TR/ATRAPS.Gen - TR/ATRAPS.Gen2 - W32/Patched.UA - BDS/ZeroAccess.Gen

Studioliner · 12.09.2013, 19:32

Hallo als neues Forummitglied

)

ich bin nach dem Anstecken einer Externen Festplatte an meinem Laptop
Win7 HomePremium 64bit mit nem paket von Trojanern überfahren.

Der Suchlauf über Avira dauert noch an.

Ich füge im Anhang ein SnippingTool Ausschnitt bei, für die Erste Übersicht

werde dann noch anschliessent die log.txt mit hinzugeben

Danke Studioliner

schrauber · 12.09.2013, 19:42

hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Studioliner · 12.09.2013, 20:19

FRST.TXT

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-09-2013 02
Ran by xxx (administrator) on xxx-PC on 12-09-2013 20:50:38
Running from C:\Users\xxx\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) =================

() C:\Windows\system32\services.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(hxxp://simple-files.com/) C:\Program Files (x86)\SimpleFiles\SFUpdater.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Facebook Inc.) C:\Users\xxx\AppData\Local\Facebook\Update\FacebookUpdate.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
() C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
(CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
(Mozilla Corporation) C:\Program Files\Nightly\firefox.exe
(Mozilla Corporation) C:\Program Files\Nightly\plugin-container.exe
(Opera Software) C:\Program Files (x86)\Opera\opera.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
(Avira Operations GmbH & Co. KG) c:\program files (x86)\avira\antivir desktop\avscan.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IntelTBRunOnce] - C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs [4526 2010-11-29] ()
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2280232 2010-07-29] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12673128 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277480 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [OOTag] - C:\Program Files (x86)\Acer\OOBEOffer\ootag.exe [13856 2010-02-23] (Microsoft)
HKLM\...\Policies\Explorer\Run: [Windows-Network Component] - C:\Program Files\Common Files\lsmass.exe No File
HKLM\...\Policies\Explorer\Run: [microsoft] - C:\Users\Administrator\AppData\Roaming\services.exe No File
HKLM\...\Policies\Explorer\Run: [50437] - C:\PROGRA~3\LOCALS~1\Temp\mskwity.com No File
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKCU\...\Run: [icq] - C:\Users\xxx\AppData\Roaming\ICQM\icq.exe [26596344 2012-12-25] (ICQ)
HKCU\...\Run: [GoogleChromeAutoLaunch_9F44D60518B746A57FDC14E6B604CD24] - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [829392 2013-09-02] (Google Inc.)
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19875432 2013-06-21] (Skype Technologies S.A.)
HKCU\...\Run: [Facebook Update] - C:\Users\xxx\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-07-07] (Facebook Inc.)
HKCU\...\Run: [Okgih] - C:\Users\xxx\AppData\Roaming\Hipo\muovi.exe [299520 2013-01-19] (CoreSoft Tech.)
HKLM-x32\...\Run: [OOTag] - C:\Program Files (x86)\Acer\OOBEOffer\OOTag.exe [13856 2010-02-23] (Microsoft)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-02-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [1103440 2011-07-01] (Dritek System Inc.)
HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] - C:\Dolby PCEE4\pcee4.exe [506712 2011-06-01] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [ArcadeMovieService] - C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe [177448 2011-08-26] (CyberLink Corp.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [TkBellExe] - C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [295512 2013-06-04] (RealNetworks, Inc.)
HKLM-x32\...\Run: [WinampAgent] - C:\Program Files (x86)\Winamp\winampa.exe [74752 2011-12-09] (Nullsoft, Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-08-16] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-12] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [ApnTBMon] - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1558480 2013-07-26] (APN)
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe /default
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe /default

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.certified-toolbar.com?si=41460&tid=2938&st=bs&q=
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=14A3EC55F9707079&affID=123644&tt=150713_new&tsp=4944
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.certified-toolbar.com?si=41460&tid=2938&st=bs&q=
HKCU\Software\Microsoft\Internet Explorer\Main,Start Default_Page_URL = hxxp://search.certified-toolbar.com?si=41460&st=home&tid=2938
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.certified-toolbar.com?si=41460&tid=2938&st=bs&q=
HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://isearch.babylon.com/?babsrc=HP_ss_Btisdt4&mntrId=14A3EC55F9707079&affID=123644&tt=150713_new&tsp=4944
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.certified-toolbar.com?si=41460&tid=2938&st=bs&q=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.yahoo.com/?fr=mkg029
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.certified-toolbar.com?si=41460&st=home&tid=2938
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.certified-toolbar.com?si=41460&tid=2938&st=bs&q=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Default_Page_URL = hxxp://search.certified-toolbar.com?si=41460&st=home&tid=2938
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.certified-toolbar.com?si=41460&tid=2938&st=bs&q=
URLSearchHook: (No Name) - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} -  No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM-x32 - DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://search.certified-toolbar.com?si=41460&st=bs&tid=2938&q={searchTerms}
SearchScopes: HKLM-x32 - {40439b93-f815-4122-8073-d03bed94c303} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&query={searchTerms}&invocationType=tb50-ie-shoutcast-chromesbox-en-us
SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.sweetim.com/search.asp?src=6&st=2&q={searchTerms}&barid={A23B5A9F-4512-11E1-8555-1C7508FA594F}
SearchScopes: HKLM-x32 - {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://search.certified-toolbar.com?si=41460&st=bs&tid=2938&q={searchTerms}
SearchScopes: HKCU - DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://search.babylon.com/?q={searchTerms}&affID=121845&tt=gc_&babsrc=SP_ss_gin2g&mntrId=14A3EC55F9707079
SearchScopes: HKCU - bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKCU - A734DC6608AF408EAFEB743A8C0FFF55 URL = hxxp://search.babylon.com/?q={searchTerms}&affID=121845&tt=gc_&babsrc=SP_ss_gin2g&mntrId=14A3EC55F9707079
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://search.babylon.com/?q={searchTerms}&affID=121845&tt=gc_&babsrc=SP_ss_gin2g&mntrId=14A3EC55F9707079
SearchScopes: HKCU - {40439b93-f815-4122-8073-d03bed94c303} URL = 
SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = 
SearchScopes: HKCU - {6522B3BD-FA8B-4923-9E1C-DBCA5BBCEC6E} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b2ie7
SearchScopes: HKCU - {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
SearchScopes: HKCU - {72887370-E3FF-4DE0-BACE-693059A6946B} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2625848
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.sweetim.com/search.asp?src=6&st=2&q={searchTerms}&barid={A23B5A9F-4512-11E1-8555-1C7508FA594F}
SearchScopes: HKCU - {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://search.certified-toolbar.com?si=41460&st=bs&tid=2938&q={searchTerms}
SearchScopes: HKCU - {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/search?q={searchTerms}&utf8in=1&fr=ietb
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} -  No File
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: No Name - {2EECD738-5844-4a99-B4B6-146BF802613B} -  No File
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: Conduit Engine  - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll (Conduit Ltd.)
BHO-x32: Avira SearchFree Toolbar plus Web Protection - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
BHO-x32: IEExtension.VDownloaderBHO - {7b523e7c-f096-4e36-a0cb-7efeb5c675c1} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: IMinent WebBooster (BHO) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files (x86)\Iminent\Iminent.WebBooster.InternetExplorer.dll (Iminent)
BHO-x32: Wajam - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll (Wajam)
BHO-x32: delta Helper Object - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.21.5\bh\delta.dll (Delta-search.com)
BHO-x32: smartdownloader Class - {F1AF26F8-1828-4279-ABCE-074EF3235BD7} - C:\Program Files (x86)\PutLockerDownloader\smarterdownloader.dll (TODO: <Company name>)
Toolbar: HKLM-x32 - Conduit Engine  - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll (Conduit Ltd.)
Toolbar: HKLM-x32 -  No Name - {98889811-442D-49dd-99D7-DC866BE87DBC} -  No File
Toolbar: HKLM-x32 - Delta Toolbar - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.21.5\deltaTlbr.dll (Delta-search.com)
Toolbar: HKLM-x32 - Avira SearchFree Toolbar plus Web Protection - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
Toolbar: HKCU -  No Name - {30F9B915-B755-4826-820B-08FBA6BD249D} -  No File
Toolbar: HKCU -  No Name - {0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog9 09 mswsock.dll File Not found ()
Winsock: Catalog9 10 mswsock.dll File Not found ()
Winsock: Catalog9 11 mswsock.dll File Not found ()
Winsock: Catalog9 12 mswsock.dll File Not found ()
Winsock: Catalog9 13 mswsock.dll File Not found ()
Winsock: Catalog9 14 mswsock.dll File Not found ()
Winsock: Catalog9 15 mswsock.dll File Not found ()
Winsock: Catalog9 16 mswsock.dll File Not found ()
Winsock: Catalog9 17 mswsock.dll File Not found ()
Winsock: Catalog9 18 mswsock.dll File Not found ()
Winsock: Catalog5-x64 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog9-x64 09 mswsock.dll File Not found ()
Winsock: Catalog9-x64 10 mswsock.dll File Not found ()
Winsock: Catalog9-x64 11 mswsock.dll File Not found ()
Winsock: Catalog9-x64 12 mswsock.dll File Not found ()
Winsock: Catalog9-x64 13 mswsock.dll File Not found ()
Winsock: Catalog9-x64 14 mswsock.dll File Not found ()
Winsock: Catalog9-x64 15 mswsock.dll File Not found ()
Winsock: Catalog9-x64 16 mswsock.dll File Not found ()
Winsock: Catalog9-x64 17 mswsock.dll File Not found ()
Winsock: Catalog9-x64 18 mswsock.dll File Not found ()
Tcpip\Parameters: [DhcpNameServer] 62.134.40.59 62.134.40.58

FireFox:
========
FF ProfilePath: C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\2rvqyuzi.default
FF user.js: detected! => C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\2rvqyuzi.default\user.js
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.2.32 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.2.32 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @zylom.com/ZylomGamesPlayer - C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\xxx\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\xxx\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\2rvqyuzi.default\searchplugins\babylon.xml
FF SearchPlugin: C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\2rvqyuzi.default\searchplugins\BrowserDefender.xml
FF SearchPlugin: C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\2rvqyuzi.default\searchplugins\delta.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\Web Search.xml
FF Extension: Delta Toolbar - C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\2rvqyuzi.default\Extensions\ffxtlbr@delta.com
FF Extension: Avira SearchFree Toolbar plus Web Protection - C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\2rvqyuzi.default\Extensions\toolbar_AVIRA-V7@apn.ask.com
FF Extension: toolbar_AVIRA-V7 - C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\2rvqyuzi.default\Extensions\toolbar_AVIRA-V7@apn.ask.com.xpi
FF Extension: No Name - C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\2rvqyuzi.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF HKLM-x32\...\Firefox\Extensions: [support@vdownloader.com] - C:\Program Files (x86)\VDownloader\Addons\FireFox
FF HKLM-x32\...\Firefox\Extensions: [webbooster@iminent.com] - C:\Program Files (x86)\Iminent\webbooster@iminent.com
FF Extension: No Name - C:\Program Files (x86)\Iminent\webbooster@iminent.com
FF HKLM-x32\...\Firefox\Extensions: [speedanalysis@SpeedAnalysis.com] - C:\Users\xxx\AppData\Roaming\Mozilla\Extensions\speedanalysis@SpeedAnalysis.com
FF Extension: SpeedAnalysis.com - C:\Users\xxx\AppData\Roaming\Mozilla\Extensions\speedanalysis@SpeedAnalysis.com
FF HKLM-x32\...\Firefox\Extensions: [statuswinks@StatusWinks] - C:\Users\xxx\AppData\Roaming\Mozilla\Extensions\statuswinks@StatusWinks
FF Extension: Smiley Bar for Facebook - C:\Users\xxx\AppData\Roaming\Mozilla\Extensions\statuswinks@StatusWinks
FF HKLM-x32\...\Firefox\Extensions: [{FCE04E1F-9378-4f39-96F6-5689A9159E45}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF HKCU\...\Firefox\Extensions: [lrcfan@fansoft.br] - C:\Program Files (x86)\LyricsFan\FF\
FF Extension: No Name - C:\Program Files (x86)\LyricsFan\FF\
FF HKCU\...\Firefox\Extensions: [speedanalysis@SpeedAnalysis.com] - C:\Users\xxx\AppData\Roaming\Mozilla\Extensions\speedanalysis@SpeedAnalysis.com
FF Extension: SpeedAnalysis.com - C:\Users\xxx\AppData\Roaming\Mozilla\Extensions\speedanalysis@SpeedAnalysis.com
FF HKCU\...\Firefox\Extensions: [statuswinks@StatusWinks] - C:\Users\xxx\AppData\Roaming\Mozilla\Extensions\statuswinks@StatusWinks
FF Extension: Smiley Bar for Facebook - C:\Users\xxx\AppData\Roaming\Mozilla\Extensions\statuswinks@StatusWinks
FF HKCU\...\Firefox\Extensions: [singalong@xenophesoft.com] - C:\Program Files (x86)\SingAlong\FF\
FF Extension: No Name - C:\Program Files (x86)\SingAlong\FF\
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files\Nightly\firefox.exe

Chrome: 
=======
CHR HomePage:    "homepage": null,
CHR Extension: () - C:\Users\xxx~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaacalgebmfelllfiaoknifldpngjh\background
CHR Extension: (Sing Along) - C:\Users\xx~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\abepbblpkilpjohncjbccmdjhdhbnhdj\1.111_0
CHR Extension: (PutLockerDownloader) - C:\Users\xxx~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apfdadfinodckpcehhdhjlgiphgnbfci\1.0_0
CHR Extension: (SpeedAnalysis.com) - C:\Users\xxx~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfcbmgbfdbijmjgjihagbomfbjfjmgon\1.0.0.1_0
CHR Extension: (Delta Toolbar) - C:\Users\xxx~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde\1.4_0
CHR Extension: (Smiley Bar for Facebook) - C:\Users\xxx~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgojaaaiddhmiiakpejiklijbalpckih\1.0.0.5_0
CHR Extension: (RealDownloader) - C:\Users\xxx~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.2_0
CHR Extension: (Lyrics Fan) - C:\Users\xxx~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfeonecgpoepapkmdgdmjolonaakdknd\1.111_0
CHR Extension: (DvdVideoSoft Free Youtube Download) - C:\Users\xxx~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.0.0_0
CHR Extension: (GoPhoto.it) - C:\Users\xxx~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk\1.4_0
CHR HKLM-x32\...\Chrome\Extension: [aaaaacalgebmfelllfiaoknifldpngjh] - C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7\CRX\ToolbarCR.crx
CHR HKLM-x32\...\Chrome\Extension: [abepbblpkilpjohncjbccmdjhdhbnhdj] - C:\Program Files (x86)\SingAlong\Chrome.crx
CHR HKLM-x32\...\Chrome\Extension: [apfdadfinodckpcehhdhjlgiphgnbfci] - C:\Program Files (x86)\PutLockerDownloader\putlockerdownloader10.crx
CHR HKLM-x32\...\Chrome\Extension: [cfcbmgbfdbijmjgjihagbomfbjfjmgon] - C:\Users\Deejay Ceejay\AppData\Roaming\SpeedanAlysis\speedanalysis.crx
CHR HKLM-x32\...\Chrome\Extension: [eoccbpoodnckjdnackiffhjfkogfhnhh] - C:\Program Files (x86)\VDownloader\Addons\Chrome.crx
CHR HKLM-x32\...\Chrome\Extension: [eooncjejnppfjjklapaamhcdmjbilmde] - C:\Users\Deejay Ceejay\AppData\Roaming\BabSolution\CR\Delta.crx
CHR HKLM-x32\...\Chrome\Extension: [hgojaaaiddhmiiakpejiklijbalpckih] - C:\Users\Deejay Ceejay\AppData\Roaming\StatusWinks\statuswinks.crx
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx
CHR HKLM-x32\...\Chrome\Extension: [jpmbfleldcgkldadpdinhjjopdfpjfjp] - C:\Users\Administrator\AppData\Local\Wajam\Chrome\wajam.crx
CHR HKLM-x32\...\Chrome\Extension: [nfeonecgpoepapkmdgdmjolonaakdknd] - C:\Program Files (x86)\LyricsFan\Chrome.crx
CHR HKLM-x32\...\Chrome\Extension: [pfmopbbadnfoelckkcmjjeaaegjpjjbk] - C:\Program Files (x86)\Gophoto.it\gophotoit14.crx

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-09-12] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-12] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [815160 2013-09-12] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [168400 2013-07-26] (APN LLC.)
R2 BrowserDefendert; C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe [2847696 2013-07-26] ()
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-04-16] ()
S4 SProtection; C:\Program Files (x86)\Common Files\Umbrella\umbrella.exe [2663976 2013-01-25] (Iminent)
S3 WajamUpdater; C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe [109064 2012-06-14] (Wajam)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105344 2013-09-12] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132088 2013-09-12] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-09-12] (Avira Operations GmbH & Co. KG)
S3 Bulk; C:\Windows\System32\Drivers\HDJBulk.sys [232272 2012-04-10] (© Guillemot R&D, 2012. All rights reserved.)
S3 HDJMidi; C:\Windows\System32\DRIVERS\HDJMidi.sys [253264 2012-04-10] (© Guillemot R&D, 2011. All rights reserved.)
S3 kf1avs; C:\Windows\System32\Drivers\kf1avs.sys [357968 2011-09-15] (Native Instruments GmbH)
S3 kf1usb_svc; C:\Windows\System32\Drivers\kf1usb.sys [47696 2011-09-15] (Native Instruments GmbH)
R2 npf; C:\Windows\System32\drivers\npf.sys [47632 2010-01-27] (CACE Technologies, Inc.)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 ta6avs; C:\Windows\System32\Drivers\ta6avs.sys [358480 2012-02-22] (Native Instruments GmbH)
S3 ta6usb_svc; C:\Windows\System32\Drivers\ta6usb.sys [75856 2012-02-22] (Native Instruments GmbH)
S3 PCDSRVC{3368CD8C-AA86022B-06020101}_0; \??\c:\users\admini~1\appdata\local\temp\nomloz3b9oge\pcdrdiag\bin\pcdsrvc_x64.pkms [x]
S3 RL_SPIN2_PLUS; System32\Drivers\rlspinpu.sys [x]
S3 RL_SPIN2_PLUSM; system32\drivers\rlspinpm.sys [x]
S3 RL_SPIN2_PLUS_WDM; system32\drivers\rlspinpa.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-12 20:46 - 2013-09-12 20:47 - 01949642 _____ (Farbar) C:\Users\xxx\Desktop\FRST64.exe
2013-09-12 16:52 - 2013-09-12 18:08 - 00003436 _____ C:\Windows\System32\Tasks\BrowserDefendert
2013-09-12 16:16 - 2013-09-12 16:16 - 00004932 _____ C:\Windows\PFRO.log
2013-09-12 16:08 - 2013-09-12 16:08 - 00000000 ____D C:\ProgramData\AskPartnerNetwork
2013-09-12 16:08 - 2013-09-12 16:08 - 00000000 ____D C:\Program Files (x86)\AskPartnerNetwork
2013-09-12 16:07 - 2013-09-12 16:07 - 00000000 ____D C:\ProgramData\APN
2013-09-12 16:06 - 2013-09-12 16:06 - 00132088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-09-12 16:06 - 2013-09-12 16:06 - 00105344 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-09-12 16:06 - 2013-09-12 16:06 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-09-12 16:06 - 2013-09-12 16:06 - 00002034 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-09-12 16:03 - 2013-09-12 16:03 - 02092792 _____ C:\Users\xxx\Downloads\avira_free_4052_antivirus.exe
2013-09-10 18:33 - 2013-09-12 19:33 - 00000000 ____D C:\Program Files\Nightly
2013-09-10 06:17 - 2013-09-10 18:53 - 00003225 _____ C:\Windows\WindowsUpdate.log
2013-09-07 00:51 - 2013-09-07 00:51 - 00000000 ____D C:\Users\xxx\Documents\ICQ
2013-09-04 15:42 - 2013-09-12 18:08 - 00001176 _____ C:\Windows\setupact.log
2013-09-04 15:42 - 2013-09-04 15:42 - 00000000 _____ C:\Windows\setuperr.log
2013-09-03 19:14 - 2013-09-03 19:15 - 00000000 ____D C:\Users\xxx\AppData\Roaming\Xawae
2013-09-03 19:14 - 2013-09-03 19:14 - 00000000 ____D C:\Users\xxx\AppData\Roaming\Hipo
2013-09-03 19:14 - 2013-09-03 19:14 - 00000000 ____D C:\Users\xxx\AppData\Roaming\Ceamu
2013-09-03 14:47 - 2013-09-10 19:43 - 00000000 ____D C:\Users\xxx\AppData\Roaming\Apple Computer
2013-09-03 14:47 - 2013-09-03 14:47 - 00001747 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-09-03 14:47 - 2013-09-03 14:47 - 00000000 ____D C:\Users\xxx\AppData\Local\Apple Computer
2013-09-03 14:47 - 2012-08-21 13:01 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2013-09-03 14:46 - 2013-09-03 14:46 - 00000000 ____D C:\ProgramData\Apple Computer
2013-09-03 14:46 - 2013-09-03 14:46 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-09-03 14:46 - 2013-09-03 14:46 - 00000000 ____D C:\Program Files\iTunes
2013-09-03 14:46 - 2013-09-03 14:46 - 00000000 ____D C:\Program Files\iPod
2013-09-03 14:46 - 2013-09-03 14:46 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-09-03 14:45 - 2013-09-03 14:45 - 00000000 ____D C:\Windows\System32\Tasks\Apple
2013-09-03 14:45 - 2013-09-03 14:45 - 00000000 ____D C:\Users\xxx\AppData\Local\Apple
2013-09-03 14:45 - 2013-09-03 14:45 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2013-09-03 14:44 - 2013-09-03 14:45 - 00000000 ____D C:\ProgramData\Apple
2013-09-03 14:44 - 2013-09-03 14:44 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-09-03 14:44 - 2013-09-03 14:44 - 00000000 ____D C:\Program Files\Bonjour
2013-09-03 14:44 - 2013-09-03 14:44 - 00000000 ____D C:\Program Files (x86)\Bonjour
2013-09-03 14:41 - 2013-09-03 14:43 - 90889040 _____ (Apple Inc.) C:\Users\xxx\Desktop\iTunes64Setup.exe
2013-08-27 21:52 - 2013-09-10 20:10 - 00152644 _____ C:\Users\xxx\Documents\New.MMM
2013-08-25 22:15 - 2013-08-25 22:17 - 00000000 ____D C:\Users\xxx\Desktop\Originals
2013-08-25 11:57 - 2013-08-26 17:03 - 00013312 ____H C:\Users\xxx\Desktop\photothumb.db
2013-08-25 11:57 - 2013-08-25 11:57 - 00002008 _____ C:\Users\Public\Desktop\Google Slides.lnk
2013-08-25 11:57 - 2013-08-25 11:57 - 00002004 _____ C:\Users\Public\Desktop\Google Sheets.lnk
2013-08-25 11:57 - 2013-08-25 11:57 - 00001992 _____ C:\Users\Public\Desktop\Google Docs.lnk
2013-08-25 11:57 - 2013-08-25 11:57 - 00000999 _____ C:\Users\xxx\Desktop\PhotoScape.lnk
2013-08-20 22:31 - 2013-08-20 22:31 - 00000000 _____ C:\Windows\SysWOW64\shoBF67.tmp
2013-08-20 15:18 - 2013-08-20 15:18 - 00002922 _____ C:\Windows\System32\Tasks\{AED3EE5D-BB88-45D5-899D-2532FE72FF93}
2013-08-19 21:32 - 2013-08-19 21:32 - 00002922 _____ C:\Windows\System32\Tasks\{F3734E5E-B881-40FB-ABA8-59542C4CE7F3}
2013-08-19 21:32 - 2013-08-19 21:32 - 00002922 _____ C:\Windows\System32\Tasks\{6CC61D01-3D4B-488C-888E-ED3F85AB6519}

==================== One Month Modified Files and Folders =======

2013-09-12 20:50 - 2013-09-12 20:50 - 00000000 ____D C:\FRST
2013-09-12 20:48 - 2012-10-03 07:20 - 00000000 ___RD C:\Users\xxx\Desktop\programme
2013-09-12 20:47 - 2013-09-12 20:46 - 01949642 _____ (Farbar) C:\Users\xxx\Desktop\FRST64.exe
2013-09-12 20:28 - 2009-07-14 06:45 - 00016752 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-12 20:28 - 2009-07-14 06:45 - 00016752 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-12 20:07 - 2013-06-04 16:47 - 00001124 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-12 20:07 - 2012-06-30 15:26 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-12 19:52 - 2013-07-07 13:47 - 00000960 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3405161450-1228087242-1016309489-1002UA.job
2013-09-12 19:33 - 2013-09-10 18:33 - 00000000 ____D C:\Program Files\Nightly
2013-09-12 19:25 - 2012-08-08 19:20 - 00000960 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3405161450-1228087242-1016309489-500UA.job
2013-09-12 19:25 - 2012-08-08 19:20 - 00000938 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3405161450-1228087242-1016309489-500Core.job
2013-09-12 18:26 - 2012-01-03 21:42 - 00654844 _____ C:\Windows\system32\perfh007.dat
2013-09-12 18:26 - 2012-01-03 21:42 - 00130426 _____ C:\Windows\system32\perfc007.dat
2013-09-12 18:26 - 2009-07-14 07:13 - 01500080 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-12 18:23 - 2012-09-12 17:56 - 00000000 ____D C:\Users\xxx\AppData\Roaming\Skype
2013-09-12 18:22 - 2013-06-04 16:48 - 00003370 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3405161450-1228087242-1016309489-1002
2013-09-12 18:22 - 2013-06-04 16:48 - 00003252 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3405161450-1228087242-1016309489-1002
2013-09-12 18:22 - 2013-06-04 16:47 - 00001120 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-12 18:22 - 2012-01-13 20:18 - 00000000 ____D C:\ProgramData\clear.fi
2013-09-12 18:08 - 2013-09-12 16:52 - 00003436 _____ C:\Windows\System32\Tasks\BrowserDefendert
2013-09-12 18:08 - 2013-09-04 15:42 - 00001176 _____ C:\Windows\setupact.log
2013-09-12 18:08 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-12 18:02 - 2009-07-14 07:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-09-12 17:51 - 2012-09-10 06:08 - 00001417 _____ C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-09-12 16:16 - 2013-09-12 16:16 - 00004932 _____ C:\Windows\PFRO.log
2013-09-12 16:12 - 2012-09-13 22:59 - 00000000 _RSHD C:\Users\xxx\M-25-6788-7854-2457
2013-09-12 16:10 - 2013-07-15 22:17 - 00000000 ____D C:\Program Files (x86)\SingAlong
2013-09-12 16:10 - 2013-02-28 12:04 - 00000000 ____D C:\Program Files (x86)\LyricsFan
2013-09-12 16:08 - 2013-09-12 16:08 - 00000000 ____D C:\ProgramData\AskPartnerNetwork
2013-09-12 16:08 - 2013-09-12 16:08 - 00000000 ____D C:\Program Files (x86)\AskPartnerNetwork
2013-09-12 16:07 - 2013-09-12 16:07 - 00000000 ____D C:\ProgramData\APN
2013-09-12 16:06 - 2013-09-12 16:06 - 00132088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-09-12 16:06 - 2013-09-12 16:06 - 00105344 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-09-12 16:06 - 2013-09-12 16:06 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-09-12 16:06 - 2013-09-12 16:06 - 00002034 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-09-12 16:06 - 2013-06-29 11:02 - 00000000 ____D C:\ProgramData\Avira
2013-09-12 16:03 - 2013-09-12 16:03 - 02092792 _____ C:\Users\xxx\Downloads\avira_free_4052_antivirus.exe
2013-09-11 20:07 - 2012-06-30 15:26 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-11 20:07 - 2012-06-30 15:26 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-09-11 20:07 - 2011-12-19 19:28 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-10 20:10 - 2013-08-27 21:52 - 00152644 _____ C:\Users\xxx\Documents\New.MMM
2013-09-10 19:43 - 2013-09-03 14:47 - 00000000 ____D C:\Users\xxx\AppData\Roaming\Apple Computer
2013-09-10 18:53 - 2013-09-10 06:17 - 00003225 _____ C:\Windows\WindowsUpdate.log
2013-09-10 17:58 - 2012-09-12 17:27 - 00000000 ____D C:\Users\xxx\AppData\Roaming\ICQ
2013-09-10 13:52 - 2013-07-07 13:47 - 00000938 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3405161450-1228087242-1016309489-1002Core.job
2013-09-09 19:51 - 2012-08-27 20:25 - 00000000 ____D C:\Program Files\VDownloader
2013-09-07 00:51 - 2013-09-07 00:51 - 00000000 ____D C:\Users\xxx\Documents\ICQ
2013-09-04 15:42 - 2013-09-04 15:42 - 00000000 _____ C:\Windows\setuperr.log
2013-09-04 06:17 - 2013-06-29 13:09 - 00000000 ____D C:\Windows\Minidump
2013-09-03 22:23 - 2012-10-25 20:12 - 00000000 ____D C:\Users\xxx\AppData\Roaming\SoftGrid Client
2013-09-03 19:15 - 2013-09-03 19:14 - 00000000 ____D C:\Users\xxx\AppData\Roaming\Xawae
2013-09-03 19:14 - 2013-09-03 19:14 - 00000000 ____D C:\Users\xxx\AppData\Roaming\Hipo
2013-09-03 19:14 - 2013-09-03 19:14 - 00000000 ____D C:\Users\xxx\AppData\Roaming\Ceamu
2013-09-03 14:47 - 2013-09-03 14:47 - 00001747 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-09-03 14:47 - 2013-09-03 14:47 - 00000000 ____D C:\Users\xxx\AppData\Local\Apple Computer
2013-09-03 14:46 - 2013-09-03 14:46 - 00000000 ____D C:\ProgramData\Apple Computer
2013-09-03 14:46 - 2013-09-03 14:46 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-09-03 14:46 - 2013-09-03 14:46 - 00000000 ____D C:\Program Files\iTunes
2013-09-03 14:46 - 2013-09-03 14:46 - 00000000 ____D C:\Program Files\iPod
2013-09-03 14:46 - 2013-09-03 14:46 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-09-03 14:45 - 2013-09-03 14:45 - 00000000 ____D C:\Windows\System32\Tasks\Apple
2013-09-03 14:45 - 2013-09-03 14:45 - 00000000 ____D C:\Users\xxx\AppData\Local\Apple
2013-09-03 14:45 - 2013-09-03 14:45 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2013-09-03 14:45 - 2013-09-03 14:44 - 00000000 ____D C:\ProgramData\Apple
2013-09-03 14:44 - 2013-09-03 14:44 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-09-03 14:44 - 2013-09-03 14:44 - 00000000 ____D C:\Program Files\Bonjour
2013-09-03 14:44 - 2013-09-03 14:44 - 00000000 ____D C:\Program Files (x86)\Bonjour
2013-09-03 14:43 - 2013-09-03 14:41 - 90889040 _____ (Apple Inc.) C:\Users\xxx\Desktop\iTunes64Setup.exe
2013-08-30 18:18 - 2012-09-17 09:28 - 00000000 ____D C:\Users\xxx\AppData\Roaming\vlc
2013-08-29 20:57 - 2013-06-04 16:47 - 00000000 ____D C:\Users\xxx\AppData\Roaming\Real
2013-08-29 20:57 - 2013-06-04 16:45 - 00000000 ____D C:\ProgramData\Real
2013-08-26 17:19 - 2012-11-20 17:59 - 00000000 ____D C:\Users\xxx\Desktop\flyer
2013-08-26 17:03 - 2013-08-25 11:57 - 00013312 ____H C:\Users\xxx\Desktop\photothumb.db
2013-08-25 22:17 - 2013-08-25 22:15 - 00000000 ____D C:\Users\xxx\Desktop\Originals
2013-08-25 11:57 - 2013-08-25 11:57 - 00002008 _____ C:\Users\Public\Desktop\Google Slides.lnk
2013-08-25 11:57 - 2013-08-25 11:57 - 00002004 _____ C:\Users\Public\Desktop\Google Sheets.lnk
2013-08-25 11:57 - 2013-08-25 11:57 - 00001992 _____ C:\Users\Public\Desktop\Google Docs.lnk
2013-08-25 11:57 - 2013-08-25 11:57 - 00000999 _____ C:\Users\xxx\Desktop\PhotoScape.lnk
2013-08-25 11:57 - 2012-12-11 23:17 - 00000000 ____D C:\Users\xxx\AppData\Local\Google
2013-08-25 11:57 - 2012-06-30 15:29 - 00000000 ____D C:\Program Files (x86)\Google
2013-08-22 20:16 - 2012-12-12 00:27 - 00000000 ____D C:\Users\xxxx\AppData\Roaming\Winamp
2013-08-20 22:31 - 2013-08-20 22:31 - 00000000 _____ C:\Windows\SysWOW64\shoBF67.tmp
2013-08-20 15:18 - 2013-08-20 15:18 - 00002922 _____ C:\Windows\System32\Tasks\{AED3EE5D-BB88-45D5-899D-2532FE72FF93}
2013-08-19 21:32 - 2013-08-19 21:32 - 00002922 _____ C:\Windows\System32\Tasks\{F3734E5E-B881-40FB-ABA8-59542C4CE7F3}
2013-08-19 21:32 - 2013-08-19 21:32 - 00002922 _____ C:\Windows\System32\Tasks\{6CC61D01-3D4B-488C-888E-ED3F85AB6519}

ZeroAccess:
C:\Windows\Installer\{49971865-928c-95e1-9c8e-9e6171b9c471}

ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe
[2009-07-14 01:19] - [2009-07-14 03:39] - 0328704 ____N () D41D8CD98F00B204E9800998ECF8427E

C:\Windows\System32\services.exe IS INFECTED. <===== ATTENTION!

C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-12 14:52

==================== End Of Log ============================

--- --- ---

--- --- ---

Addition.txt folgt

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-09-2013 02
Ran by xxx at 2013-09-12 20:51:52
Running from C:\Users\xxx\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

Acer Crystal Eye Webcam (x32 Version: 1.0.1904)
Acer eRecovery Management (x32 Version: 5.00.3504)
Adobe AIR (x32 Version: 2.7.1.19610)
Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.168)
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.168)
Adobe Reader X (10.1.7) MUI (x32 Version: 10.1.7)
Airline Tycoon - Deluxe (x32)
Apple Application Support (x32 Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (x32 Version: 2.1.3.127)
ASIO4ALL (x32 Version: 2.11 Beta1)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (x32 Version: 1.0.0.36)
ATI Catalyst Install Manager (Version: 3.0.812.0)
Avira Free Antivirus (x32 Version: 13.0.0.4052)
Avira SearchFree Toolbar plus Web Protection (x32 Version: 12.2.2.663)
Bonjour (Version: 3.0.0.10)
BrowserDefender (x32)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center InstallProxy (x32 Version: 2011.0208.2202.39516)
Catalyst Control Center Localization All (x32 Version: 2011.0208.2202.39516)
CCC Help Chinese Standard (x32 Version: 2011.0208.2201.39516)
CCC Help Chinese Traditional (x32 Version: 2011.0208.2201.39516)
CCC Help Czech (x32 Version: 2011.0208.2201.39516)
CCC Help Danish (x32 Version: 2011.0208.2201.39516)
CCC Help Dutch (x32 Version: 2011.0208.2201.39516)
CCC Help English (x32 Version: 2011.0208.2201.39516)
CCC Help Finnish (x32 Version: 2011.0208.2201.39516)
CCC Help French (x32 Version: 2011.0208.2201.39516)
CCC Help German (x32 Version: 2011.0208.2201.39516)
CCC Help Greek (x32 Version: 2011.0208.2201.39516)
CCC Help Hungarian (x32 Version: 2011.0208.2201.39516)
CCC Help Italian (x32 Version: 2011.0208.2201.39516)
CCC Help Japanese (x32 Version: 2011.0208.2201.39516)
CCC Help Korean (x32 Version: 2011.0208.2201.39516)
CCC Help Norwegian (x32 Version: 2011.0208.2201.39516)
CCC Help Polish (x32 Version: 2011.0208.2201.39516)
CCC Help Portuguese (x32 Version: 2011.0208.2201.39516)
CCC Help Russian (x32 Version: 2011.0208.2201.39516)
CCC Help Spanish (x32 Version: 2011.0208.2201.39516)
CCC Help Swedish (x32 Version: 2011.0208.2201.39516)
CCC Help Thai (x32 Version: 2011.0208.2201.39516)
CCC Help Turkish (x32 Version: 2011.0208.2201.39516)
ccc-core-static (x32 Version: 2011.0208.2202.39516)
ccc-utility64 (Version: 2011.0208.2202.39516)
CCleaner (Version: 3.16)
clear.fi (x32 Version: 1.0.1517_36458)
clear.fi (x32 Version: 1.0.2024.00)
clear.fi (x32 Version: 9.0.8026)
clear.fi Client (x32 Version: 1.00.3500)
Conduit Engine  (x32 Version: 6.3.8.0)
D3DX10 (x32 Version: 15.4.2368.0902)
Delta Chrome Toolbar (x32)
Delta toolbar   (x32 Version: 1.8.21.5)
DENON DJ ASIO Driver (x32 Version: 2.2.0)
Dolby Advanced Audio v2 (x32 Version: 7.2.7000.7)
Evernote v. 4.5.1 (x32 Version: 4.5.1.5451)
Facebook Video Calling 1.2.0.159 (x32 Version: 1.2.159)
Facebook Video Calling 1.2.0.287 (x32 Version: 1.2.287)
Firebird SQL Server - MAGIX Edition (x32 Version: 2.1.32.0)
Fooz Kids (x32 Version: 3.0.8)
Fotogaléria (x32 Version: 16.4.3505.0912)
Fotogalerie (x32 Version: 16.4.3505.0912)
Fotogalerija (x32 Version: 16.4.3505.0912)
Fotogalleri (x32 Version: 16.4.3505.0912)
Fotogalleriet (x32 Version: 16.4.3505.0912)
Fotoğraf Galerisi (x32 Version: 16.4.3505.0912)
Fotótár (x32 Version: 16.4.3505.0912)
Galeria de Fotografias (x32 Version: 16.4.3505.0912)
Galeria de Fotos (x32 Version: 16.4.3505.0912)
Galería de fotos (x32 Version: 16.4.3505.0912)
Galeria fotogràfica (x32 Version: 16.4.3505.0912)
Galeria fotografii (x32 Version: 16.4.3505.0912)
Galerie de photos (x32 Version: 16.4.3505.0912)
Galerie foto (x32 Version: 16.4.3505.0912)
Galerija fotografija (x32 Version: 16.4.3505.0912)
Google Chrome (x32 Version: 29.0.1547.66)
Google Drive (x32 Version: 1.11.4865.2530)
Google Update Helper (x32 Version: 1.3.21.153)
ICQ7.7 (x32 Version: 7.7)
Identity Card (x32 Version: 1.00.3501)
Iminent (x32 Version: 6.4.56.0)
Intel(R) Management Engine Components (x32 Version: 7.0.0.1144)
Intel(R) Rapid Storage Technology (x32 Version: 10.1.2.1004)
iTunes (Version: 11.0.5.5)
Java 7 Update 25 (64-bit) (Version: 7.0.250)
Junk Mail filter update (x32 Version: 16.4.3505.0912)
Launch Manager (x32 Version: 5.1.7)
Lyrics Fan (x32)
MAGIX Content und Soundpools (x32 Version: 1.0.0.0)
MAGIX Goya burnR (MSI) (Version: 4.3.2.0)
MAGIX Goya burnR (MSI) (x32 Version: 4.3.2.0)
MAGIX Music Maker MX Premium Download-Version (x32 Version: 18.0.0.42)
MAGIX Music Maker MX Production Suite Download-Version (Demosongs) (x32 Version: 1.0.0.0)
MAGIX Music Maker MX Production Suite Download-Version (Einführungsvideos) (x32 Version: 1.0.0.0)
MAGIX Music Maker MX Production Suite Download-Version (Instrumenten-Paket 1) (x32 Version: 1.0.0.0)
MAGIX Music Maker MX Production Suite Download-Version (Instrumenten-Paket 2) (x32 Version: 1.0.0.0)
MAGIX Music Maker MX Production Suite Download-Version (Instrumenten-Paket 3) (x32 Version: 1.0.0.0)
MAGIX Music Maker MX Production Suite Download-Version (Instrumenten-Paket 4) (x32 Version: 1.0.0.0)
MAGIX Music Maker MX Production Suite Download-Version (Instrumenten-Paket 5) (x32 Version: 1.0.0.0)
MAGIX Music Maker MX Production Suite Download-Version (Instrumenten-Paket 6) (x32 Version: 1.0.0.0)
MAGIX Music Maker MX Production Suite Download-Version (Soundpaket) (x32 Version: 1.0.0.0)
MAGIX Music Maker MX Production Suite Download-Version (Synthesizer und Effekte) (x32 Version: 1.0.0.0)
MAGIX Music Maker MX Production Suite Download-Version (Visuals) (x32 Version: 1.0.0.0)
MAGIX Music Maker MX Production Suite Download-Version (x32 Version: 18.0.1.11)
MAGIX Music Maker Techno Edition 5 (Version: 19.0.5.57)
MAGIX Music Maker Techno Edition 5 (x32 Version: 19.0.5.57)
MAGIX Music Maker Techno Edition 5 Trial Soundpools (Version: 1.0.0.0)
MAGIX Screenshare (x32 Version: 4.3.6.1987)
MAGIX Speed burnR (MSI) (x32 Version: 7.0.2.6)
McAfee Security Scan Plus (x32 Version: 3.0.318.3)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000)
Microsoft Office Klick-und-Los 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Starter 2010 - Deutsch (x32 Version: 14.0.5128.5002)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft SkyDrive (HKCU Version: 16.4.6013.0910)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Movie Maker (x32 Version: 16.4.3505.0912)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSVCRT110 (x32 Version: 16.4.1108.0727)
MSVCRT110_amd64 (Version: 16.4.1109.0912)
MSXML 4.0 SP3 Parser (KB2721691) (x32 Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB973685) (x32 Version: 4.30.2107.0)
MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0)
Native Instruments Audio 2 DJ Driver (Version: 3.0.3.696)
Native Instruments Audio 2 DJ Driver (x32)
Native Instruments Audio 4 DJ Driver (Version: 3.0.3.696)
Native Instruments Audio 4 DJ Driver (x32)
Native Instruments Audio 8 DJ Driver (Version: 3.0.3.696)
Native Instruments Audio 8 DJ Driver (x32)
Native Instruments Controller Editor (Version: 1.5.2.1142)
Native Instruments Controller Editor (x32)
Native Instruments Service Center (Version: 2.3.2.926)
Native Instruments Service Center (x32)
Native Instruments Traktor 2 (Version: 2.6.0.14627)
Native Instruments Traktor 2 (x32)
Native Instruments Traktor Audio 10 Driver (Version: 3.0.3.696)
Native Instruments Traktor Audio 10 Driver (x32)
Native Instruments Traktor Audio 2 Driver (Version: 3.0.3.696)
Native Instruments Traktor Audio 2 Driver (x32)
Native Instruments Traktor Audio 6 Driver (Version: 3.0.3.696)
Native Instruments Traktor Audio 6 Driver (x32)
Native Instruments Traktor Kontrol F1 Driver (Version: 3.0.2.664)
Native Instruments Traktor Kontrol F1 Driver (x32)
Native Instruments Traktor Kontrol S2 Driver (Version: 3.0.3.696)
Native Instruments Traktor Kontrol S2 Driver (x32)
Native Instruments Traktor Kontrol S4 Driver (Version: 3.0.3.696)
Native Instruments Traktor Kontrol S4 Driver (x32)
Native Instruments Traktor Kontrol X1 Driver (Version: 3.0.1.648)
Native Instruments Traktor Kontrol X1 Driver (x32)
Native Instruments Traktor Kontrol Z2 Driver (Version: 3.0.5.731)
Native Instruments Traktor Kontrol Z2 Driver (x32)
Nightly 26.0a1 (x64 en-US) (Version: 26.0a1)
NTI Media Maker 9 (x32 Version: 9.0.2.9002)
Opera 12.16 (x32 Version: 12.16.1860)
Photo Common (x32 Version: 16.4.3505.0912)
Photo Gallery (x32 Version: 16.4.3505.0912)
PhotoScape (x32)
Poczta usługi Windows Live (x32 Version: 16.4.3505.0912)
Podstawowe programy Windows Live (x32 Version: 16.4.3505.0912)
Pošta Windows Live (x32 Version: 16.4.3505.0912)
Power Sound Editor Free (x32)
PX Profile Update (x32 Version: 1.00.1.)
Raccolta foto (x32 Version: 16.4.3505.0912)
RealDownloader (x32 Version: 1.3.2)
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0)
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0)
RealPlayer (x32 Version: 16.0.2)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6438)
Realtek USB 2.0 Card Reader (x32 Version: 6.1.7600.30123)
RealUpgrade 1.1 (x32 Version: 1.1.0)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.34.0)
SHOUTcast Source DSP 1.9.1 (remove only) (x32)
SimpleFiles (HKCU Version: 1.0.0)
simplitec simplicheck (x32 Version: 1.3.10.0)
Sing Along (x32)
Skype™ 6.6 (x32 Version: 6.6.106)
Synaptics Pointing Device Driver (Version: 15.1.6.0)
Syncrosofts Lizenz Kontrolle (x32)
TeamSpeak 3 Client (Version: 3.0.10)
TeamViewer 7 (x32 Version: 7.0.12979)
Text-To-Speech-Runtime (x32 Version: 1.0.0.0)
Überwachungstool für die Intel® Turbo-Boost-Technik 2.0 (Version: 2.1.23.0)
Unity Web Player (HKCU Version: )
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Valokuvavalikoima (x32 Version: 16.4.3505.0912)
VDownloader 3.9.1421
VideoPerformer (x32)
Virtual DJ Pro Full - Atomix Productions (x32)
VirtualDJ PRO Full (x32 Version: 7.0.5)
VLC media player 2.0.1 (x32 Version: 2.0.1)
Wajam (x32 Version: 1.45)
Winamp (x32 Version: 5.623 )
Windows Live Communications Platform (x32 Version: 16.4.3505.0912)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 16.4.3505.0912)
Windows Live Family Safety (Version: 16.4.3505.0912)
Windows Live Family Safety (x32 Version: 16.4.3505.0912)
Windows Live Fotogalleri (x32 Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0)
Windows Live Installer (x32 Version: 16.4.3505.0912)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mail (x32 Version: 16.4.3505.0912)
Windows Live Messenger (x32 Version: 15.4.3538.0513)
Windows Live Messenger (x32 Version: 16.4.3505.0912)
Windows Live MIME IFilter (Version: 16.4.3505.0912)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 16.4.3505.0912)
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912)
Windows Live SOXE (x32 Version: 16.4.3505.0912)
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912)
Windows Live Temel Parçalar (x32 Version: 16.4.3505.0912)
Windows Live UX Platform (x32 Version: 16.4.3505.0912)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer (x32 Version: 16.4.3505.0912)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 16.4.3505.0912)
Windows Live 程式集 (x32 Version: 16.4.3505.0912)
Windows Liven peruspaketti (x32 Version: 16.4.3505.0912)
Windows Liven sähköposti (x32 Version: 16.4.3505.0912)
WinPcap 4.1.1 (x32 Version: 4.1.0.1753)
WinRAR 4.20 (64-Bit) (Version: 4.20.0)
Zylom Games Player Plugin (x32)
Συλλογή φωτογραφιών (x32 Version: 16.4.3505.0912)
Основные компоненты Windows Live (x32 Version: 16.4.3505.0912)
Почта Windows Live (x32 Version: 16.4.3505.0912)
Фотоальбом (x32 Version: 16.4.3505.0912)
Фотогалерия (x32 Version: 16.4.3505.0912)
Фотографии (общедоступная версия) (x32 Version: 16.4.3505.0912)
גלריית התמונות (x32 Version: 16.4.3505.0912)
بريد Windows Live (x32 Version: 16.4.3505.0912)
معرض الصور (x32 Version: 16.4.3505.0912)
影像中心 (x32 Version: 16.4.3505.0912)

==================== Restore Points  =========================

28-08-2013 12:26:55 Geplanter Prüfpunkt
03-09-2013 12:45:40 Installed iTunes
12-09-2013 13:31:12 Geplanter Prüfpunkt
12-09-2013 14:12:26 Avira Free Antivirus - 12.09.2013 16:12
12-09-2013 14:12:53 Avira Free Antivirus - 12.09.2013 16:12
12-09-2013 14:13:19 Avira Free Antivirus - 12.09.2013 16:13

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {044A6734-E90E-4F8F-B357-B2DC8AB3B5EC} - System32\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime => Sc.exe start w32time task_started
Task: {0A83C246-ECF1-459D-A8FD-3209F5F7C6DA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-04] (Google Inc.)
Task: {0D3FE1B2-1E92-488E-88DE-DF331D717F63} - System32\Tasks\{6CC61D01-3D4B-488C-888E-ED3F85AB6519} => F:\689342.exe
Task: {24EFB0BE-2F41-495C-8938-41948E75E021} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3405161450-1228087242-1016309489-1002Core => C:\Users\xxx\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-07-07] (Facebook Inc.)
Task: {2AD868C0-C9F9-4B72-91D0-125471B6C99D} - System32\Tasks\BrowserDefendert => Sc.exe start BrowserDefendert
Task: {31E06D4F-863B-4C1D-9889-D76BC9FC3D9E} - System32\Tasks\{2BC8C348-998D-4CC9-9BC7-F7FB2BA1E570} => F:\689342.exe
Task: {37C54554-C1E0-45B5-B7D2-F9A545970686} - System32\Tasks\{AED3EE5D-BB88-45D5-899D-2532FE72FF93} => F:\689342.exe
Task: {46D4C9D7-8C66-4225-9CC9-6AB3BB1FF031} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3405161450-1228087242-1016309489-1002 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {47EE6043-84A6-4B1B-A547-468DB7DCD3A9} - System32\Tasks\{C6B0BEA0-2577-4D19-B4DB-B4C3107F01B9} => F:\689342.exe
Task: {49B961A8-F9FE-4C29-B7ED-A3C587911589} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-04] (Google Inc.)
Task: {4B2614D3-0F87-44A0-B2CD-10A12538A6ED} - System32\Tasks\Games\UpdateCheck_S-1-5-21-3405161450-1228087242-1016309489-1002
Task: {4DD76D15-C96C-4C58-B792-3AB430EC4245} - System32\Tasks\{CC47D998-12B6-47D4-BDEA-9CE254D63F08} => C:\Program Files (x86)\Airline Tycoon First Class\AT.EXE
Task: {60B62381-3295-4910-AE8F-B5ABC10788B3} - System32\Tasks\{8A06CDD7-2B5E-4346-9991-E17629BDA9E9} => F:\689342.exe
Task: {6482F9FC-5B85-4C33-A6E0-C85D92943394} - System32\Tasks\DMREngine => C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe [2011-08-24] (CyberLink)
Task: {6C99F277-5895-407F-99D3-A08D1E271730} - System32\Tasks\{50FA1050-8D90-4312-8CC5-91775373DE78} => C:\Program Files\VDownloader\VDownloader.exe [2013-03-27] (Vitzo)
Task: {6EA258BB-1859-41CF-A8ED-09017F38A58D} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
Task: {77C4CA63-BC9A-48E3-9B04-30EDA97397D5} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04] (Adobe Systems Incorporated)
Task: {7A91E468-C7B4-4729-A42D-831B2E243200} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {7FC2D393-86B1-464C-A50E-DA76E89928DA} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3405161450-1228087242-1016309489-500UA => C:\Users\Administrator\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: {9C947B76-2B5B-430A-81E3-E12AB4491952} - System32\Tasks\{F3734E5E-B881-40FB-ABA8-59542C4CE7F3} => F:\689342.exe
Task: {9FD4FC57-5D44-458D-ACBF-98265D963236} - System32\Tasks\clear.fiAgent => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe [2011-08-24] (CyberLink Corp.)
Task: {B1B9EEF2-6B32-42EF-9D8E-694EECF3C292} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation)
Task: {CA8DC70C-8173-4A1D-839C-C6942C61E3A7} - System32\Tasks\clear.fi => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe [2011-08-24] (Acer Incorporated)
Task: {D93B6110-994E-4E06-89B7-397091623110} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3405161450-1228087242-1016309489-1002UA => C:\Users\xxx\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-07-07] (Facebook Inc.)
Task: {EDEC7AE9-0109-4F07-A41A-CBB1F058B6ED} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-11] (Adobe Systems Incorporated)
Task: {F4765D10-5550-4CD6-A25E-2D45777A0568} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {FA3ADB18-8F4E-4844-B8CE-2D9E29C64BB6} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3405161450-1228087242-1016309489-500Core => C:\Users\Administrator\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: {FB58E8FD-9794-479F-8F61-EC1CC398C50B} - System32\Tasks\EPUpdater => C:\Users\xxx\AppData\Roaming\BabSolution\Shared\BabMaint.exe [2013-06-06] ()
Task: {FBDFC0D9-89FD-4184-A5A9-2E15FE7EC166} - System32\Tasks\{91104F61-9F16-4DEA-AF8C-15CB565DD168} => C:\Program Files (x86)\Airline Tycoon First Class\AT.EXE
Task: {FC22BD83-FB70-4563-8547-A3B44D99BDD2} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {FD99D6DD-8136-4167-9439-C49C3A7E7178} - System32\Tasks\SimpleFilesUpdate => C:\Program Files (x86)\SimpleFiles\SFUpdater.exe [2013-07-15] (hxxp://simple-files.com/)
Task: {FEA1018B-8451-46EC-9650-0673B7F4067B} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3405161450-1228087242-1016309489-1002 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3405161450-1228087242-1016309489-1002Core.job => C:\Users\xxx\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3405161450-1228087242-1016309489-1002UA.job => C:\Users\xxx\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3405161450-1228087242-1016309489-500Core.job => C:\Users\Administrator\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3405161450-1228087242-1016309489-500UA.job => C:\Users\Administrator\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2009-07-14 02:22 - 2009-07-14 03:38 - 00081408 _____ (Fraunhofer Institut Integrierte Schaltungen IIS) C:\Windows\System32\l3codeca.acm
2012-12-10 01:32 - 2012-12-10 01:32 - 00244696 _____ (Microsoft Corporation) C:\Users\xxx\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
2012-12-10 01:32 - 2012-12-10 01:32 - 00661448 _____ (Microsoft Corporation) C:\Users\xxx\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\MSVCP110.dll
2012-12-10 01:32 - 2012-12-10 01:32 - 00828872 _____ (Microsoft Corporation) C:\Users\xxx\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\MSVCR110.dll
2011-12-19 18:29 - 2010-07-29 15:26 - 00400168 _____ (Synaptics Incorporated) C:\Windows\system32\SynCOM.dll
2011-12-19 18:29 - 2010-07-29 15:26 - 00215336 _____ (Synaptics Incorporated) C:\Windows\system32\SynTPAPI.dll
2012-01-03 13:14 - 2011-05-02 08:27 - 00118104 _____ (Dolby Laboratories) C:\Windows\system32\R4EEA64A.dll
2012-01-03 13:14 - 2010-11-03 12:30 - 00149608 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2012-01-03 13:14 - 2011-08-16 08:43 - 03200104 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkAPO64.dll
2011-06-01 11:31 - 2011-06-01 11:31 - 01070936 _____ (Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4c.dll
2011-06-01 11:32 - 2011-06-01 11:32 - 00034136 _____ (Dolby Laboratories Inc.) C:\Dolby PCEE4\Dolby.Interop.dll
2011-06-01 11:31 - 2011-06-01 11:31 - 00030040 _____ (Dolby Laboratories Inc.) C:\Dolby PCEE4\de\pcee4c.resources.dll
2013-09-10 18:33 - 2013-09-10 18:33 - 14633472 _____ () C:\Program Files\Nightly\mozjs.dll
2010-11-21 05:24 - 2010-11-21 05:24 - 00326144 _____ () C:\Windows\system32\mswsock.dll
2010-11-21 05:24 - 2010-11-21 05:24 - 00326144 _____ (Microsoft Corporation) \\.\globalroot\systemroot\system32\mswsock.dll
2013-09-11 20:07 - 2013-09-11 20:07 - 22247304 _____ () C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll
2010-11-21 05:24 - 2010-11-21 05:24 - 00326144 _____ (Microsoft Corporation) \\?\globalroot\systemroot\system32\mswsock.DLL
2013-07-15 22:17 - 2013-07-15 22:17 - 00947200 _____ (Terra Informatica Software, Inc., British Columbia, Canada.) C:\Program Files (x86)\SimpleFiles\HTMLayout.dll
2010-11-21 05:24 - 2010-11-21 05:24 - 00232448 _____ (Microsoft Corporation) \\.\globalroot\systemroot\syswow64\mswsock.dll
2013-07-07 13:47 - 2013-07-07 13:47 - 00686960 ____T (Facebook Inc.) C:\Users\Deejay Ceejay\AppData\Local\Facebook\Update\1.2.205.0\goopdate.dll
2010-11-17 03:52 - 2010-11-17 03:52 - 00096904 _____ (Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.dll
2013-04-21 21:44 - 2013-04-21 21:44 - 00053648 _____ (Open Source Software community project) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\pthreadVC2.dll
2013-04-21 21:44 - 2013-04-21 21:44 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-04-21 21:44 - 2013-04-21 21:44 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-08-30 23:05 - 2011-08-30 23:05 - 00085864 _____ (Apple Inc.) C:\Windows\system32\dnssd.dll
2010-11-21 05:24 - 2010-11-21 05:24 - 00232448 _____ (Microsoft Corporation) \\?\globalroot\systemroot\syswow64\mswsock.DLL
2011-08-24 19:03 - 2011-08-24 19:03 - 00206216 _____ () C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dll
2013-06-04 21:53 - 2013-07-05 23:01 - 16192864 _____ (Opera Software) C:\Program Files (x86)\Opera\Opera.dll
2012-12-10 01:32 - 2012-12-10 01:32 - 00220632 _____ (Microsoft Corporation) C:\Users\xxx\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
2012-12-10 01:32 - 2012-12-10 01:32 - 00534480 _____ (Microsoft Corporation) C:\Users\xxx\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\MSVCP110.dll
2012-12-10 01:32 - 2012-12-10 01:32 - 00862664 _____ (Microsoft Corporation) C:\Users\xxx\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\MSVCR110.dll
2012-12-10 01:32 - 2012-12-10 01:32 - 00537560 _____ (Microsoft Corporation) C:\Users\xxx\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\Telemetry.dll
2012-12-10 01:32 - 2012-12-10 01:32 - 00038360 _____ (Microsoft Corporation) C:\Users\xxx\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\logging.dll
2013-09-11 20:07 - 2013-09-11 20:07 - 16177544 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll

==================== Alternate Data Streams (whitelisted) ==========



==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/12/2013 08:52:01 PM) (Source: Bonjour Service) (User: )
Description: Unknown DNS packet type F1B1 from 96.18.87.104   :16470 to 217.72.214.98  :49152 length 988 on 0000000000000000 (ignored)

Error: (09/12/2013 08:51:04 PM) (Source: Bonjour Service) (User: )
Description: Unknown DNS packet type F387 from 46.249.163.114 :16470 to 217.72.214.98  :49152 length 988 on 0000000000000000 (ignored)

Error: (09/12/2013 08:50:51 PM) (Source: Bonjour Service) (User: )
Description: Unknown DNS packet type F387 from 82.183.118.5   :16470 to 217.72.214.98  :49152 length 988 on 0000000000000000 (ignored)

Error: (09/12/2013 08:46:34 PM) (Source: Bonjour Service) (User: )
Description: Unknown DNS packet type F387 from 66.68.202.83   :16470 to 217.72.214.98  :49152 length 988 on 0000000000000000 (ignored)

Error: (09/12/2013 08:42:16 PM) (Source: Bonjour Service) (User: )
Description: Unknown DNS packet type F387 from 94.191.225.76  :16470 to 217.72.214.98  :49152 length 988 on 0000000000000000 (ignored)

Error: (09/12/2013 08:41:42 PM) (Source: Bonjour Service) (User: )
Description: Unknown DNS packet type F387 from 96.27.250.246  :16470 to 217.72.214.98  :49152 length 988 on 0000000000000000 (ignored)

Error: (09/12/2013 08:41:30 PM) (Source: Bonjour Service) (User: )
Description: Unknown DNS packet type F1B1 from 64.203.141.174 :16470 to 217.72.214.98  :49152 length 988 on 0000000000000000 (ignored)

Error: (09/12/2013 08:40:54 PM) (Source: Bonjour Service) (User: )
Description: Unknown DNS packet type F387 from 76.26.214.75   :16470 to 217.72.214.98  :49152 length 988 on 0000000000000000 (ignored)

Error: (09/12/2013 08:39:37 PM) (Source: Bonjour Service) (User: )
Description: Unknown DNS packet type 33E9 from 187.68.75.206  :16470 to 217.72.214.98  :49152 length 988 on 0000000000000000 (ignored)

Error: (09/12/2013 08:38:55 PM) (Source: Bonjour Service) (User: )
Description: Unknown DNS packet type 3C3D from 79.52.231.241  :16470 to 217.72.214.98  :49152 length 988 on 0000000000000000 (ignored)


System errors:
=============
Error: (09/12/2013 06:08:37 PM) (Source: Service Control Manager) (User: )
Description: IPsec-Richtlinien-AgentBFE

Error: (09/12/2013 06:08:37 PM) (Source: Service Control Manager) (User: )
Description: Funktionssuche-Ressourcenveröffentlichung%%-2147024891

Error: (09/12/2013 06:08:37 PM) (Source: Service Control Manager) (User: )
Description: IKE- und AuthIP IPsec-SchlüsselerstellungsmoduleBFE

Error: (09/12/2013 06:08:34 PM) (Source: Service Control Manager) (User: )
Description: Computerbrowser%%1060

Error: (09/12/2013 06:08:25 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ‎12.‎09.‎2013 um 18:02:31 unerwartet heruntergefahren.

Error: (09/12/2013 06:05:39 PM) (Source: Service Control Manager) (User: )
Description: DHCP-Client%%1053

Error: (09/12/2013 06:05:39 PM) (Source: Service Control Manager) (User: )
Description: 30000DHCP-Client

Error: (09/12/2013 06:05:11 PM) (Source: Service Control Manager) (User: )
Description: DNS-Client%%1053

Error: (09/12/2013 06:05:11 PM) (Source: Service Control Manager) (User: )
Description: 30000DNS-Client

Error: (09/12/2013 06:05:01 PM) (Source: Service Control Manager) (User: )
Description: 1Neustart des DienstsRPC-Endpunktzuordnung%%1056


Microsoft Office Sessions:
=========================
Error: (09/12/2013 08:52:01 PM) (Source: Bonjour Service)(User: )
Description: Unknown DNS packet type F1B1 from 96.18.87.104   :16470 to 217.72.214.98  :49152 length 988 on 0000000000000000 (ignored)

Error: (09/12/2013 08:51:04 PM) (Source: Bonjour Service)(User: )
Description: Unknown DNS packet type F387 from 46.249.163.114 :16470 to 217.72.214.98  :49152 length 988 on 0000000000000000 (ignored)

Error: (09/12/2013 08:50:51 PM) (Source: Bonjour Service)(User: )
Description: Unknown DNS packet type F387 from 82.183.118.5   :16470 to 217.72.214.98  :49152 length 988 on 0000000000000000 (ignored)

Error: (09/12/2013 08:46:34 PM) (Source: Bonjour Service)(User: )
Description: Unknown DNS packet type F387 from 66.68.202.83   :16470 to 217.72.214.98  :49152 length 988 on 0000000000000000 (ignored)

Error: (09/12/2013 08:42:16 PM) (Source: Bonjour Service)(User: )
Description: Unknown DNS packet type F387 from 94.191.225.76  :16470 to 217.72.214.98  :49152 length 988 on 0000000000000000 (ignored)

Error: (09/12/2013 08:41:42 PM) (Source: Bonjour Service)(User: )
Description: Unknown DNS packet type F387 from 96.27.250.246  :16470 to 217.72.214.98  :49152 length 988 on 0000000000000000 (ignored)

Error: (09/12/2013 08:41:30 PM) (Source: Bonjour Service)(User: )
Description: Unknown DNS packet type F1B1 from 64.203.141.174 :16470 to 217.72.214.98  :49152 length 988 on 0000000000000000 (ignored)

Error: (09/12/2013 08:40:54 PM) (Source: Bonjour Service)(User: )
Description: Unknown DNS packet type F387 from 76.26.214.75   :16470 to 217.72.214.98  :49152 length 988 on 0000000000000000 (ignored)

Error: (09/12/2013 08:39:37 PM) (Source: Bonjour Service)(User: )
Description: Unknown DNS packet type 33E9 from 187.68.75.206  :16470 to 217.72.214.98  :49152 length 988 on 0000000000000000 (ignored)

Error: (09/12/2013 08:38:55 PM) (Source: Bonjour Service)(User: )
Description: Unknown DNS packet type 3C3D from 79.52.231.241  :16470 to 217.72.214.98  :49152 length 988 on 0000000000000000 (ignored)


==================== Memory info =========================== 

Percentage of memory in use: 58%
Total physical RAM: 4077.86 MB
Available physical RAM: 1704.55 MB
Total Pagefile: 8153.91 MB
Available Pagefile: 5628.06 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:223.94 GB) (Free:64.37 GB) NTFS
Drive d: (DATA) (Fixed) (Total:224.14 GB) (Free:224.02 GB) NTFS
Drive f: (Elements) (Fixed) (Total:465.64 GB) (Free:36.59 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 6D11B3FC)
Partition 1: (Not Active) - (Size=18 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=224 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=224 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 466 GB) (Disk ID: 8D399BC0)
Partition 1: (Not Active) - (Size=466 GB) - (Type=0C)

==================== End Of Log ============================

Hoffe das es so richtig ist.

Danke

schrauber · 13.09.2013, 08:48

Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel

Link 1

WICHTIG - Speichere Combofix auf deinem Desktop

Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

starte den Rechner einfach neu. Dies sollte das Problem beheben.

Studioliner · 19.09.2013, 19:06

Hallo schrauber, sry ich war anders beschäfftigt.

Ist es richtig das beim Installieren dieser Combofix.setup

mehere Toolbars (welche ich deaktiviere zum nicht instalieren)
und SpeedUpMyPc 2013 kommt?

Hab grade beim Neuaufruf deines Linkes gemerkt ..das es mich vorher zu einer dieser Downloadlink adresse führte! **hxxp://www.powerpackmm.com/ds-exe/647/357/setup.exe** so eine hinterhältigkeit!

Sodallah hier die Combofix.log

Code:

ATTFilter

ComboFix 13-09-19.01 - xxx 19.09.2013  19:35:24.2.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4078.2256 [GMT 2:00]
ausgeführt von:: c:\users\xxx\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\END
c:\program files (x86)\BasicServe
c:\program files (x86)\BasicServe\basicserve.dll
c:\program files (x86)\BasicServe\basicserve.exe
c:\program files (x86)\BasicServe\uninstall.exe
c:\program files (x86)\Common Files\337
c:\program files (x86)\Common Files\337\libcef\1.1364.1123\icudt.dll
c:\program files (x86)\Common Files\337\libcef\1.1364.1123\libcef.dll
c:\program files (x86)\Common Files\337\libcef\1.1364.1123\locales\en-US.pak
c:\program files (x86)\PriceGong
c:\program files (x86)\PriceGong\2.6.12\PriceGong.crx
c:\program files (x86)\PriceGong\2.6.12\PriceGongIE.dll
c:\program files (x86)\PriceGong\uninst.exe
c:\program files (x86)\RelevantKnowledge
c:\program files (x86)\RelevantKnowledge\chrome.manifest
c:\program files (x86)\RelevantKnowledge\components\rlxg.dll
c:\program files (x86)\RelevantKnowledge\firefox\bootstrap.js
c:\program files (x86)\RelevantKnowledge\firefox\defaults\preferences\prefs.js
c:\program files (x86)\RelevantKnowledge\firefox\harness-options.json
c:\program files (x86)\RelevantKnowledge\firefox\install.rdf
c:\program files (x86)\RelevantKnowledge\firefox\locales.json
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\addon\runner.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\base64.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\console\plain-text.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\console\traceback.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\content\content-proxy.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\content\content-worker.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\content\loader.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\content\thumbnail.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\content\worker.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\core\heritage.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\core\namespace.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\core\promise.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\deprecated\api-utils.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\deprecated\cortex.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\deprecated\errors.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\deprecated\events.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\deprecated\events\assembler.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\deprecated\light-traits.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\deprecated\list.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\deprecated\memory.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\deprecated\observer-service.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\deprecated\traits.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\deprecated\traits\core.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\deprecated\window-utils.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\dom\events.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\event\core.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\event\target.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\io\byte-streams.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\io\data.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\io\file.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\io\text-streams.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\l10n\core.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\l10n\html.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\l10n\loader.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\l10n\locale.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\l10n\prefs.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\lang\functional.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\loader\cuddlefish.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\loader\sandbox.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\net\url.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\page-mod.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\page-mod\match-pattern.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\platform\xpcom.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\preferences\service.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\private-browsing.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\private-browsing\utils.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\private-browsing\window\utils.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\self.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\system.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\system\environment.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\system\events.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\system\globals.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\system\runtime.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\system\unload.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\system\xul-app.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\tabs.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\tabs\common.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\tabs\events.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\tabs\helpers.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\tabs\namespace.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\tabs\observer.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\tabs\tab-fennec.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\tabs\tab-firefox.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\tabs\tab.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\tabs\tabs-firefox.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\tabs\tabs.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\tabs\utils.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\tabs\worker.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\timers.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\url.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\util\array.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\util\deprecate.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\util\list.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\util\object.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\util\registry.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\util\uuid.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\window\browser.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\window\namespace.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\window\utils.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\windows.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\windows\dom.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\windows\fennec.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\windows\firefox.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\windows\loader.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\windows\observer.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\windows\tabs-fennec.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\windows\tabs-firefox.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\toolkit\loader.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\chrome.manifest
c:\program files (x86)\RelevantKnowledge\firefox\resources\dpjs\data\content.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\dpjs\lib\dompilot.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\dpjs\lib\dputil.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\dpjs\lib\main.js
c:\program files (x86)\RelevantKnowledge\firefox\rlnx.dll
c:\program files (x86)\RelevantKnowledge\install.rdf
c:\program files (x86)\RelevantKnowledge\nscf.dat
c:\program files (x86)\RelevantKnowledge\readme.txt
c:\program files (x86)\RelevantKnowledge\rlcm.crx
c:\program files (x86)\RelevantKnowledge\rlcm.txt
c:\program files (x86)\RelevantKnowledge\rlls.dl_
c:\program files (x86)\RelevantKnowledge\rlls.dll
c:\program files (x86)\RelevantKnowledge\rlls64.dl_
c:\program files (x86)\RelevantKnowledge\rlls64.dll
c:\program files (x86)\RelevantKnowledge\rloci.bin
c:\program files (x86)\RelevantKnowledge\rlph.dll
c:\program files (x86)\RelevantKnowledge\rlservice.ex_
c:\program files (x86)\RelevantKnowledge\rlservice.exe
c:\program files (x86)\RelevantKnowledge\rlvknlg.exe
c:\program files (x86)\RelevantKnowledge\rlvknlg32.exe
c:\program files (x86)\RelevantKnowledge\rlvknlg64.exe
c:\program files (x86)\RelevantKnowledge\rlxf.dll
c:\program files (x86)\RelevantKnowledge\unins000.dat
c:\program files (x86)\RelevantKnowledge\unins000.exe
c:\program files (x86)\Windows Live\Messenger\msacm32.dll
c:\programdata\2c2c363e2e2b3a2d2c3935365f292b_c
c:\programdata\Amazon.ico
c:\programdata\BasicServe
c:\programdata\BasicServe\basicserve112.exe
c:\programdata\BasicServe\basicserve113.exe
c:\programdata\Local Settings\Temp
c:\programdata\MercadoLivre.ico
c:\programdata\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge
c:\programdata\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\About RelevantKnowledge.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Member of GRID -  Goodware Repository Information Database.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Privacy Policy and User License Agreement.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Support.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Uninstall Instructions.lnk
c:\users\xxx\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data
c:\users\xxx\AppData\Local\Google\Chrome\User Data\Default\bProtectorPreferences
c:\users\xxx\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eooncjejnppfjjklapaamhcdmjbilmde_0.localstorage
c:\users\xxx\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\users\xxx\AppData\Roaming\Ceamu
c:\users\xxxx\AppData\Roaming\Ceamu\owaqo.ame
c:\users\xxx\AppData\Roaming\Hipo
c:\users\xxx\AppData\Roaming\Hipo\muovi.exe
c:\users\xxx\AppData\Roaming\Xawae
c:\users\xxx\AppData\Roaming\Xawae\imel.kir
c:\users\xxx\AppData\Roaming\Xawae\imel.tmp
c:\users\xxx\Desktop\Search.lnk
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\SysWow64\klog.dat
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\rlls.dll
c:\windows\SysWow64\wpcap.dll
c:\windows\wininit.ini
D:\install.exe
.
Infizierte Kopie von c:\windows\system32\Services.exe wurde gefunden und desinfiziert 
Kopie von - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe wurde wiederhergestellt 
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_npf
-------\Service_RelevantKnowledge
-------\Service_WsysSvc
-------\Service_BasicServe Service
-------\Service_BasicServe Service
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-08-19 bis 2013-09-19  ))))))))))))))))))))))))))))))
.
.
2013-09-19 17:44 . 2013-09-19 17:47	--------	d-----w-	c:\users\xxx\AppData\Roaming\Xawae
2013-09-19 17:43 . 2013-09-19 17:43	--------	d-----w-	c:\windows\system32\config\systemprofile\AppData\Local\temp
2013-09-19 17:43 . 2013-09-19 17:43	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-09-19 16:43 . 2013-08-16 22:01	859416	----a-w-	c:\windows\system32\rlls64.dll
2013-09-19 16:28 . 2013-09-19 16:28	--------	d-----w-	c:\program files (x86)\SimilarSites
2013-09-19 16:28 . 2013-09-19 16:28	--------	d-----w-	c:\users\xxx\AppData\Roaming\SimilarSites
2013-09-19 16:28 . 2013-09-19 16:28	--------	d-----w-	c:\programdata\eSafe
2013-09-19 16:28 . 2013-09-19 17:46	--------	d-----w-	c:\program files (x86)\Desk 365
2013-09-19 16:28 . 2013-09-19 16:28	--------	d-----w-	c:\users\xxx\AppData\Roaming\Desk 365
2013-09-19 16:26 . 2013-09-19 16:47	--------	d-----w-	c:\program files (x86)\diamondata
2013-09-19 16:23 . 2013-09-19 16:23	--------	d-----w-	c:\users\xxx\AppData\Local\Programs
2013-09-14 16:41 . 2013-09-14 16:41	--------	d-----w-	c:\program files (x86)\Common Files\Java
2013-09-14 16:40 . 2013-09-14 16:40	--------	d-----w-	c:\programdata\Oracle
2013-09-14 16:40 . 2013-09-14 16:40	96168	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-09-14 01:21 . 2013-09-14 01:21	--------	d-----w-	c:\users\xxx\AppData\Local\avgchrome
2013-09-13 18:23 . 2013-09-13 18:23	--------	d-----w-	c:\programdata\BitGuard
2013-09-13 16:43 . 2013-09-14 01:32	--------	d-----w-	c:\program files\Nightly
2013-09-12 18:50 . 2013-09-12 18:50	--------	d-----w-	C:\FRST
2013-09-12 14:08 . 2013-09-12 14:08	--------	d-----w-	c:\programdata\AskPartnerNetwork
2013-09-12 14:08 . 2013-09-12 14:08	--------	d-----w-	c:\program files (x86)\AskPartnerNetwork
2013-09-12 14:07 . 2013-09-12 14:07	--------	d-----w-	c:\programdata\APN
2013-09-03 12:47 . 2013-09-10 17:43	--------	d-----w-	c:\users\xxx\AppData\Roaming\Apple Computer
2013-09-03 12:47 . 2013-09-03 12:47	--------	d-----w-	c:\users\xxx\AppData\Local\Apple Computer
2013-09-03 12:47 . 2012-08-21 11:01	33240	----a-w-	c:\windows\system32\drivers\GEARAspiWDM.sys
2013-09-03 12:46 . 2013-09-03 12:46	--------	d-----w-	c:\program files\iPod
2013-09-03 12:46 . 2013-09-03 12:46	--------	d-----w-	c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-09-03 12:46 . 2013-09-03 12:46	--------	d-----w-	c:\program files\iTunes
2013-09-03 12:46 . 2013-09-03 12:46	--------	d-----w-	c:\program files (x86)\iTunes
2013-09-03 12:46 . 2013-09-03 12:46	--------	d-----w-	c:\programdata\Apple Computer
2013-09-03 12:45 . 2013-09-03 12:45	--------	d-----w-	c:\users\xxx\AppData\Local\Apple
2013-09-03 12:45 . 2013-09-03 12:45	--------	d-----w-	c:\program files (x86)\Apple Software Update
2013-09-03 12:44 . 2013-09-03 12:44	--------	d-----w-	c:\program files\Common Files\Apple
2013-09-03 12:44 . 2013-09-03 12:44	--------	d-----w-	c:\program files\Bonjour
2013-09-03 12:44 . 2013-09-03 12:44	--------	d-----w-	c:\program files (x86)\Bonjour
2013-09-03 12:44 . 2013-09-03 12:46	--------	d-----w-	c:\program files (x86)\Common Files\Apple
2013-09-03 12:44 . 2013-09-03 12:45	--------	d-----w-	c:\programdata\Apple
2013-08-20 20:31 . 2013-08-20 20:31	0	----a-w-	c:\windows\SysWow64\shoBF67.tmp
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-14 16:40 . 2012-11-13 00:24	868264	----a-w-	c:\windows\SysWow64\npdeployJava1.dll
2013-09-14 16:40 . 2012-01-13 21:23	790440	----a-w-	c:\windows\SysWow64\deployJava1.dll
2013-09-14 16:08 . 2013-05-18 09:03	972712	----a-w-	c:\windows\system32\deployJava1.dll
2013-09-14 16:08 . 2013-05-18 09:02	1093032	----a-w-	c:\windows\system32\npDeployJava1.dll
2013-09-13 16:07 . 2012-06-30 13:26	692616	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-09-13 16:07 . 2011-12-19 17:28	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-09-16 13:12 . 2012-01-13 20:00	3623592	----a-w-	c:\program files (x86)\Common Files\ApnToolbarInstaller.exe
2011-09-16 13:12 . 2012-01-13 20:00	143240	----a-w-	c:\program files (x86)\Common Files\ApnStub.exe
2010-01-26 09:11 . 2012-08-27 18:25	444283	----a-w-	c:\program files\Common Files\WinPcapNmap.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{055af109-de93-4160-bcfc-7da70ecaa020}]
2013-08-31 07:49	149280	----a-w-	c:\program files (x86)\diamondata\diamondataBHO.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{41564952-412D-5637-00A7-7A786E7484D7}]
2013-07-26 20:30	12240	----a-w-	c:\program files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}]
2013-05-20 10:02	295832	----a-w-	c:\program files (x86)\Delta\delta\1.8.21.5\bh\delta.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{F1AF26F8-1828-4279-ABCE-074EF3235BD7}]
2012-11-06 16:19	244328	----a-w-	c:\program files (x86)\PutLockerDownloader\smarterdownloader.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{82E1477C-B154-48D3-9891-33D83C26BCD3}"= "c:\program files (x86)\Delta\delta\1.8.21.5\deltaTlbr.dll" [2013-05-20 284056]
"{41564952-412D-5637-00A7-7A786E7484D7}"= "c:\program files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll" [2013-07-26 12240]
.
[HKEY_CLASSES_ROOT\clsid\{82e1477c-b154-48d3-9891-33d83c26bcd3}]
[HKEY_CLASSES_ROOT\delta.deltadskBnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}]
[HKEY_CLASSES_ROOT\delta.deltadskBnd]
.
[HKEY_CLASSES_ROOT\clsid\{41564952-412d-5637-00a7-7a786e7484d7}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-12-09 23:32	220632	----a-w-	c:\users\xxx\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-12-09 23:32	220632	----a-w-	c:\users\xxx\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-12-09 23:32	220632	----a-w-	c:\users\xxx\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"icq"="c:\users\xxx\AppData\Roaming\ICQM\icq.exe" [2012-12-25 26596344]
"GoogleChromeAutoLaunch_9F44D60518B746A57FDC14E6B604CD24"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2013-09-02 829392]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-06-21 19875432]
"Facebook Update"="c:\users\xxx\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2013-07-07 138096]
"Desk 365"="c:\program files (x86)\Desk 365\desk365.exe" [2013-09-19 1011792]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"OOTag"="c:\program files (x86)\Acer\OOBEOffer\OOTag.exe" [2010-02-23 13856]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-02-08 336384]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2011-07-01 1103440]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"Dolby Advanced Audio v2"="c:\dolby pcee4\pcee4.exe" [2011-06-01 506712]
"ArcadeMovieService"="c:\program files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe" [2011-08-26 177448]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2013-06-04 295512]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-12-09 74752]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-08-16 152392]
"ApnTBMon"="c:\program files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe" [2013-07-26 1558480]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\progra~3\BitGuard\261673~1.238\{C16C1~1\BitGuard.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 Update diamondata;Update diamondata;c:\program files (x86)\diamondata\updatediamondata.exe;c:\program files (x86)\diamondata\updatediamondata.exe [x]
R3 Bulk;HDJBulk;c:\windows\system32\Drivers\HDJBulk.sys;c:\windows\SYSNATIVE\Drivers\HDJBulk.sys [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [x]
R3 HDJMidi;DJ Control MP3 e2 MIDI;c:\windows\system32\DRIVERS\HDJMidi.sys;c:\windows\SYSNATIVE\DRIVERS\HDJMidi.sys [x]
R3 kf1avs;Kontrol F1 Midi;c:\windows\system32\Drivers\kf1avs.sys;c:\windows\SYSNATIVE\Drivers\kf1avs.sys [x]
R3 kf1usb_svc;Traktor Kontrol F1;c:\windows\system32\Drivers\kf1usb.sys;c:\windows\SYSNATIVE\Drivers\kf1usb.sys [x]
R3 kx1avs;Traktor Kontrol X1 Midi;c:\windows\system32\Drivers\kx1avs.sys;c:\windows\SYSNATIVE\Drivers\kx1avs.sys [x]
R3 kx1usb_svc;Traktor Kontrol X1;c:\windows\system32\Drivers\kx1usb.sys;c:\windows\SYSNATIVE\Drivers\kx1usb.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [x]
R3 PCDSRVC{3368CD8C-AA86022B-06020101}_0;PCDSRVC{3368CD8C-AA86022B-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\users\admini~1\appdata\local\temp\nomloz3b9oge\pcdrdiag\bin\pcdsrvc_x64.pkms;c:\users\admini~1\appdata\local\temp\nomloz3b9oge\pcdrdiag\bin\pcdsrvc_x64.pkms [x]
R3 RL_SPIN2_PLUS;usb-audio.de driver for Reloop Spin 2+;c:\windows\system32\Drivers\rlspinpu.sys;c:\windows\SYSNATIVE\Drivers\rlspinpu.sys [x]
R3 RL_SPIN2_PLUS_WDM;Spin 2+ WDM Audio;c:\windows\system32\drivers\rlspinpa.sys;c:\windows\SYSNATIVE\drivers\rlspinpa.sys [x]
R3 RL_SPIN2_PLUSM;Spin 2+ WDM Midi Device;c:\windows\system32\drivers\rlspinpm.sys;c:\windows\SYSNATIVE\drivers\rlspinpm.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 ta6avs;Traktor Audio 6 WDM Audio;c:\windows\system32\Drivers\ta6avs.sys;c:\windows\SYSNATIVE\Drivers\ta6avs.sys [x]
R3 ta6usb_svc;Traktor Audio 6;c:\windows\system32\Drivers\ta6usb.sys;c:\windows\SYSNATIVE\Drivers\ta6usb.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WajamUpdater;WajamUpdater;c:\program files (x86)\Wajam\Updater\WajamUpdater.exe;c:\program files (x86)\Wajam\Updater\WajamUpdater.exe [x]
R4 SProtection;SProtection;c:\program files (x86)\Common Files\Umbrella\umbrella.exe;c:\program files (x86)\Common Files\Umbrella\umbrella.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 APNMCP;Ask Aktualisierungsdienst;c:\program files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe;c:\program files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [x]
S2 BitGuard;BitGuard;c:\programdata\BitGuard\2.6.1673.238\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe;c:\programdata\BitGuard\2.6.1673.238\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 desksvc;Desk 365 service;c:\program files (x86)\Desk 365\deskSvc.exe;c:\program files (x86)\Desk 365\deskSvc.exe [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [x]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-09-06 12:07	1177552	----a-w-	c:\program files (x86)\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-09-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-30 16:07]
.
2013-09-18 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3405161450-1228087242-1016309489-1002Core.job
- c:\users\Deejay Ceejay\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-07-07 11:47]
.
2013-09-19 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3405161450-1228087242-1016309489-1002UA.job
- c:\users\Deejay Ceejay\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-07-07 11:47]
.
2013-09-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-04 14:47]
.
2013-09-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-04 14:47]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-12-09 23:32	244696	----a-w-	c:\users\xxx\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-12-09 23:32	244696	----a-w-	c:\users\xxx\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-12-09 23:32	244696	----a-w-	c:\users\xxx\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-06-27 14:11	778704	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-06-27 14:11	778704	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2013-06-27 14:11	778704	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-06-27 14:11	778704	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-06-27 14:11	778704	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-08-16 12673128]
"RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-08-16 2277480]
"OOTag"="c:\program files (x86)\Acer\OOBEOffer\ootag.exe" [2010-02-23 13856]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.portaldosites.com/?utm_source=b&utm_medium=sfpsnew2&utm_campaign=eXQ&utm_content=hp&from=sfpsnew2&uid=ST9500325AS_5VEKJE58XXXX5VEKJE58&ts=1379608019
uDefault_Search_URL = hxxp://search.certified-toolbar.com?si=41460&tid=2938&st=bs&q=
mDefault_Search_URL = hxxp://search.certified-toolbar.com?si=41460&tid=2938&st=bs&q=
mDefault_Page_URL = hxxp://www.portaldosites.com/?utm_source=b&utm_medium=sfpsnew2&utm_campaign=eXQ&utm_content=hp&from=sfpsnew2&uid=ST9500325AS_5VEKJE58XXXX5VEKJE58&ts=1379608019
mStart Page = hxxp://www.portaldosites.com/?utm_source=b&utm_medium=sfpsnew2&utm_campaign=eXQ&utm_content=hp&from=sfpsnew2&uid=ST9500325AS_5VEKJE58XXXX5VEKJE58&ts=1379608019
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://search.certified-toolbar.com?si=41460&tid=2938&st=bs&q=
mSearch Bar = hxxp://search.certified-toolbar.com?si=41460&tid=2938&st=bs&q=
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://feed.snapdo.com/?publisher=SoftPublisherYB&dpid=sfp1&co=DE&userid=0128adfd-282c-0a47-6b0a-46f11b018475&searchtype=ds&q={searchTerms}&installDate=19/09/2013
IE: Free YouTube to MP3 Converter - c:\users\Deejay Ceejay\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: {{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - c:\program files (x86)\ICQ7.7\ICQ.exe
TCP: DhcpNameServer = 62.134.40.59 62.134.40.58
FF - ProfilePath - c:\users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\2rvqyuzi.default\
FF - prefs.js: browser.startup.homepage - hxxp://isearch.babylon.com/?babsrc=HP_ss_Btisdt4&mntrId=14A3EC55F9707079&affID=123644&tt=150713_new&tsp=4944
FF - ExtSQL: 2013-07-26 22:31; toolbar_AVIRA-V7@apn.ask.com; c:\users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\2rvqyuzi.default\extensions\toolbar_AVIRA-V7@apn.ask.com.xpi
FF - ExtSQL: 2013-08-31 09:49; firefox@diamondata.net; c:\users\xxxy\AppData\Roaming\Mozilla\Firefox\Profiles\2rvqyuzi.default\extensions\firefox@diamondata.net.xpi
FF - ExtSQL: 2013-09-19 18:23; {740B3FD5-4483-469D-BE7F-8555B153BD04}; c:\program files (x86)\Mozilla Firefox\browser\extensions\{740B3FD5-4483-469D-BE7F-8555B153BD04}
FF - ExtSQL: 2013-09-19 18:43; {C7AE725D-FA5C-4027-BB4C-787EF9F8248A}; c:\program files (x86)\RelevantKnowledge\firefox
FF - ExtSQL: 2013-09-19 19:03; WebSiteRecommendation@weliketheweb.com; c:\users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\2rvqyuzi.default\extensions\WebSiteRecommendation@weliketheweb.com
FF - ExtSQL: !HIDDEN! 2013-03-09 06:31; speedanalysis@SpeedAnalysis.com; c:\users\xxx\AppData\Roaming\Mozilla\Extensions\speedanalysis@SpeedAnalysis.com
FF - ExtSQL: !HIDDEN! 2013-03-09 06:31; statuswinks@StatusWinks; c:\users\xxx\AppData\Roaming\Mozilla\Extensions\statuswinks@StatusWinks
FF - user.js: extensions.autoDisableScopes - 0 
FF - user.js: extensions.shownSelectionUI - true
FF - user.js: extensions.delta.tlbrSrchUrl - 
FF - user.js: extensions.delta.id - 14a3c505000000000000ec55f9707079
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15901
FF - user.js: extensions.delta.vrsn - 1.8.21.5
FF - user.js: extensions.delta.vrsni - 1.8.21.5
FF - user.js: extensions.delta.vrsnTs - 1.8.21.522:17
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - de
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta_i.babTrack - affID=123644&tt=150713_new&tsp=4944
FF - user.js: extensions.delta_i.babExt - 
FF - user.js: extensions.delta_i.srcExt - ss
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{1631550F-191D-4826-B069-D9439253D926} - c:\program files (x86)\PriceGong\2.6.12\PriceGongIE.dll
BHO-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
Toolbar-Locked - (no file)
Toolbar-{D0F4A166-B8D4-48b8-9D63-80849FE137CB} - (no file)
Wow6432Node-HKCU-Run-Okgih - c:\users\Deejay Ceejay\AppData\Roaming\Hipo\muovi.exe
Wow6432Node-HKU-Default-Run-microsoft - Ä\services.exe
Wow6432Node-HKLM-Explorer_Run-Windows-Network Component - c:\program files\Common Files\lsmass.exe
Wow6432Node-HKLM-Explorer_Run-microsoft - c:\users\Administrator\AppData\Roaming\services.exe
Wow6432Node-HKLM-Explorer_Run-50437 - c:\progra~3\LOCALS~1\Temp\mskwity.com
Toolbar-Locked - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
WebBrowser-{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-BasicServe - c:\program files (x86)\BasicServe\uninstall.exe
AddRemove-conduitEngine - c:\program files (x86)\ConduitEngine\ConduitEngineUninstall.exe
AddRemove-PriceGong - c:\program files (x86)\PriceGong\uninst.exe
AddRemove-{4FFDD113-2C3C-453E-845C-D5DD6DB90CEF}_is1 - c:\program files (x86)\RelevantKnowledge\unins000.exe
AddRemove-{d08d9f98-1c78-4704-87e6-368b0023d831} - c:\program files (x86)\RelevantKnowledge\rlvknlg.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCDSRVC{3368CD8C-AA86022B-06020101}_0]
"ImagePath"="\??\c:\users\admini~1\appdata\local\temp\nomloz3b9oge\pcdrdiag\bin\pcdsrvc_x64.pkms"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_174_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_174_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_174_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_174_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_174.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_174.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_174.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_174.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\schtasks.exe
c:\program files (x86)\Launch Manager\LMutilps32.exe
c:\program files (x86)\SimpleFiles\SFUpdater.exe
c:\program files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
c:\program files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
c:\program files (x86)\Launch Manager\LMworker.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-09-19  19:54:40 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-09-19 17:54
.
Vor Suchlauf: 9 Verzeichnis(se), 73.246.777.344 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 73.404.338.176 Bytes frei
.
- - End Of File - - 3CEE75CA8B79473A1B3861C4875828E6

habe allerdings mehere male die Ansage "Freeware implementation of Reg.exe" Problem Programm schliessen` gedrückt.

Da kammen noch andere Fehler mit "freeware implementation of ?xcalc.exe" oder so

Vg Studioliner

schrauber · 20.09.2013, 10:28

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

TR/ATRAPS.Gen - TR/ATRAPS.Gen2 - W32/Patched.UA - BDS/ZeroAccess.Gen

Log-Analyse und Auswertung: TR/ATRAPS.Gen - TR/ATRAPS.Gen2 - W32/Patched.UA - BDS/ZeroAccess.Gen