: Übergeben an Scanner

In der Datei 'C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha422\ie\WebexpEnhancedV1alpha422.dll'
wurde ein Virus oder unerwünschtes Programm 'ADWARE/Adware.Gen' [adware] gefunden.
Ausgeführte Aktion: Zugriff verweigern

Die Datei 'C:\Program Files (x86)\BetterSurf\ie\BetterSurf.dll'
enthielt einen Virus oder unerwünschtes Programm 'ADWARE/Adware.Gen' [adware].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5d00ea93.qua' verschoben!
Der Registrierungseintrag <HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E3C6B04-08FE-43BC-8E50-F90285024DEA}> wurde erfolgreich repariert.

In der Datei 'C:\Program Files (x86)\BetterSurf\ie\BetterSurf.dll'
wurde ein Virus oder unerwünschtes Programm 'ADWARE/Adware.Gen' [adware] gefunden.
Ausgeführte Aktion: Zugriff verweigern

In der Datei 'C:\Program Files (x86)\BetterSurf\ie\BetterSurf.dll'
wurde ein Virus oder unerwünschtes Programm 'ADWARE/Adware.Gen' [adware] gefunden.
Ausgeführte Aktion: Zugriff verweigern

Die Datei 'C:\Program Files (x86)\Better-Surf\ff\chrome\content\better-surf.js'
enthielt einen Virus oder unerwünschtes Programm 'JS/Redirect.GV' [virus].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5a22ba37.qua' verschoben!

In der Datei 'C:\Program Files (x86)\Better-Surf\ff\chrome\content\better-surf.js'
wurde ein Virus oder unerwünschtes Programm 'JS/Redirect.GV' [virus] gefunden.
Ausgeführte Aktion: Zugriff verweigern

Die Datei 'C:\Users\User\AppData\Local\Temp\BetterSurfPlusInstaller.exe'
enthielt einen Virus oder unerwünschtes Programm 'Adware/BetterSurf.A.4' [adware].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5a74b6c8.qua' verschoben!

In der Datei 'C:\Users\User\AppData\Local\Temp\BetterSurfPlusInstaller.exe'
wurde ein Virus oder unerwünschtes Programm 'ADWARE/BetterSurf.A.3' [adware] gefunden.
Ausgeführte Aktion: Zugriff verweigern
Besten Dank im Voraus!

aharonov 10.01.2014 23:16
Hallo,

mach bitte das:


Schritt 1
  • Gehe zu Start --> Systemsteuerung und öffne Programme und Funktionen.
  • Suche und deinstalliere dort der Reihe nach folgende Einträge:
    SearchAnonymizer
    Software Version Updater
    Webexp Enhanced
  • Schliesse das Fenster wieder und führe einen Neustart durch, wenn das gefordert wurde.



Schritt 2

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).



Schritt 3

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.




Schritt 4

Starte noch einmal FRST.
  • Ändere keine der Voreinstellungen und drücke auf Scan.
  • Wenn der Scan abgeschlossen ist, werden ein neues Logfile FRST.txt erstellt und auf dem Desktop gespeichert.
  • Poste den Inhalt dieses Logfiles bitte hier in deinen Thread.

antifa 12.01.2014 01:42
Hi aharonov!

Vielen Dank für die rasche Antwort! :applaus:

Folgende Fehlermeldungen sind im laufe des Prozesses aufgetreten.

Vorsicht Combofix nur von oben genannten Seiten herunterladen, sonst möglicherweise unrein!
Zur Sicherheit jetzige Kopie löschen und neu laden!

Habe ich nicht getan sondern bin weiter vorgegeangen.

Während des Scanvorganges von Cobofix:
47 Meldungen NIRKMD konnte nicht gefunden werden möglicherweise falsche schreibweise

\Device\HarddiskVolume2\BootBCD
Restore ja oder nein
Ja gewählt

Nach Neustart

NircmdB.exe nicht efunden

Line 11538 (File "C:\User\User\Downloads\FRST64.exe)
Error Variable used without being declared

10 Meldungen NIRKMD konnte nicht gefunden werden möglicherweise falsche schreibweise

Line 11538 (File "C:\User\User\Downloads\FRST64.exe)
Error Variable used without being declared

Habe FRST neu heruntergeladen und gleiche Meldung wie oben erhalten. :killpc:

FRST scan konnte nicht durchgeführt werden

Hoffe meine Logfiles ohne RFST helfen dir und dadurch in weitererfolge vorallem mir weiter! :glaskugel:

Code:
# AdwCleaner v3.016 - Bericht erstellt am 12/01/2014 um 00:36:04
# Aktualisiert 23/12/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : User - USER-PC
# Gestartet von : C:\Users\User\Downloads\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Ask
Ordner Gelöscht : C:\ProgramData\boost_interprocess
Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\myfree codec
Ordner Gelöscht : C:\Program Files (x86)\BetterSurf
Ordner Gelöscht : C:\Program Files (x86)\Better-Surf
Ordner Gelöscht : C:\Program Files (x86)\GreenTree Applications
Ordner Gelöscht : C:\Program Files (x86)\myfree codec
Ordner Gelöscht : C:\Users\User\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\User\AppData\LocalLow\PriceGong
Ordner Gelöscht : C:\Users\User\AppData\Roaming\OCS
Ordner Gelöscht : C:\Users\User\AppData\Roaming\Systweak
Ordner Gelöscht : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ae8kv44d.default\ConduitCommon
Ordner Gelöscht : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\hempmfkijmahkaddljkmchcmjbojoedl
[!] Ordner Gelöscht : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\hempmfkijmahkaddljkmchcmjbojoedl
Datei Gelöscht : C:\Windows\SysWOW64\conduitEngine.tmp
Datei Gelöscht : C:\Windows\System32\roboot64.exe

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [12x3q@3244516.com]
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [xz123@ya456.com]
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\dedmngkbaffkenlfdcbganndoghblmap
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\poheodfamflhhhdcmjfeggbgigeefaco
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\hempmfkijmahkaddljkmchcmjbojoedl
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Searchqu Toolbar uninstall_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Searchqu Toolbar uninstall_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader34177_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader34177_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_docula_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_docula_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_excel-kassenbuch_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_excel-kassenbuch_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_fifa-11-patch_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_fifa-11-patch_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_format-factory_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_format-factory_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_free-flv-converter_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_free-flv-converter_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_free-rar-extract-frog_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_free-rar-extract-frog_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_regcleaner_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_regcleaner_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_revo-uninstaller_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_revo-uninstaller_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_vlc-media-player(1)_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_vlc-media-player(1)_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_vlc-media-player_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_vlc-media-player_RASMANCS
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [My Driver Updater]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5C3B5DAA-0AFF-4808-90FB-0F2F2D760E36}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FD501041-8EBE-11CE-8183-00AA00577DA2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{462862BE-9A5C-49A5-9CBD-A649EAC63645}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{462862BE-9A5C-49A5-9CBD-A649EAC63645}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Wert Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}
Schlüssel Gelöscht : HKCU\Software\APN PIP
Schlüssel Gelöscht : HKCU\Software\Myfree Codec
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gelöscht : HKLM\Software\Myfree Codec
Schlüssel Gelöscht : HKLM\Software\PIP
Schlüssel Gelöscht : HKLM\Software\systweak
Schlüssel Gelöscht : HKLM\Software\Vittalia
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\DataMngr
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Speedchecker Limited
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Tarma Installer

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.16428

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Search Bar]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]

-\\ Mozilla Firefox v26.0 (de)

[ Datei : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ae8kv44d.default\prefs.js ]

Zeile gelöscht : user_pref("CT2849855..clientLogIsEnabled", true);
Zeile gelöscht : user_pref("CT2849855..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
Zeile gelöscht : user_pref("CT2849855..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
Zeile gelöscht : user_pref("CT2849855.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Zeile gelöscht : user_pref("CT2849855.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Zeile gelöscht : user_pref("CT2849855.AppTrackingLastCheckTime", "Sun Aug 21 2011 21:04:37 GMT+0200");
Zeile gelöscht : user_pref("CT2849855.BrowserCompStateIsOpen_129640009348738015", true);
Zeile gelöscht : user_pref("CT2849855.CTID", "CT2849855");
Zeile gelöscht : user_pref("CT2849855.CurrentServerDate", "10-12-2011");
Zeile gelöscht : user_pref("CT2849855.DialogsAlignMode", "LTR");
Zeile gelöscht : user_pref("CT2849855.DialogsGetterLastCheckTime", "Fri Dec 09 2011 19:46:30 GMT+0100");
Zeile gelöscht : user_pref("CT2849855.DownloadReferralCookieData", "");
Zeile gelöscht : user_pref("CT2849855.EMailNotifierPollDate", "Sat Dec 10 2011 13:12:32 GMT+0100");
Zeile gelöscht : user_pref("CT2849855.FeedLastCount129349796701375473", 501);
Zeile gelöscht : user_pref("CT2849855.FeedPollDate129313974171006416", "Sat Dec 10 2011 13:07:32 GMT+0100");
Zeile gelöscht : user_pref("CT2849855.FeedPollDate129313975698350231", "Sat Dec 10 2011 13:07:32 GMT+0100");
Zeile gelöscht : user_pref("CT2849855.FeedPollDate129313976370850190", "Sat Dec 10 2011 13:07:32 GMT+0100");
Zeile gelöscht : user_pref("CT2849855.FeedPollDate129313976648818968", "Sat Dec 10 2011 13:07:32 GMT+0100");
Zeile gelöscht : user_pref("CT2849855.FeedPollDate129313977444757117", "Sat Dec 10 2011 13:07:32 GMT+0100");
Zeile gelöscht : user_pref("CT2849855.FeedPollDate129313980389131455", "Sat Dec 10 2011 13:07:32 GMT+0100");
Zeile gelöscht : user_pref("CT2849855.FeedPollDate129313980655381977", "Sat Dec 10 2011 13:07:32 GMT+0100");
Zeile gelöscht : user_pref("CT2849855.FeedPollDate129313980886163259", "Sat Dec 10 2011 13:07:32 GMT+0100");
Zeile gelöscht : user_pref("CT2849855.FeedPollDate129313981234756535", "Sat Dec 10 2011 13:07:32 GMT+0100");
Zeile gelöscht : user_pref("CT2849855.FeedPollDate129313983226631720", "Sat Dec 10 2011 13:07:32 GMT+0100");
Zeile gelöscht : user_pref("CT2849855.FeedPollDate129313983607725691", "Sat Dec 10 2011 13:07:32 GMT+0100");
Zeile gelöscht : user_pref("CT2849855.FeedTTL129313974171006416", 10);
Zeile gelöscht : user_pref("CT2849855.FeedTTL129313977444757117", 15);
Zeile gelöscht : user_pref("CT2849855.FeedTTL129313980655381977", 5);
Zeile gelöscht : user_pref("CT2849855.FeedTTL129313981234756535", 5);
Zeile gelöscht : user_pref("CT2849855.FirstServerDate", "11-8-2011");
Zeile gelöscht : user_pref("CT2849855.FirstTime", true);
Zeile gelöscht : user_pref("CT2849855.FirstTimeFF3", true);
Zeile gelöscht : user_pref("CT2849855.FixPageNotFoundErrors", false);
Zeile gelöscht : user_pref("CT2849855.GroupingServerCheckInterval", 1440);
Zeile gelöscht : user_pref("CT2849855.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Zeile gelöscht : user_pref("CT2849855.HasUserGlobalKeys", true);
Zeile gelöscht : user_pref("CT2849855.HomePageProtectorEnabled", false);
Zeile gelöscht : user_pref("CT2849855.Initialize", true);
Zeile gelöscht : user_pref("CT2849855.InitializeCommonPrefs", true);
Zeile gelöscht : user_pref("CT2849855.InstallationAndCookieDataSentCount", 3);
Zeile gelöscht : user_pref("CT2849855.InstallationType", "UnknownIntegration");
Zeile gelöscht : user_pref("CT2849855.InstalledDate", "Thu Aug 11 2011 19:51:19 GMT+0200");
Zeile gelöscht : user_pref("CT2849855.IsAlertDBUpdated", true);
Zeile gelöscht : user_pref("CT2849855.IsGrouping", false);
Zeile gelöscht : user_pref("CT2849855.IsInitSetupIni", true);
Zeile gelöscht : user_pref("CT2849855.IsMulticommunity", false);
Zeile gelöscht : user_pref("CT2849855.IsOpenThankYouPage", true);
Zeile gelöscht : user_pref("CT2849855.IsOpenUninstallPage", false);
Zeile gelöscht : user_pref("CT2849855.LanguagePackLastCheckTime", "Fri Dec 09 2011 19:46:31 GMT+0100");
Zeile gelöscht : user_pref("CT2849855.LanguagePackReloadIntervalMM", 1440);
Zeile gelöscht : user_pref("CT2849855.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
Zeile gelöscht : user_pref("CT2849855.LastLogin_3.5.0.12", "Mon Aug 15 2011 19:38:56 GMT+0200");
Zeile gelöscht : user_pref("CT2849855.LastLogin_3.6.0.10", "Sat Sep 24 2011 09:44:04 GMT+0200");
Zeile gelöscht : user_pref("CT2849855.LastLogin_3.7.0.6", "Tue Nov 08 2011 22:00:37 GMT+0100");
Zeile gelöscht : user_pref("CT2849855.LastLogin_3.8.0.8", "Fri Dec 09 2011 23:46:30 GMT+0100");
Zeile gelöscht : user_pref("CT2849855.LastLogin_3.8.1.0", "Sat Dec 10 2011 11:07:32 GMT+0100");
Zeile gelöscht : user_pref("CT2849855.LatestVersion", "3.8.1.0");
Zeile gelöscht : user_pref("CT2849855.Locale", "de");
Zeile gelöscht : user_pref("CT2849855.MCDetectTooltipHeight", "83");
Zeile gelöscht : user_pref("CT2849855.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Zeile gelöscht : user_pref("CT2849855.MCDetectTooltipWidth", "295");
Zeile gelöscht : user_pref("CT2849855.MyStuffEnabledAtInstallation", true);
Zeile gelöscht : user_pref("CT2849855.OriginalFirstVersion", "3.5.0.12");
Zeile gelöscht : user_pref("CT2849855.SHRINK_TOOLBAR", 1);
Zeile gelöscht : user_pref("CT2849855.SearchEngineBeforeUnload", "Ask.com");
Zeile gelöscht : user_pref("CT2849855.SearchFromAddressBarIsInit", true);
Zeile gelöscht : user_pref("CT2849855.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2849855&q=");
Zeile gelöscht : user_pref("CT2849855.SearchInNewTabEnabled", true);
Zeile gelöscht : user_pref("CT2849855.SearchInNewTabIntervalMM", 1440);
Zeile gelöscht : user_pref("CT2849855.SearchInNewTabLastCheckTime", "Fri Dec 09 2011 19:46:29 GMT+0100");
Zeile gelöscht : user_pref("CT2849855.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
Zeile gelöscht : user_pref("CT2849855.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usage.ashx?ctid=EB_TOOLBAR_ID");
Zeile gelöscht : user_pref("CT2849855.SearchProtectorEnabled", false);
Zeile gelöscht : user_pref("CT2849855.SearchProtectorToolbarDisabled", false);
Zeile gelöscht : user_pref("CT2849855.ServiceMapLastCheckTime", "Fri Dec 09 2011 19:46:30 GMT+0100");
Zeile gelöscht : user_pref("CT2849855.SettingsLastCheckTime", "Sat Dec 10 2011 11:07:31 GMT+0100");
Zeile gelöscht : user_pref("CT2849855.SettingsLastUpdate", "1321973040");
Zeile gelöscht : user_pref("CT2849855.ThirdPartyComponentsInterval", 504);
Zeile gelöscht : user_pref("CT2849855.ThirdPartyComponentsLastCheck", "Fri Dec 02 2011 16:29:24 GMT+0100");
Zeile gelöscht : user_pref("CT2849855.ThirdPartyComponentsLastUpdate", "1255344657");
Zeile gelöscht : user_pref("CT2849855.ToolbarShrinkedFromSetup", false);
Zeile gelöscht : user_pref("CT2849855.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2849855");
Zeile gelöscht : user_pref("CT2849855.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com,MyBlogToolbar.com,MyCity[...]
Zeile gelöscht : user_pref("CT2849855.UserID", "UN61042847600066468");
Zeile gelöscht : user_pref("CT2849855.ValidationData_Toolbar", 2);
Zeile gelöscht : user_pref("CT2849855.WeatherNetwork", "");
Zeile gelöscht : user_pref("CT2849855.WeatherPollDate", "Sat Dec 10 2011 13:07:32 GMT+0100");
Zeile gelöscht : user_pref("CT2849855.WeatherUnit", "C");
Zeile gelöscht : user_pref("CT2849855.alertChannelId", "1241896");
Zeile gelöscht : user_pref("CT2849855.backendstorage./9b+7e+x305", "247E27413334363379453A3D2A722C797A7E7A3128333B4D474549484C5952594B335E5356432C45333438334A414C546660576364676F6A5E4B766B6E5B445D4B4C504A6259646C787A2[...]
Zeile gelöscht : user_pref("CT2849855.backendstorage./9b+7e,x305", "247E28412F3F3E3779453A3D2A722C797B787D3128333C4748402C574C4F3C253E2C2E2B2F433A454E59505B57676A66426D62455E69543D56444643465B525D66716C216E6B587D73675[...]
Zeile gelöscht : user_pref("CT2849855.backendstorage./9b+7e-x305", "247E2936303C363679453A3D2A722C797A207B3128333D462B554A4D4B4749594D33535D4F432C45333439344A414C565B5E6C656E706C7164736D4D786D705D465F4D4E534D645B66705[...]
Zeile gelöscht : user_pref("CT2849855.backendstorage./9b+7e.:2z527", "247E6F727174354379453A3D2A722C757A787D31283323242B4953542E594E513E27402A2B3230453C47323B3C5564606A436E6366533C553F4447445A515C7D7D7E7C6973722173745[...]
Zeile gelöscht : user_pref("CT2849855.backendstorage./9b+7e.x305", "247E2A4137374434337A463B3E2B732D7A7D7C213229343F564654524C474A595A4851505E51523964595C49324B393C3B3E5047525D6C6A6B6F786D68506A6F7171742256227679664F6[...]
Zeile gelöscht : user_pref("CT2849855.backendstorage./9b+7e/x305", "247E2B413536327844393C29712B787C7B773027323E4C4343534E2D585B3C253E2C302E34433A45515862695E675A416C6164513A5341454348584F5A666D7B7C7174726E702174745B2[...]
Zeile gelöscht : user_pref("CT2849855.backendstorage./9b+7e06cg5el8:", "6E6D6F6F6E73726E7474");
Zeile gelöscht : user_pref("CT2849855.backendstorage./9b+7e06cg5el;8i:k", "247E2D2F226A74737575747978747A7A242F4B49474F42357D5D5C3D");
Zeile gelöscht : user_pref("CT2849855.backendstorage./9b+7e0x305", "247E2C403A407743383B28702A777C757D2F26313E41295547484D515A4E5A59325D5255422B443237303749404B585E685E706E6E6674626E696B4D786D705D465F4D524B51645B66732[...]
Zeile gelöscht : user_pref("CT2849855.backendstorage./9b+7e1x305", "247E2D41313D403279453A3D2A722C7A77797E31283341473E454745482F5A4F523F2841302D2F33463D48566265685C6B675F6D70604873686B58415A4946484B5F56616F7C217D74747[...]
Zeile gelöscht : user_pref("CT2849855.backendstorage./9b+7e2x305", "247E2E3542313D3D393A7B473C3F2C742E79207D3229344356554E472E594E51325E4F412A4335373231483F4A59655F5F626C5B717369756975744D786D70517E6B60496252505451675[...]
Zeile gelöscht : user_pref("CT2849855.backendstorage./9b+7e31;cj><ed:jmi%peh", "247E61393F236B25747877732A212C6E414F444D327A344A48515046565955315C5154413843266358535B5659534C354E7B7E5148533673766458415A485C535E6B6F766[...]
Zeile gelöscht : user_pref("CT2849855.backendstorage./9b+7e31;cjc<=fbj#ncf", "247E61393F236B25757677712A212C6E414F444D327A344F4849524E562F5A4F523F364124504C56624730493B4B424D305C5D66523B5443564D586A696D79697C6C6049296[...]
Zeile gelöscht : user_pref("CT2849855.backendstorage./9b+7e31;cji>k3?a#mm", "247E61393F236B257377287E2A6C3F4D424B3078325348553D494B2D57573C333E215E534E5651544E47304928284C434E315D5E67533C5544574E59666A715D466560437120[...]
Zeile gelöscht : user_pref("CT2849855.backendstorage./9b+7e3x305", "247E2F413F3B36333F47463F7D493E412E76307E222421352C37474B59574B4A4858584E5E3762573A535E49324B3A3D3F3B504752626C625D75786D766A7C517C7174614A63525557526[...]
Zeile gelöscht : user_pref("CT2849855.backendstorage./9b+7e4x305", "247E302C407642373A276F29777B74762E2530413E4F494A522B55553A233C2B2F282941384354515E5D56615F56685C426D6265523B544346494A59505B6C697A7E21702370765925797[...]
Zeile gelöscht : user_pref("CT2849855.backendstorage./9b+7e5x305", "247E3136422B7743383B28702A79757A772F2631434B3D49564A50592E594E314A55402942322E332F473E495B5D595A6A5E58707262674974696C59425B4B474B51605762747C2473737[...]
Zeile gelöscht : user_pref("CT2849855.backendstorage./9b+7e6x305", "247E322C3E32323238453E7C483D402D752F7E7B2424342B364953545259585A5A50524E36615659462F4838353D3C4D444F626C6D6B72716A77614D786D705D465F4F4C5451645B66797[...]
Zeile gelöscht : user_pref("CT2849855.backendstorage./9b+7e7x305", "247E333D2C3F3E3F79453A3D2A722C7B7A797A312833474745445159575B504B504B4D5E545553533A655A5D4A334C3C3B3A3951485367756363677575676B65527D7275624B645453515[...]
Zeile gelöscht : user_pref("CT2849855.backendstorage./9b+7e8x305", "247E343D3F3B35373B3F367C47472C742E7E782332293449565540472E594E513E274030323533453C475C5558636A656E625E6C616B7068734B766B6E5B445D4D4F524F6259647927252[...]
Zeile gelöscht : user_pref("CT2849855.backendstorage./9b+7e9x305", "247E35332C3F327844393C29712B7B757979302732484C4F4F44504C4754585C5048345F5457442D46373135344B424D636B5D5F5F73696B4A756A6D5A435C4D474B4961586379226F742[...]
Zeile gelöscht : user_pref("CT2849855.backendstorage./9b+7e:x305", "247E36333B38327844393C29712B7B76797A30273249485545442C574C4F3C253E2F2A2D2D433A455C67555B5E3F6A5F624F3851423D403F564D586F7A68786C717154207477644D66575[...]
Zeile gelöscht : user_pref("CT2849855.backendstorage./9b+7e;x305", "247E373F333F3738422F7B473C3F2C742E7E7A7A22332A354D462C574C4F3C253E2F2B2B31433A455D6356575C5C5A416C6164513A5344404045584F5A7273717A786D2256227679664F6[...]
Zeile gelöscht : user_pref("CT2849855.backendstorage./9b+7e<x305", "247E38343030442F463644377D493E412E7630217D2426352C37502E4F4747315C5154412A4334313738483F4A635F5A6A645E625A4772676A5740594A474D4D5E55607971246E7778257[...]
Zeile gelöscht : user_pref("CT2849855.backendstorage./9b+7e=x305", "247E3933363F41413739357C483D402D752F207E2022342B36505459574C554F515B345F5457442D46373637384B424D676B706E606F61666B63664D786D705D465F504F5050645B66212[...]
Zeile gelöscht : user_pref("CT2849855.backendstorage./9b+7e>x305", "247E3A41363F323238387B473C3F2C742E7E20217C332A35504F5346482F5A4F523F28413233342F463D48635C5D66626A436E6366533C55464748425A515C77707773202371215925797[...]
Zeile gelöscht : user_pref("CT2849855.backendstorage./9b+7e?x305", "247E3B2D2F2F334134403A3A7D494C2D752F2023207E342B3652504C5249555256525C35605558452E47383B38364C434E6A706F5F65635D736F677578684C65706B54207477644D66575[...]
Zeile gelöscht : user_pref("CT2849855.backendstorage./9b+7e@x305", "247E3C40422B7743383B28702A7B767E782F26314E52543D2A554A2D46513C253E302B332C433A45626756516259655F5F436E63465F6A553E5749444C445C535E7B21747C7821745A267[...]
Zeile gelöscht : user_pref("CT2849855.backendstorage./9b+7eax305", "247E3D3D37387743383B28702A7B7A757E2F26314F4F544A52404548564F58315C5154412A4335342F37483F4A68646B645D5E626462616D6971726B6C786A517C7174614A6355544F566[...]
Zeile gelöscht : user_pref("CT2849855.backendstorage./9b+7ebe3g=;d9n9=d", "372C2D326975762E3A3C7B3A39434A494841434B265146492965504656496571734D334B57");
Zeile gelöscht : user_pref("CT2849855.backendstorage./9b+7ebx305", "247E3E393141303D33454036327E4A3F422F77317B7D23352C37565949484E4F51525C4E4C55535B54605A5A3E695E614E37503B3D41544B567575656D7367796D6D7C55217578654E675[...]
Zeile gelöscht : user_pref("CT2849855.backendstorage./9b+7ecx305", "247E3F3D303043312E7A463B3E2B732D7B207E3128335351565551575A4F584C5E335E5356432C4534383649404B6B59566C686B46716669563F58474B485C535E7E6C6956227679664F6[...]
Zeile gelöscht : user_pref("CT2849855.backendstorage./9b+7edx305", "247E4035422A363879453A3D2A722C7D202F26315247543C484A2C574C2F48533E27403233433A45665B68505C5E406B6E4F38514343544B56776C79616D6F517C71547873634C6557566[...]
Zeile gelöscht : user_pref("CT2849855.backendstorage./9b+7etx305", "247E6E2F2E3B323342357B44392B732D7A7B7B7C322934215642542D584D503D263F2D2E2E2E443B4635645E6669595C6062686F5C7363716F696467764F7A6F725F48614F50504F665D6[...]
Zeile gelöscht : user_pref("CT2849855.backendstorage./9b-0?3g>d", "696968413D6B71457A447676772047484E77254F2321542A5328222B58252E2D2C2A5D2D");
Zeile gelöscht : user_pref("CT2849855.backendstorage./9b-0?3g@6:5;", "");
Zeile gelöscht : user_pref("CT2849855.backendstorage./9b-0?3gfa7ef", "2B2E2C3D");
Zeile gelöscht : user_pref("CT2849855.backendstorage./9b-3=3eccja=f>", "247E333D2C452F4135276F292A212C393D44307832332A354448584C3A232E333E58604F6456604F6852645858635E604E376B7167617059");
Zeile gelöscht : user_pref("CT2849855.backendstorage./9b/>01=9a6k6<im;krie@pdawm", "6A696B7273747576");
Zeile gelöscht : user_pref("CT2849855.backendstorage./9b3=>@44i48?", "372C2D326975763342363341484776213F3E484F4E4D4648502B564B4E2E5959595F4C564F3764535750");
Zeile gelöscht : user_pref("CT2849855.backendstorage./9b5ba==9cjag", "6C6E3C706C7141417A707574477975484D7E22224F");
Zeile gelöscht : user_pref("CT2849855.backendstorage./9b6b11g4c56b>f;p;anr@p", "6E6D6F6F6E73726D6E73747172");
Zeile gelöscht : user_pref("CT2849855.backendstorage./9b9643g3/9e", "6A");
Zeile gelöscht : user_pref("CT2849855.backendstorage./9b<:222h64<", "393F352F3E");
Zeile gelöscht : user_pref("CT2849855.backendstorage./9b=+03eh8h8j?:", "4443");
Zeile gelöscht : user_pref("CT2849855.backendstorage./9b?+e2a52d8", "372C2D326975762E3A3C7B3A39434A494841434B2651464929655046566470727951555E5E52");
Zeile gelöscht : user_pref("CT2849855.backendstorage./9b?b0d:8aj62<h", "6D");
Zeile gelöscht : user_pref("CT2849855.backendstorage./9ba@0<0bi6a7gn:6@l?", "6E6B");
Zeile gelöscht : user_pref("CT2849855.backendstorage.cbfirsttime", "5765642053657020323820323031312031343A33313A323120474D542B30323030");
Zeile gelöscht : user_pref("CT2849855.backendstorage.url_history", "687474703A2F2F7777772E66616365626F6F6B2E636F6D2F67726F7570732F3138323736393638353039373832322F6D656D626572732F");
Zeile gelöscht : user_pref("CT2849855.backendstorage.url_history_time", "31333139323637343436373437");
Zeile gelöscht : user_pref("CT2849855.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlPattern\":\"hxxp://appdown[...]
Zeile gelöscht : user_pref("CT2849855.globalFirstTimeInfoLastCheckTime", "Sat Dec 10 2011 11:07:32 GMT+0100");
Zeile gelöscht : user_pref("CT2849855.homepageProtectorEnableByLogin", true);
Zeile gelöscht : user_pref("CT2849855.initDone", true);
Zeile gelöscht : user_pref("CT2849855.isAppTrackingManagerOn", true);
Zeile gelöscht : user_pref("CT2849855.myStuffEnabled", true);
Zeile gelöscht : user_pref("CT2849855.myStuffPublihserMinWidth", 400);
Zeile gelöscht : user_pref("CT2849855.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
Zeile gelöscht : user_pref("CT2849855.myStuffServiceIntervalMM", 1440);
Zeile gelöscht : user_pref("CT2849855.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
Zeile gelöscht : user_pref("CT2849855.oldAppsList", "129349796699187955,129349796699500456,1000234,129349796699656708,1000034,129431553514219224,129349796699969211,129349796701375473,129349796701375474,129349796701531[...]
Zeile gelöscht : user_pref("CT2849855.revertSettingsEnabled", true);
Zeile gelöscht : user_pref("CT2849855.searchProtectorDialogDelayInSec", 10);
Zeile gelöscht : user_pref("CT2849855.searchProtectorEnableByLogin", true);
Zeile gelöscht : user_pref("CT2849855.testingCtid", "");
Zeile gelöscht : user_pref("CT2849855.toolbarAppMetaDataLastCheckTime", "Fri Dec 09 2011 19:46:30 GMT+0100");
Zeile gelöscht : user_pref("CT2849855.toolbarContextMenuLastCheckTime", "Sun Nov 27 2011 02:21:46 GMT+0100");
Zeile gelöscht : user_pref("CT2849855.usagesFlag", 2);
Zeile gelöscht : user_pref("CT3031783..clientLogIsEnabled", false);
Zeile gelöscht : user_pref("CT3031783..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
Zeile gelöscht : user_pref("CT3031783..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
Zeile gelöscht : user_pref("CT3031783.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Zeile gelöscht : user_pref("CT3031783.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Zeile gelöscht : user_pref("CT3031783.AppTrackingLastCheckTime", "Sat Oct 01 2011 13:01:28 GMT+0200");
Zeile gelöscht : user_pref("CT3031783.BrowserCompStateIsOpen_8610255194464392783", true);
Zeile gelöscht : user_pref("CT3031783.CTID", "CT3031783");
Zeile gelöscht : user_pref("CT3031783.CurrentServerDate", "10-12-2011");
Zeile gelöscht : user_pref("CT3031783.DialogsAlignMode", "LTR");
Zeile gelöscht : user_pref("CT3031783.DialogsGetterLastCheckTime", "Fri Dec 09 2011 19:46:30 GMT+0100");
Zeile gelöscht : user_pref("CT3031783.DownloadReferralCookieData", "");
Zeile gelöscht : user_pref("CT3031783.EMailNotifierPollDate", "Sat Dec 10 2011 13:12:31 GMT+0100");
Zeile gelöscht : user_pref("CT3031783.FirstServerDate", "31-8-2011");
Zeile gelöscht : user_pref("CT3031783.FirstTime", true);
Zeile gelöscht : user_pref("CT3031783.FirstTimeFF3", true);
Zeile gelöscht : user_pref("CT3031783.FixPageNotFoundErrors", false);
Zeile gelöscht : user_pref("CT3031783.GroupingServerCheckInterval", 1440);
Zeile gelöscht : user_pref("CT3031783.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Zeile gelöscht : user_pref("CT3031783.HasUserGlobalKeys", true);
Zeile gelöscht : user_pref("CT3031783.HomePageProtectorEnabled", false);
Zeile gelöscht : user_pref("CT3031783.HomepageBeforeUnload", "hxxp://www.google.at/webhp?rls=ig");
Zeile gelöscht : user_pref("CT3031783.Initialize", true);
Zeile gelöscht : user_pref("CT3031783.InitializeCommonPrefs", true);
Zeile gelöscht : user_pref("CT3031783.InstallationAndCookieDataSentCount", 3);
Zeile gelöscht : user_pref("CT3031783.InstallationId", "CT3031783_Softonic-Austria_.exe");
Zeile gelöscht : user_pref("CT3031783.InstallationType", "ConduitIntegration");
Zeile gelöscht : user_pref("CT3031783.InstalledDate", "Wed Aug 31 2011 14:02:31 GMT+0200");
Zeile gelöscht : user_pref("CT3031783.InvalidateCache", false);
Zeile gelöscht : user_pref("CT3031783.IsAlertDBUpdated", true);
Zeile gelöscht : user_pref("CT3031783.IsGrouping", false);
Zeile gelöscht : user_pref("CT3031783.IsInitSetupIni", true);
Zeile gelöscht : user_pref("CT3031783.IsMulticommunity", false);
Zeile gelöscht : user_pref("CT3031783.IsOpenThankYouPage", false);
Zeile gelöscht : user_pref("CT3031783.IsOpenUninstallPage", true);
Zeile gelöscht : user_pref("CT3031783.LanguagePackLastCheckTime", "Fri Dec 09 2011 19:46:30 GMT+0100");
Zeile gelöscht : user_pref("CT3031783.LanguagePackReloadIntervalMM", 1440);
Zeile gelöscht : user_pref("CT3031783.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
Zeile gelöscht : user_pref("CT3031783.LastLogin_3.6.0.10", "Tue Sep 27 2011 20:46:02 GMT+0200");
Zeile gelöscht : user_pref("CT3031783.LastLogin_3.7.0.6", "Mon Nov 07 2011 21:57:09 GMT+0100");
Zeile gelöscht : user_pref("CT3031783.LastLogin_3.8.0.8", "Fri Dec 09 2011 23:46:30 GMT+0100");
Zeile gelöscht : user_pref("CT3031783.LastLogin_3.8.1.0", "Sat Dec 10 2011 11:07:31 GMT+0100");
Zeile gelöscht : user_pref("CT3031783.LatestVersion", "3.8.1.0");
Zeile gelöscht : user_pref("CT3031783.Locale", "de");
Zeile gelöscht : user_pref("CT3031783.MCDetectTooltipHeight", "83");
Zeile gelöscht : user_pref("CT3031783.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Zeile gelöscht : user_pref("CT3031783.MCDetectTooltipWidth", "295");
Zeile gelöscht : user_pref("CT3031783.MyStuffEnabledAtInstallation", true);
Zeile gelöscht : user_pref("CT3031783.OriginalFirstVersion", "3.6.0.10");
Zeile gelöscht : user_pref("CT3031783.RadioIsPodcast", false);
Zeile gelöscht : user_pref("CT3031783.RadioLastCheckTime", "Fri Dec 09 2011 19:46:30 GMT+0100");
Zeile gelöscht : user_pref("CT3031783.RadioLastUpdateIPServer", "3");
Zeile gelöscht : user_pref("CT3031783.RadioLastUpdateServer", "3");
Zeile gelöscht : user_pref("CT3031783.RadioMediaID", "9962");
Zeile gelöscht : user_pref("CT3031783.RadioMediaType", "Media Player");
Zeile gelöscht : user_pref("CT3031783.RadioMenuSelectedID", "EBRadioMenu_CT30317839962");
Zeile gelöscht : user_pref("CT3031783.RadioShrinkedFromSetup", false);
Zeile gelöscht : user_pref("CT3031783.RadioStationName", "California%20Rock");
Zeile gelöscht : user_pref("CT3031783.RadioStationURL", "hxxp://feedlive.net/california.asx");
Zeile gelöscht : user_pref("CT3031783.SHRINK_TOOLBAR", 1);
Zeile gelöscht : user_pref("CT3031783.SearchEngineBeforeUnload", "Ask.com");
Zeile gelöscht : user_pref("CT3031783.SearchFromAddressBarIsInit", true);
Zeile gelöscht : user_pref("CT3031783.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3031783&SearchSource=2&q=");
Zeile gelöscht : user_pref("CT3031783.SearchInNewTabEnabled", true);
Zeile gelöscht : user_pref("CT3031783.SearchInNewTabIntervalMM", 1440);
Zeile gelöscht : user_pref("CT3031783.SearchInNewTabLastCheckTime", "Fri Dec 09 2011 19:46:29 GMT+0100");
Zeile gelöscht : user_pref("CT3031783.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
Zeile gelöscht : user_pref("CT3031783.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usage.ashx?ctid=EB_TOOLBAR_ID");
Zeile gelöscht : user_pref("CT3031783.SearchProtectorEnabled", false);
Zeile gelöscht : user_pref("CT3031783.SearchProtectorToolbarDisabled", false);
Zeile gelöscht : user_pref("CT3031783.ServiceMapLastCheckTime", "Fri Dec 09 2011 19:46:29 GMT+0100");
Zeile gelöscht : user_pref("CT3031783.SettingsLastCheckTime", "Sat Dec 10 2011 11:07:30 GMT+0100");
Zeile gelöscht : user_pref("CT3031783.SettingsLastUpdate", "1318850809");
Zeile gelöscht : user_pref("CT3031783.ThirdPartyComponentsInterval", 504);
Zeile gelöscht : user_pref("CT3031783.ThirdPartyComponentsLastCheck", "Sun Nov 27 2011 02:21:43 GMT+0100");
Zeile gelöscht : user_pref("CT3031783.ThirdPartyComponentsLastUpdate", "1255344657");
Zeile gelöscht : user_pref("CT3031783.ToolbarShrinkedFromSetup", false);
Zeile gelöscht : user_pref("CT3031783.TrusteLinkUrl", "hxxp://trust.conduit.com/CT3031783");
Zeile gelöscht : user_pref("CT3031783.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com,MyBlogToolbar.com,MyCity[...]
Zeile gelöscht : user_pref("CT3031783.UserID", "UN12093664628972664");
Zeile gelöscht : user_pref("CT3031783.ValidationData_Toolbar", 2);
Zeile gelöscht : user_pref("CT3031783.alertChannelId", "1423362");
Zeile gelöscht : user_pref("CT3031783.backendstorage.facebook_mode", "32");
Zeile gelöscht : user_pref("CT3031783.backendstorage.facebook_user_locale", "6465");
Zeile gelöscht : user_pref("CT3031783.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlPattern\":\"hxxp://appdown[...]
Zeile gelöscht : user_pref("CT3031783.globalFirstTimeInfoLastCheckTime", "Sat Dec 10 2011 11:07:31 GMT+0100");
Zeile gelöscht : user_pref("CT3031783.homepageProtectorEnableByLogin", true);
Zeile gelöscht : user_pref("CT3031783.initDone", true);
Zeile gelöscht : user_pref("CT3031783.isAppTrackingManagerOn", true);
Zeile gelöscht : user_pref("CT3031783.isFirstRadioInstallation", false);
Zeile gelöscht : user_pref("CT3031783.myStuffEnabled", true);
Zeile gelöscht : user_pref("CT3031783.myStuffPublihserMinWidth", 400);
Zeile gelöscht : user_pref("CT3031783.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
Zeile gelöscht : user_pref("CT3031783.myStuffServiceIntervalMM", 1440);
Zeile gelöscht : user_pref("CT3031783.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
Zeile gelöscht : user_pref("CT3031783.oldAppsList", "129524549382877183,129524549383316610,111,978563551247984904,2171321229651947494,8271149597905693169,1656053352181998190,129524549383746275,8610255194464392783,1295[...]
Zeile gelöscht : user_pref("CT3031783.revertSettingsEnabled", false);
Zeile gelöscht : user_pref("CT3031783.searchProtectorDialogDelayInSec", 10);
Zeile gelöscht : user_pref("CT3031783.searchProtectorEnableByLogin", true);
Zeile gelöscht : user_pref("CT3031783.testingCtid", "");
Zeile gelöscht : user_pref("CT3031783.toolbarAppMetaDataLastCheckTime", "Fri Dec 09 2011 19:46:29 GMT+0100");
Zeile gelöscht : user_pref("CT3031783.toolbarContextMenuLastCheckTime", "Wed Nov 30 2011 07:25:57 GMT+0100");
Zeile gelöscht : user_pref("CT3031783.usagesFlag", 2);
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2849855/CT2849855", "\"1321973041\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT3031783/CT3031783", "\"1318850810\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1241896/1237569/AT", "\"0\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1423362/1419017/AT", "\"0\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2849855", "\"1319527335\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT3031783", "\"1311757724\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=de", "oIwsta2spzadhjRgiY1Nhw==");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=de", "WiZSpHJzJ/uTUKvfHHyj/w==");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=de", "9H/gICSaMqbmx+Gd+8W4Sg==");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=de", "eJfMrdrGnhGHiiPiYjgAww==");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"07879643d3acc1:0\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.5.0.12", "\"8028f138140cc1:0\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.6.0.10", "\"80ee9485875dcc1:0\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.7.0.6", "\"80ee9485875dcc1:0\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.0.8", "\"80ee9485875dcc1:0\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2849855", "\"93602d2a60e927e3ca51f1ad15996f04\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT3031783", "\"93602d2a60e927e3ca51f1ad15996f04\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2849855&octid=CT2849855", "\"1321973041\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT3031783&octid=CT3031783", "\"1318850810\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Tapuz/idel.gif", "\"802b1fef4e19c81:0\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Tapuz/minimize.gif", "\"802b1fef4e19c81:0\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Tapuz/play.gif", "\"802b1fef4e19c81:0\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Tapuz/stop.gif", "\"802b1fef4e19c81:0\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Tapuz/vol.gif", "\"802b1fef4e19c81:0\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE", "\"634515953213470000\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de", "\"07bb177151bafb3279d86644950b67e1\"");
Zeile gelöscht : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\User\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\ae8kv44d.default\\conduitCommon\\modules\\3.8.1.0");
Zeile gelöscht : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.8.1.0");
Zeile gelöscht : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://cdn.triplegames.com/shared/apps/gamearcade/arcade.htm?ctId=CT2849855", "744x663");
Zeile gelöscht : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://facebook.conduitapps.com/v3.10/gadget.html", "409x469");
Zeile gelöscht : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://pgcff.pricegong.com/agreement/agree.html#pg_ext_msg_key_25c97dd0", "356x332");
Zeile gelöscht : user_pref("CommunityToolbar.ToolbarsList", "CT2849855,CT3031783");
Zeile gelöscht : user_pref("CommunityToolbar.ToolbarsList2", "CT2849855,CT3031783");
Zeile gelöscht : user_pref("CommunityToolbar.ToolbarsList4", "CT2849855,CT3031783");
Zeile gelöscht : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Fri Dec 09 2011 19:46:30 GMT+0100");
Zeile gelöscht : user_pref("CommunityToolbar.globalUserId", "0bc7ed10-0b0b-4e35-9b01-efb9196e26b1");
Zeile gelöscht : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Zeile gelöscht : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Zeile gelöscht : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT3031783");
Zeile gelöscht : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Fri Dec 09 2011 19:46:31 GMT+0100");
Zeile gelöscht : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Zeile gelöscht : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Fri Dec 09 2011 19:46:37 GMT+0100");
Zeile gelöscht : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Zeile gelöscht : user_pref("CommunityToolbar.notifications.locale", "en");
Zeile gelöscht : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Zeile gelöscht : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Fri Dec 09 2011 19:46:30 GMT+0100");
Zeile gelöscht : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Zeile gelöscht : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Zeile gelöscht : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Zeile gelöscht : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Zeile gelöscht : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Zeile gelöscht : user_pref("CommunityToolbar.notifications.userId", "c9d2d39d-3f10-4d5a-a415-d330305b3d5b");
Zeile gelöscht : user_pref("browser.search.defaultenginename", "Web Search");
Zeile gelöscht : user_pref("browser.search.selectedEngine", "Web Search");
Zeile gelöscht : user_pref("extensions.asktb.ff-original-keyword-url", "");
Zeile gelöscht : user_pref("keyword.URL", "hxxp://feed.snapdo.com/?publisher=Vittalia&dpid=Vittalia&co=AT&userid=fc495aa5-5103-2a32-ea3f-a67d0f1e7362&searchtype=ds&installDate={installDate}&q=");

-\\ Google Chrome v

[ Datei : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [46907 octets] - [12/01/2014 00:35:10]
AdwCleaner[S0].txt - [45424 octets] - [12/01/2014 00:36:04]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [45485 octets] ##########
Code:
ComboFix 14-01-08.03 - User 12.01.2014  0:53.1.4 - x86
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.43.1031.18.4055.2169 [GMT 1:00]
ausgeführt von:: c:\users\User\Downloads\ComboFix.exe
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\WebexpEnhancedV1
c:\programdata\TEMP
c:\users\User\AppData\Local\assembly\tmp
c:\users\User\AppData\Roaming\.#
.
.
.
c:\windows\system32\sfcfiles.dll . . . fehlt!!
.
c:\windows\system32\drivers\null.sys . . . fehlt!!
.
c:\windows\system32\drivers\afd.sys . . . fehlt!!
.
c:\windows\system32\drivers\ndis.sys . . . fehlt!!
.
c:\windows\system32\drivers\ndisuio.sys . . . fehlt!!
.
c:\windows\system32\drivers\netbios.sys . . . fehlt!!
.
c:\windows\system32\drivers\usbehci.sys . . . fehlt!!
.
c:\windows\system32\drivers\intelppm.sys . . . fehlt!!
.
c:\windows\system32\drivers\tcpip.sys . . . fehlt!!
.
c:\windows\system32\drivers\netbt.sys . . . fehlt!!
.
c:\windows\system32\drivers\asyncmac.sys . . . fehlt!!
.
c:\windows\system32\drivers\cdrom.sys . . . fehlt!!
.
c:\windows\system32\drivers\Serial.sys . . . fehlt!!
.
c:\windows\system32\drivers\ndproxy.sys . . . fehlt!!
.
c:\windows\system32\drivers\ws2ifsl.sys . . . fehlt!!
.
c:\windows\system32\drivers\i8042prt.sys . . . fehlt!!
.
c:\windows\system32\drivers\ipsec.sys . . . fehlt!!
.
c:\windows\system32\drivers\psched.sys . . . fehlt!!
.
.
(((((((((((((((((((((((((((((((((((((((  Treiber/Dienste  )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_SessionEnv
.
.
(((((((((((((((((((((((  Dateien erstellt von 2013-12-12 bis 2014-01-12  ))))))))))))))))))))))))))))))
.
.
2014-01-11 23:33 . 2014-01-11 23:36        --------        d-----w-        C:\AdwCleaner
2014-01-11 23:26 . 2014-01-11 23:26        --------        d-----w-        c:\windows\system32\IO
2014-01-10 19:51 . 2014-01-10 19:51        --------        d-----w-        C:\FRST
2014-01-10 01:52 . 2014-01-10 01:52        --------        d-----w-        c:\program files (x86)\VideoPlayerV3
2013-12-14 16:22 . 2013-05-10 05:56        12625920        ----a-w-        c:\windows\system32\wmploc.DLL
2013-12-14 16:22 . 2013-05-10 03:48        164864        ----a-w-        c:\program files (x86)\Windows Media Player\wmplayer.exe
2013-12-14 16:17 . 2013-11-23 17:47        465920        ----a-w-        c:\windows\system32\WMPhoto.dll
2013-12-14 16:17 . 2013-10-30 02:32        335360        ----a-w-        c:\windows\system32\msieftp.dll
2013-12-14 16:17 . 2013-10-30 01:24        3155968        ----a-w-        c:\windows\system32\win32k.sys
2013-12-14 16:17 . 2013-11-12 02:23        2048        ----a-w-        c:\windows\system32\tzres.dll
2013-12-14 16:17 . 2013-10-19 02:18        81408        ----a-w-        c:\windows\system32\imagehlp.dll
2013-12-14 16:17 . 2013-10-04 02:16        116736        ----a-w-        c:\windows\system32\drivers\drmk.sys
2013-12-14 16:17 . 2013-10-04 01:36        230400        ----a-w-        c:\windows\system32\drivers\portcls.sys
2013-12-14 16:17 . 2013-10-12 02:32        150016        ----a-w-        c:\windows\system32\wshom.ocx
2013-12-14 16:17 . 2013-10-12 02:31        202752        ----a-w-        c:\windows\system32\scrrun.dll
2013-12-14 16:17 . 2013-10-12 01:33        156160        ----a-w-        c:\windows\system32\cscript.exe
2013-12-14 16:17 . 2013-10-12 01:33        168960        ----a-w-        c:\windows\system32\wscript.exe
2013-12-14 10:08 . 2013-12-10 17:43        26936        ----a-w-        c:\windows\system32\authuitu.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-12 12:29 . 2013-07-31 16:47        84720        ----a-w-        c:\windows\system32\drivers\avnetflt.sys
2013-12-12 12:29 . 2013-07-31 10:41        131576        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2013-12-12 12:29 . 2013-07-31 10:41        108440        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2013-12-10 17:43 . 2012-12-10 06:31        35640        ----a-w-        c:\windows\system32\TURegOpt.exe
2013-12-10 17:43 . 2012-12-10 06:52        38200        ----a-w-        c:\windows\system32\uxtuneup.dll
2013-11-19 13:44 . 2013-11-19 13:44        940032        ----a-w-        c:\windows\system32\MsSpellCheckingFacility.exe
2013-11-19 13:44 . 2013-11-19 13:44        235008        ----a-w-        c:\windows\system32\elshyph.dll
2013-11-19 13:44 . 2013-11-19 13:44        942592        ----a-w-        c:\windows\system32\jsIntl.dll
2013-11-19 13:44 . 2013-11-19 13:44        90112        ----a-w-        c:\windows\system32\SetIEInstalledDate.exe
2013-11-19 13:44 . 2013-11-19 13:44        86016        ----a-w-        c:\windows\system32\RegisterIEPKEYs.exe
2013-11-19 13:44 . 2013-11-19 13:44        77312        ----a-w-        c:\windows\system32\tdc.ocx
2013-11-19 13:44 . 2013-11-19 13:44        48640        ----a-w-        c:\windows\system32\mshtmler.dll
2013-11-19 13:44 . 2013-11-19 13:44        413696        ----a-w-        c:\windows\system32\html.iec
2013-11-19 13:44 . 2013-11-19 13:44        40448        ----a-w-        c:\windows\system32\JavaScriptCollectionAgent.dll
2013-11-19 13:44 . 2013-11-19 13:44        247808        ----a-w-        c:\windows\system32\msls31.dll
2013-11-19 13:44 . 2013-11-19 13:44        131072        ----a-w-        c:\windows\system32\IEAdvpack.dll
2013-11-19 13:44 . 2013-11-19 13:44        105984        ----a-w-        c:\windows\system32\iesysprep.dll
2013-11-19 13:44 . 2013-11-19 13:44        83968        ----a-w-        c:\windows\system32\MshtmlDac.dll
2013-11-19 13:44 . 2013-11-19 13:44        548352        ----a-w-        c:\windows\system32\vbscript.dll
2013-11-19 13:44 . 2013-11-19 13:44        48128        ----a-w-        c:\windows\system32\imgutil.dll
2013-11-19 13:44 . 2013-11-19 13:44        30208        ----a-w-        c:\windows\system32\licmgr10.dll
2013-11-19 13:44 . 2013-11-19 13:44        167424        ----a-w-        c:\windows\system32\iexpress.exe
2013-11-19 13:44 . 2013-11-19 13:44        143872        ----a-w-        c:\windows\system32\wextract.exe
2013-11-19 13:44 . 2013-11-19 13:44        13824        ----a-w-        c:\windows\system32\mshta.exe
2013-11-19 13:44 . 2013-11-19 13:44        1228800        ----a-w-        c:\windows\system32\mshtmlmedia.dll
2013-11-19 13:28 . 2013-07-31 10:41        28600        ----a-w-        c:\windows\system32\drivers\avkmgr.sys
2013-11-13 15:05 . 2013-11-13 15:05        16640        ----a-w-        c:\windows\system32\drivers\gtkdrv.sys
2013-10-16 13:00 . 2010-05-29 23:30        48648        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2013-10-16 13:00 . 2010-06-02 11:30        824144        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
.
.
.
.
[7] 2010-11-20 12:19 . AB9EB3745B03AE67AB241A82338DEA7B . 954288 . . [4.1.6140] . . c:\windows\SysWOW64\mfc40u.dll
[7] 2010-11-20 12:19 . AB9EB3745B03AE67AB241A82338DEA7B . 954288 . . [4.1.6151] . . c:\windows\winsxs\x86_microsoft-windows-mfc40u_31bf3856ad364e35_6.1.7601.17514_none_f51a7bf0b3d25294\mfc40u.dll
[7] 2010-08-31 04:32 . 1B3A500340AC40F08D03A2C45213A17D . 954288 . . [4.1.6151] . . c:\windows\winsxs\x86_microsoft-windows-mfc40u_31bf3856ad364e35_6.1.7600.16666_none_f3000dfcb6d2a7e4\mfc40u.dll
[7] 2010-08-31 04:25 . A716981A8BB41F4149203687EE2D1BE4 . 954288 . . [4.1.6151] . . c:\windows\winsxs\x86_microsoft-windows-mfc40u_31bf3856ad364e35_6.1.7600.20791_none_f3643991d00d1cce\mfc40u.dll
[7] 2009-07-14 01:15 . F8742FC618ECBDA92A406725197E93AE . 924944 . . [4.1.6140] . . c:\windows\winsxs\x86_microsoft-windows-mfc40u_31bf3856ad364e35_6.1.7600.16385_none_f2e96828b6e3cefa\mfc40u.dll
.
[7] 2013-08-29 . EB6B2FB5EE07337C8B4F3A16CBC18BE3 . 3973568 . . [6.1.7601.22436] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22436_none_6eadae7f2b915520\ntkrnlpa.exe
[7] 2013-08-29 . 482C8CD985C727C7C78A5E9B320947F0 . 3969472 . . [6.1.7601.18247] . . c:\windows\SysWOW64\ntkrnlpa.exe
[7] 2013-08-29 . 482C8CD985C727C7C78A5E9B320947F0 . 3969472 . . [6.1.7601.18247] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18247_none_6e1a402c127aed77\ntkrnlpa.exe
[7] 2013-08-02 . 0F3ACFF7F3D87C319F7894EF7155609B . 3973056 . . [6.1.7601.22411] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22411_none_6ebe4ce52b859e8b\ntkrnlpa.exe
[7] 2013-08-02 . 1A9E4EE88B31750E5CA207424143F99C . 3968960 . . [6.1.7601.18229] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18229_none_6e31e0981268e843\ntkrnlpa.exe
[7] 2013-07-09 . DD5F17D44E9966E7EA447AE8C4D12D6C . 3968960 . . [6.1.7601.18205] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18205_none_6e437f48125c4b05\ntkrnlpa.exe
[7] 2013-07-08 . 16A6C242C9B4DCA5A0B0FB7A95A75D70 . 3973056 . . [6.1.7601.22379] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22379_none_6e856dc72baf13c2\ntkrnlpa.exe
[7] 2013-03-19 . B02D4E4A4EBEF9E33488969DF6E9BC22 . 3958120 . . [6.1.7600.17273] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.17273_none_6c0f6e6e157075b4\ntkrnlpa.exe
[7] 2013-03-19 . 88355CFE81D381F93C74716DAA803587 . 3968856 . . [6.1.7601.18113] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18113_none_6e36ace212663721\ntkrnlpa.exe
[7] 2013-03-19 . 448A0336B56C2E927AAE8E903C721800 . 3971432 . . [6.1.7600.21490] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.21490_none_6c806c692ea0fe82\ntkrnlpa.exe
[7] 2013-03-19 . 3DFCBEEE97DF8BBAA749CAACFC9C43E1 . 3972440 . . [6.1.7601.22280] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22280_none_6e71995b2bbf4e7d\ntkrnlpa.exe
[7] 2013-01-05 . 4FC77400373F727993B96CD2AD5C94CC . 3957608 . . [6.1.7600.17207] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.17207_none_6c5f1f0a15341779\ntkrnlpa.exe
[7] 2013-01-05 . 660100CB90F344040EF57F52FC0681C3 . 3967848 . . [6.1.7601.18044] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18044_none_6e173b82127da724\ntkrnlpa.exe
[7] 2013-01-05 . 291E9950A38F49A5C0BBC097C6D1A07D . 3970920 . . [6.1.7600.21417] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.21417_none_6cddedcf2e59d05b\ntkrnlpa.exe
[7] 2013-01-05 . 8E43161944CE6E3A1F2B2618B992A8CE . 3971928 . . [6.1.7601.22210] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22210_none_6ebd48cf2b868ae6\ntkrnlpa.exe
[7] 2012-08-30 . 543F90836EFEB1CCE1DC547EF94CABAC . 3971440 . . [6.1.7600.21315] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.21315_none_6cdbeb552e5ba086\ntkrnlpa.exe
[7] 2012-08-30 . 31805BFA4DC62A55D1C2193237DECC0F . 3958128 . . [6.1.7600.17118] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.17118_none_6c554d82153b4f9a\ntkrnlpa.exe
[7] 2012-08-30 . 7E1EC00B7D0D33A67DFC563574EEFF93 . 3968880 . . [6.1.7601.17944] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17944_none_6e176360127d73e2\ntkrnlpa.exe
[7] 2012-08-30 . 770FEEA2823E463D68E170D7EA6FAEBA . 3972464 . . [6.1.7601.22103] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22103_none_6ecb17b32b7bbdd3\ntkrnlpa.exe
[7] 2012-05-04 . 406FC11EC77CD41740E6C4A7DE2BE627 . 3958128 . . [6.1.7600.17017] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.17017_none_6c544b52153c391c\ntkrnlpa.exe
[7] 2012-05-04 . 4A56DB06360F59130CAED69FA7526F0A . 3968368 . . [6.1.7601.17835] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17835_none_6e2331b012747421\ntkrnlpa.exe
[7] 2012-05-04 . AFF886D9D718D3747E5031816C0DA7D2 . 3971952 . . [6.1.7601.21987] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21987_none_6e78bf732bb8d24e\ntkrnlpa.exe
[7] 2012-05-04 . B8B8ED76D2C7F85F343A284E1DD19B9A . 3970928 . . [6.1.7600.21207] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.21207_none_6ce8b9ef2e51ba1c\ntkrnlpa.exe
[7] 2012-04-02 . 9D19079820928D72A5708A668B5B62AE . 3958128 . . [6.1.7600.16988] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16988_none_6c09c4061573e2c8\ntkrnlpa.exe
[7] 2012-03-31 . C6D1D128DE4148E35B6C04B6892EB71A . 3970928 . . [6.1.7600.21179] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.21179_none_6c9f09292e88b33a\ntkrnlpa.exe
[7] 2012-03-31 . 8F6D5704D7522AAB8B4B82C0D35D9184 . 3968368 . . [6.1.7601.17803] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17803_none_6e41a0e0125deda0\ntkrnlpa.exe
[7] 2012-03-31 . 93358348D0B79812CAAA83A1377E4449 . 3971952 . . [6.1.7601.21955] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21955_none_6e972ea32ba24bcd\ntkrnlpa.exe
[7] 2012-03-06 . 43711ABF8AE553A7B5FFFF61E60C419D . 3968368 . . [6.1.7601.17790] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17790_none_6ddd4ed012a99fed\ntkrnlpa.exe
[7] 2012-03-06 . 06EF177FE7FEBB1314E42F568FCB55A3 . 3958128 . . [6.1.7600.16973] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16973_none_6c0f928015704824\ntkrnlpa.exe
[7] 2012-03-06 . 3B237D98A0DFC9395C7D97E33AA38ACF . 3971440 . . [6.1.7600.21163] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.21163_none_6ca3d7592e85ff3f\ntkrnlpa.exe
[7] 2012-03-06 . 07B026E7A2C873D09F0073141EE2099E . 3972464 . . [6.1.7601.21936] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21936_none_6eadcec52b912d42\ntkrnlpa.exe
[7] 2011-11-19 . 31C59B0CA08B1203E35D2BA19319279E . 3968368 . . [6.1.7601.17727] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17727_none_6e30004a126a8db7\ntkrnlpa.exe
[7] 2011-11-19 . 0B77AC2B94DFE3297B7462E7966ABA42 . 3957616 . . [6.1.7600.16917] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16917_none_6c547330153c05da\ntkrnlpa.exe
[7] 2011-11-19 . AC9FBC2847286AD78232EC9C66E28CA7 . 3971440 . . [6.1.7600.21094] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.21094_none_6c8465f92e9d6f42\ntkrnlpa.exe
[7] 2011-11-19 . 2EDA0DCCF5F00CDB91A9ECBE45CB0B3D . 3971440 . . [6.1.7601.21863] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21863_none_6e8a5c3d2bac37e9\ntkrnlpa.exe
[7] 2011-06-23 . 3624D782F8B061B6FBA3A35E2FE53CFD . 3967872 . . [6.1.7601.21755] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21755_none_6e972ad72ba2517f\ntkrnlpa.exe
[7] 2011-06-23 . 1F969255E068D451BAC2D4FB0BD8C9C3 . 3957120 . . [6.1.7600.16841] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16841_none_6c2dffca1559c47c\ntkrnlpa.exe
[7] 2011-06-23 . A4A8EF2ACE5FA5863AA0B04C9BBFECA7 . 3967872 . . [6.1.7601.17640] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17640_none_6e135c8612811711\ntkrnlpa.exe
[7] 2011-06-23 . 11486D4317D57C6F5E4DC902EF75D811 . 3967872 . . [6.1.7600.20994] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20994_none_6c848dd72e9d3c00\ntkrnlpa.exe
[7] 2011-04-09 . 83515CDDB47B08F65F1EC7451778C3CD . 3967360 . . [6.1.7600.20941] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20941_none_6cb79c952e776446\ntkrnlpa.exe
[7] 2011-04-09 . EEDB427EAC109E0711642B65C229BC59 . 3957632 . . [6.1.7600.16792] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16792_none_6bf8ee9215816c61\ntkrnlpa.exe
[7] 2011-04-09 . 102A6182087B18C795664BCD22EB52E9 . 3967872 . . [6.1.7601.17592] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17592_none_6ddf4b9812a7d84d\ntkrnlpa.exe
[7] 2011-04-09 . 9CF7F5D025183FA10E130445BC071B70 . 3967872 . . [6.1.7601.21701] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21701_none_6ec9394b2b7d606e\ntkrnlpa.exe
[7] 2010-11-20 . 144BD78C6103C8616DE047B3532142DB . 3966848 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17514_none_6e37cb8c12652b73\ntkrnlpa.exe
[7] 2010-10-27 . A6DCF9F73F2FCA7A96D9585817A08B43 . 3957120 . . [6.1.7600.16695] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16695_none_6bfbed8a157ebb3f\ntkrnlpa.exe
[7] 2010-10-27 . 8E641A407A795DFB7B3A34053EF8DB39 . 3966848 . . [6.1.7600.20826] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20826_none_6cd23bf92e62adf0\ntkrnlpa.exe
[7] 2010-06-19 . 2A37766F5121E98271ECD811A60D9420 . 3964800 . . [6.1.7600.20738] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20738_none_6cc96abb2e68ff68\ntkrnlpa.exe
[7] 2010-06-19 . 05288B088C0DFAC60D6BCF878FC32B60 . 3955080 . . [6.1.7600.16617] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16617_none_6c546d7e153c0e65\ntkrnlpa.exe
[7] 2010-02-27 . 20926A3F64BFFCD92BAA5ECE9D65CC4A . 3954568 . . [6.1.7600.16539] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16539_none_6c40cc54154a7bce\ntkrnlpa.exe
[7] 2010-02-27 . FC781D4359B553D62CBAD9F658E68784 . 3954568 . . [6.1.7600.20655] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20655_none_6cb0c81f2e7bee1e\ntkrnlpa.exe
[7] 2009-07-14 . E2A8596576873BC5D509031DECD8C95D . 3954768 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16385_none_6c06b7c41576a7d9\ntkrnlpa.exe
.
[7] 2010-11-20 12:20 . 703FFD301AB900B047337C5D40FD6F96 . 90112 . . [6.1.7601.17514] . . c:\windows\SysWOW64\olepro32.dll
[7] 2010-11-20 12:20 . 703FFD301AB900B047337C5D40FD6F96 . 90112 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-ole-automation-legacy_31bf3856ad364e35_6.1.7601.17514_none_3c1b247e5ff65f89\olepro32.dll
[7] 2009-07-14 01:16 . C10459DBDC2099C5A8428CB7D87DB85F . 90112 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-ole-automation-legacy_31bf3856ad364e35_6.1.7600.16385_none_39ea10b66307dbef\olepro32.dll
.
c:\windows\System32\drivers\atapi.sys ... Fehlt !!
c:\windows\System32\drivers\asyncmac.sys ... Fehlt !!
c:\windows\System32\drivers\beep.sys ... Fehlt !!
c:\windows\System32\drivers\kbdclass.sys ... Fehlt !!
c:\windows\System32\drivers\ndis.sys ... Fehlt !!
c:\windows\System32\drivers\ntfs.sys ... Fehlt !!
c:\windows\System32\drivers\null.sys ... Fehlt !!
c:\windows\System32\drivers\tcpip.sys ... Fehlt !!
c:\windows\System32\browser.dll ... Fehlt !!
c:\windows\System32\lsass.exe ... Fehlt !!
c:\windows\System32\netman.dll ... Fehlt !!
c:\windows\System32\qmgr.dll ... Fehlt !!
c:\windows\System32\rpcss.dll ... Fehlt !!
c:\windows\System32\services.exe ... Fehlt !!
c:\windows\System32\spoolsv.exe ... Fehlt !!
c:\windows\System32\winlogon.exe ... Fehlt !!
c:\windows\System32\wuauclt.exe ... Fehlt !!
c:\windows\System32\drivers\ipsec.sys ... Fehlt !!
c:\windows\System32\eventlog.dll ... Fehlt !!
c:\windows\System32\sfcfiles.dll ... Fehlt !!
c:\windows\System32\drivers\ipsec.sys ... Fehlt !!
c:\windows\System32\regsvc.dll ... Fehlt !!
c:\windows\System32\schedsvc.dll ... Fehlt !!
c:\windows\System32\ssdpsrv.dll ... Fehlt !!
c:\windows\System32\termsrv.dll ... Fehlt !!
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-09-10 13:41        120104        ----a-w-        c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SharingPrivate]
@="{08244EE6-92F0-47f2-9FC9-929BAA2E7235}"
[HKEY_CLASSES_ROOT\CLSID\{08244EE6-92F0-47f2-9FC9-929BAA2E7235}]
2012-01-04 08:58        442880        ----a-w-        c:\windows\System32\ntshrui.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SAFE14 Browser Monitor"="c:\program files (x86)\Steganos Safe 14\SteganosBrowserMonitor.exe" [2013-05-16 73216]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"Hotkey Utility"="c:\program files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe" [2009-08-18 629280]
"ArcadeDeluxeAgent"="c:\program files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-11-16 128296]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2012-03-12 56088]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-12-19 642808]
"Steganos HotKeys"="c:\program files (x86)\Steganos Safe 14\SteganosHotKeyService.exe" [2013-05-16 103424]
"SAFE14 File Redirection Starter"="c:\program files (x86)\Steganos Safe 14\fredirstarter.exe" [2013-05-16 17408]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-12-12 684600]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
MouCon.lnk - c:\program files (x86)\Enhanced Wheel Mouse\MouCon.exe [2012-12-13 60536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"EA Core"="k:\spiele\Electronic Arts\EADM\Core.exe" -silent
"KiesAirMessage"=d:\kies\KiesAirMessage.exe -startup
"KiesPreload"=d:\kies\Kies.exe /preload
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"EgisTecLiveUpdate"="c:\program files (x86)\EgisTec Egis Software Update\EgisUpdate.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"AppleSyncNotifier"=c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
"PlayMovie"="c:\program files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
"ArcSoft Connection Service"=c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
"KiesTrayAgent"=d:\kies\KiesTrayAgent.exe
.
R0 amdxata;amdxata;c:\windows\system32\drivers\amdxata.sys --> c:\windows\system32\drivers\amdxata.sys [?]
R0 CLFS;Gemeinsames Protokoll (CLFS);c:\windows\system32\CLFS.sys --> c:\windows\system32\CLFS.sys [?]
R0 CNG;CNG;c:\windows\system32\Drivers\cng.sys --> c:\windows\system32\Drivers\cng.sys [?]
R0 FileInfo;File Information FS MiniFilter;c:\windows\system32\drivers\fileinfo.sys --> c:\windows\system32\drivers\fileinfo.sys [?]
R0 fvevol;Filtertreiber der Bitlocker-Laufwerkverschlüsselung;c:\windows\system32\DRIVERS\fvevol.sys --> c:\windows\system32\DRIVERS\fvevol.sys [?]
R0 hwpolicy;Hardware Policy Driver;c:\windows\system32\drivers\hwpolicy.sys --> c:\windows\system32\drivers\hwpolicy.sys [?]
R0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys --> c:\windows\system32\DRIVERS\iaStorA.sys [?]
R0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys --> c:\windows\system32\DRIVERS\iaStorF.sys [?]
R0 iaStorV;Intel RAID-Controller Windows 7;c:\windows\system32\drivers\iaStorV.sys --> c:\windows\system32\drivers\iaStorV.sys [?]
R0 KSecPkg;KSecPkg;c:\windows\system32\Drivers\ksecpkg.sys --> c:\windows\system32\Drivers\ksecpkg.sys [?]
R0 msisadrv;msisadrv;c:\windows\system32\drivers\msisadrv.sys --> c:\windows\system32\drivers\msisadrv.sys [?]
R0 pcw;Performance Counters for Windows Driver;c:\windows\system32\drivers\pcw.sys --> c:\windows\system32\drivers\pcw.sys [?]
R0 rdyboost;ReadyBoost;c:\windows\system32\drivers\rdyboost.sys --> c:\windows\system32\drivers\rdyboost.sys [?]
R0 spldr;Security Processor Loader Driver;c:\windows\system32\drivers\spldr.sys --> c:\windows\system32\drivers\spldr.sys [?]
R0 vdrvroot;Enumerator-Treiber für Microsoft Virtual Drive;c:\windows\system32\drivers\vdrvroot.sys --> c:\windows\system32\drivers\vdrvroot.sys [?]
R0 volmgr;Treiber für Volume-Manager;c:\windows\system32\drivers\volmgr.sys --> c:\windows\system32\drivers\volmgr.sys [?]
R0 volmgrx;Dynamischer Volume-Manager;c:\windows\system32\drivers\volmgrx.sys --> c:\windows\system32\drivers\volmgrx.sys [?]
R1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys --> c:\windows\system32\DRIVERS\avkmgr.sys [?]
R1 blbdrive;blbdrive;c:\windows\system32\DRIVERS\blbdrive.sys --> c:\windows\system32\DRIVERS\blbdrive.sys [?]
R1 DfsC;DFS Namespace Client Driver;c:\windows\system32\Drivers\dfsc.sys --> c:\windows\system32\Drivers\dfsc.sys [?]
R1 discache;System Attribute Cache;c:\windows\system32\drivers\discache.sys --> c:\windows\system32\drivers\discache.sys [?]
R1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys --> c:\windows\system32\DRIVERS\mwlPSDFilter.sys [?]
R1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys --> c:\windows\system32\DRIVERS\mwlPSDNServ.sys [?]
R1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys --> c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [?]
R1 nsiproxy;NSI proxy service driver.;c:\windows\system32\drivers\nsiproxy.sys --> c:\windows\system32\drivers\nsiproxy.sys [?]
R1 RDPENCDD;RDP Encoder Mirror Driver;c:\windows\system32\drivers\rdpencdd.sys --> c:\windows\system32\drivers\rdpencdd.sys [?]
R1 RDPREFMP;Reflector Display Driver used to gain access to graphics data;c:\windows\system32\drivers\rdprefmp.sys --> c:\windows\system32\drivers\rdprefmp.sys [?]
R1 SLEE_18_DRIVER;Steganos Live Encryption Engine 18 [Driver];c:\windows\SleeN1864.sys [24.07.2012 09:39 108648]
R1 tdx;NetIO-Legacy-TDI-Supporttreiber;c:\windows\system32\DRIVERS\tdx.sys --> c:\windows\system32\DRIVERS\tdx.sys [?]
R1 Wanarpv6;Remotezugriff-IPv6-ARP-Treiber;c:\windows\system32\DRIVERS\wanarp.sys --> c:\windows\system32\DRIVERS\wanarp.sys [?]
R1 WfpLwf;WFP Lightweight Filter;c:\windows\system32\DRIVERS\wfplwf.sys --> c:\windows\system32\DRIVERS\wfplwf.sys [?]
R2 acedrv11;acedrv11;\??\c:\windows\system32\drivers\acedrv11.sys --> c:\windows\system32\drivers\acedrv11.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe --> c:\windows\system32\atiesrxx.exe [?]
R2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [31.07.2013 11:41 440376]
R2 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avwebgrd.exe [31.07.2013 11:41 1011768]
R2 APNMCP;Ask Aktualisierungsdienst;c:\program files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [23.10.2013 20:52 166352]
R2 AudioEndpointBuilder;Windows-Audio-Endpunkterstellung;c:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [14.07.2009 00:19 20992]
R2 BFE;Basisfiltermodul;c:\windows\system32\svchost.exe -k LocalServiceNoNetwork [14.07.2009 00:19 20992]
R2 DPS;Diagnoserichtliniendienst;c:\windows\System32\svchost.exe -k LocalServiceNoNetwork [14.07.2009 00:19 20992]
R2 FontCache;Windows-Dienst für Schriftartencache;c:\windows\system32\svchost.exe -k LocalService [14.07.2009 00:19 20992]
R2 gpsvc;Gruppenrichtlinienclient;c:\windows\system32\svchost.exe -k GPSvcGroup [14.07.2009 00:19 20992]
R2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [28.08.2009 10:38 1150496]
R2 HWDeviceService64.exe;HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe [14.03.2011 16:27 346976]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage-Technologie;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [13.12.2012 11:06 7168]
R2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe --> c:\windows\system32\IProsetMonitor.exe [?]
R2 iphlpsvc;IP-Hilfsdienst;c:\windows\System32\svchost.exe -k NetSvcs [14.07.2009 00:19 20992]
R2 lltdio;Link-Layer Topology Discovery Mapper I/O Driver;c:\windows\system32\DRIVERS\lltdio.sys --> c:\windows\system32\DRIVERS\lltdio.sys [?]
R2 luafv;UAC-Dateivirtualisierung;c:\windows\system32\drivers\luafv.sys --> c:\windows\system32\drivers\luafv.sys [?]
R2 MMCSS;Multimediaklassenplaner;c:\windows\system32\svchost.exe -k netsvcs [14.07.2009 00:19 20992]
R2 MpsSvc;Windows-Firewall;c:\windows\system32\svchost.exe -k LocalServiceNoNetwork [14.07.2009 00:19 20992]
R2 NlaSvc;NLA (Network Location Awareness);c:\windows\System32\svchost.exe -k NetworkService [14.07.2009 00:19 20992]
R2 nsi;Netzwerkspeicher-Schnittstellendienst;c:\windows\system32\svchost.exe -k LocalService [14.07.2009 00:19 20992]
R2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [13.08.2009 00:04 62208]
R2 PcaSvc;Programmkompatibilitäts-Assistent-Dienst;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [14.07.2009 00:19 20992]
R2 PEAUTH;PEAUTH;c:\windows\system32\drivers\peauth.sys --> c:\windows\system32\drivers\peauth.sys [?]
R2 Power;Stromversorgung;c:\windows\system32\svchost.exe -k DcomLaunch [14.07.2009 00:19 20992]
R2 ProfSvc;Benutzerprofildienst;c:\windows\system32\svchost.exe -k netsvcs [14.07.2009 00:19 20992]
R2 RpcEptMapper;RPC-Endpunktzuordnung;c:\windows\system32\svchost.exe -k RPCSS [14.07.2009 00:19 20992]
R2 sppsvc;Software Protection;c:\windows\system32\sppsvc.exe --> c:\windows\system32\sppsvc.exe [?]
R2 SysMain;Superfetch;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [14.07.2009 00:19 20992]
R2 tcpipreg;TCP/IP Registry Compatibility;c:\windows\system32\drivers\tcpipreg.sys --> c:\windows\system32\drivers\tcpipreg.sys [?]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [10.12.2013 18:43 2409272]
R2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys --> c:\windows\system32\DRIVERS\TurboB.sys [?]
R2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [10.02.2010 16:54 2314240]
R2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [18.11.2009 22:54 240160]
R2 USBS3S4Detection;USBS3S4Detection;c:\oem\USBDECTION\USBS3S4Detection.exe [14.12.2009 03:19 76320]
R2 UxSms;Sitzungs-Manager für Desktopfenster-Manager;c:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [14.07.2009 00:19 20992]
R2 Wlansvc;Automatische WLAN-Konfiguration;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [14.07.2009 00:19 20992]
R3 1394ohci;OHCI-konformer 1394-Hostcontroller;c:\windows\system32\drivers\1394ohci.sys --> c:\windows\system32\drivers\1394ohci.sys [?]
R3 Appinfo;Anwendungsinformationen;c:\windows\system32\svchost.exe -k netsvcs [14.07.2009 00:19 20992]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys --> c:\windows\system32\drivers\AtihdW76.sys [?]
R3 BCMH43XX;Treiber für Broadcom 802.11-USB-Netzwerkadapter;c:\windows\system32\DRIVERS\bcmwlhigh664.sys --> c:\windows\system32\DRIVERS\bcmwlhigh664.sys [?]
R3 bowser;Browsersupporttreiber;c:\windows\system32\DRIVERS\bowser.sys --> c:\windows\system32\DRIVERS\bowser.sys [?]
R3 CompositeBus;Busenumeratortreiber für Verbundgeräte;c:\windows\system32\drivers\CompositeBus.sys --> c:\windows\system32\drivers\CompositeBus.sys [?]
R3 DXGKrnl;LDDM Graphics Subsystem;c:\windows\system32\drivers\dxgkrnl.sys --> c:\windows\system32\drivers\dxgkrnl.sys [?]
R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys --> c:\windows\system32\DRIVERS\e1k62x64.sys [?]
R3 fdPHost;Funktionssuchanbieter-Host;c:\windows\system32\svchost.exe -k LocalService [14.07.2009 00:19 20992]
R3 FDResPub;Funktionssuche-Ressourcenveröffentlichung;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [14.07.2009 00:19 20992]
R3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys --> c:\windows\system32\DRIVERS\HECIx64.sys [?]
R3 HomeGroupListener;Heimnetzgruppen-Listener;c:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [14.07.2009 00:19 20992]
R3 HomeGroupProvider;Heimnetzgruppen-Anbieter;c:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted [14.07.2009 00:19 20992]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys --> c:\windows\system32\DRIVERS\ew_jucdcacm.sys [?]
R3 huawei_cdcecm;huawei_cdcecm;c:\windows\system32\DRIVERS\ew_jucdcecm.sys --> c:\windows\system32\DRIVERS\ew_jucdcecm.sys [?]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys --> c:\windows\system32\DRIVERS\ew_jubusenum.sys [?]
R3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys --> c:\windows\system32\DRIVERS\ew_juextctrl.sys [?]
R3 KeyIso;CNG-Schlüsselisolation;c:\windows\system32\lsass.exe --> c:\windows\system32\lsass.exe [?]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys --> c:\windows\system32\drivers\LGBusEnum.sys [?]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys --> c:\windows\system32\drivers\LGVirHid.sys [?]
R3 monitor;Microsoft Monitor-Klassenfunktionstreiber-Dienst;c:\windows\system32\DRIVERS\monitor.sys --> c:\windows\system32\DRIVERS\monitor.sys [?]
R3 mpsdrv;Windows-Firewallautorisierungstreiber;c:\windows\system32\drivers\mpsdrv.sys --> c:\windows\system32\drivers\mpsdrv.sys [?]
R3 mrxsmb10;SMB 1.x-Miniredirector;c:\windows\system32\DRIVERS\mrxsmb10.sys --> c:\windows\system32\DRIVERS\mrxsmb10.sys [?]
R3 mrxsmb20;SMB 2.0-Miniredirector;c:\windows\system32\DRIVERS\mrxsmb20.sys --> c:\windows\system32\DRIVERS\mrxsmb20.sys [?]
R3 NativeWifiP;NativeWiFi Filter;c:\windows\system32\DRIVERS\nwifi.sys --> c:\windows\system32\DRIVERS\nwifi.sys [?]
R3 netprofm;Netzwerklistendienst;c:\windows\System32\svchost.exe -k LocalService [14.07.2009 00:19 20992]
R3 RasAgileVpn;WAN Miniport (IKEv2);c:\windows\system32\DRIVERS\AgileVpn.sys --> c:\windows\system32\DRIVERS\AgileVpn.sys [?]
R3 SDRSVC;Windows-Sicherung;c:\windows\system32\svchost.exe -k SDRSVC [14.07.2009 00:19 20992]
R3 srv2;Server-SMB-Treiber 2.xxx;c:\windows\system32\DRIVERS\srv2.sys --> c:\windows\system32\DRIVERS\srv2.sys [?]
R3 srvnet;srvnet;c:\windows\system32\DRIVERS\srvnet.sys --> c:\windows\system32\DRIVERS\srvnet.sys [?]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [19.09.2012 10:50 11880]
R3 tunnel;Microsoft-Tunnelminiport-Adaptertreiber;c:\windows\system32\DRIVERS\tunnel.sys --> c:\windows\system32\DRIVERS\tunnel.sys [?]
R3 umbus;UMBusenumerator-Treiber;c:\windows\system32\drivers\umbus.sys --> c:\windows\system32\drivers\umbus.sys [?]
R3 vwifibus;Virtueller WiFi-Bustreiber;c:\windows\system32\DRIVERS\vwifibus.sys --> c:\windows\system32\DRIVERS\vwifibus.sys [?]
R3 WdiServiceHost;Diagnosediensthost;c:\windows\System32\svchost.exe -k LocalService [14.07.2009 00:19 20992]
R3 WdiSystemHost;Diagnosesystemhost;c:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [14.07.2009 00:19 20992]
R3 WPDBusEnum;Enumeratordienst für tragbare Geräte;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [14.07.2009 00:19 20992]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [11.09.2013 19:39 124088]
S3 AcpiPmi;ACPI-Energieanzeigetreiber;c:\windows\system32\drivers\acpipmi.sys --> c:\windows\system32\drivers\acpipmi.sys [?]
S3 adp94xx;adp94xx;c:\windows\system32\DRIVERS\adp94xx.sys --> c:\windows\system32\DRIVERS\adp94xx.sys [?]
S3 adpahci;adpahci;c:\windows\system32\DRIVERS\adpahci.sys --> c:\windows\system32\DRIVERS\adpahci.sys [?]
S3 amdsata;amdsata;c:\windows\system32\drivers\amdsata.sys --> c:\windows\system32\drivers\amdsata.sys [?]
S3 amdsbs;amdsbs;c:\windows\system32\DRIVERS\amdsbs.sys --> c:\windows\system32\DRIVERS\amdsbs.sys [?]
S3 AppID;Anwendungs-ID-Treiber;c:\windows\system32\drivers\appid.sys --> c:\windows\system32\drivers\appid.sys [?]
S3 AppIDSvc;Anwendungsidentität;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [14.07.2009 00:19 20992]
S3 arcsas;arcsas;c:\windows\system32\DRIVERS\arcsas.sys --> c:\windows\system32\DRIVERS\arcsas.sys [?]
S3 b06bdrv;Broadcom NetXtreme II VBD;c:\windows\system32\DRIVERS\bxvbda.sys --> c:\windows\system32\DRIVERS\bxvbda.sys [?]
S3 b57nd60a;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60a.sys --> c:\windows\system32\DRIVERS\b57nd60a.sys [?]
S3 BDESVC;BitLocker-Laufwerkverschlüsselungsdienst;c:\windows\System32\svchost.exe -k netsvcs [14.07.2009 00:19 20992]
S3 BrFiltLo;Brother USB Mass-Storage Lower Filter Driver;c:\windows\system32\DRIVERS\BrFiltLo.sys --> c:\windows\system32\DRIVERS\BrFiltLo.sys [?]
S3 BrFiltUp;Brother USB Mass-Storage Upper Filter Driver;c:\windows\system32\DRIVERS\BrFiltUp.sys --> c:\windows\system32\DRIVERS\BrFiltUp.sys [?]
S3 Brserid;Brother MFC Serial Port Interface Driver (WDM);c:\windows\system32\Drivers\Brserid.sys --> c:\windows\system32\Drivers\Brserid.sys [?]
S3 BrSerWdm;Brother WDM Serial driver;c:\windows\system32\Drivers\BrSerWdm.sys --> c:\windows\system32\Drivers\BrSerWdm.sys [?]
S3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\system32\Drivers\BrUsbMdm.sys --> c:\windows\system32\Drivers\BrUsbMdm.sys [?]
S3 CertPropSvc;Zertifikatverteilung;c:\windows\system32\svchost.exe -k netsvcs [14.07.2009 00:19 20992]
S3 circlass;Consumer IR Devices;c:\windows\system32\DRIVERS\circlass.sys --> c:\windows\system32\DRIVERS\circlass.sys [?]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;c:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [13.07.2009 21:37 89920]
S3 defragsvc;Defragmentierung;c:\windows\system32\svchost.exe -k defragsvc [14.07.2009 00:19 20992]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys --> c:\windows\system32\DRIVERS\ssudbus.sys [?]
S3 ebdrv;Broadcom NetXtreme II 10 GigE VBD;c:\windows\system32\DRIVERS\evbda.sys --> c:\windows\system32\DRIVERS\evbda.sys [?]
S3 elanmouf;Elan 4D Mouse Filter Driver;c:\windows\system32\DRIVERS\elanmouf.sys --> c:\windows\system32\DRIVERS\elanmouf.sys [?]
S3 elxstor;elxstor;c:\windows\system32\DRIVERS\elxstor.sys --> c:\windows\system32\DRIVERS\elxstor.sys [?]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys --> c:\windows\system32\DRIVERS\ew_hwusbdev.sys [?]
S3 Filetrace;Filetrace;c:\windows\system32\drivers\filetrace.sys --> c:\windows\system32\drivers\filetrace.sys [?]
S3 FsDepends;File System Dependency Minifilter;c:\windows\system32\drivers\FsDepends.sys --> c:\windows\system32\drivers\FsDepends.sys [?]
S3 hcw85cir;Hauppauge Consumer Infrared Receiver;c:\windows\system32\drivers\hcw85cir.sys --> c:\windows\system32\drivers\hcw85cir.sys [?]
S3 HpSAMD;HpSAMD;c:\windows\system32\drivers\HpSAMD.sys --> c:\windows\system32\drivers\HpSAMD.sys [?]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe /V --> c:\windows\system32\IEEtwCollector.exe  [?]
S3 IKEEXT;IKE- und AuthIP IPsec-Schlüsselerstellungsmodule;c:\windows\system32\svchost.exe -k netsvcs [14.07.2009 00:19 20992]
S3 IPBusEnum;PnP-X-IP-Busenumerator;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [14.07.2009 00:19 20992]
S3 IPMIDRV;IPMIDRV;c:\windows\system32\drivers\IPMIDrv.sys --> c:\windows\system32\drivers\IPMIDrv.sys [?]
S3 iScsiPrt;iScsiPort-Treiber;c:\windows\system32\drivers\msiscsi.sys --> c:\windows\system32\drivers\msiscsi.sys [?]
S3 KtmRm;KtmRm für Distributed Transaction Coordinator;c:\windows\System32\svchost.exe -k NetworkServiceAndNoImpersonation [14.07.2009 00:19 20992]
S3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;c:\windows\system32\DRIVERS\LGSHidFilt.Sys --> c:\windows\system32\DRIVERS\LGSHidFilt.Sys [?]
S3 lltdsvc;Verbindungsschicht-Topologieerkennungs-Zuordnungsprogramm;c:\windows\System32\svchost.exe -k LocalService [14.07.2009 00:19 20992]
S3 LSI_FC;LSI_FC;c:\windows\system32\DRIVERS\lsi_fc.sys --> c:\windows\system32\DRIVERS\lsi_fc.sys [?]
S3 LSI_SAS;LSI_SAS;c:\windows\system32\DRIVERS\lsi_sas.sys --> c:\windows\system32\DRIVERS\lsi_sas.sys [?]
S3 LSI_SAS2;LSI_SAS2;c:\windows\system32\DRIVERS\lsi_sas2.sys --> c:\windows\system32\DRIVERS\lsi_sas2.sys [?]
S3 LSI_SCSI;LSI_SCSI;c:\windows\system32\DRIVERS\lsi_scsi.sys --> c:\windows\system32\DRIVERS\lsi_scsi.sys [?]
S3 megasas;megasas;c:\windows\system32\DRIVERS\megasas.sys --> c:\windows\system32\DRIVERS\megasas.sys [?]
S3 mpio;Microsoft Multipfad-Bustreiber;c:\windows\system32\drivers\mpio.sys --> c:\windows\system32\drivers\mpio.sys [?]
S3 msahci;msahci;c:\windows\system32\drivers\msahci.sys --> c:\windows\system32\drivers\msahci.sys [?]
S3 msdsm;Microsoft Multipfadgeräte-spezifisches Modul;c:\windows\system32\drivers\msdsm.sys --> c:\windows\system32\drivers\msdsm.sys [?]
S3 mshidkmdf;Pass-through HID to KMDF Filter Driver;c:\windows\system32\drivers\mshidkmdf.sys --> c:\windows\system32\drivers\mshidkmdf.sys [?]
S3 MSiSCSI;Microsoft iSCSI-Initiator-Dienst;c:\windows\system32\svchost.exe -k netsvcs [14.07.2009 00:19 20992]
S3 MsRPC;MsRPC;c:\windows\system32\drivers\MsRPC.sys --> c:\windows\system32\drivers\MsRPC.sys [?]
S3 MTConfig;Microsoft Input Configuration Driver;c:\windows\system32\DRIVERS\MTConfig.sys --> c:\windows\system32\DRIVERS\MTConfig.sys [?]
S3 NdisCap;NDIS Capture LightWeight Filter;c:\windows\system32\DRIVERS\ndiscap.sys --> c:\windows\system32\DRIVERS\ndiscap.sys [?]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys --> c:\windows\system32\DRIVERS\netaapl64.sys [?]
S3 nfrd960;nfrd960;c:\windows\system32\DRIVERS\nfrd960.sys --> c:\windows\system32\DRIVERS\nfrd960.sys [?]
S3 nvstor;nvstor;c:\windows\system32\drivers\nvstor.sys --> c:\windows\system32\drivers\nvstor.sys [?]
S3 PerfHost;Leistungsindikator-DLL-Host;c:\windows\SysWOW64\perfhost.exe [14.07.2009 00:11 20992]
S3 pla;Leistungsprotokolle und -warnungen;c:\windows\System32\svchost.exe -k LocalServiceNoNetwork [14.07.2009 00:19 20992]
S3 PNRPAutoReg;PNRP-Computernamenveröffentlichungs-Dienst;c:\windows\System32\svchost.exe -k LocalServicePeerNet [14.07.2009 00:19 20992]
S3 ql2300;ql2300;c:\windows\system32\DRIVERS\ql2300.sys --> c:\windows\system32\DRIVERS\ql2300.sys [?]
S3 ql40xx;ql40xx;c:\windows\system32\DRIVERS\ql40xx.sys --> c:\windows\system32\DRIVERS\ql40xx.sys [?]
S3 rdpbus;Remote Desktop Device Redirector Bus Driver;c:\windows\system32\DRIVERS\rdpbus.sys --> c:\windows\system32\DRIVERS\rdpbus.sys [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys --> c:\windows\system32\drivers\rdpvideominiport.sys [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys --> c:\windows\system32\Drivers\RtsUStor.sys [?]
S3 scfilter;Filtertreiber für Smartcards der Plug & Play-Klasse;c:\windows\system32\DRIVERS\scfilter.sys --> c:\windows\system32\DRIVERS\scfilter.sys [?]
S3 SCPolicySvc;Richtlinie zum Entfernen der Scmartcard;c:\windows\system32\svchost.exe -k netsvcs [14.07.2009 00:19 20992]
S3 SensrSvc;Adaptive Helligkeit;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [14.07.2009 00:19 20992]
S3 sffp_mmc;SFF-Speicherprotokolltreiber für MMC;c:\windows\system32\drivers\sffp_mmc.sys --> c:\windows\system32\drivers\sffp_mmc.sys [?]
S3 SiSRaid4;SiSRaid4;c:\windows\system32\DRIVERS\sisraid4.sys --> c:\windows\system32\DRIVERS\sisraid4.sys [?]
S3 Smb;Nachrichtenorientiertes TCP/IP- und TCP/IPv6-Protokoll (SMB-Sitzung);c:\windows\system32\DRIVERS\smb.sys --> c:\windows\system32\DRIVERS\smb.sys [?]
S3 sppuinotify;SPP-Benachrichtigungsdienst;c:\windows\system32\svchost.exe -k LocalService [14.07.2009 00:19 20992]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys --> c:\windows\system32\DRIVERS\ssudmdm.sys [?]
S3 stexstor;stexstor;c:\windows\system32\DRIVERS\stexstor.sys --> c:\windows\system32\DRIVERS\stexstor.sys [?]
S3 TabletInputService;Tablet PC-Eingabedienst;c:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [14.07.2009 00:19 20992]
S3 TBS;TPM-Basisdienste;c:\windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [14.07.2009 00:19 20992]
S3 THREADORDER;Server für Threadsortierung;c:\windows\system32\svchost.exe -k LocalService [14.07.2009 00:19 20992]
S3 TrojanKillerDriver;GridinSoft Trojan Killer Driver;c:\windows\system32\DRIVERS\gtkdrv.sys --> c:\windows\system32\DRIVERS\gtkdrv.sys [?]
S3 TrustedInstaller;Windows Modules Installer;c:\windows\servicing\TrustedInstaller.exe [25.02.2011 16:35 194048]
S3 tssecsrv;Remote Desktop Services Security Filter Driver;c:\windows\system32\DRIVERS\tssecsrv.sys --> c:\windows\system32\DRIVERS\tssecsrv.sys [?]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys --> c:\windows\system32\drivers\tsusbflt.sys [?]
S3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [06.08.2009 14:17 118672]
S3 UI0Detect;Erkennung interaktiver Dienste;c:\windows\system32\UI0Detect.exe --> c:\windows\system32\UI0Detect.exe [?]
S3 uliagpkx;Uli AGP-Bus-Filter;c:\windows\system32\drivers\uliagpkx.sys --> c:\windows\system32\drivers\uliagpkx.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys --> c:\windows\system32\Drivers\usbaapl64.sys [?]
S3 usbcir;eHome-Infrarotempfänger (USBCIR);c:\windows\system32\drivers\usbcir.sys --> c:\windows\system32\drivers\usbcir.sys [?]
S3 VaultSvc;Anmeldeinformationsverwaltung;c:\windows\system32\lsass.exe --> c:\windows\system32\lsass.exe [?]
S3 vhdmp;vhdmp;c:\windows\system32\drivers\vhdmp.sys --> c:\windows\system32\drivers\vhdmp.sys [?]
S3 vsmraid;vsmraid;c:\windows\system32\DRIVERS\vsmraid.sys --> c:\windows\system32\DRIVERS\vsmraid.sys [?]
S3 WacomPen;Wacom Serial Pen HID Driver;c:\windows\system32\DRIVERS\wacompen.sys --> c:\windows\system32\DRIVERS\wacompen.sys [?]
S3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe --> c:\windows\system32\Wat\WatAdminSvc.exe [?]
S3 wbengine;Blockebenen-Sicherungsmodul;"c:\windows\system32\wbengine.exe" --> c:\windows\system32\wbengine.exe [?]
S3 WbioSrvc;Windows-Biometriedienst;c:\windows\system32\svchost.exe -k WbioSvcGroup [14.07.2009 00:19 20992]
S3 wcncsvc;Windows-Sofortverbindung - Konfigurationsregistrierungsstelle;c:\windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [14.07.2009 00:19 20992]
S3 WcsPlugInService;Windows-Farbsystem;c:\windows\system32\svchost.exe -k wcssvc [14.07.2009 00:19 20992]
S3 Wd;Wd;c:\windows\system32\DRIVERS\wd.sys --> c:\windows\system32\DRIVERS\wd.sys [?]
S3 Wecsvc;Windows-Ereignissammlung;c:\windows\system32\svchost.exe -k NetworkService [14.07.2009 00:19 20992]
S3 wercplsupport;Unterstützung in der Systemsteuerung unter Lösungen für Probleme;c:\windows\System32\svchost.exe -k netsvcs [14.07.2009 00:19 20992]
S3 WerSvc;Windows-Fehlerberichterstattungsdienst;c:\windows\System32\svchost.exe -k WerSvcGroup [14.07.2009 00:19 20992]
S3 WIMMount;WIMMount;c:\windows\System32\drivers\wimmount.sys [14.07.2009 00:17 19008]
S3 WinDefend;Windows Defender;c:\windows\System32\svchost.exe -k secsvcs [14.07.2009 00:19 20992]
S3 WPCSvc;Parental Controls;c:\windows\system32\svchost.exe -k LocalServiceNetworkRestricted [14.07.2009 00:19 20992]
S3 WwanSvc;WWAN - automatische Konfiguration;c:\windows\system32\svchost.exe -k LocalServiceNoNetwork [14.07.2009 00:19 20992]
S4 Mcx2Svc;Media Center Extender-Dienst;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [14.07.2009 00:19 20992]
S4 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe [10.09.2009 14:42 305448]
S4 watchmi;watchmi service;c:\program files (x86)\watchmi\TvdService.exe [31.01.2012 11:24 70144]
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork        REG_MULTI_SZ          PLA
LocalServiceAndNoImpersonation        REG_MULTI_SZ          SSDPSRV upnphost SCardSvr TBS QWAVE wcncsvc
DcomLaunch        REG_MULTI_SZ          Power PlugPlay DcomLaunch
wcssvc        REG_MULTI_SZ          WcsPlugInService
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
NETSVCS BENÖTIGT REPARATUR - Derzeitig vorhandene Einträge:
AeLookupSvc
CertPropSvc
SCPolicySvc
lanmanserver
gpsvc
FastUserSwitchingCompatibility
Ias
Irmon
Nla
Ntmssvc
NWCWorkstation
Nwsapagent
Rasauto
Rasman
Remoteaccess
SENS
Sharedaccess
SRService
Tapisrv
Wmi
WmdmPmSp
TermService
wuauserv
BITS
ShellHWDetection
LogonHours
PCAudit
helpsvc
uploadmgr
iphlpsvc
msiscsi
schedule
winmgmt
.
Rebuilding ... You need to reboot your machine for this to take effect.
.
eventsystem
iprip
netman
wzcsvc
ip6fwhlp
WmdmPmSN
UxTuneUp
Appinfo
BDESVC
Browser
EapHost
hkmsvc
IKEEXT
MMCSS
ProfSvc
seclogon
Themes
wercplsupport
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
2009-07-14 01:14        278528        ----a-w-        c:\windows\System32\unregmp2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
2009-07-14 01:14        44544        ----a-w-        c:\windows\SysWOW64\rundll32.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-01-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 06:23]
.
2014-01-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-27 17:30]
.
2014-01-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-27 17:30]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = https://www.google.at/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {{07BA1DA9-F501-4796-8728-74D1B91A6CD5} - c:\program files (x86)\PokerStars.EU\PokerStarsUpdate.exe
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ae8kv44d.default\
FF - prefs.js: browser.startup.homepage - hxxp://google.at/
FF - ExtSQL: 2013-11-17 02:52; xz123@ya456.com; c:\program files (x86)\BetterSurf\ff
FF - ExtSQL: 2013-11-26 02:52; 12x3q@3244516.com; c:\program files (x86)\Better-Surf\ff
.
.
------- Dateityp-Verknüpfung -------
.
inffile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
VBEFile=%SystemRoot%\SysWow64\WScript.exe "%1" %*
VBSFile=%SystemRoot%\SysWow64\WScript.exe "%1" %*
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
SafeBoot-mcmscsvc
SafeBoot-MCODS
SafeBoot-sacsvr
SafeBoot-vmms
HKLM_ActiveSetup-{44BBA840-CC51-11CF-AAFA-00AA00B6015C} - c:\program files (x86)\Windows Mail\WinMail.exe OCInstallUserConfigOE
AddRemove-EA Download Manager - k:\spiele\Electronic Arts\EADM\EADMUninstall.exe
AddRemove-{1a413f37-ed88-4fec-9666-5c48dc4b7bb7} - c:\program files (x86)\GreenTree Applications\YTD Video Downloader\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2014-01-12 01:10
Windows 6.1.7601 Service Pack 1 WOW64 NTFS
.
detected NTDLL code modification:
ZwEnumerateKey 0 != 47, ZwQueryKey 0 != 19, ZwOpenKey 0 != 15, ZwClose 0 != 12, ZwEnumerateValueKey 0 != 16, ZwQueryValueKey 0 != 20, ZwOpenFile 0 != 48, ZwQueryDirectoryFile 0 != 50, ZwQuerySystemInformation 0 != 51Initialization error
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2014-01-12 01:10
Windows 6.1.7601 Service Pack 1 WOW64 NTFS
.
detected NTDLL code modification:
ZwEnumerateKey 0 != 47, ZwQueryKey 0 != 19, ZwOpenKey 0 != 15, ZwClose 0 != 12, ZwEnumerateValueKey 0 != 16, ZwQueryValueKey 0 != 20, ZwOpenFile 0 != 48, ZwQueryDirectoryFile 0 != 50, ZwQuerySystemInformation 0 != 51Initialization error
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2014-01-12 01:10
Windows 6.1.7601 Service Pack 1 WOW64 NTFS
.
detected NTDLL code modification:
ZwEnumerateKey 0 != 47, ZwQueryKey 0 != 19, ZwOpenKey 0 != 15, ZwClose 0 != 12, ZwEnumerateValueKey 0 != 16, ZwQueryValueKey 0 != 20, ZwOpenFile 0 != 48, ZwQueryDirectoryFile 0 != 50, ZwQuerySystemInformation 0 != 51Initialization error
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2014-01-12 01:10
Windows 6.1.7601 Service Pack 1 WOW64 NTFS
.
detected NTDLL code modification:
ZwEnumerateKey 0 != 47, ZwQueryKey 0 != 19, ZwOpenKey 0 != 15, ZwClose 0 != 12, ZwEnumerateValueKey 0 != 16, ZwQueryValueKey 0 != 20, ZwOpenFile 0 != 48, ZwQueryDirectoryFile 0 != 50, ZwQuerySystemInformation 0 != 51Initialization error
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2014-01-12 01:10
Windows 6.1.7601 Service Pack 1 WOW64 NTFS
.
detected NTDLL code modification:
ZwEnumerateKey 0 != 47, ZwQueryKey 0 != 19, ZwOpenKey 0 != 15, ZwClose 0 != 12, ZwEnumerateValueKey 0 != 16, ZwQueryValueKey 0 != 20, ZwOpenFile 0 != 48, ZwQueryDirectoryFile 0 != 50, ZwQuerySystemInformation 0 != 51Initialization error
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2014-01-12 01:10
Windows 6.1.7601 Service Pack 1 WOW64 NTFS
.
detected NTDLL code modification:
ZwEnumerateKey 0 != 47, ZwQueryKey 0 != 19, ZwOpenKey 0 != 15, ZwClose 0 != 12, ZwEnumerateValueKey 0 != 16, ZwQueryValueKey 0 != 20, ZwOpenFile 0 != 48, ZwQueryDirectoryFile 0 != 50, ZwQuerySystemInformation 0 != 51Initialization error
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2014-01-12 01:10
Windows 6.1.7601 Service Pack 1 WOW64 NTFS
.
detected NTDLL code modification:
ZwEnumerateKey 0 != 47, ZwQueryKey 0 != 19, ZwOpenKey 0 != 15, ZwClose 0 != 12, ZwEnumerateValueKey 0 != 16, ZwQueryValueKey 0 != 20, ZwOpenFile 0 != 48, ZwQueryDirectoryFile 0 != 50, ZwQuerySystemInformation 0 != 51Initialization error
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2014-01-12 01:10
Windows 6.1.7601 Service Pack 1 WOW64 NTFS
.
detected NTDLL code modification:
ZwEnumerateKey 0 != 47, ZwQueryKey 0 != 19, ZwOpenKey 0 != 15, ZwClose 0 != 12, ZwEnumerateValueKey 0 != 16, ZwQueryValueKey 0 != 20, ZwOpenFile 0 != 48, ZwQueryDirectoryFile 0 != 50, ZwQuerySystemInformation 0 != 51Initialization error
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2014-01-12 01:10
Windows 6.1.7601 Service Pack 1 WOW64 NTFS
.
detected NTDLL code modification:
ZwEnumerateKey 0 != 47, ZwQueryKey 0 != 19, ZwOpenKey 0 != 15, ZwClose 0 != 12, ZwEnumerateValueKey 0 != 16, ZwQueryValueKey 0 != 20, ZwOpenFile 0 != 48, ZwQueryDirectoryFile 0 != 50, ZwQuerySystemInformation 0 != 51Initialization error
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2014-01-12 01:10
Windows 6.1.7601 Service Pack 1 WOW64 NTFS
.
detected NTDLL code modification:
ZwEnumerateKey 0 != 47, ZwQueryKey 0 != 19, ZwOpenKey 0 != 15, ZwClose 0 != 12, ZwEnumerateValueKey 0 != 16, ZwQueryValueKey 0 != 20, ZwOpenFile 0 != 48, ZwQueryDirectoryFile 0 != 50, ZwQuerySystemInformation 0 != 51Initialization error
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2014-01-12 01:10
Windows 6.1.7601 Service Pack 1 WOW64 NTFS
.
detected NTDLL code modification:
ZwEnumerateKey 0 != 47, ZwQueryKey 0 != 19, ZwOpenKey 0 != 15, ZwClose 0 != 12, ZwEnumerateValueKey 0 != 16, ZwQueryValueKey 0 != 20, ZwOpenFile 0 != 48, ZwQueryDirectoryFile 0 != 50, ZwQuerySystemInformation 0 != 51Initialization error
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien:
.
**************************************************************************
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Windows Media Player\wmplayer.exe
c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-01-12  01:16:48 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2014-01-12 00:16
.
Vor Suchlauf: 18 Verzeichnis(se), 145.007.407.104 Bytes frei
Nach Suchlauf: 26 Verzeichnis(se), 144.343.670.784 Bytes frei
.
- - End Of File - - 52F9A404E754492E1880CF9EBFEA601B

aharonov 12.01.2014 01:50
Das hat nicht wirklich gut geklappt..


Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

antifa 12.01.2014 03:22
Hi aharonov!

So weit so gut.

Frei nach Trappatoni Habe Fertig! :abklatsch:

Den Ausdruck deiner Signatur kenne ich nur aus England und finde sie daher sehr symphatisch!

So long
cheers!
Peter



Code:
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1008

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.16476

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, G:\ DRIVE_FIXED
CPU speed: 2.660000 GHz
Memory total: 4252041216, free: 2125905920

Downloaded database version: v2014.01.11.07
Downloaded database version: v2013.12.18.01
Initializing...
======================
------------ Kernel report ------------
    01/12/2014 02:05:09
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\DRIVERS\jraid.sys
\SystemRoot\system32\DRIVERS\SCSIPORT.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\iaStorV.sys
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\DRIVERS\iaStorA.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\system32\DRIVERS\iaStorF.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\mwlPSDFilter.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\??\C:\Windows\Sleen1864.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mwlPSDVDisk.sys
\SystemRoot\system32\DRIVERS\mwlPSDNServ.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\avkmgr.sys
\SystemRoot\system32\DRIVERS\avipbb.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\DRIVERS\e1k62x64.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\drivers\1394ohci.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\??\C:\Windows\system32\drivers\UBHelper.sys
\??\C:\Windows\system32\drivers\NTIDrvr.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\drivers\LGBusEnum.sys
\SystemRoot\system32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\ew_jubusenum.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\AtihdW76.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\AF15BDA.sys
\SystemRoot\system32\DRIVERS\BdaSup.SYS
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\udfs.sys
\SystemRoot\system32\DRIVERS\bcmwlhigh664.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\drivers\hidusb.sys
\SystemRoot\system32\drivers\HIDCLASS.SYS
\SystemRoot\system32\drivers\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\ew_jucdcacm.sys
\SystemRoot\system32\DRIVERS\ew_jucdcecm.sys
\SystemRoot\system32\DRIVERS\ew_juextctrl.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\Drivers\dump_iaStorA.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\avgntflt.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\DRIVERS\TurboB.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\??\C:\Windows\system32\drivers\acedrv11.sys
\SystemRoot\system32\DRIVERS\atksgt.sys
\SystemRoot\system32\DRIVERS\lirsgt.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\??\C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\system32\drivers\LGVirHid.sys
\??\C:\Windows\system32\Drivers\PROCEXP113.SYS
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\normaliz.dll
\Windows\System32\Wldap32.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk7\DR7
Upper Device Object: 0xfffffa800bb5b790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000009a\
Lower Device Object: 0xfffffa800b901b60
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk6\DR6
Upper Device Object: 0xfffffa800be96060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000098\
Lower Device Object: 0xfffffa800b8ddb60
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk5\DR5
Upper Device Object: 0xfffffa800bea8060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000097\
Lower Device Object: 0xfffffa800b8dcb60
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk4\DR4
Upper Device Object: 0xfffffa800bd6b790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000096\
Lower Device Object: 0xfffffa800b8d6b60
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk3\DR3
Upper Device Object: 0xfffffa800bd41790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000095\
Lower Device Object: 0xfffffa800b8d2b60
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR2
Upper Device Object: 0xfffffa800bd3f790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000094\
Lower Device Object: 0xfffffa800b8d7b60
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa800b9ab790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000084\
Lower Device Object: 0xfffffa800b7e4b60
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8004e4e060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000074\
Lower Device Object: 0xfffffa8004b11530
Lower Device Driver Name: \Driver\iaStorA\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8004e4e060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8004e4eb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8004e4e060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8004cebc20, DeviceName: Unknown, DriverName: \Driver\iaStorF\
DevicePointer: 0xfffffa8004bec7a0, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa8004b11530, DeviceName: \Device\00000074\, DriverName: \Driver\iaStorA\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: C5BA9D19

Partition information:

    Partition 0 type is Other (0x27)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048  Numsec = 29360128

    Partition 1 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 29362176  Numsec = 204800
    Partition is not bootable

    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 29566976  Numsec = 961441792

    Partition 3 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 991008768  Numsec = 962512896

Disk Size: 1000204886016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1953505168-1953525168)...
Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa800b9ab790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800b9feb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800b9ab790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800b7e3c50, DeviceName: Unknown, DriverName: \Driver\iaStorF\
DevicePointer: 0xfffffa800b7e4b60, DeviceName: \Device\00000084\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 27E9BFE8

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 63  Numsec = 2930272002

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 1500301910016 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 0
Drive: 2, DevicePointer: 0xfffffa800bd3f790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800b8dbb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800bd3f790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800b8a9c50, DeviceName: Unknown, DriverName: \Driver\iaStorF\
DevicePointer: 0xfffffa800b8d7b60, DeviceName: \Device\00000094\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 3, DevicePointer: 0xfffffa800bd41790, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800b8dfb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800bd41790, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800b1f3040, DeviceName: Unknown, DriverName: \Driver\iaStorF\
DevicePointer: 0xfffffa800b8d2b60, DeviceName: \Device\00000095\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 4, DevicePointer: 0xfffffa800bd6b790, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800b8deb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800bd6b790, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800b8c2c50, DeviceName: Unknown, DriverName: \Driver\iaStorF\
DevicePointer: 0xfffffa800b8d6b60, DeviceName: \Device\00000096\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 5, DevicePointer: 0xfffffa800bea8060, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800bea8b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800bea8060, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800b8dac50, DeviceName: Unknown, DriverName: \Driver\iaStorF\
DevicePointer: 0xfffffa800b8dcb60, DeviceName: \Device\00000097\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 6, DevicePointer: 0xfffffa800be96060, DeviceName: \Device\Harddisk6\DR6\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800be96b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800be96060, DeviceName: \Device\Harddisk6\DR6\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800b8e0c50, DeviceName: Unknown, DriverName: \Driver\iaStorF\
DevicePointer: 0xfffffa800b8ddb60, DeviceName: \Device\00000098\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 7, DevicePointer: 0xfffffa800bb5b790, DeviceName: \Device\Harddisk7\DR7\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800b8b6b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800bb5b790, DeviceName: \Device\Harddisk7\DR7\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800b8fec50, DeviceName: Unknown, DriverName: \Driver\iaStorF\
DevicePointer: 0xfffffa800b901b60, DeviceName: \Device\0000009a\, DriverName: \Driver\USBSTOR\
------------ End ----------
Infected: C:\ProgramData\7g13.dat --> [Trojan.FakeMS]
Infected: C:\Users\User\AppData\Roaming\skype.dat --> [Trojan.Ransom.Gend]
Infected: C:\Users\User\AppData\Local\{250af3ee-cb75-2e9b-3f50-c4e07a8074a8}\U\00000008.@ --> [Trojan.Dropper.BCMiner]
Infected: C:\Users\User\AppData\Local\{250af3ee-cb75-2e9b-3f50-c4e07a8074a8}\U\000000cb.@ --> [Rootkit.0Access]
Scan finished
Creating System Restore point...
Cleaning up...
Executing an action fixdamage.exe...
Success!
Queuing an action fixdamage.exe
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_1_29362176_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_1_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_1_r.mbam...
Removal finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1008

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.16476

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, G:\ DRIVE_FIXED
CPU speed: 2.660000 GHz
Memory total: 4252041216, free: 2952466432

=======================================
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1008

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.16476

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, G:\ DRIVE_FIXED
CPU speed: 2.660000 GHz
Memory total: 4252041216, free: 2712342528

Downloaded database version: v2014.01.11.07
Downloaded database version: v2013.12.18.01
=======================================
Initializing...
------------ Kernel report ------------
    01/12/2014 02:31:04
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\imofugc.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\DRIVERS\jraid.sys
\SystemRoot\system32\DRIVERS\SCSIPORT.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\iaStorV.sys
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\DRIVERS\iaStorA.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\system32\DRIVERS\iaStorF.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\mwlPSDFilter.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\??\C:\Windows\Sleen1864.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mwlPSDVDisk.sys
\SystemRoot\system32\DRIVERS\mwlPSDNServ.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\avkmgr.sys
\SystemRoot\system32\DRIVERS\avipbb.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\DRIVERS\e1k62x64.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\drivers\1394ohci.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\??\C:\Windows\system32\drivers\UBHelper.sys
\??\C:\Windows\system32\drivers\NTIDrvr.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\drivers\LGBusEnum.sys
\SystemRoot\system32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\ew_jubusenum.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\AtihdW76.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\drivers\hidusb.sys
\SystemRoot\system32\drivers\HIDCLASS.SYS
\SystemRoot\system32\drivers\HIDPARSE.SYS
\SystemRoot\system32\drivers\USBD.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\AF15BDA.sys
\SystemRoot\system32\DRIVERS\BdaSup.SYS
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\udfs.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\bcmwlhigh664.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\ew_jucdcacm.sys
\SystemRoot\system32\DRIVERS\ew_jucdcecm.sys
\SystemRoot\system32\DRIVERS\ew_juextctrl.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_iaStorA.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\avgntflt.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\DRIVERS\TurboB.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\??\C:\Windows\system32\drivers\acedrv11.sys
\SystemRoot\system32\DRIVERS\atksgt.sys
\SystemRoot\system32\DRIVERS\lirsgt.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\??\C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\system32\drivers\LGVirHid.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\lpk.dll
\Windows\System32\wininet.dll
\Windows\System32\urlmon.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk7\DR7
Upper Device Object: 0xfffffa800bde8790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000009e\
Lower Device Object: 0xfffffa800b92eb60
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk6\DR6
Upper Device Object: 0xfffffa800bc02790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000094\
Lower Device Object: 0xfffffa800b918b60
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk5\DR5
Upper Device Object: 0xfffffa800bbd3790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000093\
Lower Device Object: 0xfffffa800b914b60
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk4\DR4
Upper Device Object: 0xfffffa800bbdd790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000092\
Lower Device Object: 0xfffffa800b91eb60
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk3\DR3
Upper Device Object: 0xfffffa800bbd8790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000091\
Lower Device Object: 0xfffffa800b8e9b60
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR2
Upper Device Object: 0xfffffa800bdea790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000090\
Lower Device Object: 0xfffffa800b91db60
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa800bbd1060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000008f\
Lower Device Object: 0xfffffa800b87cb60
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa800ab0c060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000074\
Lower Device Object: 0xfffffa8004b06060
Lower Device Driver Name: \Driver\iaStorA\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa800ab0c060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800ab0cb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800ab0c060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800a9a5c50, DeviceName: Unknown, DriverName: \Driver\iaStorF\
DevicePointer: 0xfffffa8004b06a60, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa8004b06060, DeviceName: \Device\00000074\, DriverName: \Driver\iaStorA\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: C5BA9D19

Partition information:

    Partition 0 type is Other (0x27)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048  Numsec = 29360128

    Partition 1 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 29362176  Numsec = 204800
    Partition is not bootable

    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 29566976  Numsec = 961441792

    Partition 3 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 991008768  Numsec = 962512896

Disk Size: 1000204886016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1953505168-1953525168)...
Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa800bbd1060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800b890b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800bbd1060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800b893c50, DeviceName: Unknown, DriverName: \Driver\iaStorF\
DevicePointer: 0xfffffa800b87cb60, DeviceName: \Device\0000008f\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 27E9BFE8

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 63  Numsec = 2930272002

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 1500301910016 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 0
Drive: 2, DevicePointer: 0xfffffa800bdea790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800b7b8b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800bdea790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800b91bc50, DeviceName: Unknown, DriverName: \Driver\iaStorF\
DevicePointer: 0xfffffa800b91db60, DeviceName: \Device\00000090\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 3, DevicePointer: 0xfffffa800bbd8790, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800b915b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800bbd8790, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800b916c50, DeviceName: Unknown, DriverName: \Driver\iaStorF\
DevicePointer: 0xfffffa800b8e9b60, DeviceName: \Device\00000091\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 4, DevicePointer: 0xfffffa800bbdd790, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800b910b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800bbdd790, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800b916860, DeviceName: Unknown, DriverName: \Driver\iaStorF\
DevicePointer: 0xfffffa800b91eb60, DeviceName: \Device\00000092\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 5, DevicePointer: 0xfffffa800bbd3790, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800b8f4b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800bbd3790, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800b913c50, DeviceName: Unknown, DriverName: \Driver\iaStorF\
DevicePointer: 0xfffffa800b914b60, DeviceName: \Device\00000093\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 6, DevicePointer: 0xfffffa800bc02790, DeviceName: \Device\Harddisk6\DR6\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800b8d4b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800bc02790, DeviceName: \Device\Harddisk6\DR6\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800b913860, DeviceName: Unknown, DriverName: \Driver\iaStorF\
DevicePointer: 0xfffffa800b918b60, DeviceName: \Device\00000094\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 7, DevicePointer: 0xfffffa800bde8790, DeviceName: \Device\Harddisk7\DR7\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800b962910, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800bde8790, DeviceName: \Device\Harddisk7\DR7\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800b95ec50, DeviceName: Unknown, DriverName: \Driver\iaStorF\
DevicePointer: 0xfffffa800b92eb60, DeviceName: \Device\0000009e\, DriverName: \Driver\USBSTOR\
------------ End ----------
Scan finished
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_1_29362176_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_1_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_1_r.mbam...
Removal finished

aharonov 12.01.2014 13:24
Ok, dann versuch jetzt bitte nochmals einen FRST-Scan. Lade dazu FRST frisch herunter:


Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


antifa 12.01.2014 14:09
Leider nicht möglich! :

Line 11538 (File "C:\User\User\Downloads\FRST64.exe)
Error Variable used without being declared
:eek:

aharonov 12.01.2014 14:24
Dann trenne bitte mal die Internetverbindung, gehe ins Verzeichnis "C:\User\User\Downloads\FRST-OlderVersion" und starte die älteste vorhandene Version von FRST (erkennbar am Erstellungsdatum).
Läuft mit dieser Version der Scan durch?
Nachdem der Scan beendet ist (oder wieder abgebrochen wurde..), kannst du die Internetverbindung wieder aktivieren.

antifa 12.01.2014 14:53
Jetzt hat es geklappt! :Boogie:

Aber leider keine Log am Desktop :confused:

gefunden!


FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-01-2014
Ran by User (administrator) on USER-PC on 12-01-2014 14:27:53
Running from C:\Users\User\Downloads\FRST-OlderVersion
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe
(Acer) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
() C:\OEM\USBDECTION\USBS3S4Detection.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\WMPSideShowGadget.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files (x86)\Enhanced Wheel Mouse\MouCon.exe
() C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Launch LCore] - C:\Program Files\Logitech Gaming Software\LCore.exe [110360 2011-09-29] (Logitech Inc.)
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM-x32\...\Run: [JMB36X IDE Setup] - C:\Windows\RaidTool\xInsIDE.exe [36864 2007-03-20] ()
HKLM-x32\...\Run: [Hotkey Utility] - C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [629280 2009-08-18] ()
HKLM-x32\...\Run: [ArcadeDeluxeAgent] - C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [128296 2009-11-16] (CyberLink Corp.)
HKLM-x32\...\Run: [AppleSyncNotifier] - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-11-02] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-05-30] (Apple Inc.)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [277504 2012-03-12] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-12] (Avira Operations GmbH & Co. KG)
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162336 2009-07-22] ()
HKU\postgres\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162336 2009-07-22] ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.at/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2413} URL =
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {41564952-412D-5637-00A7-7A786E7484D7} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ae8kv44d.default
FF NewTab: about:blank
FF SearchEngineOrder.1: Ask.com
FF Homepage: hxxp://google.at/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll No File
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll No File
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\User\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: RSS Icon In Awesombar - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ae8kv44d.default\Extensions\rssicon@jasnapaka.com.xpi
FF Extension: NoScript - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ae8kv44d.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF Extension: Adblock Plus - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ae8kv44d.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF HKLM-x32\...\Firefox\Extensions: [ext@VideoPlayerV3beta321.net] - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta321\ff
FF Extension: Video Player - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta321\ff

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [aaaaacalgebmfelllfiaoknifldpngjh] - C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7\CRX\ToolbarCR.crx
CHR HKLM-x32\...\Chrome\Extension: [lbaimmpbelciohjddmihnhmbbgjbpecj] - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta321\ch\VideoPlayerV3beta321.crx
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx

==================== Services (Whitelisted) =================

R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-12] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-19] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1011768 2013-12-12] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2013-10-23] (APN LLC.)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
S4 MWLService; C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [305448 2009-09-10] (Egis Technology Inc.)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-07-31] ()
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [2409272 2013-12-10] (TuneUp Software)
R2 USBS3S4Detection; C:\OEM\USBDECTION\USBS3S4Detection.exe [76320 2009-12-09] ()
S4 watchmi; C:\Program Files (x86)\watchmi\TvdService.exe [70144 2012-01-31] ()

==================== Drivers (Whitelisted) ====================

R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2010-11-23] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-12] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-12] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-19] (Avira Operations GmbH & Co. KG)
S3 elanmouf; C:\Windows\System32\DRIVERS\elanmouf.sys [16512 2008-06-04] (Windows (R) Codename Longhorn DDK provider)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [24344 2012-03-12] (Intel Corporation)
S3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [66328 2011-12-02] (Logitech Inc.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2010-11-23] ()
R1 SLEE_18_DRIVER; C:\Windows\Sleen1864.sys [108648 2012-07-24] (Softwareentwicklung Remus - ArchiCrypt - )
S3 TrojanKillerDriver; C:\Windows\System32\DRIVERS\gtkdrv.sys [16640 2013-11-13] (Windows (R) Win 7 DDK provider)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [11880 2012-09-19] (TuneUp Software)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-08-06] ()
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]

==================== NetSvcs (Whitelisted) ===================

NETSVCx32: eventsystem -> C:\Windows\SysWOW64\es.dll (Microsoft Corporation)
NETSVCx32: iprip -> No ServiceDLL Path.
NETSVCx32: netman -> C:\Windows\SysWOW64\netman.dll ==> No File.
NETSVCx32: wzcsvc -> No ServiceDLL Path.
NETSVCx32: ip6fwhlp -> No ServiceDLL Path.
NETSVCx32: WmdmPmSN -> No ServiceDLL Path.
NETSVCx32: Appinfo -> C:\Windows\SysWOW64\appinfo.dll ==> No File.
NETSVCx32: BDESVC -> C:\Windows\SysWOW64\bdesvc.dll ==> No File.
NETSVCx32: Browser -> C:\Windows\SysWOW64\browser.dll ==> No File.
NETSVCx32: EapHost -> C:\Windows\SysWOW64\eapsvc.dll ==> No File.
NETSVCx32: hkmsvc -> C:\Windows\SysWOW64\kmsvc.dll ==> No File.
NETSVCx32: IKEEXT -> C:\Windows\SysWOW64\ikeext.dll ==> No File.
NETSVCx32: MMCSS -> C:\Windows\SysWOW64\mmcss.dll ==> No File.
NETSVCx32: ProfSvc -> C:\Windows\SysWOW64\profsvc.dll ==> No File.
NETSVCx32: seclogon -> %windir%\SysWOW64\seclogon.dll ==> No File.
NETSVCx32: wercplsupport -> C:\Windows\SysWOW64\wercplsupport.dll ==> No File.

==================== One Month Created Files and Folders ========

2014-01-12 14:08 - 2014-01-12 14:08 - 02075136 _____ (Farbar) C:\Users\User\Downloads\FRST64(3).exe
2014-01-12 14:06 - 2014-01-12 14:06 - 02075136 _____ (Farbar) C:\Users\User\Downloads\FRST64(2).exe
2014-01-12 12:25 - 2014-01-12 12:25 - 02240512 _____ (Acer Inc.) C:\Users\User\Downloads\HWVendorDetection.exe
2014-01-12 12:25 - 2014-01-12 12:25 - 00008906 _____ C:\Users\User\AppData\Local\HWVendorDetection.log
2014-01-12 02:05 - 2014-01-12 02:31 - 00117464 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-01-12 02:05 - 2014-01-12 02:05 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-12 02:04 - 2014-01-12 02:49 - 00000000 ____D C:\Users\User\Desktop\mbar
2014-01-12 02:04 - 2014-01-12 02:30 - 00089304 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-01-12 02:03 - 2014-01-12 02:03 - 12582688 _____ (Malwarebytes Corp.) C:\Users\User\Downloads\mbar-1.07.0.1008.exe
2014-01-12 01:32 - 2014-01-12 01:32 - 02076672 _____ (Farbar) C:\Users\User\Downloads\FRST64(1).exe
2014-01-12 01:18 - 2014-01-12 14:09 - 00011230 _____ C:\Users\User\Downloads\FRST.txt
2014-01-12 01:17 - 2014-01-12 14:27 - 00000000 ____D C:\Users\User\Downloads\FRST-OlderVersion
2014-01-12 01:16 - 2014-01-12 01:16 - 00060864 _____ C:\ComboFix.txt
2014-01-12 01:07 - 2014-01-12 01:07 - 00000021 _____ C:\Users\User\Desktop\catchme.log
2014-01-12 01:06 - 2014-01-12 01:06 - 00000000 ____D C:\Device
2014-01-12 00:46 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2014-01-12 00:46 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2014-01-12 00:46 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-01-12 00:46 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-01-12 00:46 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-01-12 00:46 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2014-01-12 00:46 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2014-01-12 00:43 - 2014-01-12 01:16 - 00000000 ____D C:\Qoobox
2014-01-12 00:42 - 2014-01-12 01:13 - 00000000 ____D C:\Windows\erdnt
2014-01-12 00:41 - 2014-01-12 00:41 - 05162489 ____R (Swearware) C:\Users\User\Downloads\ComboFix.exe
2014-01-12 00:33 - 2014-01-12 00:36 - 00000000 ____D C:\AdwCleaner
2014-01-12 00:33 - 2014-01-12 00:33 - 01233962 _____ C:\Users\User\Downloads\adwcleaner.exe
2014-01-12 00:26 - 2014-01-12 00:26 - 00000000 ____D C:\Windows\system32\IO
2014-01-10 21:30 - 2014-01-10 21:30 - 00003815 _____ C:\Users\User\Desktop\Gmer.txt
2014-01-10 21:17 - 2014-01-10 21:17 - 677220051 _____ C:\Windows\MEMORY.DMP
2014-01-10 21:17 - 2014-01-10 21:17 - 00275544 _____ C:\Windows\Minidump\011014-19562-01.dmp
2014-01-10 20:59 - 2014-01-10 20:59 - 00377856 _____ C:\Users\User\Downloads\gmer_2.1.19163.exe
2014-01-10 20:51 - 2014-01-12 01:17 - 00000000 ____D C:\FRST
2014-01-10 20:50 - 2014-01-12 01:17 - 02076672 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe
2014-01-10 20:48 - 2014-01-10 20:48 - 00000000 _____ C:\Users\User\defogger_reenable
2014-01-10 20:47 - 2014-01-10 20:47 - 00050477 _____ C:\Users\User\Downloads\Defogger.exe
2014-01-10 02:52 - 2014-01-10 02:52 - 00000000 ____D C:\Program Files (x86)\VideoPlayerV3
2013-12-20 12:46 - 2013-12-20 12:46 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-16 02:13 - 2013-12-16 02:13 - 00002176 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-12-14 17:22 - 2013-05-10 06:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2013-12-14 17:22 - 2013-05-10 06:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2013-12-14 17:22 - 2013-05-10 05:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2013-12-14 17:22 - 2013-05-10 05:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2013-12-14 17:21 - 2013-11-26 12:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-14 17:21 - 2013-11-26 11:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-14 17:21 - 2013-11-26 11:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-12-14 17:21 - 2013-11-26 11:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-12-14 17:21 - 2013-11-26 10:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-12-14 17:21 - 2013-11-26 10:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-12-14 17:21 - 2013-11-26 10:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-14 17:21 - 2013-11-26 10:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-14 17:21 - 2013-11-26 10:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-12-14 17:21 - 2013-11-26 10:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-12-14 17:21 - 2013-11-26 10:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-14 17:21 - 2013-11-26 10:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-14 17:21 - 2013-11-26 10:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-12-14 17:21 - 2013-11-26 10:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-12-14 17:21 - 2013-11-26 09:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-14 17:21 - 2013-11-26 09:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-12-14 17:21 - 2013-11-26 09:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-12-14 17:21 - 2013-11-26 09:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-14 17:21 - 2013-11-26 09:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-12-14 17:21 - 2013-11-26 09:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-12-14 17:21 - 2013-11-26 09:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-12-14 17:21 - 2013-11-26 09:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-14 17:21 - 2013-11-26 08:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-14 17:21 - 2013-11-26 08:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-12-14 17:21 - 2013-11-26 08:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-12-14 17:21 - 2013-11-26 08:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-14 17:21 - 2013-11-26 07:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-14 17:21 - 2013-11-26 07:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-12-14 17:21 - 2013-11-26 07:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-12-14 17:21 - 2013-11-26 07:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-12-14 17:21 - 2013-11-26 07:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-12-14 17:17 - 2013-11-23 19:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-12-14 17:17 - 2013-11-23 18:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-12-14 17:17 - 2013-11-12 03:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-12-14 17:17 - 2013-11-12 03:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-12-14 17:17 - 2013-10-30 03:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2013-12-14 17:17 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2013-12-14 17:17 - 2013-10-30 02:24 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-14 17:17 - 2013-10-19 03:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-14 17:17 - 2013-10-19 02:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2013-12-14 17:17 - 2013-10-12 03:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-14 17:17 - 2013-10-12 03:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-14 17:17 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2013-12-14 17:17 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2013-12-14 17:17 - 2013-10-12 02:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-14 17:17 - 2013-10-12 02:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-14 17:17 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2013-12-14 17:17 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2013-12-14 17:17 - 2013-10-04 03:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-14 17:17 - 2013-10-04 02:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2013-12-14 13:09 - 2013-12-14 13:09 - 04646635 _____ C:\Users\User\Downloads\hoi3_tfh(2).zip
2013-12-14 11:08 - 2013-12-10 18:43 - 00026936 _____ (TuneUp Software) C:\Windows\system32\authuitu.dll
2013-12-14 11:08 - 2013-12-10 18:43 - 00022328 _____ (TuneUp Software) C:\Windows\SysWOW64\authuitu.dll
2013-12-14 10:50 - 2013-12-14 11:24 - 00000000 ____D C:\Program Files\GridinSoft Trojan Killer
2013-12-14 10:50 - 2013-12-14 10:50 - 00000948 _____ C:\Users\Public\Desktop\Trojan Killer.lnk
2013-12-14 10:31 - 2013-12-14 10:31 - 00001124 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2013-12-13 02:37 - 2013-12-13 02:37 - 08661537 _____ C:\Users\User\Downloads\Patch-AHOI-Mod-TFH-402c.zip
2013-12-13 01:02 - 2014-01-10 22:26 - 00000000 ____D C:\Users\User\AppData\Local\WinZip
2013-12-13 01:01 - 2013-12-13 01:01 - 00002265 _____ C:\Users\Public\Desktop\WinZip.lnk
2013-12-13 01:01 - 2013-12-13 01:01 - 00000000 ____D C:\Program Files\WinZip

==================== One Month Modified Files and Folders =======

2014-01-12 14:27 - 2014-01-12 01:17 - 00000000 ____D C:\Users\User\Downloads\FRST-OlderVersion
2014-01-12 14:23 - 2012-04-04 22:11 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-12 14:12 - 2010-03-27 18:30 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-12 14:09 - 2014-01-12 01:18 - 00011230 _____ C:\Users\User\Downloads\FRST.txt
2014-01-12 14:08 - 2014-01-12 14:08 - 02075136 _____ (Farbar) C:\Users\User\Downloads\FRST64(3).exe
2014-01-12 14:06 - 2014-01-12 14:06 - 02075136 _____ (Farbar) C:\Users\User\Downloads\FRST64(2).exe
2014-01-12 13:55 - 2013-09-25 23:02 - 00000000 ____D C:\Users\User\Documents\FIFA 14
2014-01-12 12:48 - 2013-05-21 12:06 - 00000000 ____D C:\Program Files (x86)\Origin
2014-01-12 12:36 - 2009-07-14 05:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-12 12:36 - 2009-07-14 05:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-12 12:25 - 2014-01-12 12:25 - 02240512 _____ (Acer Inc.) C:\Users\User\Downloads\HWVendorDetection.exe
2014-01-12 12:25 - 2014-01-12 12:25 - 00008906 _____ C:\Users\User\AppData\Local\HWVendorDetection.log
2014-01-12 12:15 - 2013-10-07 02:37 - 00013139 _____ C:\Windows\setupact.log
2014-01-12 12:15 - 2010-03-27 18:30 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-12 12:15 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-12 12:14 - 2010-02-10 16:44 - 01934810 _____ C:\Windows\WindowsUpdate.log
2014-01-12 11:50 - 2013-10-07 02:36 - 00114760 _____ C:\Windows\PFRO.log
2014-01-12 11:47 - 2012-12-13 09:26 - 00000000 ____D C:\Users\User\AppData\Local\Apps\2.0
2014-01-12 02:49 - 2014-01-12 02:04 - 00000000 ____D C:\Users\User\Desktop\mbar
2014-01-12 02:31 - 2014-01-12 02:05 - 00117464 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-01-12 02:30 - 2014-01-12 02:04 - 00089304 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-01-12 02:05 - 2014-01-12 02:05 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-12 02:03 - 2014-01-12 02:03 - 12582688 _____ (Malwarebytes Corp.) C:\Users\User\Downloads\mbar-1.07.0.1008.exe
2014-01-12 01:32 - 2014-01-12 01:32 - 02076672 _____ (Farbar) C:\Users\User\Downloads\FRST64(1).exe
2014-01-12 01:17 - 2014-01-10 20:51 - 00000000 ____D C:\FRST
2014-01-12 01:17 - 2014-01-10 20:50 - 02076672 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe
2014-01-12 01:16 - 2014-01-12 01:16 - 00060864 _____ C:\ComboFix.txt
2014-01-12 01:16 - 2014-01-12 00:43 - 00000000 ____D C:\Qoobox
2014-01-12 01:16 - 2009-07-14 04:20 - 00000000 __RHD C:\Users\Default
2014-01-12 01:13 - 2014-01-12 00:42 - 00000000 ____D C:\Windows\erdnt
2014-01-12 01:09 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini
2014-01-12 01:07 - 2014-01-12 01:07 - 00000021 _____ C:\Users\User\Desktop\catchme.log
2014-01-12 01:07 - 2009-07-14 03:34 - 86245376 _____ C:\Windows\system32\config\software.bak
2014-01-12 01:07 - 2009-07-14 03:34 - 24903680 _____ C:\Windows\system32\config\system.bak
2014-01-12 01:07 - 2009-07-14 03:34 - 00262144 _____ C:\Windows\system32\config\security.bak
2014-01-12 01:07 - 2009-07-14 03:34 - 00262144 _____ C:\Windows\system32\config\sam.bak
2014-01-12 01:07 - 2009-07-14 03:34 - 00262144 _____ C:\Windows\system32\config\default.bak
2014-01-12 01:06 - 2014-01-12 01:06 - 00000000 ____D C:\Device
2014-01-12 00:41 - 2014-01-12 00:41 - 05162489 ____R (Swearware) C:\Users\User\Downloads\ComboFix.exe
2014-01-12 00:36 - 2014-01-12 00:33 - 00000000 ____D C:\AdwCleaner
2014-01-12 00:33 - 2014-01-12 00:33 - 01233962 _____ C:\Users\User\Downloads\adwcleaner.exe
2014-01-12 00:26 - 2014-01-12 00:26 - 00000000 ____D C:\Windows\system32\IO
2014-01-10 22:26 - 2013-12-13 01:02 - 00000000 ____D C:\Users\User\AppData\Local\WinZip
2014-01-10 21:30 - 2014-01-10 21:30 - 00003815 _____ C:\Users\User\Desktop\Gmer.txt
2014-01-10 21:17 - 2014-01-10 21:17 - 677220051 _____ C:\Windows\MEMORY.DMP
2014-01-10 21:17 - 2014-01-10 21:17 - 00275544 _____ C:\Windows\Minidump\011014-19562-01.dmp
2014-01-10 21:17 - 2011-07-13 11:14 - 00000000 ____D C:\Windows\Minidump
2014-01-10 20:59 - 2014-01-10 20:59 - 00377856 _____ C:\Users\User\Downloads\gmer_2.1.19163.exe
2014-01-10 20:48 - 2014-01-10 20:48 - 00000000 _____ C:\Users\User\defogger_reenable
2014-01-10 20:47 - 2014-01-10 20:47 - 00050477 _____ C:\Users\User\Downloads\Defogger.exe
2014-01-10 20:20 - 2011-04-19 11:23 - 00000000 ____D C:\Program Files (x86)\Steam
2014-01-10 18:27 - 2011-09-17 06:50 - 00280792 _____ C:\Windows\SysWOW64\PnkBstrB.xtr
2014-01-10 18:27 - 2011-09-17 06:40 - 00280792 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2014-01-10 18:16 - 2011-09-17 06:40 - 00281032 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
2014-01-10 14:37 - 2013-06-16 01:29 - 00000000 ____D C:\Users\User\AppData\Local\PokerStars
2014-01-10 02:52 - 2014-01-10 02:52 - 00000000 ____D C:\Program Files (x86)\VideoPlayerV3
2014-01-09 10:32 - 2010-02-04 22:10 - 00714610 _____ C:\Windows\system32\perfh007.dat
2014-01-09 10:32 - 2010-02-04 22:10 - 00156044 _____ C:\Windows\system32\perfc007.dat
2014-01-09 10:32 - 2009-07-14 06:13 - 01662242 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-09 01:31 - 2010-03-27 18:14 - 00000000 ____D C:\Users\User\AppData\Local\Microsoft Help
2013-12-31 07:15 - 2013-11-28 20:09 - 00004096 _____ C:\Users\Public\Documents\00001726.LCS
2013-12-29 11:30 - 2013-07-05 14:50 - 00000000 ____D C:\Users\postgres
2013-12-29 11:30 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration
2013-12-29 11:30 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\AppCompat
2013-12-21 06:36 - 2012-05-25 11:25 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-20 12:46 - 2013-12-20 12:46 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-18 11:37 - 2011-02-24 15:05 - 01635586 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-12-16 02:13 - 2013-12-16 02:13 - 00002176 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-12-16 02:13 - 2009-11-18 22:56 - 00000000 ____D C:\Program Files (x86)\Google
2013-12-14 19:09 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-12-14 17:26 - 2013-10-07 02:37 - 00442232 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-14 17:22 - 2009-11-18 22:48 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-12-14 17:20 - 2013-07-24 17:19 - 00000000 ____D C:\Windows\system32\MRT
2013-12-14 17:18 - 2010-03-27 18:16 - 90708896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-12-14 13:09 - 2013-12-14 13:09 - 04646635 _____ C:\Users\User\Downloads\hoi3_tfh(2).zip
2013-12-14 11:24 - 2013-12-14 10:50 - 00000000 ____D C:\Program Files\GridinSoft Trojan Killer
2013-12-14 11:08 - 2012-12-10 07:31 - 00000000 ____D C:\Program Files (x86)\TuneUp Utilities 2013
2013-12-14 10:50 - 2013-12-14 10:50 - 00000948 _____ C:\Users\Public\Desktop\Trojan Killer.lnk
2013-12-14 10:31 - 2013-12-14 10:31 - 00001124 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2013-12-14 10:28 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2013-12-13 02:37 - 2013-12-13 02:37 - 08661537 _____ C:\Users\User\Downloads\Patch-AHOI-Mod-TFH-402c.zip
2013-12-13 01:02 - 2013-07-04 19:23 - 00000000 ____D C:\ProgramData\WinZip
2013-12-13 01:01 - 2013-12-13 01:01 - 00002265 _____ C:\Users\Public\Desktop\WinZip.lnk
2013-12-13 01:01 - 2013-12-13 01:01 - 00000000 ____D C:\Program Files\WinZip
2013-12-13 00:54 - 2011-12-15 18:26 - 00000000 ____D C:\ProgramData\eMule

ZeroAccess:
C:\Users\User\AppData\Local\{250af3ee-cb75-2e9b-3f50-c4e07a8074a8}
C:\Users\User\AppData\Local\{250af3ee-cb75-2e9b-3f50-c4e07a8074a8}\@
C:\Users\User\AppData\Local\{250af3ee-cb75-2e9b-3f50-c4e07a8074a8}\U\00000004.@

Files to move or delete:
====================
C:\ProgramData\31g7.pad
C:\ProgramData\z7_0ytr.pad
C:\ProgramData\zak_lo0i7g.pad


Some content of TEMP:
====================
C:\Users\User\AppData\Local\Temp\avgnt.exe
C:\Users\User\AppData\Local\Temp\catchme.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-09 04:46

==================== End Of Log ============================
--- --- ---

--- --- ---

aharonov 12.01.2014 15:54
Da ging was in die Binsen.. Halb so wild, kriegen wir wieder hin.
Kannst du diesen FRST-Scan bitte wiederholen und alles gleich machen, ausser dass du zusätzlich den Haken bei der Addition.txt setzt:


Starte noch einmal FRST.
  • Setze bei Optional Scan den Haken bei Addition.txt und drücke Scan.
  • Wenn der Scan abgeschlossen ist, werden zwei neue Logfiles FRST.txt und Addition.txt erstellt und auf dem Desktop gespeichert.
  • Poste den Inhalt dieser beiden Logfiles bitte hier in deinen Thread.

antifa 12.01.2014 17:18
Hat wieder nicht gefunkt! :twak:

Bin aber lernfähig "Internetverbindung trennen!" :pfeiff:


FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-01-2014
Ran by User (administrator) on USER-PC on 12-01-2014 17:11:28
Running from C:\Users\User\Downloads\FRST-OlderVersion\FRST-OlderVersion
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe
(Acer) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
() C:\OEM\USBDECTION\USBS3S4Detection.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\WMPSideShowGadget.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files (x86)\Enhanced Wheel Mouse\MouCon.exe
() C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Launch LCore] - C:\Program Files\Logitech Gaming Software\LCore.exe [110360 2011-09-29] (Logitech Inc.)
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM-x32\...\Run: [JMB36X IDE Setup] - C:\Windows\RaidTool\xInsIDE.exe [36864 2007-03-20] ()
HKLM-x32\...\Run: [Hotkey Utility] - C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [629280 2009-08-18] ()
HKLM-x32\...\Run: [ArcadeDeluxeAgent] - C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [128296 2009-11-16] (CyberLink Corp.)
HKLM-x32\...\Run: [AppleSyncNotifier] - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-11-02] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-05-30] (Apple Inc.)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [277504 2012-03-12] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-12] (Avira Operations GmbH & Co. KG)
MountPoints2: {eac33148-5d42-11e3-b9a2-90fba647330b} - F:\AutoRun.exe
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162336 2009-07-22] ()
HKU\postgres\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162336 2009-07-22] ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.at/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2413} URL =
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {41564952-412D-5637-00A7-7A786E7484D7} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ae8kv44d.default
FF NewTab: about:blank
FF SearchEngineOrder.1: Ask.com
FF Homepage: hxxp://google.at/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll No File
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll No File
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\User\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: RSS Icon In Awesombar - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ae8kv44d.default\Extensions\rssicon@jasnapaka.com.xpi
FF Extension: NoScript - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ae8kv44d.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF Extension: Adblock Plus - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ae8kv44d.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF HKLM-x32\...\Firefox\Extensions: [ext@VideoPlayerV3beta321.net] - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta321\ff
FF Extension: Video Player - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta321\ff

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [aaaaacalgebmfelllfiaoknifldpngjh] - C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7\CRX\ToolbarCR.crx
CHR HKLM-x32\...\Chrome\Extension: [lbaimmpbelciohjddmihnhmbbgjbpecj] - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta321\ch\VideoPlayerV3beta321.crx
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx

==================== Services (Whitelisted) =================

R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-12] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-19] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1011768 2013-12-12] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2013-10-23] (APN LLC.)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
S4 MWLService; C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [305448 2009-09-10] (Egis Technology Inc.)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-07-31] ()
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [2409272 2013-12-10] (TuneUp Software)
R2 USBS3S4Detection; C:\OEM\USBDECTION\USBS3S4Detection.exe [76320 2009-12-09] ()
S4 watchmi; C:\Program Files (x86)\watchmi\TvdService.exe [70144 2012-01-31] ()

==================== Drivers (Whitelisted) ====================

R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2010-11-23] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-12] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-12] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-19] (Avira Operations GmbH & Co. KG)
S3 elanmouf; C:\Windows\System32\DRIVERS\elanmouf.sys [16512 2008-06-04] (Windows (R) Codename Longhorn DDK provider)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [24344 2012-03-12] (Intel Corporation)
S3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [66328 2011-12-02] (Logitech Inc.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2010-11-23] ()
R1 SLEE_18_DRIVER; C:\Windows\Sleen1864.sys [108648 2012-07-24] (Softwareentwicklung Remus - ArchiCrypt - )
S3 TrojanKillerDriver; C:\Windows\System32\DRIVERS\gtkdrv.sys [16640 2013-11-13] (Windows (R) Win 7 DDK provider)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [11880 2012-09-19] (TuneUp Software)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-08-06] ()
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]

==================== NetSvcs (Whitelisted) ===================

NETSVCx32: eventsystem -> C:\Windows\SysWOW64\es.dll (Microsoft Corporation)
NETSVCx32: iprip -> No ServiceDLL Path.
NETSVCx32: netman -> C:\Windows\SysWOW64\netman.dll ==> No File.
NETSVCx32: wzcsvc -> No ServiceDLL Path.
NETSVCx32: ip6fwhlp -> No ServiceDLL Path.
NETSVCx32: WmdmPmSN -> No ServiceDLL Path.
NETSVCx32: Appinfo -> C:\Windows\SysWOW64\appinfo.dll ==> No File.
NETSVCx32: BDESVC -> C:\Windows\SysWOW64\bdesvc.dll ==> No File.
NETSVCx32: Browser -> C:\Windows\SysWOW64\browser.dll ==> No File.
NETSVCx32: EapHost -> C:\Windows\SysWOW64\eapsvc.dll ==> No File.
NETSVCx32: hkmsvc -> C:\Windows\SysWOW64\kmsvc.dll ==> No File.
NETSVCx32: IKEEXT -> C:\Windows\SysWOW64\ikeext.dll ==> No File.
NETSVCx32: MMCSS -> C:\Windows\SysWOW64\mmcss.dll ==> No File.
NETSVCx32: ProfSvc -> C:\Windows\SysWOW64\profsvc.dll ==> No File.
NETSVCx32: seclogon -> %windir%\SysWOW64\seclogon.dll ==> No File.
NETSVCx32: wercplsupport -> C:\Windows\SysWOW64\wercplsupport.dll ==> No File.

==================== One Month Created Files and Folders ========

2014-01-12 14:08 - 2014-01-12 14:08 - 02075136 _____ (Farbar) C:\Users\User\Downloads\FRST64(3).exe
2014-01-12 14:06 - 2014-01-12 14:06 - 02075136 _____ (Farbar) C:\Users\User\Downloads\FRST64(2).exe
2014-01-12 12:25 - 2014-01-12 12:25 - 02240512 _____ (Acer Inc.) C:\Users\User\Downloads\HWVendorDetection.exe
2014-01-12 12:25 - 2014-01-12 12:25 - 00008906 _____ C:\Users\User\AppData\Local\HWVendorDetection.log
2014-01-12 02:05 - 2014-01-12 02:31 - 00117464 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-01-12 02:05 - 2014-01-12 02:05 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-12 02:04 - 2014-01-12 02:49 - 00000000 ____D C:\Users\User\Desktop\mbar
2014-01-12 02:04 - 2014-01-12 02:30 - 00089304 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-01-12 02:03 - 2014-01-12 02:03 - 12582688 _____ (Malwarebytes Corp.) C:\Users\User\Downloads\mbar-1.07.0.1008.exe
2014-01-12 01:32 - 2014-01-12 01:32 - 02076672 _____ (Farbar) C:\Users\User\Downloads\FRST64(1).exe
2014-01-12 01:18 - 2014-01-12 14:09 - 00011230 _____ C:\Users\User\Downloads\FRST.txt
2014-01-12 01:17 - 2014-01-12 17:10 - 00000000 ____D C:\Users\User\Downloads\FRST-OlderVersion
2014-01-12 01:16 - 2014-01-12 01:16 - 00060864 _____ C:\ComboFix.txt
2014-01-12 01:07 - 2014-01-12 01:07 - 00000021 _____ C:\Users\User\Desktop\catchme.log
2014-01-12 01:06 - 2014-01-12 01:06 - 00000000 ____D C:\Device
2014-01-12 00:46 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2014-01-12 00:46 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2014-01-12 00:46 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-01-12 00:46 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-01-12 00:46 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-01-12 00:46 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2014-01-12 00:46 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2014-01-12 00:43 - 2014-01-12 01:16 - 00000000 ____D C:\Qoobox
2014-01-12 00:42 - 2014-01-12 01:13 - 00000000 ____D C:\Windows\erdnt
2014-01-12 00:41 - 2014-01-12 00:41 - 05162489 ____R (Swearware) C:\Users\User\Downloads\ComboFix.exe
2014-01-12 00:33 - 2014-01-12 00:36 - 00000000 ____D C:\AdwCleaner
2014-01-12 00:33 - 2014-01-12 00:33 - 01233962 _____ C:\Users\User\Downloads\adwcleaner.exe
2014-01-12 00:26 - 2014-01-12 00:26 - 00000000 ____D C:\Windows\system32\IO
2014-01-10 21:30 - 2014-01-10 21:30 - 00003815 _____ C:\Users\User\Desktop\Gmer.txt
2014-01-10 21:17 - 2014-01-10 21:17 - 677220051 _____ C:\Windows\MEMORY.DMP
2014-01-10 21:17 - 2014-01-10 21:17 - 00275544 _____ C:\Windows\Minidump\011014-19562-01.dmp
2014-01-10 20:59 - 2014-01-10 20:59 - 00377856 _____ C:\Users\User\Downloads\gmer_2.1.19163.exe
2014-01-10 20:51 - 2014-01-12 17:10 - 00000000 ____D C:\FRST
2014-01-10 20:50 - 2014-01-12 01:17 - 02076672 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe
2014-01-10 20:48 - 2014-01-10 20:48 - 00000000 _____ C:\Users\User\defogger_reenable
2014-01-10 20:47 - 2014-01-10 20:47 - 00050477 _____ C:\Users\User\Downloads\Defogger.exe
2014-01-10 02:52 - 2014-01-10 02:52 - 00000000 ____D C:\Program Files (x86)\VideoPlayerV3
2013-12-20 12:46 - 2013-12-20 12:46 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-16 02:13 - 2013-12-16 02:13 - 00002176 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-12-14 17:22 - 2013-05-10 06:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2013-12-14 17:22 - 2013-05-10 06:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2013-12-14 17:22 - 2013-05-10 05:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2013-12-14 17:22 - 2013-05-10 05:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2013-12-14 17:21 - 2013-11-26 12:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-14 17:21 - 2013-11-26 11:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-14 17:21 - 2013-11-26 11:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-12-14 17:21 - 2013-11-26 11:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-12-14 17:21 - 2013-11-26 10:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-12-14 17:21 - 2013-11-26 10:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-12-14 17:21 - 2013-11-26 10:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-14 17:21 - 2013-11-26 10:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-14 17:21 - 2013-11-26 10:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-12-14 17:21 - 2013-11-26 10:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-12-14 17:21 - 2013-11-26 10:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-14 17:21 - 2013-11-26 10:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-14 17:21 - 2013-11-26 10:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-12-14 17:21 - 2013-11-26 10:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-12-14 17:21 - 2013-11-26 09:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-14 17:21 - 2013-11-26 09:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-12-14 17:21 - 2013-11-26 09:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-12-14 17:21 - 2013-11-26 09:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-14 17:21 - 2013-11-26 09:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-12-14 17:21 - 2013-11-26 09:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-12-14 17:21 - 2013-11-26 09:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-12-14 17:21 - 2013-11-26 09:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-14 17:21 - 2013-11-26 08:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-14 17:21 - 2013-11-26 08:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-12-14 17:21 - 2013-11-26 08:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-12-14 17:21 - 2013-11-26 08:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-14 17:21 - 2013-11-26 07:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-14 17:21 - 2013-11-26 07:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-12-14 17:21 - 2013-11-26 07:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-12-14 17:21 - 2013-11-26 07:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-12-14 17:21 - 2013-11-26 07:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-12-14 17:17 - 2013-11-23 19:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-12-14 17:17 - 2013-11-23 18:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-12-14 17:17 - 2013-11-12 03:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-12-14 17:17 - 2013-11-12 03:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-12-14 17:17 - 2013-10-30 03:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2013-12-14 17:17 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2013-12-14 17:17 - 2013-10-30 02:24 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-14 17:17 - 2013-10-19 03:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-14 17:17 - 2013-10-19 02:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2013-12-14 17:17 - 2013-10-12 03:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-14 17:17 - 2013-10-12 03:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-14 17:17 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2013-12-14 17:17 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2013-12-14 17:17 - 2013-10-12 02:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-14 17:17 - 2013-10-12 02:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-14 17:17 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2013-12-14 17:17 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2013-12-14 17:17 - 2013-10-04 03:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-14 17:17 - 2013-10-04 02:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2013-12-14 13:09 - 2013-12-14 13:09 - 04646635 _____ C:\Users\User\Downloads\hoi3_tfh(2).zip
2013-12-14 11:08 - 2013-12-10 18:43 - 00026936 _____ (TuneUp Software) C:\Windows\system32\authuitu.dll
2013-12-14 11:08 - 2013-12-10 18:43 - 00022328 _____ (TuneUp Software) C:\Windows\SysWOW64\authuitu.dll
2013-12-14 10:50 - 2013-12-14 11:24 - 00000000 ____D C:\Program Files\GridinSoft Trojan Killer
2013-12-14 10:50 - 2013-12-14 10:50 - 00000948 _____ C:\Users\Public\Desktop\Trojan Killer.lnk
2013-12-14 10:31 - 2013-12-14 10:31 - 00001124 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2013-12-13 02:37 - 2013-12-13 02:37 - 08661537 _____ C:\Users\User\Downloads\Patch-AHOI-Mod-TFH-402c.zip
2013-12-13 01:02 - 2014-01-10 22:26 - 00000000 ____D C:\Users\User\AppData\Local\WinZip
2013-12-13 01:01 - 2013-12-13 01:01 - 00002265 _____ C:\Users\Public\Desktop\WinZip.lnk
2013-12-13 01:01 - 2013-12-13 01:01 - 00000000 ____D C:\Program Files\WinZip

==================== One Month Modified Files and Folders =======

2014-01-12 17:12 - 2010-03-27 18:30 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-12 17:11 - 2010-02-10 16:44 - 01935174 _____ C:\Windows\WindowsUpdate.log
2014-01-12 17:10 - 2014-01-12 01:17 - 00000000 ____D C:\Users\User\Downloads\FRST-OlderVersion
2014-01-12 17:10 - 2014-01-10 20:51 - 00000000 ____D C:\FRST
2014-01-12 16:23 - 2012-04-04 22:11 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-12 15:58 - 2013-09-25 23:02 - 00000000 ____D C:\Users\User\Documents\FIFA 14
2014-01-12 15:38 - 2013-05-21 12:06 - 00000000 ____D C:\Program Files (x86)\Origin
2014-01-12 14:09 - 2014-01-12 01:18 - 00011230 _____ C:\Users\User\Downloads\FRST.txt
2014-01-12 14:08 - 2014-01-12 14:08 - 02075136 _____ (Farbar) C:\Users\User\Downloads\FRST64(3).exe
2014-01-12 14:06 - 2014-01-12 14:06 - 02075136 _____ (Farbar) C:\Users\User\Downloads\FRST64(2).exe
2014-01-12 12:36 - 2009-07-14 05:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-12 12:36 - 2009-07-14 05:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-12 12:25 - 2014-01-12 12:25 - 02240512 _____ (Acer Inc.) C:\Users\User\Downloads\HWVendorDetection.exe
2014-01-12 12:25 - 2014-01-12 12:25 - 00008906 _____ C:\Users\User\AppData\Local\HWVendorDetection.log
2014-01-12 12:15 - 2013-10-07 02:37 - 00013139 _____ C:\Windows\setupact.log
2014-01-12 12:15 - 2010-03-27 18:30 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-12 12:15 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-12 11:50 - 2013-10-07 02:36 - 00114760 _____ C:\Windows\PFRO.log
2014-01-12 11:47 - 2012-12-13 09:26 - 00000000 ____D C:\Users\User\AppData\Local\Apps\2.0
2014-01-12 02:49 - 2014-01-12 02:04 - 00000000 ____D C:\Users\User\Desktop\mbar
2014-01-12 02:31 - 2014-01-12 02:05 - 00117464 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-01-12 02:30 - 2014-01-12 02:04 - 00089304 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-01-12 02:05 - 2014-01-12 02:05 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-12 02:03 - 2014-01-12 02:03 - 12582688 _____ (Malwarebytes Corp.) C:\Users\User\Downloads\mbar-1.07.0.1008.exe
2014-01-12 01:32 - 2014-01-12 01:32 - 02076672 _____ (Farbar) C:\Users\User\Downloads\FRST64(1).exe
2014-01-12 01:17 - 2014-01-10 20:50 - 02076672 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe
2014-01-12 01:16 - 2014-01-12 01:16 - 00060864 _____ C:\ComboFix.txt
2014-01-12 01:16 - 2014-01-12 00:43 - 00000000 ____D C:\Qoobox
2014-01-12 01:16 - 2009-07-14 04:20 - 00000000 __RHD C:\Users\Default
2014-01-12 01:13 - 2014-01-12 00:42 - 00000000 ____D C:\Windows\erdnt
2014-01-12 01:09 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini
2014-01-12 01:07 - 2014-01-12 01:07 - 00000021 _____ C:\Users\User\Desktop\catchme.log
2014-01-12 01:07 - 2009-07-14 03:34 - 86245376 _____ C:\Windows\system32\config\software.bak
2014-01-12 01:07 - 2009-07-14 03:34 - 24903680 _____ C:\Windows\system32\config\system.bak
2014-01-12 01:07 - 2009-07-14 03:34 - 00262144 _____ C:\Windows\system32\config\security.bak
2014-01-12 01:07 - 2009-07-14 03:34 - 00262144 _____ C:\Windows\system32\config\sam.bak
2014-01-12 01:07 - 2009-07-14 03:34 - 00262144 _____ C:\Windows\system32\config\default.bak
2014-01-12 01:06 - 2014-01-12 01:06 - 00000000 ____D C:\Device
2014-01-12 00:41 - 2014-01-12 00:41 - 05162489 ____R (Swearware) C:\Users\User\Downloads\ComboFix.exe
2014-01-12 00:36 - 2014-01-12 00:33 - 00000000 ____D C:\AdwCleaner
2014-01-12 00:33 - 2014-01-12 00:33 - 01233962 _____ C:\Users\User\Downloads\adwcleaner.exe
2014-01-12 00:26 - 2014-01-12 00:26 - 00000000 ____D C:\Windows\system32\IO
2014-01-10 22:26 - 2013-12-13 01:02 - 00000000 ____D C:\Users\User\AppData\Local\WinZip
2014-01-10 21:30 - 2014-01-10 21:30 - 00003815 _____ C:\Users\User\Desktop\Gmer.txt
2014-01-10 21:17 - 2014-01-10 21:17 - 677220051 _____ C:\Windows\MEMORY.DMP
2014-01-10 21:17 - 2014-01-10 21:17 - 00275544 _____ C:\Windows\Minidump\011014-19562-01.dmp
2014-01-10 21:17 - 2011-07-13 11:14 - 00000000 ____D C:\Windows\Minidump
2014-01-10 20:59 - 2014-01-10 20:59 - 00377856 _____ C:\Users\User\Downloads\gmer_2.1.19163.exe
2014-01-10 20:48 - 2014-01-10 20:48 - 00000000 _____ C:\Users\User\defogger_reenable
2014-01-10 20:47 - 2014-01-10 20:47 - 00050477 _____ C:\Users\User\Downloads\Defogger.exe
2014-01-10 20:20 - 2011-04-19 11:23 - 00000000 ____D C:\Program Files (x86)\Steam
2014-01-10 18:27 - 2011-09-17 06:50 - 00280792 _____ C:\Windows\SysWOW64\PnkBstrB.xtr
2014-01-10 18:27 - 2011-09-17 06:40 - 00280792 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2014-01-10 18:16 - 2011-09-17 06:40 - 00281032 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
2014-01-10 14:37 - 2013-06-16 01:29 - 00000000 ____D C:\Users\User\AppData\Local\PokerStars
2014-01-10 02:52 - 2014-01-10 02:52 - 00000000 ____D C:\Program Files (x86)\VideoPlayerV3
2014-01-09 10:32 - 2010-02-04 22:10 - 00714610 _____ C:\Windows\system32\perfh007.dat
2014-01-09 10:32 - 2010-02-04 22:10 - 00156044 _____ C:\Windows\system32\perfc007.dat
2014-01-09 10:32 - 2009-07-14 06:13 - 01662242 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-09 01:31 - 2010-03-27 18:14 - 00000000 ____D C:\Users\User\AppData\Local\Microsoft Help
2013-12-31 07:15 - 2013-11-28 20:09 - 00004096 _____ C:\Users\Public\Documents\00001726.LCS
2013-12-29 11:30 - 2013-07-05 14:50 - 00000000 ____D C:\Users\postgres
2013-12-29 11:30 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration
2013-12-29 11:30 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\AppCompat
2013-12-21 06:36 - 2012-05-25 11:25 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-20 12:46 - 2013-12-20 12:46 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-18 11:37 - 2011-02-24 15:05 - 01635586 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-12-16 02:13 - 2013-12-16 02:13 - 00002176 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-12-16 02:13 - 2009-11-18 22:56 - 00000000 ____D C:\Program Files (x86)\Google
2013-12-14 19:09 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-12-14 17:26 - 2013-10-07 02:37 - 00442232 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-14 17:22 - 2009-11-18 22:48 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-12-14 17:20 - 2013-07-24 17:19 - 00000000 ____D C:\Windows\system32\MRT
2013-12-14 17:18 - 2010-03-27 18:16 - 90708896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-12-14 13:09 - 2013-12-14 13:09 - 04646635 _____ C:\Users\User\Downloads\hoi3_tfh(2).zip
2013-12-14 11:24 - 2013-12-14 10:50 - 00000000 ____D C:\Program Files\GridinSoft Trojan Killer
2013-12-14 11:08 - 2012-12-10 07:31 - 00000000 ____D C:\Program Files (x86)\TuneUp Utilities 2013
2013-12-14 10:50 - 2013-12-14 10:50 - 00000948 _____ C:\Users\Public\Desktop\Trojan Killer.lnk
2013-12-14 10:31 - 2013-12-14 10:31 - 00001124 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2013-12-14 10:28 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2013-12-13 02:37 - 2013-12-13 02:37 - 08661537 _____ C:\Users\User\Downloads\Patch-AHOI-Mod-TFH-402c.zip
2013-12-13 01:02 - 2013-07-04 19:23 - 00000000 ____D C:\ProgramData\WinZip
2013-12-13 01:01 - 2013-12-13 01:01 - 00002265 _____ C:\Users\Public\Desktop\WinZip.lnk
2013-12-13 01:01 - 2013-12-13 01:01 - 00000000 ____D C:\Program Files\WinZip
2013-12-13 00:54 - 2011-12-15 18:26 - 00000000 ____D C:\ProgramData\eMule

ZeroAccess:
C:\Users\User\AppData\Local\{250af3ee-cb75-2e9b-3f50-c4e07a8074a8}
C:\Users\User\AppData\Local\{250af3ee-cb75-2e9b-3f50-c4e07a8074a8}\@
C:\Users\User\AppData\Local\{250af3ee-cb75-2e9b-3f50-c4e07a8074a8}\U\00000004.@

Files to move or delete:
====================
C:\ProgramData\31g7.pad
C:\ProgramData\z7_0ytr.pad
C:\ProgramData\zak_lo0i7g.pad


Some content of TEMP:
====================
C:\Users\User\AppData\Local\Temp\avgnt.exe
C:\Users\User\AppData\Local\Temp\catchme.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-09 04:46

==================== End Of Log ============================
--- --- ---

--- --- ---


Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-01-2014
Ran by User at 2014-01-12 17:12:12
Running from C:\Users\User\Downloads\FRST-OlderVersion\FRST-OlderVersion
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Disabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Disabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

 Update for Microsoft Office 2007 (KB2508958) (x32 Version:  - Microsoft)
7-Zip 9.20 (x32 Version:  - )
Acer Arcade Deluxe (x32 Version: 3.2.7116 - CyberLink Corp.)
Acer Arcade Deluxe (x32 Version: 3.2.7116 - CyberLink Corp.) Hidden
Acer Backup Manager (x32 Version: 2.0.2.19 - NewTech Infosystems)
Acer eRecovery Management (x32 Version: 4.05.3005 - Acer Incorporated)
Acer Registration (x32 Version: 1.02.3006 - Acer Incorporated)
Acer ScreenSaver (x32 Version: 1.1.0812 - Acer Incorporated)
Acer System Information (x32 Version: 1.0.0 - Acer)
Acer Updater (x32 Version: 1.01.3017 - Acer Incorporated)
Acrobat.com (x32 Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 1.5.3.9130 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.3.9130 - Adobe Systems Inc.) Hidden
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Reader X (10.1.8) - Deutsch (x32 Version: 10.1.8 - Adobe Systems Incorporated)
Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden
AMD Accelerated Video Transcoding (Version: 12.5.100.21219 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.1084.4 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (Version: 8.0.903.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.71219.1540 - Advanced Micro Devices, Inc.) Hidden
Apple Application Support (x32 Version: 2.1.9 - Apple Inc.)
Apple Mobile Device Support (Version: 5.2.0.6 - Apple Inc.)
Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)
ArcSoft Print Creations - Album Page (x32 Version:  - ArcSoft)
ArcSoft Print Creations - Photo Book (x32 Version:  - ArcSoft)
ArcSoft Print Creations (x32 Version: 3.0.255.407 - ArcSoft)
ArcSoft TotalMedia HDCam (x32 Version:  - ArcSoft)
ATI AVIVO64 Codecs (Version: 10.11.0.41019 - ATI Technologies Inc.) Hidden
Avira Free Antivirus (x32 Version: 14.0.2.286 - Avira)
Avira SearchFree Toolbar (x32 Version: 12.6.0.1900 - APN, LLC)
Backup Manager Advance (x32 Version: 2.0.2.19 - NewTech Infosystems) Hidden
Battlefield 1942™ (x32 Version: 1.6.20.0 - Electronic Arts)
Black ICE Mk VII r1046 (x32 Version: Mk VII r1046 - Panzeroo, Inc.)
Bonjour (Version: 3.0.0.10 - Apple Inc.)
Canon MP550 series MP Drivers (Version:  - )
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center (x32 Version: 2012.1219.1521.27485 - Ihr Firmenname) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2009.1019.2131.36819 - ATI Technologies, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
Compatibility Pack für 2007 Office System (x32 Version: 12.0.6612.1000 - Microsoft Corporation)
Darkest Hour: Europe '44-'45 (x32 Version:  - Darkest Hour Team)
Dota 2 (x32 Version:  - Valve)
Dungeons & Dragons Online® (x32 Version:  - )
Enhanced Wheel Mouse V 1.7.1 (x32 Version:  - )
Europa Universalis III (x32 Version:  - )
FIFA 13 (x32 Version: 1.7.0.0 - Electronic Arts)
FIFA 14 (x32 Version: 1.0.0.4 - Electronic Arts)
FormatFactory 3.0.1 (x32 Version: 3.0.1 - Free Time)
Free RAR Extract Frog (x32 Version: 2.10 - Philipp Winterberg)
FUSSBALL MANAGER 13 (x32 Version: 1.0.3.0 - Electronic Arts)
Gary Grigsby's War in the East (x32 Version: 1.04.36 - Matrix Games)
Google Earth (x32 Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
Hearts of Iron III (x32 Version:  - )
HiJackThis (x32 Version: 1.0.0 - Trend Micro)
HijackThis 2.0.2 (x32 Version: 2.0.2 - TrendMicro)
Hotkey Utility (x32 Version: 1.00.3004 - Acer Incorporated)
iCloud (Version: 1.1.0.40 - Apple Inc.)
Identity Card (x32 Version: 1.00.3002 - Acer Incorporated)
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
Intel(R) Management Engine Components (x32 Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Network Connections 17.3.63.0 (Version: 17.3.63.0 - Intel)
Intel(R) Network Connections 17.3.63.0 (Version: 17.3.63.0 - Intel) Hidden
Intel(R) Rapid Storage Technology (x32 Version: 12.0.0.1013 - Intel Corporation)
iTunes (Version: 10.6.3.25 - Apple Inc.)
Java 7 Update 17 (x32 Version: 7.0.170 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.0 - Sun Microsystems, Inc.) Hidden
JMicron JMB36X Driver (x32 Version: 1.00.0000 - JMicron Technology Corp.)
KeyRocket (HKCU Version: 1.1.0.3185 - Veodin)
Logitech Gaming Software 8.12 (Version: 8.12.030 - Logitech Inc.)
Men of War: Red Tide (Nur entfernen) (x32 Version: 1.0.0.1 - 1C Company)
MFC RunTime files (x32 Version: 1.0.0 - Extensoft) Hidden
Microsoft .NET Framework 1.1 (x32 Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (x32 Version: 3.5.30730.0 - Microsoft Corporation)
Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (x32 Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (x32 Version: 9.7.0621 - Microsoft Corporation)
MobileMe Control Panel (Version: 3.1.8.0 - Apple Inc.)
MobileWiFi (x32 Version: TOOL-ConnLaucher_WIN1.09.02.00 - Huawei Technologies Co.,Ltd)
Mozilla Firefox 26.0 (x86 de) (x32 Version: 26.0 - Mozilla)
Mozilla Maintenance Service (x32 Version: 26.0 - Mozilla)
Mp3tag v2.43 (x32 Version: v2.43 - Florian Heidenreich)
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0 - Microsoft Corporation)
My Driver Updater v3.0 (x32 Version: 3.0 - Large Software)
MyWinLocker (x32 Version: 3.1.76.0 - Egis Technology Inc.)
Nero 9 Essentials (x32 Version:  - Nero AG)
Nero ControlCenter (x32 Version: 9.0.0.1 - Nero AG) Hidden
Nero DiscSpeed (x32 Version: 5.4.7.201 - Nero AG) Hidden
Nero DiscSpeed Help (x32 Version: 5.4.4.100 - Nero AG) Hidden
Nero DriveSpeed (x32 Version: 4.4.7.201 - Nero AG) Hidden
Nero DriveSpeed Help (x32 Version: 4.4.4.100 - Nero AG) Hidden
Nero Express Help (x32 Version: 9.4.9.100 - Nero AG) Hidden
Nero InfoTool (x32 Version: 6.4.7.201 - Nero AG) Hidden
Nero InfoTool Help (x32 Version: 6.4.4.100 - Nero AG) Hidden
Nero Installer (x32 Version: 4.4.8.1 - Nero AG) Hidden
Nero Online Upgrade (x32 Version: 1.3.0.0 - Nero AG) Hidden
Nero StartSmart (x32 Version: 9.4.11.209 - Nero AG) Hidden
Nero StartSmart Help (x32 Version: 9.4.11.208 - Nero AG) Hidden
Nero StartSmart OEM (x32 Version: 9.16.0.100 - Nero AG) Hidden
NeroExpress (x32 Version: 9.4.10.505 - Nero AG) Hidden
neroxml (x32 Version: 1.0.0 - Nero AG) Hidden
NVIDIA PhysX (x32 Version: 9.10.0224 - NVIDIA Corporation)
Origin (x32 Version: 9.1.15.109 - Electronic Arts, Inc.)
Patrizier 4 (x32 Version: 1.3.0 - Kalypso Media)
PDF To Excel Converter V2.0 (x32 Version:  - hxxp://www.PDFExcelConverter.com)
PlayReady PC Runtime amd64 (Version: 1.3.0 - Microsoft Corporation)
PokerStars (x32 Version:  - PokerStars)
Presto! PVR (x32 Version: 5.40.02 - NewSoft)
ProtectDisc Driver, Version 11 (x32 Version: 11.0.0.14 - ProtectDisc Software GmbH)
PunkBuster Services (x32 Version: 0.992 - Even Balance, Inc.)
QuickTime (x32 Version: 7.72.80.56 - Apple Inc.)
Railroad Tycoon 3 (x32 Version: 1.0 - )
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (x32 Version: 6.1.8400.30136 - Realtek Semiconductor Corp.)
Red Orchestra 2: Heroes of Stalingrad (x32 Version:  - Tripwire)
Red Orchestra 2: Heroes of Stalingrad Beta (x32 Version:  - )
Red Orchestra: Ostfront 41-45 (x32 Version:  - Tripwire Interactive)
RedOrchestra SDK Beta (x32 Version:  - Tripwire Interactive)
Revo Uninstaller 1.95 (x32 Version: 1.95 - VS Revo Group)
Samsung Kies (x32 Version: 2.5.2.13021_10 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.5.2.13021_10 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.23.0 - SAMSUNG Electronics Co., Ltd.)
Scratch Live 1.9.2 (19222) (x32 Version: 1.9.2 - Serato Audio Research)
Sid Meier's Civilization V (x32 Version:  - 2K Games, Inc.)
Silent Hunter III (x32 Version:  - Ubisoft)
SimCity™ (x32 Version: 1.0.0.0 - Electronic Arts)
Steam (x32 Version: 1.0.0.0 - Valve)
Steganos Safe 14 (x32 Version: 14.1 - Steganos Software GmbH)
Stronghold Kingdoms (x32 Version:  - Firefly Studios Ltd)
Trojan Killer (x32 Version: 2.2.0.0 - Gridinsoft LLC)
TuneUp Utilities 2013 (x32 Version: 13.0.4000.179 - TuneUp Software)
TuneUp Utilities 2013 (x32 Version: 13.0.4000.179 - TuneUp Software) Hidden
TuneUp Utilities Language Pack (de-DE) (x32 Version: 13.0.4000.179 - TuneUp Software) Hidden
tvBuddy (Version: 1.1.0 - MEKmedia GmbH)
Überwachungstool für die Intel® Turbo-Boost-Technologie (Version: 1.0.115.11 - Intel)
Unity Web Player (HKCU Version:  - Unity Technologies ApS)
Update for 2007 Microsoft Office System (KB967642) (x32 Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition (x32 Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (x32 Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (x32 Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (x32 Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (x32 Version:  - Microsoft)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Video Player (x32 Version: 1.1 - Video Player)
VLC media player 1.1.10 (x32 Version: 1.1.10 - VideoLAN)
watchmi (x32 Version: 3.0.0 - Axel Springer Digital TV Guide GmbH)
Windows Live Call (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Media Player Firefox Plugin (x32 Version: 1.0.0.8 - Microsoft Corp)
WinUHA 2.0 RC1 (2005.02.27) (x32 Version:  - Klaimsoft)
WinZip 17.5 (Version: 17.5.10562 - WinZip Computing, S.L. )
Xfire (remove only) (x32 Version:  - )

==================== Restore Points  =========================

25-12-2013 23:09:29 Geplanter Prüfpunkt
29-12-2013 10:26:58 Wiederherstellungsvorgang
06-01-2014 22:39:09 Geplanter Prüfpunkt
11-01-2014 23:49:54 ComboFix created restore point
12-01-2014 01:16:52 Malwarebytes Anti-Rootkit Restore Point

==================== Hosts content: ==========================

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {037EC25A-E3DF-4BD3-8FC7-A6A4F634B48D} - System32\Tasks\{FC2E36A9-4BA1-4D36-B29A-CBEA385148FC} => E:\setup.exe [2010-07-29] ()
Task: {0511720D-368C-4C0C-B219-597505C6FDD3} - System32\Tasks\{3E937DC1-F5F9-4258-AB7C-75F03C68A065} => E:\setup.exe [2010-07-29] ()
Task: {0B759516-C788-4E8C-8C8F-23E65618ADE4} - System32\Tasks\{46327B71-3519-4F9F-ADC5-675F0592D76F} => E:\setup.exe [2010-07-29] ()
Task: {2BE8B792-8678-4181-971B-3FADEE599F74} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\TuneUp Utilities 2013\OneClick.exe [2013-12-10] (TuneUp Software)
Task: {34E6C70E-A5BD-4310-B350-6735840D591A} - System32\Tasks\{9891C0AE-A4E7-488F-8C5C-B293EB0EC2E9} => E:\setup.exe [2010-07-29] ()
Task: {3B860BBE-E828-4E6B-A525-2DE61133BA82} - System32\Tasks\{D260A612-DF67-4487-8EF0-B3C9E6142DF7} => E:\setup.exe [2010-07-29] ()
Task: {44953FBD-6561-4CAB-9718-3049EA8DAC85} - System32\Tasks\{71A2B46F-9907-4812-9E6A-8BB75C60C507} => E:\setup.exe [2010-07-29] ()
Task: {48BA27C1-8693-4D82-A652-BBD173AB1831} - System32\Tasks\{83FF96F8-59FD-428A-A328-42BCCC699916} => E:\setup.exe [2010-07-29] ()
Task: {5409807B-CADC-4084-B6BE-6311FEE19FBA} - System32\Tasks\{7BEE57FA-A916-4FED-AB17-EAE8E8731B81} => E:\setup.exe [2010-07-29] ()
Task: {5C88B78C-F4F7-438E-943A-7B1BDD2D2D48} - System32\Tasks\{0A4E5DFA-1C7C-44F9-A95B-BD12C0170181} => E:\setup.exe [2010-07-29] ()
Task: {616CE764-D890-4780-9AF4-E7268D3BF75A} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {6D1452B2-7AB9-48C6-889B-3C82AFD40FC1} - System32\Tasks\ArcSoft Connect Daemon => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2010-10-27] (ArcSoft Inc.)
Task: {6D2BAD29-79B8-4C79-9685-031BAC4D06DE} - System32\Tasks\{3ACF0099-9471-4307-A3AE-697CE99F1807} => E:\setup.exe [2010-07-29] ()
Task: {6E587766-8D03-429F-A865-EF12113416E0} - System32\Tasks\{12CC13A6-A8B4-4ED3-BCD0-A76B951447EB} => C:\Users\User\Desktop\docula_1.4.2.exe
Task: {70D12DB2-6DFC-4069-9488-764E88C7943C} - System32\Tasks\{5C3A79E7-FD88-4105-B853-1A35FD0E04F4} => E:\setup.exe [2010-07-29] ()
Task: {7C74F272-52F2-41E9-944C-6C3A95FB4BC5} - System32\Tasks\{0E1882D2-49D9-45AF-B4CD-06F456BF021D} => E:\setup.exe [2010-07-29] ()
Task: {7C855793-0093-409D-B435-CEB311628387} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04] (Adobe Systems Incorporated)
Task: {80C483AC-CD5D-4340-993C-4ADA71427006} - System32\Tasks\{7C0BB836-BAE2-41D9-95F8-50D0BFCB15F1} => E:\setup.exe [2010-07-29] ()
Task: {84787B00-9C0E-48E4-AD5E-2D3DAE595DA8} - System32\Tasks\{127BFB5E-AFC7-4DD9-AF67-FC53383EB646} => E:\setup.exe [2010-07-29] ()
Task: {8AA4CA44-8FA8-456B-B71B-1A7346904FD4} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {9251A992-8FB4-46DE-A6B0-3510FF695728} - System32\Tasks\{FEB2D5CB-C27B-476E-8B0D-74CB957E0972} => E:\setup.exe [2010-07-29] ()
Task: {941A857E-EDE3-4C2A-AFBE-F533752EF8E1} - System32\Tasks\{4D5E49AB-077C-4CD5-BDFC-904CD4D8F707} => E:\setup.exe [2010-07-29] ()
Task: {AA915C61-2492-4229-95AC-2756009DCCC6} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2012-07-03] (Sun Microsystems, Inc.)
Task: {B7C0A2BE-A9B4-453D-9231-DA226BED8789} - System32\Tasks\{152CC412-26DF-444C-8A0F-3F032C335705} => E:\setup.exe [2010-07-29] ()
Task: {BC78EC34-CD65-4E45-8A95-8B03FF5AE7FA} - System32\Tasks\{9F4B3EB1-B092-4EF1-BAB2-BC9D8FAC011F} => E:\setup.exe [2010-07-29] ()
Task: {C19126C8-4302-405F-A717-73BB1221C43C} - System32\Tasks\{1F555623-59C6-461C-BBFB-45B9CDAF949E} => C:\Program Files (x86)\Skype\Phone\Skype.exe
Task: {C25ED4B6-13AE-4D05-8DCA-BE94150EA698} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-03-27] (Google Inc.)
Task: {C8456ED2-BFFE-485B-8AF0-01E52D57BD5A} - System32\Tasks\{21AFF277-0441-41C7-9CAF-46955FF3518D} => E:\setup.exe [2010-07-29] ()
Task: {C87E8480-91C7-46B8-96DE-D828B8F95D51} - System32\Tasks\{76FA9C47-6582-4AC6-8FBF-05F639673C7B} => E:\setup.exe [2010-07-29] ()
Task: {CD7B7E49-73F0-4BAB-A252-1428277D5952} - System32\Tasks\{C197E3FA-9DBD-43D9-AB0D-846A731E8591} => E:\setup.exe [2010-07-29] ()
Task: {CE7BAF67-5AFB-4DF6-BFB3-9F5657EBE3B2} - System32\Tasks\{17F959C1-13D3-46DE-8396-69D81F9D0450} => E:\setup.exe [2010-07-29] ()
Task: {D165AEB1-8779-42E3-A36F-DEB89C7E3C78} - System32\Tasks\Egis technology-Online-Aktualisierungsprogramm => C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe [2009-08-04] (Egis Technology Inc.)
Task: {D5B0A6A2-71AB-483E-8F26-C0E1AEA4F9D4} - System32\Tasks\Recovery Management\Burn Notification => C:\Program Files\Acer\Acer eRecovery Management\NotificationCenter\Notification.exe [2009-10-01] (Acer)
Task: {E0EB90D6-6282-44E5-ACC8-A6298FD95CCC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-03-27] (Google Inc.)
Task: {E7BEF584-A19C-4D02-9337-9AFEFCBB90F9} - System32\Tasks\{5A22E025-4C32-4070-910D-2CE134510836} => E:\setup.exe [2010-07-29] ()
Task: {FF2BA9EB-62FD-4E3B-BEE8-35E25E452249} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-11] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2011-12-02 19:15 - 2011-12-02 19:15 - 00118784 _____ () C:\Program Files\Logitech Gaming Software\plugins\DevMgr-8.12.077\DevMgr.dll
2011-12-02 19:15 - 2011-12-02 19:15 - 00705536 _____ () C:\Program Files\Logitech Gaming Software\plugins\MainUI-8.12.179\MainUI.dll
2011-12-02 19:15 - 2011-12-02 19:15 - 00123904 _____ () C:\Program Files\Logitech Gaming Software\plugins\DevBusBulk-8.12.076\DevBusBulk.dll
2011-12-02 19:15 - 2011-12-02 19:15 - 00125952 _____ () C:\Program Files\Logitech Gaming Software\plugins\DevBusHid-8.12.078\DevBusHid.dll
2011-12-02 19:15 - 2011-12-02 19:15 - 00098304 _____ () C:\Program Files\Logitech Gaming Software\plugins\SimInput-8.12.068\SimInput.dll
2011-12-02 19:15 - 2011-12-02 19:15 - 00272384 _____ () C:\Program Files\Logitech Gaming Software\plugins\G13Device-8.12.155\G13Device.dll
2011-12-02 19:15 - 2011-12-02 19:15 - 00297984 _____ () C:\Program Files\Logitech Gaming Software\plugins\G19Device-8.12.147\G19Device.dll
2011-12-02 19:15 - 2011-12-02 19:15 - 00034304 _____ () C:\Program Files\Logitech Gaming Software\plugins\PnpGamePanelDevices-8.12.049\PnpGamePanelDevices.dll
2013-07-31 11:41 - 2013-07-31 11:41 - 00394824 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2011-09-27 07:23 - 2011-09-27 07:23 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-09-27 07:22 - 2011-09-27 07:22 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2009-02-03 02:33 - 2009-02-03 02:33 - 00460199 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
2008-09-29 02:55 - 2008-09-29 02:55 - 01076224 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\ACE.dll
2012-12-13 10:28 - 2007-08-24 14:59 - 00030016 _____ () C:\Program Files (x86)\Enhanced Wheel Mouse\MouFilt.dll
2012-12-13 10:28 - 2007-08-24 14:59 - 00054592 _____ () C:\Program Files (x86)\Enhanced Wheel Mouse\UsbDesc.dll
2009-08-18 08:31 - 2009-08-18 08:31 - 00163840 _____ () C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyHook.dll
2013-12-14 17:48 - 2013-12-14 17:48 - 00017920 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\PSIClient\0998b7edc9ead7e597cf9aac6a1940d7\PSIClient.ni.dll
2013-12-20 12:46 - 2013-12-20 12:46 - 03559024 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-12-11 07:23 - 2013-12-11 07:23 - 16242056 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"

==================== Faulty Device Manager Devices =============

Name: Standardtastatur (PS/2)
Description: Standardtastatur (PS/2)
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standardtastaturen)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Elan 4D Mouse Filter
Description: Elan 4D Mouse Filter
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Elan 4D Mouse Filter
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/12/2014 00:00:05 PM) (Source: Windows Backup) (User: )
Description: Die Sicherung war nicht erfolgreich. Fehler: "Fehler beim Bestimmen des Bibliothekenspeicherorts eines der in die Scherung eingeschlossenen Benutzer durch die Windows-Sicherung. (0x81000031)"

Error: (01/12/2014 11:50:03 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 23698455

Error: (01/12/2014 11:50:03 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 23698455

Error: (01/12/2014 11:50:03 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/12/2014 11:49:53 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 23688253

Error: (01/12/2014 11:49:53 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 23688253

Error: (01/12/2014 11:49:53 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/12/2014 11:49:43 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 23678253

Error: (01/12/2014 11:49:43 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 23678253

Error: (01/12/2014 11:49:43 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (01/12/2014 00:13:58 PM) (Source: volmgr) (User: )
Description: Das System konnte den Treiber für das Speicherabbild nicht laden.

Error: (01/12/2014 10:40:34 AM) (Source: volmgr) (User: )
Description: Das System konnte den Treiber für das Speicherabbild nicht laden.

Error: (01/12/2014 10:10:19 AM) (Source: volmgr) (User: )
Description: Das System konnte den Treiber für das Speicherabbild nicht laden.

Error: (01/12/2014 09:40:04 AM) (Source: volmgr) (User: )
Description: Das System konnte den Treiber für das Speicherabbild nicht laden.

Error: (01/12/2014 09:09:49 AM) (Source: volmgr) (User: )
Description: Das System konnte den Treiber für das Speicherabbild nicht laden.

Error: (01/12/2014 08:34:19 AM) (Source: volmgr) (User: )
Description: Das System konnte den Treiber für das Speicherabbild nicht laden.

Error: (01/12/2014 07:37:04 AM) (Source: volmgr) (User: )
Description: Das System konnte den Treiber für das Speicherabbild nicht laden.

Error: (01/12/2014 07:06:49 AM) (Source: volmgr) (User: )
Description: Das System konnte den Treiber für das Speicherabbild nicht laden.

Error: (01/12/2014 06:15:35 AM) (Source: volmgr) (User: )
Description: Das System konnte den Treiber für das Speicherabbild nicht laden.

Error: (01/12/2014 05:45:20 AM) (Source: volmgr) (User: )
Description: Das System konnte den Treiber für das Speicherabbild nicht laden.


Microsoft Office Sessions:
=========================
Error: (08/13/2013 06:59:29 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 134 seconds with 120 seconds of active time.  This session ended with a crash.

Error: (05/22/2013 07:00:02 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 4 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (01/13/2013 00:58:55 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 5 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (01/13/2013 00:58:41 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 6 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (01/13/2013 00:58:26 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 9 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (02/25/2012 03:15:09 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6654.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 6 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (02/25/2012 03:14:54 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6654.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 6 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (01/30/2011 04:17:30 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 2, Application Name: Microsoft Office Access, Application Version: 12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 24 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (01/30/2011 04:16:56 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 2, Application Name: Microsoft Office Access, Application Version: 12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 110 seconds with 60 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2014-01-12 01:16:48.302
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-01-12 01:16:48.146
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-01-12 01:10:26.176
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Users\User\AppData\Local\Temp\mbr.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-01-12 01:10:26.020
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Users\User\AppData\Local\Temp\mbr.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-01-12 01:07:09.774
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Users\User\AppData\Local\Temp\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-01-12 01:07:09.587
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Users\User\AppData\Local\Temp\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-01-12 01:07:09.399
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Users\User\AppData\Local\Temp\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-01-12 01:07:09.212
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Users\User\AppData\Local\Temp\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-01-12 01:06:58.963
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Users\User\AppData\Local\Temp\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-01-12 01:06:58.776
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Users\User\AppData\Local\Temp\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info ===========================

Percentage of memory in use: 44%
Total physical RAM: 4055.06 MB
Available physical RAM: 2260.94 MB
Total Pagefile: 20108.3 MB
Available Pagefile: 17475.48 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:458.45 GB) (Free:132.86 GB) NTFS
Drive d: (DATA) (Fixed) (Total:458.96 GB) (Free:426.95 GB) NTFS
Drive e: (Patrician IV) (CDROM) (Total:2.99 GB) (Free:0 GB) UDF
Drive g: (Iomega HDD) (Fixed) (Total:1397.26 GB) (Free:541.01 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: C5BA9D19)
Partition 1: (Not Active) - (Size=14 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=458 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=459 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 1397 GB) (Disk ID: 27E9BFE8)
Partition 1: (Not Active) - (Size=-698723990528) - (Type=07 NTFS)

==================== End Of Log ============================
Das scheint ein gröberes Problem zu sein! :heulen:
Oder?

Bevor ich es vergesse mein Hintergrund ist jetzt komplett schwarz und lässt sich nicht ändern!

aharonov 12.01.2014 17:44
Führe bitte eine Systemwiederherstellung aus, und zwar auf den Punkt vom 11-01-2014 23:49:54, der "ComboFix created restore point" benannt ist.

Läuft der Rechner danach wieder normal?

antifa 12.01.2014 18:01
Hi!

Wenn du mit normal den Desktophintergrund meinst dann ja!
Danke!

Der Rest ist noch unverändert.

aharonov 12.01.2014 18:09
Gut, dann jetzt nochmals ein FRST-Scan (in der bewährten funktionierenden Art und Weise ;))

antifa 12.01.2014 18:22
Deinem Wunsch entsprechend! :daumenhoc


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-01-2014
Ran by User (administrator) on USER-PC on 12-01-2014 18:21:57
Running from C:\Users\User\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Acer) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
() C:\OEM\USBDECTION\USBS3S4Detection.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\WMPSideShowGadget.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Samsung) D:\Kies\External\FirmwareUpdate\KiesPDLR.exe
(Steganos Software GmbH) C:\Program Files (x86)\Steganos Safe 14\SteganosBrowserMonitor.exe
() C:\Program Files (x86)\Enhanced Wheel Mouse\MouCon.exe
() C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
(Steganos Software GmbH) C:\Program Files (x86)\Steganos Safe 14\SteganosHotKeyService.exe
(Steganos Software GmbH) C:\Program Files (x86)\Steganos Safe 14\fredirstarter.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Launch LCore] - C:\Program Files\Logitech Gaming Software\LCore.exe [110360 2011-09-29] (Logitech Inc.)
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM-x32\...\Run: [JMB36X IDE Setup] - C:\Windows\RaidTool\xInsIDE.exe [36864 2007-03-20] ()
HKLM-x32\...\Run: [Hotkey Utility] - C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [629280 2009-08-18] ()
HKLM-x32\...\Run: [ArcadeDeluxeAgent] - C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [128296 2009-11-16] (CyberLink Corp.)
HKLM-x32\...\Run: [AppleSyncNotifier] - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-11-02] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-05-30] (Apple Inc.)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [277504 2012-03-12] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Steganos HotKeys] - C:\Program Files (x86)\Steganos Safe 14\SteganosHotKeyService.exe [103424 2013-05-16] (Steganos Software GmbH)
HKLM-x32\...\Run: [SAFE14 File Redirection Starter] - C:\Program Files (x86)\Steganos Safe 14\fredirstarter.exe [17408 2013-05-16] (Steganos Software GmbH)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-12] (Avira Operations GmbH & Co. KG)
HKCU\...\Run: [] - D:\Kies\External\FirmwareUpdate\KiesPDLR.exe [844144 2013-04-23] (Samsung)
HKCU\...\Run: [SAFE14 Browser Monitor] - C:\Program Files (x86)\Steganos Safe 14\SteganosBrowserMonitor.exe [73216 2013-05-16] (Steganos Software GmbH)
MountPoints2: E - E:\Autorun.exe
MountPoints2: F - F:\AutoRun.exe
MountPoints2: H - H:\AutoRun.exe
MountPoints2: K - K:\AutoRun.exe
MountPoints2: L - L:\AutoRun.exe
MountPoints2: {01bae5c6-5321-11df-b5a3-90fba647330b} - L:\AutoRun.exe
MountPoints2: {01bae5d1-5321-11df-b5a3-90fba647330b} - L:\AutoRun.exe
MountPoints2: {0bcb1cb0-450d-11e2-a95c-806e6f6e6963} - E:\Autorun.exe
MountPoints2: {267f2fe3-c36b-11e1-bd11-806e6f6e6963} - F:\AutoRun.exe
MountPoints2: {37c9b069-2ee5-11e3-81db-806e6f6e6963} - F:\AutoRun.exe
MountPoints2: {3cfa638b-39be-11df-8fed-90fba647330b} - L:\AutoRun.exe
MountPoints2: {401f27e4-2ee9-11e3-9c50-c43dc7bc097f} - F:\AutoRun.exe
MountPoints2: {401f2822-2ee9-11e3-9c50-90fba647330b} - F:\AutoRun.exe
MountPoints2: {4adda77b-46a0-11e2-be49-c43dc7bc097f} - F:\AutoRun.exe
MountPoints2: {6a9e531a-1b8a-11e3-b890-90fba647330b} - H:\AutoRun.exe
MountPoints2: {7b2b407e-165a-11df-8415-806e6f6e6963} - E:\Autorun.exe
MountPoints2: {808a3182-39bb-11df-8c81-90fba647330b} - L:\AutoRun.exe
MountPoints2: {82eae830-9601-11e1-ac0a-90fba647330b} - F:\AutoRun.exe
MountPoints2: {aadd18b3-a4f0-11e1-9499-90fba647330b} - F:\AutoRun.exe
MountPoints2: {c1bcea7d-5ca9-11df-968d-90fba647330b} - K:\AutoRun.exe
MountPoints2: {c1bcea8a-5ca9-11df-968d-90fba647330b} - K:\AutoRun.exe
MountPoints2: {c23580f3-a109-11e2-903b-806e6f6e6963} - F:\AutoRun.exe
MountPoints2: {d865a7c3-4291-11e2-b3b7-806e6f6e6963} - F:\AutoRun.exe
MountPoints2: {e72f9652-74f1-11e2-91c1-806e6f6e6963} - H:\AutoRun.exe
MountPoints2: {eac33148-5d42-11e3-b9a2-90fba647330b} - F:\AutoRun.exe
MountPoints2: {f0ad4680-b384-11e1-b60c-90fba647330b} - F:\AutoRun.exe
MountPoints2: {f9e56348-6a06-11e2-825b-c43dc7bc097f} - F:\AutoRun.exe
MountPoints2: {f9e5634f-6a06-11e2-825b-c43dc7bc097f} - F:\AutoRun.exe
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162336 2009-07-22] ()
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162336 2009-07-22] ()
HKU\postgres\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162336 2009-07-22] ()
AppInit_DLLs:    [ ] ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.at/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0c07&m=aspire_m5811&r=17360310m905pe426v185w4491u28o
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2413} URL =
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {41564952-412D-5637-00A7-7A786E7484D7} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ae8kv44d.default
FF NewTab: about:blank
FF SearchEngineOrder.1: Ask.com
FF Homepage: hxxp://google.at/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll No File
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll No File
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\User\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: RSS Icon In Awesombar - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ae8kv44d.default\Extensions\rssicon@jasnapaka.com.xpi
FF Extension: NoScript - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ae8kv44d.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF Extension: Adblock Plus - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ae8kv44d.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF HKLM-x32\...\Firefox\Extensions: [ext@VideoPlayerV3beta321.net] - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta321\ff
FF Extension: Video Player - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta321\ff

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [aaaaacalgebmfelllfiaoknifldpngjh] - C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7\CRX\ToolbarCR.crx
CHR HKLM-x32\...\Chrome\Extension: [lbaimmpbelciohjddmihnhmbbgjbpecj] - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta321\ch\VideoPlayerV3beta321.crx
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx

==================== Services (Whitelisted) =================

R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-12] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-19] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1011768 2013-12-12] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2013-10-23] (APN LLC.)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
S4 MWLService; C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [305448 2009-09-10] (Egis Technology Inc.)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-07-31] ()
S2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [2409272 2013-12-10] (TuneUp Software)
R2 USBS3S4Detection; C:\OEM\USBDECTION\USBS3S4Detection.exe [76320 2009-12-09] ()
S4 watchmi; C:\Program Files (x86)\watchmi\TvdService.exe [70144 2012-01-31] ()

==================== Drivers (Whitelisted) ====================

R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2010-11-23] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-12] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-12] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-19] (Avira Operations GmbH & Co. KG)
S3 elanmouf; C:\Windows\System32\DRIVERS\elanmouf.sys [16512 2008-06-04] (Windows (R) Codename Longhorn DDK provider)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [24344 2012-03-12] (Intel Corporation)
S3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [66328 2011-12-02] (Logitech Inc.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2010-11-23] ()
R1 SLEE_18_DRIVER; C:\Windows\Sleen1864.sys [108648 2012-07-24] (Softwareentwicklung Remus - ArchiCrypt - )
S3 TrojanKillerDriver; C:\Windows\System32\DRIVERS\gtkdrv.sys [16640 2013-11-13] (Windows (R) Win 7 DDK provider)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [11880 2012-09-19] (TuneUp Software)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-08-06] ()
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-12 12:25 - 2014-01-12 12:25 - 00008906 _____ C:\Users\User\AppData\Local\HWVendorDetection.log
2014-01-12 02:05 - 2014-01-12 02:05 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-12 02:04 - 2014-01-12 17:58 - 00000000 ____D C:\Users\User\Desktop\mbar
2014-01-12 02:03 - 2014-01-12 02:03 - 12582688 _____ (Malwarebytes Corp.) C:\Users\User\Downloads\mbar-1.07.0.1008.exe
2014-01-12 01:18 - 2014-01-12 18:21 - 00015782 _____ C:\Users\User\Downloads\FRST.txt
2014-01-12 01:17 - 2014-01-12 17:58 - 00000000 ____D C:\Users\User\Downloads\FRST-OlderVersion
2014-01-12 01:16 - 2014-01-12 01:16 - 00060864 _____ C:\ComboFix.txt
2014-01-12 01:07 - 2014-01-12 01:07 - 00000021 _____ C:\Users\User\Desktop\catchme.log
2014-01-12 01:06 - 2014-01-12 01:06 - 00000000 ____D C:\Device
2014-01-12 00:46 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2014-01-12 00:46 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2014-01-12 00:46 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-01-12 00:46 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-01-12 00:46 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-01-12 00:46 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2014-01-12 00:46 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2014-01-12 00:44 - 2014-01-12 17:58 - 00000000 ___SD C:\ComboFix
2014-01-12 00:43 - 2014-01-12 01:16 - 00000000 ____D C:\Qoobox
2014-01-12 00:42 - 2014-01-12 17:58 - 00000000 ___SD C:\32788R22FWJFW
2014-01-12 00:42 - 2014-01-12 17:58 - 00000000 ____D C:\Windows\erdnt
2014-01-12 00:41 - 2014-01-12 00:41 - 05162489 ____R (Swearware) C:\Users\User\Downloads\ComboFix.exe
2014-01-12 00:33 - 2014-01-12 00:36 - 00000000 ____D C:\AdwCleaner
2014-01-12 00:33 - 2014-01-12 00:33 - 01233962 _____ C:\Users\User\Downloads\adwcleaner.exe
2014-01-12 00:26 - 2014-01-12 00:26 - 00000000 ____D C:\Windows\system32\IO
2014-01-10 21:30 - 2014-01-10 21:30 - 00003815 _____ C:\Users\User\Desktop\Gmer.txt
2014-01-10 21:17 - 2014-01-10 21:17 - 677220051 _____ C:\Windows\MEMORY.DMP
2014-01-10 21:17 - 2014-01-10 21:17 - 00275544 _____ C:\Windows\Minidump\011014-19562-01.dmp
2014-01-10 20:59 - 2014-01-10 20:59 - 00377856 _____ C:\Users\User\Downloads\gmer_2.1.19163.exe
2014-01-10 20:51 - 2014-01-10 20:51 - 00000000 ____D C:\FRST
2014-01-10 20:50 - 2014-01-10 20:51 - 01932166 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe
2014-01-10 20:48 - 2014-01-10 20:48 - 00000000 _____ C:\Users\User\defogger_reenable
2014-01-10 20:47 - 2014-01-10 20:47 - 00050477 _____ C:\Users\User\Downloads\Defogger.exe
2014-01-10 02:52 - 2014-01-10 02:52 - 00000000 ____D C:\Program Files (x86)\VideoPlayerV3
2013-12-20 12:46 - 2014-01-12 17:58 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-16 02:13 - 2013-12-16 02:13 - 00002176 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-12-14 17:22 - 2013-05-10 06:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2013-12-14 17:22 - 2013-05-10 06:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2013-12-14 17:22 - 2013-05-10 05:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2013-12-14 17:22 - 2013-05-10 05:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2013-12-14 17:21 - 2013-11-26 12:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-14 17:21 - 2013-11-26 11:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-14 17:21 - 2013-11-26 11:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-12-14 17:21 - 2013-11-26 11:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-12-14 17:21 - 2013-11-26 10:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-12-14 17:21 - 2013-11-26 10:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-12-14 17:21 - 2013-11-26 10:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-14 17:21 - 2013-11-26 10:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-14 17:21 - 2013-11-26 10:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-12-14 17:21 - 2013-11-26 10:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-12-14 17:21 - 2013-11-26 10:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-14 17:21 - 2013-11-26 10:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-14 17:21 - 2013-11-26 10:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-12-14 17:21 - 2013-11-26 10:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-12-14 17:21 - 2013-11-26 09:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-14 17:21 - 2013-11-26 09:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-12-14 17:21 - 2013-11-26 09:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-12-14 17:21 - 2013-11-26 09:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-14 17:21 - 2013-11-26 09:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-12-14 17:21 - 2013-11-26 09:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-12-14 17:21 - 2013-11-26 09:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-12-14 17:21 - 2013-11-26 09:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-14 17:21 - 2013-11-26 08:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-14 17:21 - 2013-11-26 08:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-12-14 17:21 - 2013-11-26 08:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-12-14 17:21 - 2013-11-26 08:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-14 17:21 - 2013-11-26 07:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-14 17:21 - 2013-11-26 07:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-12-14 17:21 - 2013-11-26 07:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-12-14 17:21 - 2013-11-26 07:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-12-14 17:21 - 2013-11-26 07:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-12-14 17:17 - 2013-11-23 19:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-12-14 17:17 - 2013-11-23 18:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-12-14 17:17 - 2013-11-12 03:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-12-14 17:17 - 2013-11-12 03:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-12-14 17:17 - 2013-10-30 03:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2013-12-14 17:17 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2013-12-14 17:17 - 2013-10-30 02:24 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-14 17:17 - 2013-10-19 03:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-14 17:17 - 2013-10-19 02:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2013-12-14 17:17 - 2013-10-12 03:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-14 17:17 - 2013-10-12 03:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-14 17:17 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2013-12-14 17:17 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2013-12-14 17:17 - 2013-10-12 02:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-14 17:17 - 2013-10-12 02:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-14 17:17 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2013-12-14 17:17 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2013-12-14 17:17 - 2013-10-04 03:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-14 17:17 - 2013-10-04 02:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2013-12-14 13:09 - 2013-12-14 13:09 - 04646635 _____ C:\Users\User\Downloads\hoi3_tfh(2).zip
2013-12-14 11:08 - 2013-12-10 18:43 - 00026936 _____ (TuneUp Software) C:\Windows\system32\authuitu.dll
2013-12-14 11:08 - 2013-12-10 18:43 - 00022328 _____ (TuneUp Software) C:\Windows\SysWOW64\authuitu.dll
2013-12-14 10:50 - 2013-12-14 11:24 - 00000000 ____D C:\Program Files\GridinSoft Trojan Killer
2013-12-14 10:50 - 2013-12-14 10:50 - 00000948 _____ C:\Users\Public\Desktop\Trojan Killer.lnk
2013-12-14 10:31 - 2013-12-14 10:31 - 00001124 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2013-12-13 02:37 - 2013-12-13 02:37 - 08661537 _____ C:\Users\User\Downloads\Patch-AHOI-Mod-TFH-402c.zip
2013-12-13 01:02 - 2014-01-10 22:26 - 00000000 ____D C:\Users\User\AppData\Local\WinZip
2013-12-13 01:01 - 2013-12-13 01:01 - 00002265 _____ C:\Users\Public\Desktop\WinZip.lnk
2013-12-13 01:01 - 2013-12-13 01:01 - 00000000 ____D C:\Program Files\WinZip

==================== One Month Modified Files and Folders =======

2014-01-12 18:22 - 2014-01-12 01:18 - 00015782 _____ C:\Users\User\Downloads\FRST.txt
2014-01-12 18:12 - 2010-03-27 18:30 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-12 18:08 - 2009-07-14 05:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-12 18:08 - 2009-07-14 05:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-12 18:02 - 2010-02-10 16:44 - 01925619 _____ C:\Windows\WindowsUpdate.log
2014-01-12 18:00 - 2010-03-27 18:30 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-12 17:59 - 2013-10-07 02:37 - 00012971 _____ C:\Windows\setupact.log
2014-01-12 17:59 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-12 17:58 - 2014-01-12 02:04 - 00000000 ____D C:\Users\User\Desktop\mbar
2014-01-12 17:58 - 2014-01-12 01:17 - 00000000 ____D C:\Users\User\Downloads\FRST-OlderVersion
2014-01-12 17:58 - 2014-01-12 00:44 - 00000000 ___SD C:\ComboFix
2014-01-12 17:58 - 2014-01-12 00:42 - 00000000 ___SD C:\32788R22FWJFW
2014-01-12 17:58 - 2014-01-12 00:42 - 00000000 ____D C:\Windows\erdnt
2014-01-12 17:58 - 2013-12-20 12:46 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2014-01-12 17:58 - 2013-09-25 23:02 - 00000000 ____D C:\Users\User\Documents\FIFA 14
2014-01-12 17:58 - 2013-07-05 14:50 - 00000000 ____D C:\Users\postgres
2014-01-12 17:58 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files\Windows Defender
2014-01-12 17:58 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration
2014-01-12 17:58 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\AppCompat
2014-01-12 12:25 - 2014-01-12 12:25 - 00008906 _____ C:\Users\User\AppData\Local\HWVendorDetection.log
2014-01-12 02:05 - 2014-01-12 02:05 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-12 02:03 - 2014-01-12 02:03 - 12582688 _____ (Malwarebytes Corp.) C:\Users\User\Downloads\mbar-1.07.0.1008.exe
2014-01-12 01:16 - 2014-01-12 01:16 - 00060864 _____ C:\ComboFix.txt
2014-01-12 01:16 - 2014-01-12 00:43 - 00000000 ____D C:\Qoobox
2014-01-12 01:07 - 2014-01-12 01:07 - 00000021 _____ C:\Users\User\Desktop\catchme.log
2014-01-12 01:07 - 2009-07-14 03:34 - 86245376 _____ C:\Windows\system32\config\software.bak
2014-01-12 01:07 - 2009-07-14 03:34 - 24903680 _____ C:\Windows\system32\config\system.bak
2014-01-12 01:07 - 2009-07-14 03:34 - 00262144 _____ C:\Windows\system32\config\security.bak
2014-01-12 01:07 - 2009-07-14 03:34 - 00262144 _____ C:\Windows\system32\config\sam.bak
2014-01-12 01:07 - 2009-07-14 03:34 - 00262144 _____ C:\Windows\system32\config\default.bak
2014-01-12 01:06 - 2014-01-12 01:06 - 00000000 ____D C:\Device
2014-01-12 00:41 - 2014-01-12 00:41 - 05162489 ____R (Swearware) C:\Users\User\Downloads\ComboFix.exe
2014-01-12 00:36 - 2014-01-12 00:33 - 00000000 ____D C:\AdwCleaner
2014-01-12 00:33 - 2014-01-12 00:33 - 01233962 _____ C:\Users\User\Downloads\adwcleaner.exe
2014-01-12 00:26 - 2014-01-12 00:26 - 00000000 ____D C:\Windows\system32\IO
2014-01-12 00:23 - 2012-04-04 22:11 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-10 22:26 - 2013-12-13 01:02 - 00000000 ____D C:\Users\User\AppData\Local\WinZip
2014-01-10 21:30 - 2014-01-10 21:30 - 00003815 _____ C:\Users\User\Desktop\Gmer.txt
2014-01-10 21:17 - 2014-01-10 21:17 - 677220051 _____ C:\Windows\MEMORY.DMP
2014-01-10 21:17 - 2014-01-10 21:17 - 00275544 _____ C:\Windows\Minidump\011014-19562-01.dmp
2014-01-10 21:17 - 2011-07-13 11:14 - 00000000 ____D C:\Windows\Minidump
2014-01-10 20:59 - 2014-01-10 20:59 - 00377856 _____ C:\Users\User\Downloads\gmer_2.1.19163.exe
2014-01-10 20:51 - 2014-01-10 20:51 - 00000000 ____D C:\FRST
2014-01-10 20:51 - 2014-01-10 20:50 - 01932166 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe
2014-01-10 20:48 - 2014-01-10 20:48 - 00000000 _____ C:\Users\User\defogger_reenable
2014-01-10 20:47 - 2014-01-10 20:47 - 00050477 _____ C:\Users\User\Downloads\Defogger.exe
2014-01-10 20:20 - 2011-04-19 11:23 - 00000000 ____D C:\Program Files (x86)\Steam
2014-01-10 18:27 - 2011-09-17 06:50 - 00280792 _____ C:\Windows\SysWOW64\PnkBstrB.xtr
2014-01-10 18:27 - 2011-09-17 06:40 - 00280792 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2014-01-10 18:16 - 2011-09-17 06:40 - 00281032 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
2014-01-10 16:51 - 2013-05-21 12:06 - 00000000 ____D C:\Program Files (x86)\Origin
2014-01-10 14:37 - 2013-06-16 01:29 - 00000000 ____D C:\Users\User\AppData\Local\PokerStars
2014-01-10 02:52 - 2014-01-10 02:52 - 00000000 ____D C:\Program Files (x86)\VideoPlayerV3
2014-01-09 10:32 - 2010-02-04 22:10 - 00714610 _____ C:\Windows\system32\perfh007.dat
2014-01-09 10:32 - 2010-02-04 22:10 - 00156044 _____ C:\Windows\system32\perfc007.dat
2014-01-09 10:32 - 2009-07-14 06:13 - 01662242 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-09 10:26 - 2013-10-07 02:36 - 00108916 _____ C:\Windows\PFRO.log
2014-01-09 01:31 - 2010-03-27 18:14 - 00000000 ____D C:\Users\User\AppData\Local\Microsoft Help
2013-12-31 07:15 - 2013-11-28 20:09 - 00004096 _____ C:\Users\Public\Documents\00001726.LCS
2013-12-21 06:36 - 2012-05-25 11:25 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-18 11:37 - 2011-02-24 15:05 - 01635586 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-12-16 02:13 - 2013-12-16 02:13 - 00002176 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-12-16 02:13 - 2009-11-18 22:56 - 00000000 ____D C:\Program Files (x86)\Google
2013-12-14 19:09 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-12-14 17:26 - 2013-10-07 02:37 - 00442232 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-14 17:22 - 2009-11-18 22:48 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-12-14 17:20 - 2013-07-24 17:19 - 00000000 ____D C:\Windows\system32\MRT
2013-12-14 17:18 - 2010-03-27 18:16 - 90708896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-12-14 13:09 - 2013-12-14 13:09 - 04646635 _____ C:\Users\User\Downloads\hoi3_tfh(2).zip
2013-12-14 11:24 - 2013-12-14 10:50 - 00000000 ____D C:\Program Files\GridinSoft Trojan Killer
2013-12-14 11:08 - 2012-12-10 07:31 - 00000000 ____D C:\Program Files (x86)\TuneUp Utilities 2013
2013-12-14 10:50 - 2013-12-14 10:50 - 00000948 _____ C:\Users\Public\Desktop\Trojan Killer.lnk
2013-12-14 10:31 - 2013-12-14 10:31 - 00001124 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2013-12-14 10:28 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2013-12-13 02:37 - 2013-12-13 02:37 - 08661537 _____ C:\Users\User\Downloads\Patch-AHOI-Mod-TFH-402c.zip
2013-12-13 01:02 - 2013-07-04 19:23 - 00000000 ____D C:\ProgramData\WinZip
2013-12-13 01:01 - 2013-12-13 01:01 - 00002265 _____ C:\Users\Public\Desktop\WinZip.lnk
2013-12-13 01:01 - 2013-12-13 01:01 - 00000000 ____D C:\Program Files\WinZip
2013-12-13 00:54 - 2011-12-15 18:26 - 00000000 ____D C:\ProgramData\eMule

ZeroAccess:
C:\Users\User\AppData\Local\{250af3ee-cb75-2e9b-3f50-c4e07a8074a8}
C:\Users\User\AppData\Local\{250af3ee-cb75-2e9b-3f50-c4e07a8074a8}\@
C:\Users\User\AppData\Local\{250af3ee-cb75-2e9b-3f50-c4e07a8074a8}\U\00000004.@

Files to move or delete:
====================
C:\ProgramData\31g7.pad
C:\ProgramData\z7_0ytr.pad
C:\ProgramData\zak_lo0i7g.pad


Some content of TEMP:
====================
C:\Users\User\AppData\Local\Temp\avgnt.exe
C:\Users\User\AppData\Local\Temp\Quarantine.exe
C:\Users\User\AppData\Local\Temp\Setup1.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-09 04:46

==================== End Of Log ============================
--- --- ---


Alle Zeitangaben in WEZ +1. Es ist jetzt 19:18 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131