Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Win32/Small.CA Trojaner

Win32/Small.CA Trojaner


Log-Analyse und Auswertung: Win32/Small.CA Trojaner

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 02.12.2013, 09:04   #1
Adynator
 
Win32/Small.CA Trojaner - Standard

Win32/Small.CA Trojaner


Hallo,
leider ist mir gestern aufgefallen, dass ich meinen PC mit dem Win32/Small.CA infiziert habe.
Das Ganze scheint schon seit dem 8.11. so zu sein.

Könnt ihr mir bitte helfen?

defogger_disable
Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 08:29 on 02/12/2013 (Ady)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
FRST
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-12-2013
Ran by Ady (administrator) on ADY-PC on 02-12-2013 08:31:09
Running from C:\Users\Ady\Desktop
Windows 7 Home Premium (X64) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Conduit) C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(AnchorFree Inc.) C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe
() C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
() C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
() C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(NTI, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(Acer Incorporated) C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe
() C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
(Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Chris Pietschmann (hxxp://pietschsoft.com)) C:\Program Files (x86)\Virtual Router\VirtualRouterService.exe
(Wajam) C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(AlcorMicro Co., Ltd.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Acer Incorporated) C:\Program Files\Acer\Optical Drive Power Management\ODDPWR.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Conduit) C:\Users\Ady\AppData\Roaming\SearchProtect\bin\cltmng.exe
() C:\Users\Ady\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
(Sony Computer Entertainment Inc.) C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe
(Dropbox, Inc.) C:\Users\Ady\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Sony Computer Entertainment Inc.) C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe
(AnchorFree Inc.) C:\Program Files (x86)\Hotspot Shield\bin\HSSCP.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11046504 2010-07-13] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2103912 2010-07-13] (Realtek Semiconductor)
HKLM\...\Run: [AmIcoSinglun64] - C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [320000 2009-04-09] (AlcorMicro Co., Ltd.)
HKLM\...\Run: [ODDPwr] - C:\Program Files\Acer\Optical Drive Power Management\ODDPWR.exe [223264 2010-04-22] (Acer Incorporated)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM-x32\...\Winlogon: [Userinit] C:\Windows\sysWOW64\userinit.exe [26112 2009-07-14] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [SearchProtect] - C:\Users\Ady\AppData\Roaming\SearchProtect\bin\cltmng.exe [3470624 2013-09-22] (Conduit)
HKCU\...\Run: [AmazonMP3DownloaderHelper] - C:\Users\Ady\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [400704 2013-05-22] ()
HKCU\...\Run: [BackgroundContainer] - "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Ady\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun <===== ATTENTION
MountPoints2: {2c3e1a25-edab-11e0-b071-60eb696c55a4} - E:\AutoRun.exe
MountPoints2: {3b3565a4-2b8e-11e0-a14e-60eb696c55a4} - D:\LaunchU3.exe -a
MountPoints2: {6a4bc88c-51c5-11e3-953e-60eb696c55a4} - D:\LaunchU3.exe -a
MountPoints2: {7d1f8c04-1aee-11e3-9a96-60eb696c55a4} - D:\CMADownloader.exe
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [SearchProtectAll] - C:\Program Files (x86)\SearchProtect\bin\cltmng.exe [3470624 2013-09-22] (Conduit)
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2010-01-15] ()
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2010-01-15] ()
Startup: C:\Users\Ady\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Ady\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com/?ctid=CT1561552&octid=CT1561552&SearchSource=61&CUI=UN29891830551250210&UM=2&UP=SPA9BC7B0B-AA6A-4D99-9D28-F526E16E156F
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,ICQ Search = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
URLSearchHook: HKLM-x32 - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
URLSearchHook: HKLM-x32 - ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
URLSearchHook: HKLM-x32 - Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files (x86)\Hotspot_Shield\prxtbHot0.dll (Conduit Ltd.)
URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.
URLSearchHook: HKCU - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
URLSearchHook: HKCU - ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
URLSearchHook: HKCU - Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files (x86)\Hotspot_Shield\prxtbHot0.dll (Conduit Ltd.)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope {95045C4C-AA64-4921-AC3F-09AE12E57C1D} URL = 
SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1561552
SearchScopes: HKCU - DefaultScope {95045C4C-AA64-4921-AC3F-09AE12E57C1D} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1561552&CUI=UN29891830551250210&UM=2
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {0D7562AE-8EF6-416d-A838-AB665251703A} URL = hxxp://start.facemoods.com/?a=ddr&s={searchTerms}&f=4
SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=SPC2&o=15000&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=PV&apn_dtid=YYYYYYYYDE&apn_uid=4F4D4BB4-01C2-4A0E-A67B-FEF42A2091AC&apn_sauid=7789383B-3692-4899-8D23-151EE853B5E7
SearchScopes: HKCU - {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
SearchScopes: HKCU - {95045C4C-AA64-4921-AC3F-09AE12E57C1D} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1561552&CUI=UN29891830551250210&UM=2
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll No File
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Bing Bar Helper - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: CescrtHlpr Object - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.3\bh\facemoods.dll (facemoods.com BHO)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Wajam - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll (Wajam)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files (x86)\Hotspot_Shield\prxtbHot0.dll (Conduit Ltd.)
BHO-x32: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: ICQ Sparberater - {FE163F11-1919-4257-A280-FF5AF8DAEECB} - C:\Program Files (x86)\icq\Internet Explorer\icq.dll (solute gmbh)
Toolbar: HKLM-x32 - facemoods Toolbar - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.3\facemoodsTlbr.dll (facemoods.com)
Toolbar: HKLM-x32 - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKLM-x32 - ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
Toolbar: HKLM-x32 - Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files (x86)\Hotspot_Shield\prxtbHot0.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKCU - No Name - {C95A4E8E-816D-4655-8C79-D736DA1ADB6D} -  No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Acer\Acer VCM\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{3A0D520D-4C29-477C-A87F-9669C664783F}: [NameServer]8.8.8.8

FireFox:
========
FF ProfilePath: C:\Users\Ady\AppData\Roaming\Mozilla\Firefox\Profiles\s9dzfhdc.default
FF DefaultSearchEngine: Hotspot Shield Customized Web Search
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: Hotspot Shield Customized Web Search
FF Homepage: hxxp://search.conduit.com/?ctid=CT1561552&CUI=UN29750838858176193&UM=1&SearchSource=13&UP=SPA9BC7B0B-AA6A-4D99-9D28-F526E16E156F
FF Keyword.URL: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1561552&SearchSource=2&CUI=UN29750838858176193&UM=1&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Ady\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Users\Ady\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
FF SearchPlugin: C:\Users\Ady\AppData\Roaming\Mozilla\Firefox\Profiles\s9dzfhdc.default\searchplugins\askcom.xml
FF SearchPlugin: C:\Users\Ady\AppData\Roaming\Mozilla\Firefox\Profiles\s9dzfhdc.default\searchplugins\conduit.xml
FF SearchPlugin: C:\Users\Ady\AppData\Roaming\Mozilla\Firefox\Profiles\s9dzfhdc.default\searchplugins\icqplugin-1.xml
FF SearchPlugin: C:\Users\Ady\AppData\Roaming\Mozilla\Firefox\Profiles\s9dzfhdc.default\searchplugins\icqplugin-2.xml
FF SearchPlugin: C:\Users\Ady\AppData\Roaming\Mozilla\Firefox\Profiles\s9dzfhdc.default\searchplugins\icqplugin-3.xml
FF SearchPlugin: C:\Users\Ady\AppData\Roaming\Mozilla\Firefox\Profiles\s9dzfhdc.default\searchplugins\icqplugin-4.xml
FF SearchPlugin: C:\Users\Ady\AppData\Roaming\Mozilla\Firefox\Profiles\s9dzfhdc.default\searchplugins\icqplugin-5.xml
FF SearchPlugin: C:\Users\Ady\AppData\Roaming\Mozilla\Firefox\Profiles\s9dzfhdc.default\searchplugins\icqplugin-6.xml
FF SearchPlugin: C:\Users\Ady\AppData\Roaming\Mozilla\Firefox\Profiles\s9dzfhdc.default\searchplugins\icqplugin-7.xml
FF SearchPlugin: C:\Users\Ady\AppData\Roaming\Mozilla\Firefox\Profiles\s9dzfhdc.default\searchplugins\icqplugin-8.xml
FF SearchPlugin: C:\Users\Ady\AppData\Roaming\Mozilla\Firefox\Profiles\s9dzfhdc.default\searchplugins\icqplugin.xml
FF SearchPlugin: C:\Users\Ady\AppData\Roaming\Mozilla\Firefox\Profiles\s9dzfhdc.default\searchplugins\searchplugins-backup
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrchddr.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Ask Toolbar - C:\Users\Ady\AppData\Roaming\Mozilla\Firefox\Profiles\s9dzfhdc.default\Extensions\toolbar@ask.com
FF Extension: ICQ Toolbar - C:\Users\Ady\AppData\Roaming\Mozilla\Firefox\Profiles\s9dzfhdc.default\Extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF Extension: Hotspot Shield  - C:\Users\Ady\AppData\Roaming\Mozilla\Firefox\Profiles\s9dzfhdc.default\Extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}
FF Extension: ciuvo-extension - C:\Users\Ady\AppData\Roaming\Mozilla\Firefox\Profiles\s9dzfhdc.default\Extensions\ciuvo-extension@icq.de.xpi
FF Extension: testpilot - C:\Users\Ady\AppData\Roaming\Mozilla\Firefox\Profiles\s9dzfhdc.default\Extensions\testpilot@labs.mozilla.com.xpi
FF Extension: Adblock Plus - C:\Users\Ady\AppData\Roaming\Mozilla\Firefox\Profiles\s9dzfhdc.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Hotspot Shield Helper (Please allow this installation) - C:\Program Files (x86)\Mozilla Firefox\extensions\afurladvisor@anchorfree.com
FF Extension: Hotspot Shield Extension - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\afext@anchorfree.com

==================== Services (Whitelisted) =================

R2 CltMngSvc; C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe [97056 2013-05-08] (Conduit)
R2 ePowerSvc; C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [821792 2010-06-11] (Acer Incorporated)
R2 hshld; C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe [906024 2013-11-02] (AnchorFree Inc.)
S3 HssTrayService; C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE [78512 2013-11-02] ()
R2 HssWd; C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe [555304 2013-11-02] ()
R2 ICQ Service; C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe [247608 2010-11-21] ()
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
S3 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-05-27] (Egis Technology Inc.)
R2 MySQL56; C:\ProgramData\MySQL\MySQL Server 5.6\my.ini [14237 2013-07-08] ()
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 NTISchedulerSvc; C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [144640 2010-04-17] (NTI, Inc.)
R2 ODDPwrSvc; C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe [171040 2010-04-22] (Acer Incorporated)
R2 RichVideo; C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe [244904 2010-02-03] ()
R2 RS_Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [260640 2010-01-30] (Acer Incorporated)
R2 Virtual Router; C:\Program Files (x86)\Virtual Router\VirtualRouterService.exe [12288 2013-02-10] (Chris Pietschmann (hxxp://pietschsoft.com))
R2 WajamUpdater; C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe [109064 2012-06-14] (Wajam)

==================== Drivers (Whitelisted) ====================

R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [270912 2011-10-06] (DT Soft Ltd)
R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [44744 2013-11-02] (AnchorFree Inc.)
S3 LSI_SCSI; C:\Windows\system32\DRIVERS\lsi_scsi.sys [0 2009-07-14] ()
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-04-24] (Anchorfree Inc.)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] ()

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-02 08:31 - 2013-12-02 08:31 - 00021419 _____ C:\Users\Ady\Desktop\FRST.txt
2013-12-02 08:31 - 2013-12-02 08:31 - 00000000 ____D C:\FRST
2013-12-02 08:30 - 2013-12-02 08:30 - 01959184 _____ (Farbar) C:\Users\Ady\Desktop\FRST64.exe
2013-12-02 08:29 - 2013-12-02 08:29 - 00000468 _____ C:\Users\Ady\Desktop\defogger_disable.log
2013-12-02 08:29 - 2013-12-02 08:29 - 00000000 _____ C:\Users\Ady\defogger_reenable
2013-12-02 08:28 - 2013-12-02 08:28 - 00050477 _____ C:\Users\Ady\Desktop\Defogger.exe
2013-12-02 02:49 - 2013-12-02 02:58 - 00000000 ____D C:\Windows\system32\MRT
2013-11-28 10:26 - 2013-11-28 10:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-25 13:15 - 2013-11-25 13:16 - 00279208 _____ C:\Windows\Minidump\112513-77314-01.dmp
2013-11-05 21:53 - 2013-11-02 00:31 - 00044744 _____ (AnchorFree Inc.) C:\Windows\system32\Drivers\hssdrv6.sys

==================== One Month Modified Files and Folders =======

2013-12-02 08:31 - 2013-12-02 08:31 - 00021419 _____ C:\Users\Ady\Desktop\FRST.txt
2013-12-02 08:31 - 2013-12-02 08:31 - 00000000 ____D C:\FRST
2013-12-02 08:31 - 2011-12-23 18:46 - 00000000 ____D C:\Users\Ady\AppData\Roaming\Dropbox
2013-12-02 08:30 - 2013-12-02 08:30 - 01959184 _____ (Farbar) C:\Users\Ady\Desktop\FRST64.exe
2013-12-02 08:29 - 2013-12-02 08:29 - 00000468 _____ C:\Users\Ady\Desktop\defogger_disable.log
2013-12-02 08:29 - 2013-12-02 08:29 - 00000000 _____ C:\Users\Ady\defogger_reenable
2013-12-02 08:29 - 2010-12-24 19:16 - 00000000 ____D C:\Users\Ady
2013-12-02 08:28 - 2013-12-02 08:28 - 00050477 _____ C:\Users\Ady\Desktop\Defogger.exe
2013-12-02 08:23 - 2010-10-15 14:23 - 01079636 _____ C:\Windows\WindowsUpdate.log
2013-12-02 08:22 - 2012-11-01 18:50 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-02 08:22 - 2012-09-24 15:17 - 00000920 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1628167287-663196971-3892357901-1000UA.job
2013-12-02 02:58 - 2013-12-02 02:49 - 00000000 ____D C:\Windows\system32\MRT
2013-12-02 02:54 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\tracing
2013-12-02 02:07 - 2011-09-20 18:17 - 00000000 ____D C:\Users\Ady\AppData\Roaming\ICQ
2013-12-02 02:01 - 2011-12-23 18:47 - 00000000 ___RD C:\Users\Ady\Dropbox
2013-12-02 01:41 - 2012-04-13 02:46 - 00000000 ____D C:\Users\Ady\Desktop\PICS
2013-12-02 01:41 - 2012-04-13 02:25 - 00000000 ____D C:\Users\Ady\Desktop\MUSIK 2
2013-12-01 20:54 - 2012-09-24 15:17 - 00000898 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1628167287-663196971-3892357901-1000Core.job
2013-11-30 18:49 - 2010-10-16 00:15 - 00655320 _____ C:\Windows\system32\perfh007.dat
2013-11-30 18:49 - 2010-10-16 00:15 - 00130612 _____ C:\Windows\system32\perfc007.dat
2013-11-30 18:49 - 2009-07-14 06:13 - 01501840 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-28 14:37 - 2009-07-14 05:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-28 14:37 - 2009-07-14 05:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-28 14:30 - 2013-11-01 13:56 - 00003358 _____ C:\Windows\System32\Tasks\BackgroundContainer Startup Task
2013-11-28 14:30 - 2012-05-03 22:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-11-28 14:30 - 2011-11-08 14:19 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2013-11-28 14:29 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-28 14:29 - 2009-07-14 05:51 - 00177367 _____ C:\Windows\setupact.log
2013-11-28 10:27 - 2013-11-28 10:26 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-25 13:16 - 2013-11-25 13:15 - 00279208 _____ C:\Windows\Minidump\112513-77314-01.dmp
2013-11-25 13:15 - 2011-01-20 13:32 - 00000000 ____D C:\Windows\Minidump
2013-11-25 13:14 - 2011-01-20 13:32 - 486483344 _____ C:\Windows\MEMORY.DMP
2013-11-19 20:52 - 2012-04-12 21:00 - 00000000 ____D C:\Program Files (x86)\Steam
2013-11-19 11:21 - 2011-01-13 09:43 - 00267936 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2013-11-19 10:34 - 2010-10-15 14:20 - 00124336 _____ C:\Windows\PFRO.log
2013-11-19 10:17 - 2011-01-29 10:57 - 00001912 _____ C:\Windows\epplauncher.mif
2013-11-19 10:16 - 2011-01-29 10:56 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-11-19 10:16 - 2011-01-29 10:55 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-11-19 10:15 - 2011-01-01 16:12 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-11-19 10:15 - 2009-07-14 03:34 - 00000478 _____ C:\Windows\win.ini
2013-11-14 17:01 - 2013-05-04 11:29 - 00000000 _____ C:\END
2013-11-13 17:03 - 2009-07-14 06:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-11-08 22:38 - 2011-12-30 14:08 - 00000000 ____D C:\Users\Ady\Desktop\Musik
2013-11-07 16:00 - 2011-02-15 14:47 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-11-05 21:53 - 2013-10-25 10:21 - 00001052 _____ C:\Users\Public\Desktop\Hotspot Shield.lnk
2013-11-05 21:53 - 2012-11-29 20:31 - 00000000 ____D C:\Program Files (x86)\Hotspot Shield
2013-11-02 21:19 - 2011-11-28 01:00 - 00000000 ____D C:\Users\Ady\AppData\Roaming\Origin
2013-11-02 21:19 - 2011-11-28 01:00 - 00000000 ____D C:\ProgramData\Origin
2013-11-02 21:12 - 2011-11-28 01:00 - 00000000 ____D C:\Users\Ady\AppData\Local\Origin
2013-11-02 21:11 - 2011-11-28 00:59 - 00000000 ____D C:\Program Files (x86)\Origin
2013-11-02 00:31 - 2013-11-05 21:53 - 00044744 _____ (AnchorFree Inc.) C:\Windows\system32\Drivers\hssdrv6.sys

Some content of TEMP:
====================
C:\Users\Ady\AppData\Local\Temp\COMAP.EXE
C:\Users\Ady\AppData\Local\Temp\conduitinstaller.exe
C:\Users\Ady\AppData\Local\Temp\ffunzip.exe
C:\Users\Ady\AppData\Local\Temp\installerdll173769903.dll
C:\Users\Ady\AppData\Local\Temp\installerdll173856827.dll
C:\Users\Ady\AppData\Local\Temp\jre-6u25-windows-i586-iftw-rv.exe
C:\Users\Ady\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe
C:\Users\Ady\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\Ady\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Ady\AppData\Local\Temp\MSN710D.exe
C:\Users\Ady\AppData\Local\Temp\nsz2A51.exe
C:\Users\Ady\AppData\Local\Temp\nszFA2A.exe
C:\Users\Ady\AppData\Local\Temp\rootsupd.exe
C:\Users\Ady\AppData\Local\Temp\SecondStepInstaller.exe
C:\Users\Ady\AppData\Local\Temp\setup.exe
C:\Users\Ady\AppData\Local\Temp\SpotifyUpgrader.exe
C:\Users\Ady\AppData\Local\Temp\SPStub.exe
C:\Users\Ady\AppData\Local\Temp\tbedrs.dll
C:\Users\Ady\AppData\Local\Temp\vcredist_x64.exe
C:\Users\Ady\AppData\Local\Temp\vcredist_x86.exe
C:\Users\Ady\AppData\Local\Temp\wajam_install.exe
C:\Users\Ady\AppData\Local\Temp\WindowsInstaller-KB893803-v2-x86.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-11-26 13:05

==================== End Of Log ============================
Addition
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-12-2013
Ran by Ady at 2013-12-02 08:34:50
Running from C:\Users\Ady\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

7-Zip 9.20 (x32)
Acer Arcade Deluxe (x32 Version: 4.0.8012)
Acer Arcade Movie (x32 Version: 9.0.6625)
Acer Backup Manager (x32 Version: 2.0.0.68)
Acer Crystal Eye webcam (x32 Version: 1.0.4.3)
Acer eRecovery Management (x32 Version: 4.05.3013)
Acer GameZone Console (x32 Version: 6.1.0.9)
Acer PowerSmart Manager (x32 Version: 5.02.3004)
Acer Registration (x32 Version: 1.03.3003)
Acer ScreenSaver (x32 Version: 1.1.0222.2010)
Acer Updater (x32 Version: 1.02.3001)
Acer VCM (x32 Version: 4.05.3002)
Acrobat.com (x32 Version: 1.6.65)
Adobe AIR (x32 Version: 1.5.0.7220)
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117)
Adobe Reader 9.5.4 MUI (x32 Version: 9.5.4)
Airport Mania First Flight (x32)
Alcor Micro USB Card Reader (x32 Version: 1.2.17.05001)
Amazon MP3-Downloader 1.0.18 (HKCU Version: 1.0.18)
Amazonia (x32)
Apple Application Support (x32 Version: 1.5.2)
Apple Mobile Device Support (Version: 3.4.1.2)
Apple Software Update (x32 Version: 2.1.3.127)
Ask Toolbar (x32 Version: 1.15.25.0)
Ask Toolbar Updater (HKCU Version: 1.2.6.44892)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (x32 Version: 1.0.0.35)
ATI Catalyst Install Manager (Version: 3.0.778.0)
Backup Manager Basic (x32 Version: 2.0.0.68)
Bastion (x32 Version: 1.0.2)
Bing Bar (x32 Version: 7.2.241.0)
Bonjour (Version: 2.0.5.0)
Botanicula (x32 Version: 1.0)
Cake Mania (x32)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0825.2205.37769)
Catalyst Control Center InstallProxy (x32 Version: 2010.0825.2205.37769)
Catalyst Control Center Localization All (x32 Version: 2010.0825.2205.37769)
CCC Help Chinese Standard (x32 Version: 2010.0825.2204.37769)
CCC Help Chinese Traditional (x32 Version: 2010.0825.2204.37769)
CCC Help Czech (x32 Version: 2010.0825.2204.37769)
CCC Help Danish (x32 Version: 2010.0825.2204.37769)
CCC Help Dutch (x32 Version: 2010.0825.2204.37769)
CCC Help English (x32 Version: 2010.0825.2204.37769)
CCC Help Finnish (x32 Version: 2010.0825.2204.37769)
CCC Help French (x32 Version: 2010.0825.2204.37769)
CCC Help German (x32 Version: 2010.0825.2204.37769)
CCC Help Greek (x32 Version: 2010.0825.2204.37769)
CCC Help Hungarian (x32 Version: 2010.0825.2204.37769)
CCC Help Italian (x32 Version: 2010.0825.2204.37769)
CCC Help Japanese (x32 Version: 2010.0825.2204.37769)
CCC Help Korean (x32 Version: 2010.0825.2204.37769)
CCC Help Norwegian (x32 Version: 2010.0825.2204.37769)
CCC Help Polish (x32 Version: 2010.0825.2204.37769)
CCC Help Portuguese (x32 Version: 2010.0825.2204.37769)
CCC Help Russian (x32 Version: 2010.0825.2204.37769)
CCC Help Spanish (x32 Version: 2010.0825.2204.37769)
CCC Help Swedish (x32 Version: 2010.0825.2204.37769)
CCC Help Thai (x32 Version: 2010.0825.2204.37769)
CCC Help Turkish (x32 Version: 2010.0825.2204.37769)
ccc-core-static (x32 Version: 2010.0825.2205.37769)
ccc-utility64 (Version: 2010.0825.2205.37769)
Cisco AnyConnect VPN Client (x32 Version: 2.3.0254)
DAEMON Tools Lite (x32 Version: 4.41.3.0173)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)
Diablo III (x32 Version: 1.0.2.9950)
Dream Day First Home (x32)
Droid Assault (remove only) (x32)
Dropbox (HKCU Version: 2.0.22)
eBay Worldwide (x32 Version: 2.1.0901)
eSobi v2 (x32 Version: 2.0.4.000274)
Facebook Video Calling 1.2.0.287 (x32 Version: 1.2.287)
facemoods (x32)
Farm Frenzy 2 (x32)
Galapago (x32)
Heroes of Hellas (x32)
Hotspot Shield 3.19 (x32 Version: 3.19)
Hotspot Shield Toolbar for IE (x32 Version: 6.16.2.2)
HP FWUpdateEDO2 (x32 Version: 1.2.0.0)
HP Officejet 6600 - Grundlegende Software für das Gerät (Version: 25.0.619.0)
HP Officejet 6600 Hilfe (x32 Version: 140.0.2.2)
HP Photo Creations (x32 Version: 1.0.0.9572)
HP Update (x32 Version: 5.003.000.004)
HPDiagnosticAlert (x32 Version: 1.00.0000)
I.R.I.S. OCR (x32 Version: 12.3.4.0)
ICQ Sparberater (x32 Version: 1.2.662)
ICQ Toolbar (x32 Version: 3.0.0)
ICQ7.6 (x32 Version: 7.6)
Identity Card (x32 Version: 1.00.3003)
Inhaltsmanager-Assistent für PlayStation(R) (x32 Version: 2.50.6733.38)
Intel(R) Control Center (x32 Version: 1.2.1.1007)
Intel(R) Management Engine Components (x32 Version: 6.0.0.1179)
Intel(R) Rapid Storage Technology (x32 Version: 9.6.0.1014)
Intel(R) Turbo Boost Technology Driver (x32 Version: 01.01.01.1007)
iTunes (Version: 10.3.1.55)
Java Auto Updater (x32 Version: 2.0.7.1)
Java(TM) 6 Update 31 (x32 Version: 6.0.310)
JDownloader (x32)
Junk Mail filter update (x32 Version: 14.0.8117.416)
Kabel Deutschland Installations-Software (x32 Version: 3.6.0.0)
Launch Manager (x32 Version: 4.0.14)
LECTURNITY Player (x32 Version: 4.0.0000)
LIMBO (HKCU)
Machinarium (x32 Version: 23.10.09)
MediaShow Espresso (x32 Version: 5.5.1403_23691)
Merriam Websters Spell Jam (x32)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Antimalware Service DE-DE Language Pack (Version: 3.0.8402.2)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Choice Guard (x32 Version: 2.0.48.0)
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Home and Student 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000)
Microsoft Office Klick-und-Los 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000)
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Security Client (Version: 4.4.0304.0)
Microsoft Security Client DE-DE Language Pack (Version: 2.1.1116.0)
Microsoft Security Essentials (Version: 4.4.304.0)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft XNA Framework Redistributable 3.1 (x32 Version: 3.1.10527.0)
Morrowind (x32)
Mozilla Firefox 26.0 (x86 de) (x32 Version: 26.0)
Mozilla Maintenance Service (x32 Version: 26.0)
MSVCRT (x32 Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
MyPhoneExplorer (x32 Version: 1.8.2)
MySQL Connector C++ 1.1.3 (Version: 1.1.3)
MySQL Connector J (x32 Version: 5.1.25)
MySQL Connector Net 6.7.4 (x32 Version: 6.7.4)
MySQL Connector/ODBC 5.2 64bit (community edition) (Version: 5.2.5)
MySQL Documents 5.6 (x32 Version: 5.6.12)
MySQL Examples and Samples 5.6 (x32 Version: 5.6.12)
MySQL For Excel 1.1.1 (x32 Version: 1.1.1)
MySQL Installer (x32 Version: 1.3.1.0)
MySQL Notifier 1.0.3 (x32 Version: 1.0.3)
MySQL Server 5.6 (Version: 5.6.12)
MySQL Workbench 5.2 CE (x32 Version: 5.2.47)
MyWinLocker (x32 Version: 3.1.212.0)
MyWinLocker Suite (x32 Version: 3.1.212.0)
Norton Online Backup (x32 Version: 2.1.17869)
NTI Backup Now 5 (x32 Version: 5.1.2.630)
NTI Backup Now Standard (x32 Version: 5.1.2.630)
NTI Media Maker 8 (x32 Version: 8.0.12.6636)
Optical Drive Power Management (x32 Version: 1.01.3007)
Origin (x32 Version: 8.5.0.4554)
pgAdmin III 1.16 (x32 Version: 1.16)
Poker Pop (x32)
PX Profile Update (x32 Version: 1.00.1.)
QuickTime (x32 Version: 7.69.80.9)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6156)
Revenge of the Titans (remove only) (x32)
Search Protect by conduit (x32 Version: 1.7.0.72) <==== ATTENTION
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32)
Shredder (Version: 2.0.8.3)
Shredder (x32 Version: 2.0.8.3)
SopCast 3.3.2 (x32 Version: 3.3.2)
Spin & Win (x32)
Spotify (HKCU Version: 0.9.1.57.ge7405149)
Steam (x32 Version: 1.0.0.0)
Studie zur Verbesserung von HP Officejet 6600 Produkten (Version: 25.0.619.0)
Super Meat Boy v1.5 (x32)
Synaptics Pointing Device Driver (Version: 15.0.12.0)
TeamSpeak 3 Client (HKCU Version: 3.0.6)
TeamViewer 7 (x32 Version: 7.0.12541)
TES Construction Set (x32)
The Mighty Quest For Epic Loot Version 1.213647 (x32 Version: 1.213647)
Titan Attacks (remove only) (x32)
Überwachungstool für die Intel® Turbo-Boost-Technik (Version: 1.0.186.6)
Ultratron (remove only) (x32)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (x32)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2494150) (x32)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (x32)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (x32)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (x32)
Update for Microsoft Word 2010 (KB2827323) 32-Bit Edition (x32)
Virtual Router v1.0 (x32 Version: 1.0)
Wajam (x32 Version: 1.43) <==== ATTENTION
Welcome Center (x32 Version: 1.02.3004)
WIDCOMM Bluetooth Software (Version: 6.3.0.6000)
Windows Live Anmelde-Assistent (x32 Version: 5.000.818.5)
Windows Live Call (x32 Version: 14.0.8117.0416)
Windows Live Communications Platform (x32 Version: 14.0.8117.416)
Windows Live Essentials (x32 Version: 14.0.8117.0416)
Windows Live Essentials (x32 Version: 14.0.8117.416)
Windows Live Fotogalerie (x32 Version: 14.0.8117.416)
Windows Live Mail (x32 Version: 14.0.8117.0416)
Windows Live Messenger (x32 Version: 14.0.8117.0416)
Windows Live Movie Maker (x32 Version: 14.0.8117.0416)
Windows Live Sync (x32 Version: 14.0.8117.416)
Windows Live Writer (x32 Version: 14.0.8117.0416)
Windows Live-Uploadtool (x32 Version: 14.0.8014.1029)

==================== Restore Points  =========================

23-11-2013 02:56:06 Windows Update
26-11-2013 12:36:42 Windows Update
30-11-2013 18:07:08 Windows Update
02-12-2013 01:48:11 Windows Update

==================== Hosts content: ==========================

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {29F30E50-66D1-41E2-93D6-BE393ED5BFCD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-10] (Adobe Systems Incorporated)
Task: {2F38B1C5-C38E-4A5F-B661-897971295052} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1628167287-663196971-3892357901-1000UA => C:\Users\Ady\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-24] (Facebook Inc.)
Task: {412F61F5-0B40-43A4-865D-1E4F6A48DDBA} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {983D0CE1-560C-4F66-9212-C6DB2FE5F6FE} - System32\Tasks\HPCustParticipation HP Officejet 6600 => C:\Program Files\HP\HP Officejet 6600\Bin\HPCustPartic.exe [2011-09-09] (Hewlett-Packard Co.)
Task: {993E9E74-DE47-4576-8019-589EDB11138E} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1628167287-663196971-3892357901-1000Core => C:\Users\Ady\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-24] (Facebook Inc.)
Task: {BB95AD78-0E45-4447-83F8-ED484D97248A} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe [2013-04-25] ()
Task: {ED001169-AF4A-4D69-8F19-6EACB057E7FB} - System32\Tasks\BackgroundContainer Startup Task => C:\Users\Ady\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll [2013-10-14] (Conduit Ltd.) <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1628167287-663196971-3892357901-1000Core.job => C:\Users\Ady\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1628167287-663196971-3892357901-1000UA.job => C:\Users\Ady\AppData\Local\Facebook\Update\FacebookUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-11-02 00:48 - 2013-11-02 00:48 - 00903464 _____ () C:\Program Files (x86)\Hotspot Shield\bin\af_proxy.dll
2010-06-28 23:20 - 2010-06-28 23:20 - 00465576 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
2010-06-28 23:12 - 2010-06-28 23:12 - 01081600 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\ACE.dll
2013-03-13 21:48 - 2013-03-13 21:48 - 24978944 _____ () C:\Users\Ady\AppData\Roaming\Dropbox\bin\libcef.dll
2013-01-11 18:16 - 2013-01-11 18:16 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\d89f0252d910d617de1de783a812f840\IsdiInterop.ni.dll
2010-09-08 02:52 - 2010-03-04 04:08 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2013-11-28 10:27 - 2013-11-28 10:27 - 03550832 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-10-10 11:16 - 2013-10-10 11:16 - 16233864 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============

Name: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/02/2013 03:03:02 AM) (Source: Application Hang) (User: )
Description: Programm ICQ.exe, Version 7.6.0.5620 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 6bfc

Startzeit: 01ceeefae8126597

Endzeit: 4

Anwendungspfad: C:\Program Files (x86)\ICQ7.6\ICQ.exe

Berichts-ID: da37af98-5af5-11e3-8f52-60eb696c55a4

Error: (11/26/2013 03:05:25 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: cmw_srv.exe, Version: 3.19.2.21019, Zeitstempel: 0x52743f14
Name des fehlerhaften Moduls: cfghlp.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x5261b33e
Ausnahmecode: 0xc0000005
Fehleroffset: 0x656226a5
ID des fehlerhaften Prozesses: 0x660
Startzeit der fehlerhaften Anwendung: 0xcmw_srv.exe0
Pfad der fehlerhaften Anwendung: cmw_srv.exe1
Pfad des fehlerhaften Moduls: cmw_srv.exe2
Berichtskennung: cmw_srv.exe3

Error: (11/26/2013 01:06:37 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (11/26/2013 11:23:41 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: SearchIndexer.exe, Version: 7.0.7600.16808, Zeitstempel: 0x4dc0d1c6
Name des fehlerhaften Moduls: MSSRCH.DLL, Version: 7.0.7600.16808, Zeitstempel: 0x4dc0e16d
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000052155
ID des fehlerhaften Prozesses: 0x4ddc
Startzeit der fehlerhaften Anwendung: 0xSearchIndexer.exe0
Pfad der fehlerhaften Anwendung: SearchIndexer.exe1
Pfad des fehlerhaften Moduls: SearchIndexer.exe2
Berichtskennung: SearchIndexer.exe3

Error: (11/26/2013 11:23:37 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: SearchIndexer.exe, Version: 7.0.7600.16808, Zeitstempel: 0x4dc0d1c6
Name des fehlerhaften Moduls: MSSRCH.DLL, Version: 7.0.7600.16808, Zeitstempel: 0x4dc0e16d
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000052155
ID des fehlerhaften Prozesses: 0x4d48
Startzeit der fehlerhaften Anwendung: 0xSearchIndexer.exe0
Pfad der fehlerhaften Anwendung: SearchIndexer.exe1
Pfad des fehlerhaften Moduls: SearchIndexer.exe2
Berichtskennung: SearchIndexer.exe3

Error: (11/26/2013 11:23:37 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: SearchIndexer.exe, Version: 7.0.7600.16808, Zeitstempel: 0x4dc0d1c6
Name des fehlerhaften Moduls: MSSRCH.DLL, Version: 7.0.7600.16808, Zeitstempel: 0x4dc0e16d
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000052155
ID des fehlerhaften Prozesses: 0x4fe0
Startzeit der fehlerhaften Anwendung: 0xSearchIndexer.exe0
Pfad der fehlerhaften Anwendung: SearchIndexer.exe1
Pfad des fehlerhaften Moduls: SearchIndexer.exe2
Berichtskennung: SearchIndexer.exe3

Error: (11/26/2013 11:23:36 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: SearchIndexer.exe, Version: 7.0.7600.16808, Zeitstempel: 0x4dc0d1c6
Name des fehlerhaften Moduls: MSSRCH.DLL, Version: 7.0.7600.16808, Zeitstempel: 0x4dc0e16d
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000052155
ID des fehlerhaften Prozesses: 0x4f14
Startzeit der fehlerhaften Anwendung: 0xSearchIndexer.exe0
Pfad der fehlerhaften Anwendung: SearchIndexer.exe1
Pfad des fehlerhaften Moduls: SearchIndexer.exe2
Berichtskennung: SearchIndexer.exe3

Error: (11/26/2013 11:23:03 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: SearchIndexer.exe, Version: 7.0.7600.16808, Zeitstempel: 0x4dc0d1c6
Name des fehlerhaften Moduls: MSSRCH.DLL, Version: 7.0.7600.16808, Zeitstempel: 0x4dc0e16d
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000052155
ID des fehlerhaften Prozesses: 0x4d94
Startzeit der fehlerhaften Anwendung: 0xSearchIndexer.exe0
Pfad der fehlerhaften Anwendung: SearchIndexer.exe1
Pfad des fehlerhaften Moduls: SearchIndexer.exe2
Berichtskennung: SearchIndexer.exe3

Error: (11/26/2013 11:23:02 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: SearchIndexer.exe, Version: 7.0.7600.16808, Zeitstempel: 0x4dc0d1c6
Name des fehlerhaften Moduls: MSSRCH.DLL, Version: 7.0.7600.16808, Zeitstempel: 0x4dc0e16d
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000052155
ID des fehlerhaften Prozesses: 0x4c3c
Startzeit der fehlerhaften Anwendung: 0xSearchIndexer.exe0
Pfad der fehlerhaften Anwendung: SearchIndexer.exe1
Pfad des fehlerhaften Moduls: SearchIndexer.exe2
Berichtskennung: SearchIndexer.exe3

Error: (11/26/2013 11:23:01 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: SearchIndexer.exe, Version: 7.0.7600.16808, Zeitstempel: 0x4dc0d1c6
Name des fehlerhaften Moduls: MSSRCH.DLL, Version: 7.0.7600.16808, Zeitstempel: 0x4dc0e16d
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000052155
ID des fehlerhaften Prozesses: 0x4f80
Startzeit der fehlerhaften Anwendung: 0xSearchIndexer.exe0
Pfad der fehlerhaften Anwendung: SearchIndexer.exe1
Pfad des fehlerhaften Moduls: SearchIndexer.exe2
Berichtskennung: SearchIndexer.exe3


System errors:
=============
Error: (11/28/2013 02:29:49 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ‎28.‎11.‎2013 um 14:28:39 unerwartet heruntergefahren.

Error: (11/28/2013 00:07:50 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.

Error: (11/27/2013 07:25:20 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (11/27/2013 07:25:20 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (11/27/2013 07:25:19 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (11/27/2013 07:25:16 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (11/26/2013 03:05:28 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Hotspot Shield Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.

Error: (11/26/2013 00:39:49 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ‎26.‎11.‎2013 um 12:38:24 unerwartet heruntergefahren.

Error: (11/26/2013 11:23:41 AM) (Source: Service Control Manager) (User: )
Description: Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 14 Mal passiert.

Error: (11/26/2013 11:23:37 AM) (Source: Service Control Manager) (User: )
Description: Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 13 Mal passiert.


Microsoft Office Sessions:
=========================
Error: (12/02/2013 03:03:02 AM) (Source: Application Hang)(User: )
Description: ICQ.exe7.6.0.56206bfc01ceeefae81265974C:\Program Files (x86)\ICQ7.6\ICQ.exeda37af98-5af5-11e3-8f52-60eb696c55a4

Error: (11/26/2013 03:05:25 PM) (Source: Application Error)(User: )
Description: cmw_srv.exe3.19.2.2101952743f14cfghlp.dll_unloaded0.0.0.05261b33ec0000005656226a566001ceea9c3c45aeb6C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.execfghlp.dllcb799f3a-56a3-11e3-873f-60eb696c55a4

Error: (11/26/2013 01:06:37 PM) (Source: SideBySide)(User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (11/26/2013 11:23:41 AM) (Source: Application Error)(User: )
Description: SearchIndexer.exe7.0.7600.168084dc0d1c6MSSRCH.DLL7.0.7600.168084dc0e16dc000000500000000000521554ddc01ceea9193be7d16C:\Windows\system32\SearchIndexer.exeC:\Windows\system32\MSSRCH.DLLd19b9e35-5684-11e3-b5c3-60eb696c55a4

Error: (11/26/2013 11:23:37 AM) (Source: Application Error)(User: )
Description: SearchIndexer.exe7.0.7600.168084dc0d1c6MSSRCH.DLL7.0.7600.168084dc0e16dc000000500000000000521554d4801ceea9191a224ddC:\Windows\system32\SearchIndexer.exeC:\Windows\system32\MSSRCH.DLLcf7533b6-5684-11e3-b5c3-60eb696c55a4

Error: (11/26/2013 11:23:37 AM) (Source: Application Error)(User: )
Description: SearchIndexer.exe7.0.7600.168084dc0d1c6MSSRCH.DLL7.0.7600.168084dc0e16dc000000500000000000521554fe001ceea9191394f64C:\Windows\system32\SearchIndexer.exeC:\Windows\system32\MSSRCH.DLLcf08668e-5684-11e3-b5c3-60eb696c55a4

Error: (11/26/2013 11:23:36 AM) (Source: Application Error)(User: )
Description: SearchIndexer.exe7.0.7600.168084dc0d1c6MSSRCH.DLL7.0.7600.168084dc0e16dc000000500000000000521554f1401ceea919106ccf6C:\Windows\system32\SearchIndexer.exeC:\Windows\system32\MSSRCH.DLLced5e421-5684-11e3-b5c3-60eb696c55a4

Error: (11/26/2013 11:23:03 AM) (Source: Application Error)(User: )
Description: SearchIndexer.exe7.0.7600.168084dc0d1c6MSSRCH.DLL7.0.7600.168084dc0e16dc000000500000000000521554d9401ceea917d73ae26C:\Windows\system32\SearchIndexer.exeC:\Windows\system32\MSSRCH.DLLbb43d6c5-5684-11e3-b5c3-60eb696c55a4

Error: (11/26/2013 11:23:02 AM) (Source: Application Error)(User: )
Description: SearchIndexer.exe7.0.7600.168084dc0d1c6MSSRCH.DLL7.0.7600.168084dc0e16dc000000500000000000521554c3c01ceea917ca6be36C:\Windows\system32\SearchIndexer.exeC:\Windows\system32\MSSRCH.DLLba7c6529-5684-11e3-b5c3-60eb696c55a4

Error: (11/26/2013 11:23:01 AM) (Source: Application Error)(User: )
Description: SearchIndexer.exe7.0.7600.168084dc0d1c6MSSRCH.DLL7.0.7600.168084dc0e16dc000000500000000000521554f8001ceea917c42a3bfC:\Windows\system32\SearchIndexer.exeC:\Windows\system32\MSSRCH.DLLba1d2cc4-5684-11e3-b5c3-60eb696c55a4


==================== Memory info =========================== 

Percentage of memory in use: 70%
Total physical RAM: 3766.69 MB
Available physical RAM: 1106.82 MB
Total Pagefile: 7531.51 MB
Available Pagefile: 4333.75 MB
Total Virtual: 8192 MB
Available Virtual: 8191.78 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:684.54 GB) (Free:563.3 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: 7067438F)
Partition 1: (Not Active) - (Size=14 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=685 GB) - (Type=07 NTFS)

==================== End Of Log ============================
GMER
Code:
ATTFilter
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-12-02 08:52:40
Windows 6.1.7600  x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.GN00 698,64GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Ady\AppData\Local\Temp\kfldrpow.sys


---- User code sections - GMER 2.1 ----

.text  C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[2368] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69   0000000077111465 2 bytes [11, 77]
.text  C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[2368] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  00000000771114bb 2 bytes [11, 77]
.text  ...                                                                                                                                             * 2

---- Registry - GMER 2.1 ----

Reg    HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\c0cb38e6911d                                                                     
Reg    HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\c0cb38e6911d@0023125b479e                                                        0x64 0x57 0x44 0x7F ...
Reg    HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\c0cb38e6911d@7c619351424b                                                        0x95 0xEB 0xF6 0x83 ...
Reg    HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\c0cb38e6911d@0022a64f35da                                                        0x35 0xA0 0x8E 0x44 ...
Reg    HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\c0cb38e6911d@907f6103deea                                                        0x66 0x8F 0x9A 0xEF ...
Reg    HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\c0cb38e6911d@38e7d8c4e323                                                        0x1C 0xBE 0x9A 0x2E ...
Reg    HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\c0cb38e6911d (not active ControlSet)                                                 
Reg    HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\c0cb38e6911d@0023125b479e                                                            0x64 0x57 0x44 0x7F ...
Reg    HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\c0cb38e6911d@7c619351424b                                                            0x95 0xEB 0xF6 0x83 ...
Reg    HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\c0cb38e6911d@0022a64f35da                                                            0x35 0xA0 0x8E 0x44 ...
Reg    HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\c0cb38e6911d@907f6103deea                                                            0x66 0x8F 0x9A 0xEF ...
Reg    HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\c0cb38e6911d@38e7d8c4e323                                                            0x1C 0xBE 0x9A 0x2E ...

---- EOF - GMER 2.1 ----

 

Themen zu Win32/Small.CA Trojaner
.com, 4d36e972-e325-11ce-bfc1-08002be10318, adblock, backgroundcontainer, bingbar, branding, browser, device driver, error, flash player, hotspot, iexplore.exe, launch, minidump, officejet, plug-in, pup.optional.conduit, pup.optional.conduit.a, pup.optional.searchprotect.a, pup.optional.wajam, pup.optional.wajam.a, realtek, richtlinie, server, svchost.exe, symantec, trojaner, vcredist, vista, wajam, win32/small.ca


« my Incredibar nervt - wie bekomm ich es weg? | Windows 7: Webseiten werden auf Werbung umgeleitet und Rechner langsam »


Ähnliche Themen: Win32/Small.CA Trojaner


  1. Trojaner nach erfolgreicher Bekämpfung wieder da! | Win32/Small.CA und Zwangs-Neustarts
    Plagegeister aller Art und deren Bekämpfung - 13.05.2013 (11)
  2. Virenfund: Trojan.Win32.zapchast.acwq und Trojan.Win32.small.bmrh
    Plagegeister aller Art und deren Bekämpfung - 17.08.2012 (27)
  3. trojan.win32.small.bmrh, Trojan.win32.small.Zapchast.acjy
    Plagegeister aller Art und deren Bekämpfung - 09.08.2012 (22)
  4. Backdoor.Win32.ZAccess.mbg und Trojan.Win32.Small.bmph
    Log-Analyse und Auswertung - 10.07.2012 (28)
  5. Microsoft Security Essentials: WinNT/Sirefef.J, Win32/Karagany.I, Win32/Small.TG etc
    Plagegeister aller Art und deren Bekämpfung - 01.06.2012 (44)
  6. Trojaner TR/Dldr.Small.dxg.1 und auch Win32.agent.azk
    Log-Analyse und Auswertung - 14.03.2009 (11)
  7. Win32:Small-MIH [Trj]
    Plagegeister aller Art und deren Bekämpfung - 17.10.2008 (3)
  8. win32.Small.tra
    Mülltonne - 02.04.2008 (1)
  9. Hilfe bei der Entfernung von win32 trojanclicker.small.jf trojaner
    Plagegeister aller Art und deren Bekämpfung - 27.03.2007 (10)
  10. Trojaner, oder doch nicht (Win32.Small.dna)???
    Plagegeister aller Art und deren Bekämpfung - 18.08.2006 (1)
  11. Win32.Small.dn
    Log-Analyse und Auswertung - 30.07.2006 (9)
  12. win32.small.bke
    Log-Analyse und Auswertung - 22.03.2006 (5)
  13. brauch hilfe bei: Win32/Oleloa.gen!, Trojan.Win32.Golid.g, Trojan.Win32.Small.ev
    Plagegeister aller Art und deren Bekämpfung - 29.11.2005 (1)
  14. Trojaner Win32.small.asf
    Plagegeister aller Art und deren Bekämpfung - 19.09.2005 (1)
  15. Win32.nsag.b und win32.small.ev
    Plagegeister aller Art und deren Bekämpfung - 25.07.2005 (2)
  16. Trojaner Win32.Small.asy
    Log-Analyse und Auswertung - 24.05.2005 (1)
  17. Trojaner Downloader: Win32.Small.AR
    Plagegeister aller Art und deren Bekämpfung - 24.04.2004 (25)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Win32/Small.CA Trojaner - Hallo, leider ist mir gestern aufgefallen, dass ich meinen PC mit dem Win32/Small.CA infiziert habe. Das Ganze scheint schon seit dem 8.11. so zu sein. Könnt ihr mir bitte helfen? - Win32/Small.CA Trojaner...
Archiv
Du betrachtest: Win32/Small.CA Trojaner auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131