| |
| |||||||
Log-Analyse und Auswertung: Bundesamt für Sicherheit-Trojaner - Abgsichter Modus fährt direkt wieder herunterWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
13.04.2014, 12:54
| #1 |
| |  Bundesamt für Sicherheit-Trojaner - Abgsichter Modus fährt direkt wieder herunter Hallo Zusammen, vorab schonmal sorry falls das nicht das richtige Forum ist um diesen Thread zu eröffnen. Ich habe folgendes Problem: Als ich gestern auf Reddit umhergesurft bin erschien plötzlich der (nicht schließbare und alles verdeckende) Tab, dass ich verbotene Dateien auf meinem Laptop hätte und daher 100 € per sofortüberweisung an das Bundesamt für Sicherhet überweisen müsse. Ich hatte das Ding vor einiger Zeit schonmal, da hats sich recht einfach über den Abgesicherten Modus entfernen lassen. Leider fährt dieser jetzt immer direkt wieder herunter  Ich hab das Problem gegoogelt und bin auf dieser Seite fündig geworden unter folgendem Link: http://www.trojaner-board.de/132035-...ml#post1026552 Habe alles wie beschrieben durchgearbeitet und füge auf diesem Wege das Logfile an. Vielen Dank im Voraus für die Hilfe, bin in diesem Bereich nicht wirklich bewandert und daher gestaltet sich das ganze besonders schwierig. Beste Grüße Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-04-2014 01
Ran by SYSTEM on MININT-T2PJN80 on 13-04-2014 13:24:47
Running from H:\
Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Recovery
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.
The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2095400 2010-04-15] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6234144 2010-03-13] (Realtek Semiconductor)
HKLM\...\Run: [HPWirelessAssistant] - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-06-18] (Hewlett-Packard Company)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-12] (Intel Corporation)
HKLM-x32\...\Run: [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [602680 2010-07-02] (Hewlett-Packard Company)
HKLM-x32\...\Run: [Norton Online Backup] - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [Easybits Recovery] - C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-05-24] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-21] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\Default\...\Run: [HPAdvisorDock] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1712184 2010-02-09] ()
HKU\Default User\...\Run: [HPAdvisorDock] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1712184 2010-02-09] ()
HKU\Gast\...\Run: [HPAdvisorDock] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1712184 2010-02-09] ()
HKU\Gast\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2010-05-19] (Hewlett-Packard Company)
HKU\Lanslut\...\Run: [HPAdvisorDock] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe [1712184 2010-02-09] ()
HKU\Lanslut\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2010-05-19] (Hewlett-Packard Company)
HKU\Max\...\Run: [HPAdvisorDock] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe [1712184 2010-02-09] ()
HKU\Max\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2010-05-19] (Hewlett-Packard Company)
HKU\Max\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [357696 2010-04-01] (DT Soft Ltd)
HKU\Max\...\Run: [HP Officejet 6700 (NET)] - C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe [2676584 2011-09-09] (Hewlett-Packard Co.)
HKU\Max\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-10-11] (Google Inc.)
HKU\Max\...\Policies\system: [DisableLockWorkstation] 0
HKU\Max\...\Policies\system: [DisableChangePassword] 0
Startup: C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\kyrjvwy.lnk
ShortcutTarget: kyrjvwy.lnk -> C:\ProgramData\2992199F9A\ywvjryk.cpp (Корпорация Майкрософт)
Startup: C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet 6700 (Netzwerk).lnk
ShortcutTarget: Tintenwarnungen überwachen - HP Officejet 6700 (Netzwerk).lnk -> C:\Program Files\HP\HP Officejet 6700\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
==================== Services (Whitelisted) =================
S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-21] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-21] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1017424 2014-02-21] (Avira Operations GmbH & Co. KG)
S2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [27192 2010-07-02] ()
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [289256 2014-01-15] (McAfee, Inc.)
S2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
S2 Winmgmt; C:\ProgramData\2992199F9A\kyrjvwy.faa [332036 2014-04-12] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [303616 2013-06-15] ()
S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-18] (Avira Operations GmbH & Co. KG)
S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-18] (Avira Operations GmbH & Co. KG)
S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG)
S2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [35328 2013-06-15] ()
S3 RSUSBSTOR; C:\Windows\SysWOW64\Drivers\RtsUStor.sys [225280 2009-09-22] (Realtek Semiconductor Corp.)
S0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2011-01-24] (Duplex Secure Ltd.)
S3 X6va012; \??\C:\Windows\SysWOW64\Drivers\X6va012 [X]
========================== Drivers MD5 =======================
C:\Windows\system32\DRIVERS\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ACPI.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys DB9D6C6B2CD95A9CA414D045B627422E
C:\Windows\System32\DRIVERS\agrsm64.sys 98022774D9930ECBB292E70DB7601DF6
C:\Windows\system32\DRIVERS\agp440.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\aliide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\atikmdag.sys 8155EA1864D1FA8B168C46C41ED97A76
C:\Windows\System32\DRIVERS\atikmpag.sys 4841C7AF2BAC05AE23955D65B4336446
C:\Windows\system32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys ==> MD5 is legit
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\atapi.sys ==> MD5 is legit
C:\Windows\System32\drivers\AtiHdmi.sys 2D648572BA9A610952FCAFBA1E119C2D
C:\Windows\System32\DRIVERS\atksgt.sys 4AEF9EC86818375495FB78CA58DF4E18
C:\Windows\System32\DRIVERS\avgntflt.sys 7806BFCD1D7FA5EC23F7324D4EAFD25B
C:\Windows\System32\DRIVERS\avipbb.sys C3A58DBD18786C338126D30BF8C33D72
C:\Windows\System32\DRIVERS\avkmgr.sys 390184FAD8FCC1B6DA25AEBAE928C3B6
C:\Windows\system32\DRIVERS\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bcmwl664.sys 810BE94A9E42309B3F74217AC28BC6AC
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys CA7720B73446FDDEC5C69519C1174C98
C:\Windows\System32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit
C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys EBCE0B0924835F635F620D19F0529DCE
C:\Windows\system32\DRIVERS\evbda.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys D3E3F93D67821A2DB2B3D9FAC2DC2064
C:\Windows\System32\DRIVERS\fvevol.sys 1F44F8559E61A8306ECC67BB1E168B7C
C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\GEARAspiWDM.sys 8E98D21EE06192492A5671A6144D092F
C:\Windows\System32\DRIVERS\hamachi.sys 1E6438D4EA6E1174A3B3B1EDC4DE660B
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\HDAudBus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HECIx64.sys B6AC71AAA2B10848F57FC49D55A651AF
C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\i8042prt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\iaStor.sys 1384872112E8E7FD5786ECEB8BDDF4C9
C:\Windows\system32\drivers\iaStorV.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\igdkmd64.sys FBACBED7A37B3223822470FF1D8EA00F
C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Impcd.sys DD587A55390ED2295BCE6D36AD567DA9
C:\Windows\System32\drivers\RTKVHD64.sys E76FDFFF07F8A2FA81FF250DDA0F6BBA
C:\Windows\system32\DRIVERS\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\igdpmd64.sys FBACBED7A37B3223822470FF1D8EA00F
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\isapnp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\msiscsi.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys 4F4B5FDE429416877DE7143044582EB5
C:\Windows\System32\Drivers\ksecpkg.sys 6F40465A44ECDC1731BEFAFEC5BDD03C
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lirsgt.sys B658B7076B1ACAA5876524595630F183
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mrxsmb.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mrxsmb10.sys F0067552F8F9B33D7C59403AB808A3CB
C:\Windows\System32\DRIVERS\mrxsmb20.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\msahci.sys 5E939CF91EA4A841DBAFE4627E0292BB
C:\Windows\system32\DRIVERS\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netw5v64.sys 64428DFDAF6E88366CB51F45A79C5F69
C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys 9A6089B056EA1B83B36424FC9D0A300E
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvraid.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvstor.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys 90061B1ACFE8CCAA5345750FFE08D8B8
C:\Windows\System32\DRIVERS\pci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\pciide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RDPWD.sys 447DE7E3DEA39D422C1504F245B668B1
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RtsUStor.sys 483DF0B58CA532E5240E59DC41F30AA2
C:\Windows\SysWOW64\Drivers\RtsUStor.sys 483DF0B58CA532E5240E59DC41F30AA2
C:\Windows\System32\DRIVERS\Rt64win7.sys 20A466B9EA2BD828C0EC723F99B8CFE7
C:\Windows\system32\DRIVERS\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\sdbus.sys 54E47AD086782D3AE9417C155CDCEB9B
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Sftfslh.sys 2046AA7491DE7EFA4D70E615D9BC9D09
C:\Windows\System32\DRIVERS\Sftplaylh.sys 0E0446BC4D51BE4263ACB7E33491191C
C:\Windows\System32\DRIVERS\Sftredirlh.sys C5FB982CD266E604ED3142102C26D62C
C:\Windows\System32\DRIVERS\Sftvollh.sys 2575511AF67AA1FA068CCC4918E2C2A3
C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\Drivers\sptd.sys 602884696850C86434530790B110E8EB
C:\Windows\System32\DRIVERS\srv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv2.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\VSTAZL6.SYS 0C4540311E11664B245A263E1154CEF8
C:\Windows\System32\DRIVERS\VSTDPV6.SYS 02071D207A9858FBE3A48CBFD59C4A04
C:\Windows\System32\DRIVERS\VSTCNXT6.SYS 18E40C245DBFAF36FD0134A7EF2DF396
C:\Windows\System32\DRIVERS\srvnet.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serscan.sys DECACB6921DED1A38642642685D77DAC
C:\Windows\system32\DRIVERS\swenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\SynTP.sys 4998AE89119C7106C92F0A64E4840FF6
C:\Windows\System32\drivers\tcpip.sys 5CFB7AB8F9524D1A1E14369DE63B83CC
C:\Windows\System32\DRIVERS\tcpip.sys 5CFB7AB8F9524D1A1E14369DE63B83CC
C:\Windows\System32\drivers\tcpipreg.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 7518F7BCFD4B308ABC9192BACAF6C970
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys C06E6F4679CEB8F430B90A51D76D8D3C
C:\Windows\system32\DRIVERS\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit
C:\Windows\System32\Drivers\usbaapl64.sys 43228F8EDD1B0BCDD3145AD246E63D39
C:\Windows\System32\DRIVERS\usbccgp.sys 537A4E03D7103C12D42DFD8FFDB5BDC9
C:\Windows\system32\DRIVERS\usbcir.sys ==> MD5 is legit
C:\Windows\system32\drivers\usbehci.sys FBB21EBE49F6D560DB37AC25FBC68E66
C:\Windows\System32\DRIVERS\usbhub.sys 6B7A8A99C4A459E73C286A6763EA24CC
C:\Windows\system32\drivers\usbohci.sys 8C88AA7617B4CBC2E4BED61D26B33A27
C:\Windows\system32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\USBSTOR.SYS ==> MD5 is legit
C:\Windows\system32\drivers\usbuhci.sys 0B5B3B2DF3FD1709618ACFA50B8392B0
C:\Windows\System32\Drivers\usbvideo.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\viaide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys 9E425AC5C9A5A973273D169F43B4F5E1
C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifimp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys 442783E2CB0DA19873B7A63833FF4CB4
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WSDPrint.sys 8D918B1DB190A4D9B1753A66FA8C96E8
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659
C:\Windows\System32\DRIVERS\xnacc.sys 4A5CE13408945E525503B5F73D29B9C5
C:\Windows\System32\DRIVERS\xusb21.sys 38F55D07B1D3391065C40EC065F984E2
C:\Windows\System32\DRIVERS\yk62x64.sys B3EEACF62445E24FBB2CD4B0FB4DB026
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-04-13 13:24 - 2014-04-13 13:24 - 00000000 ____D () C:\FRST
2014-04-12 15:56 - 2014-04-13 01:34 - 00000000 ____D () C:\ProgramData\2992199F9A
2014-04-07 11:56 - 2014-04-07 11:56 - 00000000 _____ () C:\Windows\SysWOW64\sho7A23.tmp
2014-04-05 04:32 - 2014-04-05 04:32 - 00000198 _____ () C:\Users\Max\Desktop\Hitman Codename 47.url
2014-03-27 11:43 - 2014-03-27 11:43 - 00000222 _____ () C:\Users\Max\Desktop\Betrayer.url
2014-03-15 15:11 - 2014-03-15 15:12 - 00000000 ____D () C:\Users\Max\Desktop\Lindas Stick
==================== One Month Modified Files and Folders =======
2014-04-13 13:24 - 2014-04-13 13:24 - 00000000 ____D () C:\FRST
2014-04-13 03:08 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-13 03:08 - 2009-07-13 20:51 - 00227252 _____ () C:\Windows\setupact.log
2014-04-13 01:40 - 2009-07-13 20:45 - 00023024 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-13 01:40 - 2009-07-13 20:45 - 00023024 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-13 01:34 - 2014-04-12 15:56 - 00000000 ____D () C:\ProgramData\2992199F9A
2014-04-13 01:34 - 2012-10-11 10:53 - 00001100 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-12 16:34 - 2010-10-13 07:58 - 01779478 _____ () C:\Windows\WindowsUpdate.log
2014-04-12 16:20 - 2012-10-11 10:53 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-12 15:53 - 2012-06-17 04:13 - 00000000 ____D () C:\ProgramData\Origin
2014-04-12 15:46 - 2013-03-28 04:59 - 00000000 ____D () C:\Users\Max\Documents\FIFA 13
2014-04-12 15:03 - 2011-04-07 11:20 - 00000000 ____D () C:\Users\Max\AppData\Roaming\Mumble
2014-04-12 11:49 - 2012-06-17 04:13 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-04-12 02:18 - 2012-10-11 10:56 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-04-10 10:11 - 2011-07-21 07:19 - 00003174 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForMax
2014-04-10 10:11 - 2011-07-21 07:19 - 00000324 _____ () C:\Windows\Tasks\HPCeeScheduleForMax.job
2014-04-09 08:34 - 2013-04-07 12:20 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-09 08:33 - 2013-08-07 08:14 - 00000000 ____D () C:\Windows\System32\MRT
2014-04-09 08:31 - 2011-05-06 07:19 - 90655440 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2014-04-08 10:32 - 2011-02-07 03:13 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-04-08 10:02 - 2010-07-20 13:46 - 00697550 _____ () C:\Windows\System32\perfh007.dat
2014-04-08 10:02 - 2010-07-20 13:46 - 00148556 _____ () C:\Windows\System32\perfc007.dat
2014-04-08 10:02 - 2009-07-13 21:13 - 01614964 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-04-07 11:56 - 2014-04-07 11:56 - 00000000 _____ () C:\Windows\SysWOW64\sho7A23.tmp
2014-04-05 04:32 - 2014-04-05 04:32 - 00000198 _____ () C:\Users\Max\Desktop\Hitman Codename 47.url
2014-03-31 11:57 - 2010-12-22 09:54 - 00000000 ____D () C:\Users\Max\AppData\Local\CrashDumps
2014-03-29 16:56 - 2012-10-11 10:53 - 00000000 ____D () C:\Users\Max\AppData\Local\Google
2014-03-29 16:15 - 2012-10-11 10:53 - 00004100 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-29 16:15 - 2012-10-11 10:53 - 00003848 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-29 08:40 - 2013-07-06 03:35 - 00000000 ____D () C:\Users\Max\Documents\My Games
2014-03-29 08:40 - 2010-07-20 04:20 - 00332559 _____ () C:\Windows\DirectX.log
2014-03-27 11:43 - 2014-03-27 11:43 - 00000222 _____ () C:\Users\Max\Desktop\Betrayer.url
2014-03-24 08:59 - 2012-08-23 06:03 - 00000000 ____D () C:\Users\Max\AppData\Roaming\HpUpdate
2014-03-23 09:06 - 2012-06-17 04:13 - 00000000 ____D () C:\Users\Max\AppData\Roaming\Origin
2014-03-23 09:06 - 2012-06-17 04:13 - 00000000 ____D () C:\Users\Max\AppData\Local\Origin
2014-03-18 10:29 - 2011-04-06 10:36 - 00000000 ____D () C:\Users\Max\AppData\Roaming\.minecraft
2014-03-15 15:12 - 2014-03-15 15:11 - 00000000 ____D () C:\Users\Max\Desktop\Lindas Stick
2014-03-15 02:59 - 2013-03-13 14:33 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-15 02:59 - 2013-03-13 14:33 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-15 02:59 - 2010-12-21 04:24 - 00358802 _____ () C:\Windows\PFRO.log
Some content of TEMP:
====================
C:\Users\Max\AppData\Local\Temp\avgnt.exe
C:\Users\Max\AppData\Local\Temp\CCLauncherSelfUpdater.EXE
C:\Users\Max\AppData\Local\Temp\CmdLineExt03.dll
C:\Users\Max\AppData\Local\Temp\config.dll
C:\Users\Max\AppData\Local\Temp\DeltaTB.exe
C:\Users\Max\AppData\Local\Temp\LyricsPal.exe
C:\Users\Max\AppData\Local\Temp\OptimizerPro.exe
C:\Users\Max\AppData\Local\Temp\pricepeep_130001_1001.exe
C:\Users\Max\AppData\Local\Temp\RDtemp.exe
C:\Users\Max\AppData\Local\Temp\TC8a.dll
C:\Users\Max\AppData\Local\Temp\unwise.exe
==================== Known DLLs (Whitelisted) ================
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points =========================
Restore point made on: 2014-04-09 07:42:17
Restore point made on: 2014-04-09 08:30:52
==================== BCD ================================
Windows-Start-Manager
---------------------
Bezeichner {bootmgr}
device partition=Y:
description Windows Boot Manager
locale de-DE
inherit {globalsettings}
extendedinput Yes
default {default}
resumeobject {c279be75-9b51-11de-9b93-a29d207e6d0e}
displayorder {default}
toolsdisplayorder {memdiag}
timeout 30
customactions 0x1000085000001
0x5400000f
custom:5400000f {current}
Windows-Startladeprogramm
-------------------------
Bezeichner {572bcd60-ffa7-11d9-aae0-0007e994107d}
device ramdisk=[boot]\sources\boot.wim,{ramdiskoptions}
path \windows\system32\boot\winload.exe
description Microsoft Windows PE 2.0
osdevice ramdisk=[boot]\sources\boot.wim,{ramdiskoptions}
systemroot \windows
detecthal Yes
winpe Yes
ems Yes
Windows-Startladeprogramm
-------------------------
Bezeichner {current}
device ramdisk=[E:]\Recovery\WindowsRE\Winre.wim,{aad1c467-d735-11df-837f-bf22f822ebf9}
path \windows\system32\winload.exe
description Windows Recovery Environment
inherit {bootloadersettings}
osdevice ramdisk=[E:]\Recovery\WindowsRE\Winre.wim,{aad1c467-d735-11df-837f-bf22f822ebf9}
systemroot \windows
nx OptIn
winpe Yes
Windows-Startladeprogramm
-------------------------
Bezeichner {default}
device partition=C:
path \Windows\system32\winload.exe
description Windows 7
locale de-DE
inherit {bootloadersettings}
recoverysequence {current}
recoveryenabled Yes
osdevice partition=C:
systemroot \Windows
resumeobject {c279be75-9b51-11de-9b93-a29d207e6d0e}
nx OptIn
Wiederaufnahme aus dem Ruhezustand
----------------------------------
Bezeichner {c279be75-9b51-11de-9b93-a29d207e6d0e}
device partition=C:
path \Windows\system32\winresume.exe
description Windows Resume Application
locale de-DE
inherit {resumeloadersettings}
filedevice partition=C:
filepath \hiberfil.sys
debugoptionenabled No
Windows-Speichertestprogramm
----------------------------
Bezeichner {memdiag}
device partition=Y:
path \boot\memtest.exe
description Windows Memory Diagnostic
locale de-DE
inherit {globalsettings}
badmemoryaccess Yes
EMS-Einstellungen
-----------------
Bezeichner {emssettings}
bootems Yes
Debuggereinstellungen
---------------------
Bezeichner {dbgsettings}
debugtype Serial
debugport 1
baudrate 115200
RAM-Defekte
-----------
Bezeichner {badmemory}
Globale Einstellungen
---------------------
Bezeichner {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}
Startladeprogramm-Einstellungen
-------------------------------
Bezeichner {bootloadersettings}
inherit {globalsettings}
{hypervisorsettings}
Hypervisoreinstellungen
-------------------
Bezeichner {hypervisorsettings}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200
Einstellungen zur Ladeprogrammfortsetzung
-----------------------------------------
Bezeichner {resumeloadersettings}
inherit {globalsettings}
Ger„teoptionen
--------------
Bezeichner {aad1c467-d735-11df-837f-bf22f822ebf9}
description Ramdisk Options
ramdisksdidevice partition=E:
ramdisksdipath \Recovery\WindowsRE\boot.sdi
Optionen zum RAM-Datentr„gersetup
---------------------------------
Bezeichner {ramdiskoptions}
description Ramdisk Options
ramdisksdidevice boot
ramdisksdipath \boot\boot.sdi
==================== Memory info ===========================
Percentage of memory in use: 18%
Total physical RAM: 3893.86 MB
Available physical RAM: 3163.4 MB
Total Pagefile: 3892.01 MB
Available Pagefile: 3162.61 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:281.98 GB) (Free:6.63 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (RECOVERY) (Fixed) (Total:15.82 GB) (Free:2.28 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32
Drive h: (LE_SAVE) (Removable) (Total:0.96 GB) (Free:0.94 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 298 GB) (Disk ID: CB9E9924)
Partition: GPT Partition Type.
========================================================
Disk: 1 (Size: 983 MB) (Disk ID: 00000000)
Partition: GPT Partition Type.
LastRegBack: 2014-04-01 08:43
==================== End Of Log ============================
|
|
13.04.2014, 13:23
| #2 |
| /// the machine /// TB-Ausbilder    | Bundesamt für Sicherheit-Trojaner - Abgsichter Modus fährt direkt wieder herunter hi,
__________________Drücke bitte die  + R Taste und schreibe notepad in das Ausführen Fenster.Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter Startup: C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\kyrjvwy.lnk
ShortcutTarget: kyrjvwy.lnk -> C:\ProgramData\2992199F9A\ywvjryk.cpp (Корпорация Майкрософт)
S2 Winmgmt; C:\ProgramData\2992199F9A\kyrjvwy.faa [332036 2014-04-12] (Microsoft Corporation)
C:\ProgramData\2992199F9A
Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier. Rechner normal starten.
__________________ |
|
13.04.2014, 13:57
| #3 |
| | Bundesamt für Sicherheit-Trojaner - Abgsichter Modus fährt direkt wieder herunter Vielen Dank für die rasche Antwort!
__________________Habe die Anweisung befolgt, ist angehängt! Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-04-2014 01
Ran by SYSTEM at 2014-04-13 14:55:48 Run:1
Running from H:\
Boot Mode: Recovery
==============================================
Content of fixlist:
*****************
Startup: C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\kyrjvwy.lnk
ShortcutTarget: kyrjvwy.lnk -> C:\ProgramData\2992199F9A\ywvjryk.cpp (?????????? ??????????)
S2 Winmgmt; C:\ProgramData\2992199F9A\kyrjvwy.faa [332036 2014-04-12] (Microsoft Corporation)
C:\ProgramData\2992199F9A
*****************
C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\kyrjvwy.lnk => Moved successfully.
C:\ProgramData\2992199F9A\ywvjryk.cpp => Moved successfully.
Winmgmt => Service restored successfully.
C:\ProgramData\2992199F9A => Moved successfully.
==== End of Fixlog ====
|
|
14.04.2014, 10:27
| #4 |
| /// the machine /// TB-Ausbilder | Bundesamt für Sicherheit-Trojaner - Abgsichter Modus fährt direkt wieder herunter startet der Rechner normal? Wenn ja ab jetzt alles im normalen Modus: Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
14.04.2014, 11:05
| #5 |
| | Bundesamt für Sicherheit-Trojaner - Abgsichter Modus fährt direkt wieder herunter Vielen Dank nochmal! Rechner startet normal und ich habe gestern dann einmal Antivir durchlaufen lassen. 26 Dateien wurden gemeldet. ich hoffe dies verfälscht die Ergebnisse nicht. Ansonsten wie gehabt: Wie beschrieben durchgeführt! FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-04-2014 01
Ran by Max (administrator) on MAX-HP on 14-04-2014 11:57:31
Running from C:\Users\Max\Desktop
Windows 7 Home Premium (X64) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\system32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
() C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\RtVOsd\RtVOsd.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6700\Bin\HPNetworkCommunicator.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2095400 2010-04-16] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6234144 2010-03-13] (Realtek Semiconductor)
HKLM\...\Run: [HPWirelessAssistant] - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-06-18] (Hewlett-Packard Company)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-13] (Intel Corporation)
HKLM-x32\...\Run: [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [602680 2010-07-02] (Hewlett-Packard Company)
HKLM-x32\...\Run: [Norton Online Backup] - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [Easybits Recovery] - C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-05-24] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-21] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-3566709276-7339287-2280055418-1000\...\Run: [HPAdvisorDock] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe [1712184 2010-02-09] ()
HKU\S-1-5-21-3566709276-7339287-2280055418-1000\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2010-05-19] (Hewlett-Packard Company)
HKU\S-1-5-21-3566709276-7339287-2280055418-1000\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [357696 2010-04-01] (DT Soft Ltd)
HKU\S-1-5-21-3566709276-7339287-2280055418-1000\...\Run: [HP Officejet 6700 (NET)] - C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe [2676584 2011-09-09] (Hewlett-Packard Co.)
HKU\S-1-5-21-3566709276-7339287-2280055418-1000\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-10-11] (Google Inc.)
HKU\S-1-5-21-3566709276-7339287-2280055418-1000\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-3566709276-7339287-2280055418-1000\...\Policies\system: [DisableChangePassword] 0
HKU\S-1-5-21-3566709276-7339287-2280055418-1000\...\MountPoints2: {adcbdcfc-27c8-11e0-9e8d-002682b564ba} - G:\Autorun.exe
Startup: C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet 6700 (Netzwerk).lnk
ShortcutTarget: Tintenwarnungen überwachen - HP Officejet 6700 (Netzwerk).lnk -> C:\Program Files\HP\HP Officejet 6700\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4
HKCU\Software\Microsoft\Internet Explorer\Main,ICQ Search = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4
URLSearchHook: HKLM-x32 - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
URLSearchHook: HKLM-x32 - (No Name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - No File
URLSearchHook: HKLM-x32 - DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
URLSearchHook: HKCU - DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {3C5B6162-D957-49D4-9106-9B2DA73FD0F0} URL = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM - {76AFE0DB-0DF5-40C1-865D-5EA136F32395} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 - {3C5B6162-D957-49D4-9106-9B2DA73FD0F0} URL = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 - {76AFE0DB-0DF5-40C1-865D-5EA136F32395} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
SearchScopes: HKCU - DefaultScope {69AF4F20-24D3-4581-8547-03CB2E70DE1F} URL = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7AURU_deDE505
SearchScopes: HKCU - {3C5B6162-D957-49D4-9106-9B2DA73FD0F0} URL = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKCU - {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
SearchScopes: HKCU - {69AF4F20-24D3-4581-8547-03CB2E70DE1F} URL = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7AURU_deDE505
SearchScopes: HKCU - {76AFE0DB-0DF5-40C1-865D-5EA136F32395} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg64.dll (Google Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKCU - No Name - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
FireFox:
========
FF ProfilePath: C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\jmhzq83h.default
FF user.js: detected! => C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\jmhzq83h.default\user.js
FF DefaultSearchEngine: ICQ Search
FF SelectedSearchEngine: Wikipedia (de)
FF Homepage: hxxp://search.conduit.com/?ctid=CT2269050&SearchSource=13
FF Keyword.URL: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&q=
FF NetworkProxy: "type", 0
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.13.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.13.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF SearchPlugin: C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\jmhzq83h.default\searchplugins\conduit.xml
FF SearchPlugin: C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\jmhzq83h.default\searchplugins\icqplugin-1.xml
FF SearchPlugin: C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\jmhzq83h.default\searchplugins\icqplugin-2.xml
FF SearchPlugin: C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\jmhzq83h.default\searchplugins\icqplugin-3.xml
FF SearchPlugin: C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\jmhzq83h.default\searchplugins\icqplugin.xml
FF SearchPlugin: C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\jmhzq83h.default\searchplugins\searchplugins-backup
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
FF Extension: Conduit Engine - C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\jmhzq83h.default\Extensions\engine@conduit.com [2011-04-07]
FF Extension: ICQ Toolbar - C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\jmhzq83h.default\Extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2012-09-11]
FF Extension: DVDVideoSoftTB Community Toolbar - C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\jmhzq83h.default\Extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2013-02-10]
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\jmhzq83h.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2012-11-21]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2013-05-02]
FF HKLM-x32\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: SmartPrintButton - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2012-08-23]
Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U33) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.330.5) - C:\Windows\SysWOW64\npdeployJava1.dll (Oracle Corporation)
CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Extension: (McAfee Security Scan+) - C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh [2014-02-25]
CHR Extension: (Google Wallet) - C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Users\Max\AppData\Roaming\DVDVideoSoft\dvsYoutubeDownload.crx [2012-09-18]
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-21] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-21] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1017424 2014-02-21] (Avira Operations GmbH & Co. KG)
R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [27192 2010-07-02] ()
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [289256 2014-01-16] (McAfee, Inc.)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
==================== Drivers (Whitelisted) ====================
S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [303616 2013-06-15] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG)
S2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [35328 2013-06-15] ()
S3 RSUSBSTOR; C:\Windows\SysWOW64\Drivers\RtsUStor.sys [225280 2009-09-23] (Realtek Semiconductor Corp.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2011-01-24] ()
U3 agdr963o; C:\Windows\System32\Drivers\agdr963o.sys [0 ] (Microsoft Corporation)
S3 X6va012; \??\C:\Windows\SysWOW64\Drivers\X6va012 [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-04-14 11:57 - 2014-04-14 11:57 - 00026116 _____ () C:\Users\Max\Desktop\FRST.txt
2014-04-14 11:57 - 2014-04-13 13:06 - 02157568 _____ (Farbar) C:\Users\Max\Desktop\FRST64.exe
2014-04-13 23:24 - 2014-04-14 11:57 - 00000000 ____D () C:\FRST
2014-04-07 21:56 - 2014-04-07 21:56 - 00000000 _____ () C:\Windows\SysWOW64\sho7A23.tmp
2014-04-05 14:32 - 2014-04-05 14:32 - 00000198 _____ () C:\Users\Max\Desktop\Hitman Codename 47.url
2014-03-27 21:43 - 2014-03-27 21:43 - 00000222 _____ () C:\Users\Max\Desktop\Betrayer.url
2014-03-16 01:11 - 2014-03-16 01:12 - 00000000 ____D () C:\Users\Max\Desktop\Lindas Stick
==================== One Month Modified Files and Folders =======
2014-04-14 11:57 - 2014-04-14 11:57 - 00026116 _____ () C:\Users\Max\Desktop\FRST.txt
2014-04-14 11:57 - 2014-04-13 23:24 - 00000000 ____D () C:\FRST
2014-04-14 11:54 - 2012-10-11 20:53 - 00001100 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-14 11:53 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-14 11:53 - 2009-07-14 06:51 - 00227364 _____ () C:\Windows\setupact.log
2014-04-14 00:55 - 2010-12-21 14:33 - 00000000 ___RD () C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-13 23:51 - 2010-10-13 17:58 - 01787723 _____ () C:\Windows\WindowsUpdate.log
2014-04-13 23:50 - 2012-10-11 20:53 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-13 16:40 - 2009-07-14 06:45 - 00023024 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-13 16:40 - 2009-07-14 06:45 - 00023024 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-13 13:06 - 2014-04-14 11:57 - 02157568 _____ (Farbar) C:\Users\Max\Desktop\FRST64.exe
2014-04-13 01:53 - 2012-06-17 14:13 - 00000000 ____D () C:\ProgramData\Origin
2014-04-13 01:46 - 2013-03-28 14:59 - 00000000 ____D () C:\Users\Max\Documents\FIFA 13
2014-04-13 01:03 - 2011-04-07 21:20 - 00000000 ____D () C:\Users\Max\AppData\Roaming\Mumble
2014-04-12 21:49 - 2012-06-17 14:13 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-04-12 12:18 - 2012-10-11 20:56 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-04-10 20:11 - 2011-07-21 17:19 - 00003174 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForMax
2014-04-10 20:11 - 2011-07-21 17:19 - 00000324 _____ () C:\Windows\Tasks\HPCeeScheduleForMax.job
2014-04-09 18:34 - 2013-04-07 22:20 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-09 18:33 - 2013-08-07 18:14 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-09 18:31 - 2011-05-06 17:19 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-08 20:32 - 2011-02-07 13:13 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-04-08 20:02 - 2010-07-20 23:46 - 00697550 _____ () C:\Windows\system32\perfh007.dat
2014-04-08 20:02 - 2010-07-20 23:46 - 00148556 _____ () C:\Windows\system32\perfc007.dat
2014-04-08 20:02 - 2009-07-14 07:13 - 01614964 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-07 21:56 - 2014-04-07 21:56 - 00000000 _____ () C:\Windows\SysWOW64\sho7A23.tmp
2014-04-05 14:57 - 2010-12-26 22:03 - 00000000 ____D () C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-04-05 14:32 - 2014-04-05 14:32 - 00000198 _____ () C:\Users\Max\Desktop\Hitman Codename 47.url
2014-03-31 21:57 - 2010-12-22 19:54 - 00000000 ____D () C:\Users\Max\AppData\Local\CrashDumps
2014-03-30 02:56 - 2012-10-11 20:53 - 00000000 ____D () C:\Users\Max\AppData\Local\Google
2014-03-30 02:15 - 2012-10-11 20:53 - 00004100 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-30 02:15 - 2012-10-11 20:53 - 00003848 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-29 18:40 - 2013-07-06 13:35 - 00000000 ____D () C:\Users\Max\Documents\My Games
2014-03-29 18:40 - 2010-07-20 14:20 - 00332559 _____ () C:\Windows\DirectX.log
2014-03-27 21:43 - 2014-03-27 21:43 - 00000222 _____ () C:\Users\Max\Desktop\Betrayer.url
2014-03-24 18:59 - 2012-08-23 16:03 - 00000000 ____D () C:\Users\Max\AppData\Roaming\HpUpdate
2014-03-23 19:06 - 2012-06-17 14:13 - 00000000 ____D () C:\Users\Max\AppData\Roaming\Origin
2014-03-23 19:06 - 2012-06-17 14:13 - 00000000 ____D () C:\Users\Max\AppData\Local\Origin
2014-03-18 20:29 - 2011-04-06 20:36 - 00000000 ____D () C:\Users\Max\AppData\Roaming\.minecraft
2014-03-16 01:12 - 2014-03-16 01:11 - 00000000 ____D () C:\Users\Max\Desktop\Lindas Stick
2014-03-15 12:59 - 2013-03-14 00:33 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-15 12:59 - 2013-03-14 00:33 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-15 12:59 - 2010-12-21 14:24 - 00358802 _____ () C:\Windows\PFRO.log
Some content of TEMP:
====================
C:\Users\Max\AppData\Local\Temp\avgnt.exe
C:\Users\Max\AppData\Local\Temp\CCLauncherSelfUpdater.EXE
C:\Users\Max\AppData\Local\Temp\CmdLineExt03.dll
C:\Users\Max\AppData\Local\Temp\config.dll
C:\Users\Max\AppData\Local\Temp\DeltaTB.exe
C:\Users\Max\AppData\Local\Temp\OptimizerPro.exe
C:\Users\Max\AppData\Local\Temp\pricepeep_130001_1001.exe
C:\Users\Max\AppData\Local\Temp\RDtemp.exe
C:\Users\Max\AppData\Local\Temp\TC8a.dll
C:\Users\Max\AppData\Local\Temp\unwise.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-04-01 18:43
==================== End Of Log ============================
--- --- --- Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-04-2014 01
Ran by Max at 2014-04-14 11:58:21
Running from C:\Users\Max\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.0.7220 - Adobe Systems Inc.) Hidden
Adobe Flash Player 10 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 10.3.183.20 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.4.402.287 - Adobe Systems Incorporated)
Adobe Reader 9.5.5 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\{9ECF7817-DB11-4FBA-9DF1-296A578D513A}) (Version: 11.5.7.609 - Adobe Systems, Inc)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.95 - WildTangent) Hidden
AMD APP SDK Runtime (Version: 2.4.650.9 - Advanced Micro Devices Inc.) Hidden
Anno 1701 (HKLM-x32\...\{A2433A63-5F5D-40E5-B529-9123C2B3E734}) (Version: 1.00 - Sunflowers)
Apple Application Support (HKLM-x32\...\{CCE825DB-347A-4004-A186-5F4A6FDD8547}) (Version: 2.3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}) (Version: 6.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{94D6F1A3-C102-EF6D-5DDF-9CC9836F3C65}) (Version: 3.0.829.0 - ATI Technologies, Inc.)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
Bandicam (HKLM-x32\...\Bandicam) (Version: - Bandisoft.com)
Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version: - )
Betrayer (HKLM-x32\...\Steam App 243120) (Version: - Blackpowder Games)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: 5.60.350.6 - Broadcom Corporation)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center (x32 Version: 2011.0524.2352.41027 - Ihr Firmenname) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2011.0524.2352.41027 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2011.0524.2352.41027 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2011.0524.2352.41027 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2011.0524.2351.41027 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2011.0524.2351.41027 - ATI) Hidden
CCC Help Czech (x32 Version: 2011.0524.2351.41027 - ATI) Hidden
CCC Help Danish (x32 Version: 2011.0524.2351.41027 - ATI) Hidden
CCC Help Dutch (x32 Version: 2011.0524.2351.41027 - ATI) Hidden
CCC Help English (x32 Version: 2011.0524.2351.41027 - ATI) Hidden
CCC Help Finnish (x32 Version: 2011.0524.2351.41027 - ATI) Hidden
CCC Help French (x32 Version: 2011.0524.2351.41027 - ATI) Hidden
CCC Help German (x32 Version: 2011.0524.2351.41027 - ATI) Hidden
CCC Help Greek (x32 Version: 2011.0524.2351.41027 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2011.0524.2351.41027 - ATI) Hidden
CCC Help Italian (x32 Version: 2011.0524.2351.41027 - ATI) Hidden
CCC Help Japanese (x32 Version: 2011.0524.2351.41027 - ATI) Hidden
CCC Help Korean (x32 Version: 2011.0524.2351.41027 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2011.0524.2351.41027 - ATI) Hidden
CCC Help Polish (x32 Version: 2011.0524.2351.41027 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2011.0524.2351.41027 - ATI) Hidden
CCC Help Russian (x32 Version: 2011.0524.2351.41027 - ATI) Hidden
CCC Help Spanish (x32 Version: 2011.0524.2351.41027 - ATI) Hidden
CCC Help Swedish (x32 Version: 2011.0524.2351.41027 - ATI) Hidden
CCC Help Thai (x32 Version: 2011.0524.2351.41027 - ATI) Hidden
CCC Help Turkish (x32 Version: 2011.0524.2351.41027 - ATI) Hidden
ccc-utility64 (Version: 2011.0524.2352.41027 - ATI) Hidden
Conduit Engine (HKLM-x32\...\conduitEngine) (Version: - Conduit Ltd.) <==== ATTENTION
Counter-Strike 1.6 (HKLM-x32\...\{13B792AA-C078-43A4-8A3A-8B12D629940D}) (Version: 1.00.0000 - )
CyberLink DVD Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.3003 - CyberLink Corp.)
CyberLink DVD Suite (x32 Version: 7.0.3003 - CyberLink Corp.) Hidden
CyberLink PowerDVD 9 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.1.4217 - CyberLink Corp.)
CyberLink PowerDVD 9 (x32 Version: 9.0.1.4217 - CyberLink Corp.) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.0.2511 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 3.0.2511 - CyberLink Corp.) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{5971CA1F-6BDE-498F-952C-9F2BF94070A4}) (Version: - Microsoft)
Die Sims 3 eXtreme Edition (HKLM-x32\...\{0A5002BA-DADB-435D-AFD2-8505F04DB910}_is1) (Version: Die Sims 3 eXtreme Edition v6.0.81.009001 - pcblizzard)
Divinity II: Developer's Cut (HKLM-x32\...\Steam App 219780) (Version: - Larian Studios)
Don't Starve (HKLM-x32\...\Steam App 219740) (Version: - Klei Entertainment)
Driver Detective (HKLM-x32\...\{4640FDE1-B83A-4376-84ED-86F86BEE2D41}) (Version: 8.0.1 - PC Drivers HeadQuarters)
DVDVideoSoftTB Toolbar (HKLM-x32\...\DVDVideoSoftTB Toolbar) (Version: 6.3.3.3 - DVDVideoSoftTB)
Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
ESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
FIFA 13 (HKLM-x32\...\{A29E18C2-7AB1-4b6b-848C-5D5E2C85F0C0}) (Version: 1.0.0.0 - Electronic Arts)
Free YouTube to MP3 Converter version 3.11.34.1015 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.11.34.1015 - DVDVideoSoft Ltd.)
Game Dev Tycoon (HKLM-x32\...\Steam App 239820) (Version: - Greenheart Games)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version: - Garry)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.116 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
Gothic III (HKLM-x32\...\{02B244A2-7F6A-42E8-A36F-8C385D7A1625}) (Version: 1.0.0 - JoWooD Productions Software AG)
Grand Theft Auto IV (HKLM-x32\...\{579BA58C-F33D-4970-9953-B94B43768AC3}) (Version: 1.00.0000 - Rockstar Games)
Grand Theft Auto IV (x32 Version: 1.0.0013.131 - Rockstar Games Inc.) Hidden
Grand Theft Auto Vice City (HKLM-x32\...\{4B35F00C-E63D-40DC-9839-DF15A33EAC46}) (Version: 1.00.000 - )
Grand Theft Auto: Episodes From Liberty City (HKLM-x32\...\{61B8B2F9-D8DA-4B24-89A9-DB09F38A4899}) (Version: 1.1.0.0 - Rockstar Games)
Half-Life 2 (HKLM-x32\...\Steam App 220) (Version: - Valve)
Hitman: Codename 47 (HKLM-x32\...\Steam App 6900) (Version: - IO Interactive)
HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.4.10262.3295 - Hewlett-Packard)
HP Customer Experience Enhancements (x32 Version: 6.0.1.4 - Hewlett-Packard) Hidden
HP Documentation (HKLM-x32\...\{B360E24A-BF25-4353-AA79-1B54F509024A}) (Version: 1.0.0.0 - Hewlett-Packard)
HP Game Console (x32 Version: - WildTangent) Hidden
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.1.3 - WildTangent)
HP Officejet 6700 - Grundlegende Software für das Gerät (HKLM\...\{0E21ACD8-DA65-4FB6-AC75-AA626CBD2926}) (Version: 25.0.619.0 - Hewlett-Packard Co.)
HP Officejet 6700 Hilfe (HKLM-x32\...\{50DA41E2-0701-43E2-A8BB-FAA0CB64B28B}) (Version: 140.0.2.2 - Hewlett Packard)
HP Power Manager (HKLM-x32\...\{4B156358-CE9C-4E9F-8CAD-79AE86A68C60}) (Version: 1.0.3 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{E342D296-DB9D-4FC7-ACB0-39926C0BFA16}) (Version: 2.1.5 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{72D90DB3-A16A-4545-B555-868471101833}) (Version: 8.1.4186.3400 - Hewlett-Packard)
HP Software Framework (HKLM-x32\...\{B446137B-18A1-4FAE-B0E4-ABE8F09705F1}) (Version: 4.1.6.1 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{85DF2EED-08BC-46FB-90DA-28B0D0A8E8A8}) (Version: 5.003.000.004 - Hewlett-Packard)
HP Wireless Assistant (HKLM\...\{E342EC6B-5F25-47FE-B92C-DE616149B430}) (Version: 4.0.9.0 - Hewlett-Packard)
Hydrogen (HKLM-x32\...\Hydrogen) (Version: - )
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.2.1001 - Intel Corporation)
Intel(R) Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.02.00.1002 - Intel Corporation)
iTunes (HKLM\...\{0E5D76AD-A3FB-48D5-8400-8903B10317D3}) (Version: 11.0.1.12 - Apple Inc.)
Java 7 Update 13 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217013FF}) (Version: 7.0.130 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.0 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 20 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416020FF}) (Version: 6.0.200 - Sun Microsystems, Inc.)
Java(TM) 6 Update 22 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216022F0}) (Version: 6.0.220 - Oracle)
Java(TM) 6 Update 33 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216033FF}) (Version: 6.0.330 - Oracle)
JC2-MP version 0.0.11 (HKLM-x32\...\{7F12FECB-1D75-42D7-9074-D6FEA6D91E65}_is1) (Version: 0.0.11 - )
Junk Mail filter update (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Just Cause 2 (HKLM-x32\...\Steam App 8190) (Version: - Avalanche Studios)
Just Cause 2: Multiplayer Mod (HKLM-x32\...\Steam App 259080) (Version: - JC2-MP Team)
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2907 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.2907 - CyberLink Corp.) Hidden
LightScribe System Software (HKLM-x32\...\{46BA053F-57B3-4153-BDB6-D37EEC8B12D7}) (Version: 1.18.15.1 - LightScribe)
Mass Effect (HKLM-x32\...\{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}) (Version: 1.00 - Electronic Arts, Inc.)
Mass Effect 2 (HKLM-x32\...\{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}) (Version: 1.00 - Electronic Arts, Inc.)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.141.11 - McAfee, Inc.)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Extended DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft XML Parser (x32 Version: 8.0.7820.0 - Microsoft Corporation) Hidden
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mozilla Firefox 20.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 20.0.1 (x86 de)) (Version: 20.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 20.0.1 - Mozilla)
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML4 Parser (HKLM-x32\...\{01501EBA-EC35-4F9F-8889-3BE346E5DA13}) (Version: 1.0.0 - Microsoft Game Studios)
Mumble 1.2.3 (HKLM-x32\...\{C3E9887A-23BA-4777-8080-191A5AFCAB74}) (Version: 1.2.3 - Thorvald Natvig)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
NVIDIA PhysX (HKLM-x32\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA Corporation)
OpenOffice.org 3.3 (HKLM-x32\...\{4286716B-1287-48E7-9078-3DC8248DBA96}) (Version: 3.3.9567 - OpenOffice.org)
Origin (HKLM-x32\...\Origin) (Version: 8.6.0.357 - Electronic Arts, Inc.)
PhotoNow! (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.6904 - CyberLink Corp.)
PhotoNow! (x32 Version: 1.1.6904 - CyberLink Corp.) Hidden
Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4204 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.4204 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.3003 - CyberLink Corp.)
PowerDirector (x32 Version: 8.0.3003 - CyberLink Corp.) Hidden
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
QuickTime (HKLM-x32\...\{7BE15435-2D3E-4B58-867F-9C75BED0208C}) (Version: 7.71.80.42 - Apple Inc.)
Race Driver 3 (HKLM-x32\...\{A137D52E-FA96-4815-85F5-E7B8F66837DB}) (Version: 1.00.0000 - Codemasters)
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.21.531.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6066 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30105 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.3023 - CyberLink Corp.) Hidden
Rockstar Games Social Club (HKLM-x32\...\{08B3869E-D282-424C-9AFC-870E04A4BA14}) (Version: 1.00.0000 - Rockstar Games)
RtVOsd (HKLM\...\{F3D7AC17-1FF4-41A8-BB18-3FC39C65AEB9}) (Version: 1.0.3 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) Hidden
SimCity 4 Deluxe (HKLM-x32\...\Steam App 24780) (Version: - EA - Maxis)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Star Wars Jedi Knight Jedi Academy (HKLM-x32\...\{0D994CC5-819F-4657-84DD-397B8FE1EA80}) (Version: - )
Star Wars JK II Jedi Outcast (HKLM-x32\...\{576E71DA-3000-48F6-9B21-B9A70D47DFCF}) (Version: - )
Star Wars(TM): Knights of the Old Republic (TM) (HKLM-x32\...\{2A9A40C7-6670-4D5F-8F41-D12E2E08B48B}) (Version: - )
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Stonehearth (HKLM-x32\...\Steam App 253250) (Version: - )
Stronghold (HKLM-x32\...\{C917BA70-28A3-4C74-B163-41FD8C8E1A5A}) (Version: 1.20.0000 - Firefly Studios)
Studie zur Verbesserung von HP Officejet 6700 Produkten (HKLM\...\{432CEBFF-B669-4614-9BFF-42A56F0CC86E}) (Version: 25.0.619.0 - Hewlett-Packard Co.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.17.0 - Synaptics Incorporated)
Terraria (HKLM-x32\...\Steam App 105600) (Version: - Re-Logic)
Text-To-Speech-Runtime (HKLM-x32\...\{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}) (Version: 1.0.0.0 - Magix Development GmbH)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2473228) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{C70D2038-A2C4-4A99-87DE-5272BB44F0CE}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{83B1B530-7D9E-4C6A-907F-E979CEE9C295}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{40EC8FB1-5202-469D-9232-C28FB1C6FC64}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft)
Update for Microsoft Visio 2010 (KB2553444) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{799005D3-9B70-4219-AFE0-BC479614CC4D}) (Version: - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{8C55AA83-54C2-4236-A622-78440A411DC5}) (Version: - Microsoft)
VirtualDJ Home FREE (HKLM-x32\...\{5E1375CB-6792-4464-8715-CC3EC83D48FA}) (Version: 7.0.5 - Atomix Productions)
Windows Live Call (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Live Mail (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{586509F0-350D-48B5-B763-9CC2F8D96C4C}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live Writer (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
XMedia Recode Version 3.1.1.6 (HKLM-x32\...\{DDA3C325-47B2-4730-9672-BF3771C08799}_is1) (Version: 3.1.1.6 - XMedia Recode)
==================== Restore Points =========================
==================== Hosts content: ==========================
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {069E01CD-EFC8-49FF-B977-C8C56825644C} - System32\Tasks\{55D544D8-2264-4D2C-A9B7-04A96EC665C5} => C:\Program Files (x86)\LucasArts\Star Wars Jedi Knight Jedi Academy\GameData\jasp.exe
Task: {0CADB006-A5AB-41E7-ADB0-FBAE247D157F} - System32\Tasks\{CBC73FA8-0847-4DBC-822B-3784887977A2} => C:\Program Files (x86)\Gothic III\kupdate.exe [2010-05-26] ()
Task: {10249577-7F93-47BF-8CDE-684063FE0F8B} - System32\Tasks\eff2f6e0 => C:\Users\Max\AppData\Local\Temp\\setup2956765536.exe <==== ATTENTION
Task: {12823AB0-64C7-490F-9E7D-4412CBD1947E} - System32\Tasks\4e3ad290 => C:\Users\Max\AppData\Local\Temp\\setup202072288.exe <==== ATTENTION
Task: {26EDA6A2-153E-4E8A-B6FD-0017D48390BC} - System32\Tasks\{BC98B325-9119-4CE3-B834-FBBFFB6A567E} => C:\Program Files (x86)\Gothic III\kupdate.exe [2010-05-26] ()
Task: {2AE1E04E-F349-4B66-AE20-F6B3FE1F73A2} - System32\Tasks\506bb1e0 => C:\Users\Max\AppData\Local\Temp\\setup2218195612.exe <==== ATTENTION
Task: {2B3E0CFA-7874-48DF-8918-D9B6E8B937A9} - System32\Tasks\b5575910 => C:\Users\Max\AppData\Local\Temp\\setup2487194976.exe <==== ATTENTION
Task: {355BA4C5-2A8E-4469-9C57-002C13C71274} - System32\Tasks\e2ba0040 => C:\Users\Max\AppData\Local\Temp\\setup1748233724.exe <==== ATTENTION
Task: {3A4E4503-15DB-45C1-B351-051FE6A2FB59} - System32\Tasks\3249ef9c => C:\Users\Max\AppData\Local\Temp\\setup3768273564.exe <==== ATTENTION
Task: {3B0E6957-AD51-4858-ABFC-BDF25BDFF492} - System32\Tasks\HP online update program => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [2011-03-24] (Hewlett-Packard)
Task: {3E4057E4-0B77-4D56-AE79-DC2E65233A5C} - System32\Tasks\8c11a760 => C:\Users\Max\AppData\Local\Temp\\setup1794767200.exe <==== ATTENTION
Task: {41AD44FF-4ACE-4FE7-B583-1A46454CD3A3} - System32\Tasks\b89eb120 => C:\Users\Max\AppData\Local\Temp\\setup1987007776.exe <==== ATTENTION
Task: {44DF250E-0304-444B-818C-4D8BA5E1BB5F} - System32\Tasks\5b9b9080 => C:\Users\Max\AppData\Local\Temp\\setup981721728.exe <==== ATTENTION
Task: {460FBFE2-EB70-43B5-9B1A-834987F57998} - System32\Tasks\{96013F2C-1936-4B8A-A5B9-CE3EE3DF24AA} => C:\Program Files (x86)\Cod\iw3mp.exe
Task: {491750A2-E03B-4EA2-BF15-EBFA31E14509} - System32\Tasks\f1f224e8 => C:\Users\Max\AppData\Local\Temp\\setup2688771364.exe <==== ATTENTION
Task: {4AA04495-CD60-4E30-BBA3-C05BA23B4D96} - System32\Tasks\f48c5280 => C:\Users\Max\AppData\Local\Temp\\setup2992431312.exe <==== ATTENTION
Task: {4D327419-5F9B-43BD-9731-2B400B624158} - System32\Tasks\{B6752B1D-D627-4E9A-9734-1DD24BE9A227} => C:\Program Files (x86)\Sunflowers\ParaWorld\Bin\Paraworld.exe
Task: {568945A4-8E81-4DD5-AAF4-45927A8056CB} - System32\Tasks\e16f7c58 => C:\Users\Max\AppData\Local\Temp\\setup575443928.exe <==== ATTENTION
Task: {5DA67CD7-08B9-4F0B-8E4C-1B8FFE5015C0} - System32\Tasks\3fd7e54c => C:\Users\Max\AppData\Local\Temp\\setup385913548.exe <==== ATTENTION
Task: {5E61FA15-D57D-4B91-BCED-6E4CAE5CC4BC} - System32\Tasks\2cc38aac => C:\Users\Max\AppData\Local\Temp\\setup3977067820.exe <==== ATTENTION
Task: {5F318655-D372-4D5F-A08F-6EEFADA3D08C} - System32\Tasks\566a33d0 => C:\Users\Max\AppData\Local\Temp\\setup894600656.exe <==== ATTENTION
Task: {5F5C9125-354B-488C-A28B-DA534CCF60B3} - System32\Tasks\{7A139053-2673-487B-BF40-AF348012740B} => C:\Program Files (x86)\LucasArts\Star Wars Jedi Knight Jedi Academy\GameData\jasp.exe
Task: {606DF661-439E-4FB6-ADBB-3346EB2736B6} - System32\Tasks\7600fdd0 => C:\Users\Max\AppData\Local\Temp\\setup1294576464.exe <==== ATTENTION
Task: {650C77E3-995B-4B3A-89E3-AD6B63E0C155} - System32\Tasks\c176908c => C:\Users\Max\AppData\Local\Temp\\setup1875372940.exe <==== ATTENTION
Task: {653E9474-F727-4CF1-BCA9-8C0F01B14518} - System32\Tasks\4c8e2be8 => C:\Users\Max\AppData\Local\Temp\\setup4208953064.exe <==== ATTENTION
Task: {6773042F-6233-4645-9622-C65233800AD2} - System32\Tasks\30ed0530 => C:\Users\Max\AppData\Local\Temp\\setup3450207024.exe <==== ATTENTION
Task: {6AF21D9B-19D5-4D81-BA64-E21FA3040730} - System32\Tasks\{FA5D3FA5-FF2F-41CD-B367-6C8458E42927} => C:\Program Files (x86)\LucasArts\Star Wars Jedi Knight Jedi Academy\GameData\jasp.exe
Task: {73BA13DE-ECE3-4AB9-9727-643AF92DE397} - System32\Tasks\{B38F38EA-0E13-4723-815B-523CF9549B50} => C:\Program Files (x86)\Mass Effect\MassEffectLauncher.exe [2008-05-30] (BioWare)
Task: {792BA295-C36C-40EA-959A-0359A4595AA6} - System32\Tasks\{BB4A9999-A07A-4CA3-BF25-06836AC962C5} => C:\Program Files (x86)\Gothic III\kupdate.exe [2010-05-26] ()
Task: {7C3CFD1E-705F-4DD7-AC86-F6D546B31A69} - System32\Tasks\{30D4D0D3-5DFB-4E4D-BF2B-C053C7D0CF84} => C:\Program Files (x86)\LucasArts\Star Wars Jedi Knight Jedi Academy\GameData\jasp.exe
Task: {7D840BC0-59E8-40A1-A0BF-CEBDB971014F} - System32\Tasks\8017e360 => C:\Users\Max\AppData\Local\Temp\\setup1038643632.exe <==== ATTENTION
Task: {816ECE40-44B6-4538-AD7F-2F4EE3387888} - System32\Tasks\3e903240 => C:\Users\Max\AppData\Local\Temp\\setup4087560928.exe <==== ATTENTION
Task: {851ADFEF-D0C0-444D-90EE-C09088AECD91} - System32\Tasks\{17097FDE-7F66-46D6-9201-10AD4313EE19} => C:\Program Files (x86)\LucasArts\Star Wars Jedi Knight Jedi Academy\GameData\jasp.exe
Task: {9041548B-B7F0-45C6-B550-34A3A2E0EFCE} - System32\Tasks\ca15a8c4 => C:\Users\Max\AppData\Local\Temp\\setup2321505092.exe <==== ATTENTION
Task: {9E4AE5FE-A103-4561-BC6A-06311DFFD728} - System32\Tasks\{A80481C5-9F1E-4950-A983-2CA053425F70} => C:\Program Files (x86)\Mass Effect\MassEffectLauncher.exe [2008-05-30] (BioWare)
Task: {AA9E71C6-92F3-4543-92CE-CF2F79EC2E56} - System32\Tasks\2c35bbcc => C:\Users\Max\AppData\Local\Temp\\setup3666286284.exe <==== ATTENTION
Task: {B02FC8F9-1697-4CAA-811D-E8C0A80B5186} - System32\Tasks\{8B968D8B-EDEF-4056-B498-5B6EBCBE5395} => C:\Program Files (x86)\Sunflowers\ParaWorld\Bin\Paraworld.exe
Task: {B29D891B-D042-4B43-85C1-6FF298A01C05} - System32\Tasks\{F09F8CAE-AA94-418A-A3F7-A1C5EB6D0D9C} => C:\Program Files (x86)\Mass Effect\MassEffectLauncher.exe [2008-05-30] (BioWare)
Task: {B339D840-6141-4268-8D10-A314D2E89466} - System32\Tasks\{1EEF1AF3-0ECE-43CF-A627-4A7E61C37DE6} => C:\Program Files (x86)\Gothic III\kupdate.exe [2010-05-26] ()
Task: {B3600512-F11C-4DF1-A8DD-AAC232C72C11} - System32\Tasks\1fc92a0 => C:\Users\Max\AppData\Local\Temp\\setup3217897120.exe <==== ATTENTION
Task: {B85299A5-1063-43FA-BA10-6F7DB8E3C231} - System32\Tasks\e98d1ea4 => C:\Users\Max\AppData\Local\Temp\\setup2849427748.exe <==== ATTENTION
Task: {B87A6C61-1EEC-4F7E-B291-C84FE71191C9} - System32\Tasks\{E679176B-5EE3-47C2-A771-26CBB9D0760A} => C:\Program Files (x86)\Rockstar Games\Grand Theft Auto San Andreas\gta_sa.exe
Task: {C25BBC51-81A9-4BA0-B2D3-B794C16D8C60} - System32\Tasks\e8abf02c => C:\Users\Max\AppData\Local\Temp\\setup1765751400.exe <==== ATTENTION
Task: {C6B7D9C4-9218-4E96-AB14-28F783F09B2E} - System32\Tasks\169bcb00 => C:\Users\Max\AppData\Local\Temp\\setup3008670544.exe <==== ATTENTION
Task: {CF0A15CC-76E8-4A86-A34F-D842DE4F0A5E} - System32\Tasks\4c82e720 => C:\Users\Max\AppData\Local\Temp\\setup173247264.exe <==== ATTENTION
Task: {D204A35D-8D77-41F9-A13A-09F2A4912D49} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2009-07-14] (Microsoft Corporation)
Task: {D24879A6-1919-4790-9A5B-E5340B4FECD0} - System32\Tasks\HPCeeScheduleForMax => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05] (Hewlett-Packard)
Task: {D65E7082-BA62-4746-A875-8610EDCC6A53} - System32\Tasks\{95A45462-26B0-4A57-9123-DA2D651D101F} => C:\PW\Bin\Paraworld.exe
Task: {D80E28BB-8262-419F-A8C1-A80DF7575AFA} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {D898D84E-E61E-491F-8BFA-85016FC23E1F} - System32\Tasks\Hewlett-Packard\HP Assistant\HPSA Upgrade => C:\ProgramData\Hewlett-Packard\HPSAUpgrade3\HpSAUpgrade.exe [2011-08-11] (Hewlett-Packard)
Task: {D9F98C51-F502-46D7-9458-E932E49F25B6} - System32\Tasks\79535120 => C:\Users\Max\AppData\Local\Temp\\setup925103392.exe <==== ATTENTION
Task: {DA21E9D8-E834-4593-83F5-5C8CA81905F8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-11] (Google Inc.)
Task: {E15C4936-C407-4391-A34F-E796A5648DF3} - System32\Tasks\6adf6eb0 => C:\Users\Max\AppData\Local\Temp\\setup682627760.exe <==== ATTENTION
Task: {E3999CCE-2C5A-449E-AA5A-4FCAA59CAE8B} - System32\Tasks\179c35e0 => C:\Users\Max\AppData\Local\Temp\\setup3025480672.exe <==== ATTENTION
Task: {E72E7B89-4CBA-4CB7-93DF-B6A31B54F64F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-11] (Google Inc.)
Task: {EA18FC93-18C3-4A5A-811F-EE0E5933D592} - System32\Tasks\RecoveryCDWin7 => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-05-25] ()
Task: {EC9B47DB-9481-46E5-BB50-A67FC337510F} - System32\Tasks\3535994 => C:\Users\Max\AppData\Local\Temp\\setup2980354512.exe <==== ATTENTION
Task: {ED034346-A195-47B6-B084-D1F47BAECD1D} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2012-07-03] (Sun Microsystems, Inc.)
Task: {F23C7022-2DA9-4548-8007-E42B03DC670E} - System32\Tasks\{72E3DCFD-4D51-4116-9DCB-88CFC020C322} => C:\PW\bin\Paraworld.exe
Task: {FD73F931-DB02-4914-9025-FB23C183556A} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04] (Adobe Systems Incorporated)
Task: {FE93707C-3507-4037-AB54-87CDF4B8B004} - System32\Tasks\HPCustParticipation HP Officejet 6700 => C:\Program Files\HP\HP Officejet 6700\Bin\HPCustPartic.exe [2011-09-09] (Hewlett-Packard Co.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForMax.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
==================== Loaded Modules (whitelisted) =============
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2011-01-10 15:57 - 2010-03-15 11:28 - 00166400 _____ () C:\Program Files (x86)\WinRAR\rarext.dll
2010-07-02 11:51 - 2010-07-02 11:51 - 00027192 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
2010-02-09 19:01 - 2010-02-09 19:01 - 01712184 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe
2011-03-14 14:21 - 2011-03-14 14:21 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2011-05-24 23:50 - 2011-05-24 23:50 - 00243712 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2010-06-18 16:26 - 2010-06-18 16:26 - 00030264 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_LogicLayer.dll
2010-06-18 16:26 - 2010-06-18 16:26 - 00052280 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HardwareAccess.dll
2010-06-18 16:26 - 2010-06-18 16:26 - 00267832 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPCommon.XmlSerializers.dll
2013-08-06 17:05 - 2013-08-05 16:59 - 00394824 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2011-11-02 00:26 - 2011-11-02 00:26 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-11-02 00:26 - 2011-11-02 00:26 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2010-05-19 10:05 - 2010-05-19 10:05 - 02121728 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
2010-05-19 10:05 - 2010-05-19 10:05 - 07745536 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
2010-05-19 10:05 - 2010-05-19 10:05 - 00135168 _____ () C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
2011-01-17 16:19 - 2012-05-01 19:26 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
2013-10-18 18:46 - 2013-10-18 18:46 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\9e5dc5d1c75de12100f8c1d8c65de002\IsdiInterop.ni.dll
2010-10-13 18:01 - 2010-04-13 09:52 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2010-02-09 18:58 - 2010-02-09 18:58 - 00061440 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
2010-02-09 18:58 - 2010-02-09 18:58 - 00131072 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
2010-02-09 18:58 - 2010-02-09 18:58 - 00040960 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll
2010-02-09 18:58 - 2010-02-09 18:58 - 00005632 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll
2010-02-09 18:58 - 2010-02-09 18:58 - 00018944 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll
2010-02-09 18:58 - 2010-02-09 18:58 - 00036864 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll
2010-02-09 18:58 - 2010-02-09 18:58 - 00007680 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\Users\Max\Anwendungsdaten:NT
AlternateDataStreams: C:\Users\Max\AppData\Roaming:NT
==================== Safe Mode (whitelisted) ===================
==================== Disabled items from MSCONFIG ==============
MSCONFIG\startupreg: ffdwnd => C:\Users\Max\AppData\Local\Mozilla\Firefox\firefox.exe
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (04/13/2014 04:42:33 PM) (Source: CVHSVC) (User: )
Description: Nur zur Information.
(Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar. Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.
Error: (04/13/2014 11:35:24 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: HPWMISVC.exe, Version: 2.0.14.0, Zeitstempel: 0x4c175e63
Name des fehlerhaften Moduls: HPWMISVC.exe, Version: 2.0.14.0, Zeitstempel: 0x4c175e63
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000016d5
ID des fehlerhaften Prozesses: 0x53c
Startzeit der fehlerhaften Anwendung: 0xHPWMISVC.exe0
Pfad der fehlerhaften Anwendung: HPWMISVC.exe1
Pfad des fehlerhaften Moduls: HPWMISVC.exe2
Berichtskennung: HPWMISVC.exe3
Error: (04/13/2014 02:32:16 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: HPWMISVC.exe, Version: 2.0.14.0, Zeitstempel: 0x4c175e63
Name des fehlerhaften Moduls: HPWMISVC.exe, Version: 2.0.14.0, Zeitstempel: 0x4c175e63
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000016d5
ID des fehlerhaften Prozesses: 0x40c
Startzeit der fehlerhaften Anwendung: 0xHPWMISVC.exe0
Pfad der fehlerhaften Anwendung: HPWMISVC.exe1
Pfad des fehlerhaften Moduls: HPWMISVC.exe2
Berichtskennung: HPWMISVC.exe3
Error: (04/13/2014 02:10:32 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: HPWMISVC.exe, Version: 2.0.14.0, Zeitstempel: 0x4c175e63
Name des fehlerhaften Moduls: HPWMISVC.exe, Version: 2.0.14.0, Zeitstempel: 0x4c175e63
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000016d5
ID des fehlerhaften Prozesses: 0xc1c
Startzeit der fehlerhaften Anwendung: 0xHPWMISVC.exe0
Pfad der fehlerhaften Anwendung: HPWMISVC.exe1
Pfad des fehlerhaften Moduls: HPWMISVC.exe2
Berichtskennung: HPWMISVC.exe3
Error: (04/13/2014 01:02:57 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8523801
Error: (04/13/2014 01:02:57 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8523801
Error: (04/13/2014 01:02:57 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (04/12/2014 10:41:01 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7239
Error: (04/12/2014 10:41:01 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7239
Error: (04/12/2014 10:41:01 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
System errors:
=============
Error: (04/14/2014 11:55:08 AM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (04/14/2014 11:54:14 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "lirsgt" wurde aufgrund folgenden Fehlers nicht gestartet:
%%577
Error: (04/14/2014 11:54:13 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet:
%%577
Error: (04/13/2014 04:32:55 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (04/13/2014 04:32:23 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "lirsgt" wurde aufgrund folgenden Fehlers nicht gestartet:
%%577
Error: (04/13/2014 04:32:23 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet:
%%577
Error: (04/13/2014 01:09:00 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Diagnosediensthost" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069
Error: (04/13/2014 01:09:00 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "WdiServiceHost" konnte sich nicht als "NT AUTHORITY\LocalService" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%50
Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).
Error: (04/13/2014 01:09:00 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069
Error: (04/13/2014 01:09:00 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "WSearch" konnte sich nicht als "NT AUTHORITY\SYSTEM" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%50
Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).
Microsoft Office Sessions:
=========================
Error: (04/13/2014 04:42:33 PM) (Source: CVHSVC)(User: )
Description: (Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar. Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.
Error: (04/13/2014 11:35:24 AM) (Source: Application Error)(User: )
Description: HPWMISVC.exe2.0.14.04c175e63HPWMISVC.exe2.0.14.04c175e63c0000005000016d553c01cf56fb8435fd19C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exeC:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exeefb12952-c2ee-11e3-a4a1-002682b564ba
Error: (04/13/2014 02:32:16 AM) (Source: Application Error)(User: )
Description: HPWMISVC.exe2.0.14.04c175e63HPWMISVC.exe2.0.14.04c175e63c0000005000016d540c01cf56af8deaa857C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exeC:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe0fb5a832-c2a3-11e3-b2d8-f3017fbf4af4
Error: (04/13/2014 02:10:32 AM) (Source: Application Error)(User: )
Description: HPWMISVC.exe2.0.14.04c175e63HPWMISVC.exe2.0.14.04c175e63c0000005000016d5c1c01cf56aca5f18507C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exeC:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe069b1646-c2a0-11e3-a887-002682b564ba
Error: (04/13/2014 01:02:57 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8523801
Error: (04/13/2014 01:02:57 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8523801
Error: (04/13/2014 01:02:57 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (04/12/2014 10:41:01 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7239
Error: (04/12/2014 10:41:01 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7239
Error: (04/12/2014 10:41:01 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
CodeIntegrity Errors:
===================================
Date: 2014-04-14 11:54:14.269
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\lirsgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-04-14 11:54:14.175
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\lirsgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-04-14 11:54:13.005
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\atksgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-04-14 11:54:12.912
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\atksgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-04-13 16:32:23.899
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\lirsgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-04-13 16:32:23.774
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\lirsgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-04-13 16:32:23.524
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\atksgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-04-13 16:32:23.384
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\atksgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-04-13 13:08:36.525
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\lirsgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-04-13 13:08:36.405
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\lirsgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Percentage of memory in use: 41%
Total physical RAM: 3893.86 MB
Available physical RAM: 2290.02 MB
Total Pagefile: 7785.86 MB
Available Pagefile: 5769.27 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:281.98 GB) (Free:7.41 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:15.82 GB) (Free:2.28 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (LE_SAVE) (Removable) (Total:0.96 GB) (Free:0.94 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 298 GB) (Disk ID: CB9E9924)
Partition: GPT Partition Type.
========================================================
Disk: 1 (Size: 983 MB) (Disk ID: 00000000)
Partition: GPT Partition Type.
==================== End Of Log ============================
|
|
15.04.2014, 10:34
| #6 |
| /// the machine /// TB-Ausbilder | Bundesamt für Sicherheit-Trojaner - Abgsichter Modus fährt direkt wieder herunter hi, Scan mit Combofix
__________________ --> Bundesamt für Sicherheit-Trojaner - Abgsichter Modus fährt direkt wieder herunter |
|
15.04.2014, 11:19
| #7 |
| | Bundesamt für Sicherheit-Trojaner - Abgsichter Modus fährt direkt wieder herunter Hallo, habs wie beschrieben durchgeführt, gab auch keine Probleme. Log ist anbei. Kurze Frage am Rande: Kann ich schon wieder andere Programme wie z.B. Word oder Excel benutzen oder muss ich damit noch warten? Laptop bleibt weiterhin vom Internet getrennt! Viele Grüße Code:
ATTFilter ComboFix 14-04-12.01 - Max 15.04.2014 11:58:08.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.49.1031.18.3894.2303 [GMT 2:00]
ausgeführt von:: c:\users\Max\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Max\4.0
c:\windows\IsUn0407.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-03-15 bis 2014-04-15 ))))))))))))))))))))))))))))))
.
.
2014-04-13 21:24 . 2014-04-14 09:58 -------- d-----w- C:\FRST
2014-04-12 09:06 . 2014-03-07 04:43 10521840 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F8FE383C-F4E5-470D-9CD2-273039EFFBC2}\mpengine.dll
2014-04-07 19:56 . 2014-04-07 19:56 0 ----a-w- c:\windows\SysWow64\sho7A23.tmp
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-04-09 16:31 . 2011-05-06 15:19 90655440 ----a-w- c:\windows\system32\MRT.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files (x86)\DVDVideoSoftTB\prxtbDVDV.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 ----a-w- c:\program files (x86)\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2011-01-17 14:54 175912 ----a-w- c:\program files (x86)\DVDVideoSoftTB\prxtbDVDV.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files (x86)\DVDVideoSoftTB\prxtbDVDV.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPAdvisorDock"="c:\program files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe" [2010-02-09 1712184]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-05-19 2736128]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"HP Officejet 6700 (NET)"="c:\program files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe" [2011-09-09 2676584]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-10-11 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-04-13 284696]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-07-02 602680]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-05-24 336384]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-02-21 689744]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2013-05-08 41056]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
.
c:\users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
Tintenwarnungen überwachen - HP Officejet 6700 (Netzwerk).lnk - c:\windows\system32\RunDll32.exe "c:\program files\HP\HP Officejet 6700\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN1CU1H1TS05RQ;CONNECTION=NW;MONITOR=1; [2009-7-14 45568]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.141\SSScheduler.exe [2014-1-16 329944]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
"EnableLUA"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"HP Software Update"=c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 RtVOsdService;RtVOsdService Installer;c:\program files\Realtek\RtVOsd\RtVOsdService.exe;c:\program files\Realtek\RtVOsd\RtVOsdService.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.141\McCHSvc.exe;c:\program files\McAfee Security Scan\3.8.141\McCHSvc.exe [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 X6va012;X6va012;c:\windows\SysWOW64\Drivers\X6va012;c:\windows\SysWOW64\Drivers\X6va012 [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
R4 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe;c:\windows\SYSNATIVE\ezSharedSvcHost.exe [x]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys;c:\windows\SYSNATIVE\DRIVERS\igdpmd64.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-05-19 08:36 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-04-12 10:14 1077576 ----a-w- c:\program files (x86)\Google\Chrome\Application\34.0.1847.116\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-04-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-11 18:53]
.
2014-04-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-11 18:53]
.
2014-04-10 c:\windows\Tasks\HPCeeScheduleForMax.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05 01:53]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2010-03-13 6234144]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-06-22 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-06-22 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-06-22 414744]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-06-18 8192]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: An OneNote s&enden - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: Free YouTube to MP3 Converter - c:\users\Max\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
FF - ProfilePath - c:\users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\jmhzq83h.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Wikipedia (de)
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2269050&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-Easybits Recovery - c:\program files (x86)\EasyBits For Kids\ezRecover.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
WebBrowser-{872B5B88-9DB5-4310-BDD0-AC189557E5F5} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va012]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va012"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3566709276-7339287-2280055418-1000\Software\SecuROM\License information*]
"datasecu"=hex:d4,f0,af,bc,fe,d3,d6,d4,4c,a4,74,4a,24,6b,16,71,6d,72,9d,02,87,
e8,2b,33,51,4f,68,c9,d0,7a,df,d3,dd,66,27,6e,9a,bf,b0,36,e2,df,f2,19,2d,73,\
"rkeysecu"=hex:72,a0,aa,7b,28,f0,a1,28,b2,e1,5a,91,f7,d0,95,0a
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
"Key"="ActionsPane3"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-04-15 12:13:52
ComboFix-quarantined-files.txt 2014-04-15 10:13
.
Vor Suchlauf: 7.622.983.680 Bytes frei
Nach Suchlauf: 8.757.788.672 Bytes frei
.
- - End Of File - - 77D20600DEDD130F6EF4C14C9E7114BC
|
|
16.04.2014, 10:05
| #8 |
| /// the machine /// TB-Ausbilder | Bundesamt für Sicherheit-Trojaner - Abgsichter Modus fährt direkt wieder herunter die kannste nutzen  Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
16.04.2014, 12:52
| #9 |
| | Bundesamt für Sicherheit-Trojaner - Abgsichter Modus fährt direkt wieder herunter Hallo, anbei alle Dateien in genannter Reihenfolge Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Protection, 16.04.2014 13:00:18, SYSTEM, MAX-HP, Protection, Malware Protection, Starting, Protection, 16.04.2014 13:00:18, SYSTEM, MAX-HP, Protection, Malware Protection, Started, Protection, 16.04.2014 13:00:18, SYSTEM, MAX-HP, Protection, Malicious Website Protection, Starting, Protection, 16.04.2014 13:00:19, SYSTEM, MAX-HP, Protection, Malicious Website Protection, Started, Update, 16.04.2014 13:02:16, SYSTEM, MAX-HP, Manual, Rootkit Database, 2014.2.20.1, 2014.3.27.1, Update, 16.04.2014 13:02:41, SYSTEM, MAX-HP, Manual, Malware Database, 2014.3.4.9, 2014.4.16.4, Protection, 16.04.2014 13:02:42, SYSTEM, MAX-HP, Protection, Refresh, Starting, Protection, 16.04.2014 13:02:42, SYSTEM, MAX-HP, Protection, Malicious Website Protection, Stopping, Protection, 16.04.2014 13:02:42, SYSTEM, MAX-HP, Protection, Malicious Website Protection, Stopped, Protection, 16.04.2014 13:02:46, SYSTEM, MAX-HP, Protection, Refresh, Success, Protection, 16.04.2014 13:02:46, SYSTEM, MAX-HP, Protection, Malicious Website Protection, Starting, Protection, 16.04.2014 13:02:46, SYSTEM, MAX-HP, Protection, Malicious Website Protection, Started, Update, 16.04.2014 13:15:52, SYSTEM, MAX-HP, Scheduler, Malware Database, 2014.4.16.4, 2014.4.16.5, Protection, 16.04.2014 13:15:53, SYSTEM, MAX-HP, Protection, Refresh, Starting, Protection, 16.04.2014 13:15:53, SYSTEM, MAX-HP, Protection, Malicious Website Protection, Stopping, Protection, 16.04.2014 13:15:53, SYSTEM, MAX-HP, Protection, Malicious Website Protection, Stopped, Protection, 16.04.2014 13:16:35, SYSTEM, MAX-HP, Protection, Refresh, Success, Protection, 16.04.2014 13:16:35, SYSTEM, MAX-HP, Protection, Malicious Website Protection, Starting, Protection, 16.04.2014 13:16:36, SYSTEM, MAX-HP, Protection, Malicious Website Protection, Started, Protection, 16.04.2014 13:27:01, SYSTEM, MAX-HP, Protection, Malware Protection, Starting, Protection, 16.04.2014 13:27:02, SYSTEM, MAX-HP, Protection, Malware Protection, Started, Protection, 16.04.2014 13:27:03, SYSTEM, MAX-HP, Protection, Malicious Website Protection, Starting, Protection, 16.04.2014 13:27:11, SYSTEM, MAX-HP, Protection, Malicious Website Protection, Started, (end) Code:
ATTFilter # AdwCleaner v3.023 - Bericht erstellt am 16/04/2014 um 13:33:54
# Aktualisiert 01/04/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium (64 bits)
# Benutzername : Max - MAX-HP
# Gestartet von : C:\Users\Max\Desktop\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\ICQ\ICQToolbar
Ordner Gelöscht : C:\Program Files (x86)\Conduit
Ordner Gelöscht : C:\Program Files (x86)\ConduitEngine
Ordner Gelöscht : C:\Program Files (x86)\DVDVideoSoftTB
Ordner Gelöscht : C:\Program Files (x86)\ICQ6Toolbar
Ordner Gelöscht : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
Ordner Gelöscht : C:\Users\Max\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\Max\AppData\Local\CrashRpt
Ordner Gelöscht : C:\Users\Max\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Max\AppData\LocalLow\ConduitEngine
Ordner Gelöscht : C:\Users\Max\AppData\LocalLow\DVDVideoSoftTB
Ordner Gelöscht : C:\Users\Max\AppData\LocalLow\PriceGong
Ordner Gelöscht : C:\Users\Max\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\jmhzq83h.default\Conduit
Ordner Gelöscht : C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\jmhzq83h.default\ConduitEngine
Ordner Gelöscht : C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\jmhzq83h.default\ICQToolbarData
Ordner Gelöscht : C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\jmhzq83h.default\CT2269050
Ordner Gelöscht : C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\jmhzq83h.default\Extensions\{800B5000-A755-47E1-992B-48A1C1357F07}
Ordner Gelöscht : C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\jmhzq83h.default\Extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
Ordner Gelöscht : C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\jmhzq83h.default\Extensions\engine@conduit.com
Datei Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
Datei Gelöscht : C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\jmhzq83h.default\searchplugins\Conduit.xml
Datei Gelöscht : C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\jmhzq83h.default\searchplugins\icqplugin.xml
Datei Gelöscht : C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\jmhzq83h.default\searchplugins\icqplugin-1.xml
Datei Gelöscht : C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\jmhzq83h.default\searchplugins\icqplugin-2.xml
Datei Gelöscht : C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\jmhzq83h.default\searchplugins\icqplugin-3.xml
Datei Gelöscht : C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\jmhzq83h.default\user.js
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\ICQ\ICQToolBar
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Conduit.Engine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\14919ea49a8f3b4aa3cf1058d9a64cec
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2269050
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_hydrogen_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_hydrogen_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_mumble_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_mumble_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6801AC3B-079F-4383-9EED-4687150A0A18}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6801AC3B-079F-4383-9EED-4687150A0A18}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E57129A6-F9BF-45A0-99B5-3BEA7A391108}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FD821224-DA68-401B-9A83-4F8747572295}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E3C6EA77-73B1-4636-B1FA-E1271ABE157B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\conduitEngine
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\DVDVideoSoftTB
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\conduitEngine
Schlüssel Gelöscht : HKLM\Software\dt soft\daemon tools toolbar
Schlüssel Gelöscht : HKLM\Software\DVDVideoSoftTB
Schlüssel Gelöscht : HKLM\Software\ICQ\ICQToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DVDVideoSoftTB Toolbar
***** [ Browser ] *****
-\\ Internet Explorer v8.0.7600.17267
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
-\\ Mozilla Firefox v20.0.1 (de)
[ Datei : C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\jmhzq83h.default\prefs.js ]
Zeile gelöscht : user_pref("CT2269050..clientLogIsEnabled", true);
Zeile gelöscht : user_pref("CT2269050..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
Zeile gelöscht : user_pref("CT2269050..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
Zeile gelöscht : user_pref("CT2269050.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Zeile gelöscht : user_pref("CT2269050.AppTrackingLastCheckTime", "Sat Nov 12 2011 22:51:10 GMT+0100");
Zeile gelöscht : user_pref("CT2269050.CT2269050", "CT2269050");
Zeile gelöscht : user_pref("CT2269050.CurrentServerDate", "13-11-2011");
Zeile gelöscht : user_pref("CT2269050.DialogsAlignMode", "LTR");
Zeile gelöscht : user_pref("CT2269050.DialogsGetterLastCheckTime", "Fri Oct 07 2011 18:48:31 GMT+0200");
Zeile gelöscht : user_pref("CT2269050.DownloadReferralCookieData", "");
Zeile gelöscht : user_pref("CT2269050.EMailNotifierPollDate", "Sat Nov 12 2011 22:50:57 GMT+0100");
Zeile gelöscht : user_pref("CT2269050.FirstServerDate", "7-4-2011");
Zeile gelöscht : user_pref("CT2269050.FirstTime", true);
Zeile gelöscht : user_pref("CT2269050.FirstTimeFF3", true);
Zeile gelöscht : user_pref("CT2269050.FixPageNotFoundErrors", true);
Zeile gelöscht : user_pref("CT2269050.GroupingServerCheckInterval", 1440);
Zeile gelöscht : user_pref("CT2269050.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Zeile gelöscht : user_pref("CT2269050.HasUserGlobalKeys", true);
Zeile gelöscht : user_pref("CT2269050.Initialize", true);
Zeile gelöscht : user_pref("CT2269050.InitializeCommonPrefs", true);
Zeile gelöscht : user_pref("CT2269050.InstallationAndCookieDataSentCount", 3);
Zeile gelöscht : user_pref("CT2269050.InstallationId", "StubInstaller");
Zeile gelöscht : user_pref("CT2269050.InstallationType", "ConduitIntegration");
Zeile gelöscht : user_pref("CT2269050.InstalledDate", "Fri Apr 08 2011 01:12:10 GMT+0200");
Zeile gelöscht : user_pref("CT2269050.InvalidateCache", false);
Zeile gelöscht : user_pref("CT2269050.IsGrouping", false);
Zeile gelöscht : user_pref("CT2269050.IsMulticommunity", false);
Zeile gelöscht : user_pref("CT2269050.IsOpenThankYouPage", true);
Zeile gelöscht : user_pref("CT2269050.IsOpenUninstallPage", true);
Zeile gelöscht : user_pref("CT2269050.LanguagePackLastCheckTime", "Sat Nov 12 2011 22:50:58 GMT+0100");
Zeile gelöscht : user_pref("CT2269050.LanguagePackReloadIntervalMM", 1440);
Zeile gelöscht : user_pref("CT2269050.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
Zeile gelöscht : user_pref("CT2269050.LastLogin_3.3.3.2", "Sat Nov 12 2011 22:50:58 GMT+0100");
Zeile gelöscht : user_pref("CT2269050.LatestVersion", "3.8.0.8");
Zeile gelöscht : user_pref("CT2269050.Locale", "en");
Zeile gelöscht : user_pref("CT2269050.MCDetectTooltipHeight", "83");
Zeile gelöscht : user_pref("CT2269050.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Zeile gelöscht : user_pref("CT2269050.MCDetectTooltipWidth", "295");
Zeile gelöscht : user_pref("CT2269050.RadioIsPodcast", false);
Zeile gelöscht : user_pref("CT2269050.RadioLastCheckTime", "Sat Nov 12 2011 22:50:58 GMT+0100");
Zeile gelöscht : user_pref("CT2269050.RadioLastUpdateIPServer", "3");
Zeile gelöscht : user_pref("CT2269050.RadioLastUpdateServer", "129132338014870000");
Zeile gelöscht : user_pref("CT2269050.RadioMediaID", "12473383");
Zeile gelöscht : user_pref("CT2269050.RadioMediaType", "Media Player");
Zeile gelöscht : user_pref("CT2269050.RadioMenuSelectedID", "EBRadioMenu_CT226905012473383");
Zeile gelöscht : user_pref("CT2269050.RadioStationName", "Hotmix%20108");
Zeile gelöscht : user_pref("CT2269050.RadioStationURL", "hxxp://67.202.67.18:8082");
Zeile gelöscht : user_pref("CT2269050.SavedHomepage", "hxxp://start.icq.com/");
Zeile gelöscht : user_pref("CT2269050.SearchFromAddressBarIsInit", true);
Zeile gelöscht : user_pref("CT2269050.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&q=");
Zeile gelöscht : user_pref("CT2269050.SearchInNewTabEnabled", true);
Zeile gelöscht : user_pref("CT2269050.SearchInNewTabIntervalMM", 1440);
Zeile gelöscht : user_pref("CT2269050.SearchInNewTabLastCheckTime", "Sat Nov 12 2011 22:50:57 GMT+0100");
Zeile gelöscht : user_pref("CT2269050.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
Zeile gelöscht : user_pref("CT2269050.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usage.ashx?ctid=EB_TOOLBAR_ID");
Zeile gelöscht : user_pref("CT2269050.ServiceMapLastCheckTime", "Sat Nov 12 2011 22:50:57 GMT+0100");
Zeile gelöscht : user_pref("CT2269050.SettingsLastCheckTime", "Sat Nov 12 2011 22:50:57 GMT+0100");
Zeile gelöscht : user_pref("CT2269050.SettingsLastUpdate", "1320849064");
Zeile gelöscht : user_pref("CT2269050.ThirdPartyComponentsInterval", 504);
Zeile gelöscht : user_pref("CT2269050.ThirdPartyComponentsLastCheck", "Wed Nov 02 2011 18:32:27 GMT+0100");
Zeile gelöscht : user_pref("CT2269050.ThirdPartyComponentsLastUpdate", "1312887586");
Zeile gelöscht : user_pref("CT2269050.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2269050");
Zeile gelöscht : user_pref("CT2269050.UserID", "UN44800083349677409");
Zeile gelöscht : user_pref("CT2269050.ValidationData_Toolbar", 2);
Zeile gelöscht : user_pref("CT2269050.WeatherNetwork", "");
Zeile gelöscht : user_pref("CT2269050.WeatherPollDate", "Sat Nov 12 2011 22:50:58 GMT+0100");
Zeile gelöscht : user_pref("CT2269050.WeatherUnit", "C");
Zeile gelöscht : user_pref("CT2269050.alertChannelId", "666138");
Zeile gelöscht : user_pref("CT2269050.approveUntrustedApps", true);
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b+7e+x305", "247E27413334363379453A3D2A722C797A7E7A3128333B4D474549484C5952594B335E5356432C45333438334A414C546660576364676F6A5E4B766B6E5B445D4B4C504A6259646C787A2[...]
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b+7e,x305", "247E28412F3F3E3779453A3D2A722C797B787D3128333C4748402C574C4F3C253E2C2E2B2F433A454E59505B57676A66426D62455E69543D56444643465B525D66716C216E6B587D73675[...]
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b+7e-x305", "247E2936303C363679453A3D2A722C797A207B3128333D462B554A4D4B4749594D33535D4F432C45333439344A414C565B5E6C656E706C7164736D4D786D705D465F4D4E534D645B66705[...]
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b+7e.:2z527", "2423");
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b+7e.x305", "247E2A4137374434337A463B3E2B732D7A7D7C213229343F564654524C474A595A4851505E51523964595C49324B393C3B3E5047525D6C6A6B6F786D68506A6F7171742256227679664F6[...]
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b+7e/x305", "247E2B413536327844393C29712B787C7B773027323E4C4343534E2D585B3C253E2C302E34433A45515862695E675A416C6164513A5341454348584F5A666D7B7C7174726E702174745B2[...]
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b+7e06cg5el8:", "6E6D6F71727171707170");
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b+7e06cg5el;8i:k", "247E2D2F226A74737577787777767776242F4B49474F42357D5D5C3D");
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b+7e0x305", "247E2C403A407743383B28702A777C757D2F26313E41295547484D515A4E5A59325D5255422B443237303749404B585E685E706E6E6674626E696B4D786D705D465F4D524B51645B66732[...]
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b+7e1x305", "247E2D41313D403279453A3D2A722C7A77797E31283341473E454745482F5A4F523F2841302D2F33463D48566265685C6B675F6D70604873686B58415A4946484B5F56616F7C217D74747[...]
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b+7e2x305", "247E2E3542313D3D393A7B473C3F2C742E79207D3229344356554E472E594E51325E4F412A4335373231483F4A59655F5F626C5B717369756975744D786D70517E6B60496252505451675[...]
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b+7e31;cj7fk;kg#ncep@mc+vkn", "247E61393F236B25737471712A212C6E414F444D327A344352574757532F5A4F515C4C594F3762575A473E492C58545E6A4F38513C534A553864656E5A435C4B5E5[...]
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b+7e3x305", "247E2F413F3B36333F47463F7D493E412E76307E222421352C37474B59574B4A4858584E5E3762573A535E49324B3A3D3F3B504752626C625D75786D766A7C517C7174614A63525557526[...]
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b+7e4x305", "247E302C407642373A276F29777B74762E2530413E4F494A522B55553A233C2B2F282941384354515E5D56615F56685C426D6265523B544346494A59505B6C697A7E21702370765925797[...]
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b+7e5x305", "247E3136422B7743383B28702A79757A772F2631434B3D49564A50592E594E314A55402942322E332F473E495B5D595A6A5E58707262674974696C59425B4B474B51605762747C2473737[...]
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b+7e6x305", "247E322C3E32323238453E7C483D402D752F7E7B2424342B364953545259585A5A50524E36615659462F4838353D3C4D444F626C6D6B72716A77614D786D705D465F4F4C5451645B66797[...]
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b+7e7x305", "247E333D2C3F3E3F79453A3D2A722C7B7A797A312833474745445159575B504B504B4D5E545553533A655A5D4A334C3C3B3A3951485367756363677575676B65527D7275624B645453515[...]
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b+7e8x305", "247E343D3F3B35373B3F367C47472C742E7E782332293449565540472E594E513E274030323533453C475C5558636A656E625E6C616B7068734B766B6E5B445D4D4F524F6259647927252[...]
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b+7e9x305", "247E35332C3F327844393C29712B7B757979302732484C4F4F44504C4754585C5048345F5457442D46373135344B424D636B5D5F5F73696B4A756A6D5A435C4D474B4961586379226F742[...]
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b+7e:x305", "247E36333B38327844393C29712B7B76797A30273249485545442C574C4F3C253E2F2A2D2D433A455C67555B5E3F6A5F624F3851423D403F564D586F7A68786C717154207477644D66575[...]
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b+7e;x305", "247E373F333F3738422F7B473C3F2C742E7E7A7A22332A354D462C574C4F3C253E2F2B2B31433A455D6356575C5C5A416C6164513A5344404045584F5A7273717A786D2256227679664F6[...]
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b+7e<x305", "247E38343030442F463644377D493E412E7630217D2426352C37502E4F4747315C5154412A4334313738483F4A635F5A6A645E625A4772676A5740594A474D4D5E55607971246E7778257[...]
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b+7e=x305", "247E3933363F41413739357C483D402D752F207E2022342B36505459574C554F515B345F5457442D46373637384B424D676B706E606F61666B63664D786D705D465F504F5050645B66212[...]
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b+7e>x305", "247E3A41363F323238387B473C3F2C742E7E20217C332A35504F5346482F5A4F523F28413233342F463D48635C5D66626A436E6366533C55464748425A515C77707773202371215925797[...]
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b+7e?x305", "247E3B2D2F2F334134403A3A7D494C2D752F2023207E342B3652504C5249555256525C35605558452E47383B38364C434E6A706F5F65635D736F677578684C65706B54207477644D66575[...]
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b+7e@x305", "247E3C40422B7743383B28702A7B767E782F26314E52543D2A554A2D46513C253E302B332C433A45626756516259655F5F436E63465F6A553E5749444C445C535E7B21747C7821745A267[...]
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b+7eax305", "247E3D3D37387743383B28702A7B7A757E2F26314F4F544A52404548564F58315C5154412A4335342F37483F4A68646B645D5E626462616D6971726B6C786A517C7174614A6355544F566[...]
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b+7ebe3g=;d9n9=d", "372C2D326975762E3A3C7B3A39434A494841434B265146492965504656496571734D334B57");
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b+7ebx305", "247E3E393141303D33454036327E4A3F422F77317B7D23352C37565949484E4F51525C4E4C55535B54605A5A3E695E614E37503B3D41544B567575656D7367796D6D7C55217578654E675[...]
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b+7ecx305", "247E3F3D303043312E7A463B3E2B732D7B207E3128335351565551575A4F584C5E335E5356432C4534383649404B6B59566C686B46716669563F58474B485C535E7E6C6956227679664F6[...]
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b+7edx305", "247E4035422A363879453A3D2A722C7D202F26315247543C484A2C574C2F48533E27403233433A45665B68505C5E406B6E4F38514343544B56776C79616D6F517C71547873634C6557566[...]
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b+7etx305", "247E6E2F2E3B323342357B44392B732D7A7B7B7C322934215642542D584D503D263F2D2E2E2E443B4635645E6669595C6062686F5C7363716F696467764F7A6F725F48614F50504F665D6[...]
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b-0?3g>d", "6F3A696B4140716E7A70467577207C4D4A4A254F2452522A56562526555B5A58285F295F");
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b-0?3g@6:5;", "");
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b-0?3gfa7ef", "2B2E2C3D");
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b-3=3eccja=f>", "247E333D2C452F4135276F292A212C393D44307832332A354448584C3A232E333E58604F6456604F6852645858635E604E376B7167617059");
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b/>01=9a6k6<im;krie@pdawm", "6A696B7273747576");
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b3=>@44i48?", "372C2D326975763342363341484776213F3E484F4E4D4648502B564B4E2E5959595F4C564F3764535750");
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b5ba==9cjag", "6F6E6E696C7142757A474345767B7B7D774D787C52");
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b6b11g4c56b>f;p;anr@p", "6E6D6F7172717170726F73727A");
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b9643g3/9e", "6A");
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b<:222h64<", "393F352F3E");
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b=+03eh8h8j?:", "4443");
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b?+e2a52d8", "372C2D326975762E3A3C7B3A39434A494841434B2651464929655046566470727951555E5E52");
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b?b0d:8aj62<h", "6D");
Zeile gelöscht : user_pref("CT2269050.backendstorage./9ba@0<0bi6a7gn:6@l?", "6E6B");
Zeile gelöscht : user_pref("CT2269050.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlPattern\":\"hxxp://appdown[...]
Zeile gelöscht : user_pref("CT2269050.globalFirstTimeInfoLastCheckTime", "Sat Nov 12 2011 22:50:58 GMT+0100");
Zeile gelöscht : user_pref("CT2269050.isAppTrackingManagerOn", true);
Zeile gelöscht : user_pref("CT2269050.myStuffEnabled", true);
Zeile gelöscht : user_pref("CT2269050.myStuffPublihserMinWidth", 400);
Zeile gelöscht : user_pref("CT2269050.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
Zeile gelöscht : user_pref("CT2269050.myStuffServiceIntervalMM", 1440);
Zeile gelöscht : user_pref("CT2269050.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
Zeile gelöscht : user_pref("CT2269050.oldAppsList", "128834881989343894,128834881989343895,129466585399606892,129391330693125668,129466585396013141,129121052374999726,129023235807856892,1000082,129351672002618989,1293[...]
Zeile gelöscht : user_pref("CT2269050.testingCtid", "");
Zeile gelöscht : user_pref("CT2269050.toolbarAppMetaDataLastCheckTime", "Sat Nov 12 2011 22:50:58 GMT+0100");
Zeile gelöscht : user_pref("CT2269050.toolbarContextMenuLastCheckTime", "Thu Apr 07 2011 17:16:39 GMT+0200");
Zeile gelöscht : user_pref("CT2269050.usagesFlag", 2);
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/666138/661999/DE", "\"0\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/DE", "\"0\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2269050", "\"1313041456\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en", "L+tncv4eqt6Qm5T3dzChdA==");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en", "0uSPYx+Kl2jpu8sJZMeHjw==");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en", "QmycQXJXVyFVAzIiNllWhQ==");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en", "SuMy8xgBA7+FodOxmk9aiQ==");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"8076e3ce381dcd1:0\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3.2", "\"6a637346d78ccc1:0\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.3.2", "\"80ee9485875dcc1:0\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2269050", "\"56fe0d15406c7b69464328b19c048ede\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "634356118310000000");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/2011 11:17:11 AM", "634356118310000000");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2269050&octid=CT2269050", "\"1320849065\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2269050/CT2269050", "\"1311170367\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/equalizer_dead.gif", "\"0a8c48d3330c81:0\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/minimize.gif", "\"0e2106f3030c81:0\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/play.gif", "\"0f475394430c81:0\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/stop.gif", "\"08d9ef44430c81:0\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/vol.gif", "\"066e8863030c81:0\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"1d81252562c31be757300e4205a85371\"");
Zeile gelöscht : user_pref("CommunityToolbar.EngineHiddenByUser", false);
Zeile gelöscht : user_pref("CommunityToolbar.EngineOwner", "CT2269050");
Zeile gelöscht : user_pref("CommunityToolbar.EngineOwnerGuid", "{872b5b88-9db5-4310-bdd0-ac189557e5f5}");
Zeile gelöscht : user_pref("CommunityToolbar.EngineOwnerToolbarId", "dvdvideosofttb");
Zeile gelöscht : user_pref("CommunityToolbar.IsEngineShown", false);
Zeile gelöscht : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Zeile gelöscht : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://pgcff.pricegong.com/agreement/agree.html#pg_ext_msg_key_726fc1eb", "356x332");
Zeile gelöscht : user_pref("CommunityToolbar.OriginalEngineOwner", "CT2269050");
Zeile gelöscht : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{872b5b88-9db5-4310-bdd0-ac189557e5f5}");
Zeile gelöscht : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "dvdvideosofttb");
Zeile gelöscht : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q=");
Zeile gelöscht : user_pref("CommunityToolbar.ToolbarsList", "ConduitEngine,CT2269050");
Zeile gelöscht : user_pref("CommunityToolbar.ToolbarsList2", "CT2269050");
Zeile gelöscht : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Mon Jun 11 2012 12:20:19 GMT+0200");
Zeile gelöscht : user_pref("CommunityToolbar.alert.alertEnabled", true);
Zeile gelöscht : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Zeile gelöscht : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Sun Sep 09 2012 19:36:35 GMT+0200");
Zeile gelöscht : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Zeile gelöscht : user_pref("CommunityToolbar.alert.firstTimeAlertShown", true);
Zeile gelöscht : user_pref("CommunityToolbar.alert.locale", "en");
Zeile gelöscht : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Zeile gelöscht : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Sun Sep 09 2012 19:36:27 GMT+0200");
Zeile gelöscht : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1313487611");
Zeile gelöscht : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Zeile gelöscht : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Zeile gelöscht : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Zeile gelöscht : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Zeile gelöscht : user_pref("CommunityToolbar.alert.userId", "b4e4ff49-dcfc-4bf2-9323-880cf1547dbe");
Zeile gelöscht : user_pref("CommunityToolbar.globalUserId", "3c598f29-80dc-471c-ad39-f85c3a6fc906");
Zeile gelöscht : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Zeile gelöscht : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Zeile gelöscht : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2269050");
Zeile gelöscht : user_pref("ConduitEngine.AppTrackingLastCheckTime", "Wed Sep 05 2012 11:11:49 GMT+0200");
Zeile gelöscht : user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Fri Nov 11 2011 17:18:44 GMT+0100");
Zeile gelöscht : user_pref("ConduitEngine.FirstServerDate", "04/07/2011 18");
Zeile gelöscht : user_pref("ConduitEngine.FirstTime", true);
Zeile gelöscht : user_pref("ConduitEngine.FirstTimeFF3", true);
Zeile gelöscht : user_pref("ConduitEngine.HasUserGlobalKeys", true);
Zeile gelöscht : user_pref("ConduitEngine.HideEngineAfterRestart", true);
Zeile gelöscht : user_pref("ConduitEngine.Initialize", true);
Zeile gelöscht : user_pref("ConduitEngine.InitializeCommonPrefs", true);
Zeile gelöscht : user_pref("ConduitEngine.InstalledDate", "Thu Apr 07 2011 17:16:39 GMT+0200");
Zeile gelöscht : user_pref("ConduitEngine.IsMulticommunity", false);
Zeile gelöscht : user_pref("ConduitEngine.IsOpenThankYouPage", false);
Zeile gelöscht : user_pref("ConduitEngine.IsOpenUninstallPage", true);
Zeile gelöscht : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Sat Nov 12 2011 22:50:58 GMT+0100");
Zeile gelöscht : user_pref("ConduitEngine.LastLogin_3.3.3.2", "Sat Nov 12 2011 22:50:59 GMT+0100");
Zeile gelöscht : user_pref("ConduitEngine.PublisherContainerWidth", 0);
Zeile gelöscht : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
Zeile gelöscht : user_pref("ConduitEngine.SettingsLastCheckTime", "Sat Nov 12 2011 22:50:58 GMT+0100");
Zeile gelöscht : user_pref("ConduitEngine.UserID", "UN15837399506103444");
Zeile gelöscht : user_pref("ConduitEngine.engineLocale", "de");
Zeile gelöscht : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Sat Nov 12 2011 22:50:58 GMT+0100");
Zeile gelöscht : user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Sat Nov 12 2011 22:50:59 GMT+0100");
Zeile gelöscht : user_pref("ConduitEngine.initDone", true);
Zeile gelöscht : user_pref("ConduitEngine.isAppTrackingManagerOn", true);
Zeile gelöscht : user_pref("browser.search.defaultthis.engineName", "DVDVideoSoftTB Customized Web Search");
Zeile gelöscht : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}");
Zeile gelöscht : user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT2269050&SearchSource=13");
Zeile gelöscht : user_pref("extensions.enabledItems", "{800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9,engine@conduit.com:3.3.3.2,{872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.3.3.2,{ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.[...]
Zeile gelöscht : user_pref("icqtoolbar.allowSendURL", false);
Zeile gelöscht : user_pref("icqtoolbar.engineVerified", false);
Zeile gelöscht : user_pref("icqtoolbar.geolastmodified", 1346836285);
Zeile gelöscht : user_pref("icqtoolbar.hiddenElements", "itb_options");
Zeile gelöscht : user_pref("icqtoolbar.history", "kesha%20nude||fresh%20prince%20of%20bel%20air||ozzy%20osborne||x%20diaries%20br%C3%BCste||x%20diaries||x%20diaries%20oben%20ohne");
Zeile gelöscht : user_pref("icqtoolbar.icqgeo", 49);
Zeile gelöscht : user_pref("icqtoolbar.installTime", "1301864227");
Zeile gelöscht : user_pref("icqtoolbar.installsource", "1");
Zeile gelöscht : user_pref("icqtoolbar.newtab_state", "1");
Zeile gelöscht : user_pref("icqtoolbar.numberOfSearches", 0);
Zeile gelöscht : user_pref("icqtoolbar.previousFFVersion", "3.6.18");
Zeile gelöscht : user_pref("icqtoolbar.skip_default_search", "no");
Zeile gelöscht : user_pref("icqtoolbar.suggestions", false);
Zeile gelöscht : user_pref("icqtoolbar.uniqueID", "130184690713018465881301864227681");
Zeile gelöscht : user_pref("icqtoolbar.usageStatstTimestamp", 1347212187);
Zeile gelöscht : user_pref("icqtoolbar.version", "1.1.9");
Zeile gelöscht : user_pref("icqtoolbar.voucherHideClicks", 0);
Zeile gelöscht : user_pref("icqtoolbar.voucherMoreLinkClicks", 0);
Zeile gelöscht : user_pref("icqtoolbar.voucherRedeemClicks", 0);
Zeile gelöscht : user_pref("icqtoolbar.voucherWasShown", 0);
Zeile gelöscht : user_pref("icqtoolbar.xmlEnableSuggestions", false);
Zeile gelöscht : user_pref("icqtoolbar.xmlLanguage", "de");
Zeile gelöscht : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&q=");
[ Datei : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\6pcak0vz.default\prefs.js ]
-\\ Google Chrome v34.0.1847.116
[ Datei : C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\preferences ]
[ Datei : C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [37096 octets] - [16/04/2014 13:31:40]
AdwCleaner[S0].txt - [34540 octets] - [16/04/2014 13:33:54]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [34601 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Max on 16.04.2014 at 13:38:43,47
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{3C5B6162-D957-49D4-9106-9B2DA73FD0F0}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{3C5B6162-D957-49D4-9106-9B2DA73FD0F0}
~~~ Files
Successfully deleted: [File] C:\Windows\syswow64\sho3BA0.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho5AD1.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho7A23.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho7B4E.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho9019.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho9029.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoB929.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoD873.tmp
~~~ Folders
~~~ FireFox
Emptied folder: C:\Users\Max\AppData\Roaming\mozilla\firefox\profiles\jmhzq83h.default\minidumps [1 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 16.04.2014 at 13:46:20,87
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-04-2014 Ran by Max (administrator) on MAX-HP on 16-04-2014 13:47:40 Running from C:\Users\Max\Desktop Windows 7 Home Premium (X64) OS Language: German Standard Internet Explorer Version 8 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\system32\atiesrxx.exe (Microsoft Corporation) C:\Windows\system32\WLANExt.exe (AMD) C:\Windows\system32\atieclxx.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe () C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe (Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Realtek Semiconductor Corp.) C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe (Realtek Semiconductor Corp.) C:\Program Files\Realtek\RtVOsd\RtVOsd.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe (Microsoft Corporation) c:\program files\windows defender\MpCmdRun.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2095400 2010-04-16] (Synaptics Incorporated) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6234144 2010-03-13] (Realtek Semiconductor) HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [161304 2010-06-22] (Intel Corporation) HKLM\...\Run: [HotKeysCmds] => C:\Windows\system32\hkcmd.exe [386584 2010-06-22] (Intel Corporation) HKLM\...\Run: [Persistence] => C:\Windows\system32\igfxpers.exe [414744 2010-06-22] (Intel Corporation) HKLM\...\Run: [HPWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-06-18] (Hewlett-Packard Company) HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-13] (Intel Corporation) HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [602680 2010-07-02] (Hewlett-Packard Company) HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-05-24] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-21] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated) HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1 HKU\S-1-5-21-3566709276-7339287-2280055418-1000\...\Run: [HPAdvisorDock] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe [1712184 2010-02-09] () HKU\S-1-5-21-3566709276-7339287-2280055418-1000\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2010-05-19] (Hewlett-Packard Company) HKU\S-1-5-21-3566709276-7339287-2280055418-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [357696 2010-04-01] (DT Soft Ltd) HKU\S-1-5-21-3566709276-7339287-2280055418-1000\...\Run: [HP Officejet 6700 (NET)] => C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe [2676584 2011-09-09] (Hewlett-Packard Co.) HKU\S-1-5-21-3566709276-7339287-2280055418-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-10-11] (Google Inc.) HKU\S-1-5-21-3566709276-7339287-2280055418-1000\...\Policies\system: [DisableLockWorkstation] 0 HKU\S-1-5-21-3566709276-7339287-2280055418-1000\...\Policies\system: [DisableChangePassword] 0 Startup: C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () Startup: C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet 6700 (Netzwerk).lnk ShortcutTarget: Tintenwarnungen überwachen - HP Officejet 6700 (Netzwerk).lnk -> C:\Program Files\HP\HP Officejet 6700\Bin\HPStatusBL.dll (Hewlett-Packard Co.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4 URLSearchHook: HKLM-x32 - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046} StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM - {3C5B6162-D957-49D4-9106-9B2DA73FD0F0} URL = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms} SearchScopes: HKLM - {76AFE0DB-0DF5-40C1-865D-5EA136F32395} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF SearchScopes: HKLM-x32 - {76AFE0DB-0DF5-40C1-865D-5EA136F32395} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF SearchScopes: HKCU - DefaultScope {69AF4F20-24D3-4581-8547-03CB2E70DE1F} URL = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7AURU_deDE505 SearchScopes: HKCU - {69AF4F20-24D3-4581-8547-03CB2E70DE1F} URL = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7AURU_deDE505 SearchScopes: HKCU - {76AFE0DB-0DF5-40C1-865D-5EA136F32395} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg64.dll (Google Inc.) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.) BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO-x32: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\jmhzq83h.default FF DefaultSearchEngine: ICQ Search FF SelectedSearchEngine: Wikipedia (de) FF NetworkProxy: "type", 0 FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @java.com/DTPlugin,version=10.13.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.13.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.) FF SearchPlugin: C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\jmhzq83h.default\searchplugins\searchplugins-backup FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\jmhzq83h.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2012-11-21] FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2013-05-02] FF HKLM-x32\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension FF Extension: SmartPrintButton - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2012-08-23] Chrome: ======= CHR HomePage: hxxp://www.google.com/ CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll No File CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\gcswf32.dll No File CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () CHR Plugin: (Remoting Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\pdf.dll () CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File CHR Plugin: (Java(TM) Platform SE 6 U33) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) CHR Plugin: (Java Deployment Toolkit 6.0.330.5) - C:\Windows\SysWOW64\npdeployJava1.dll (Oracle Corporation) CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File CHR Extension: (McAfee Security Scan+) - C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh [2014-02-25] CHR Extension: (Google Wallet) - C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22] CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Users\Max\AppData\Roaming\DVDVideoSoft\dvsYoutubeDownload.crx [2012-09-18] ==================== Services (Whitelisted) ================= R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-21] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-21] (Avira Operations GmbH & Co. KG) S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1017424 2014-02-21] (Avira Operations GmbH & Co. KG) R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [27192 2010-07-02] () R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [289256 2014-01-16] (McAfee, Inc.) R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation) ==================== Drivers (Whitelisted) ==================== U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [303616 2013-06-15] () R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-18] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-18] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG) S2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [35328 2013-06-15] () R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-04-16] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation) S3 RSUSBSTOR; C:\Windows\SysWOW64\Drivers\RtsUStor.sys [225280 2009-09-23] (Realtek Semiconductor Corp.) R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2011-01-24] () U3 ap7fac27; C:\Windows\System32\Drivers\ap7fac27.sys [0 ] (Microsoft Corporation) S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 X6va012; \??\C:\Windows\SysWOW64\Drivers\X6va012 [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-04-16 13:47 - 2014-04-16 13:47 - 00000000 ____D () C:\Users\Max\Desktop\FRST-OlderVersion 2014-04-16 13:46 - 2014-04-16 13:46 - 00001543 _____ () C:\Users\Max\Desktop\JRT.txt 2014-04-16 13:38 - 2014-04-16 13:38 - 00000000 ____D () C:\Windows\ERUNT 2014-04-16 13:37 - 2014-04-16 12:57 - 01016261 _____ (Thisisu) C:\Users\Max\Desktop\JRT.exe 2014-04-16 13:36 - 2014-04-16 13:36 - 00034682 _____ () C:\Users\Max\Desktop\AdwCleaner[S0].txt 2014-04-16 13:31 - 2014-04-16 13:34 - 00000000 ____D () C:\AdwCleaner 2014-04-16 13:31 - 2014-04-16 12:56 - 01426178 _____ () C:\Users\Max\Desktop\adwcleaner.exe 2014-04-16 13:30 - 2014-04-16 13:30 - 00002285 _____ () C:\Users\Max\Desktop\mbam.txt 2014-04-16 13:00 - 2014-04-16 13:38 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-04-16 13:00 - 2014-04-16 13:00 - 00001098 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-04-16 13:00 - 2014-04-16 13:00 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-04-16 13:00 - 2014-04-16 13:00 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-04-16 13:00 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-04-16 13:00 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-04-16 13:00 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-04-16 12:59 - 2014-04-16 12:55 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Max\Desktop\mbam-setup-2.0.1.1004.exe 2014-04-15 12:15 - 2014-04-15 12:15 - 00020409 _____ () C:\Users\Max\Desktop\combofix.txt 2014-04-15 12:13 - 2014-04-15 12:13 - 00020409 _____ () C:\ComboFix.txt 2014-04-15 11:55 - 2014-04-15 12:13 - 00000000 ____D () C:\Qoobox 2014-04-15 11:55 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe 2014-04-15 11:55 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe 2014-04-15 11:55 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2014-04-15 11:55 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2014-04-15 11:55 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2014-04-15 11:55 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe 2014-04-15 11:55 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe 2014-04-15 11:55 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe 2014-04-15 11:54 - 2014-04-15 12:08 - 00000000 ____D () C:\Windows\erdnt 2014-04-15 11:53 - 2014-04-15 11:50 - 05194807 ____R (Swearware) C:\Users\Max\Desktop\ComboFix.exe 2014-04-14 11:58 - 2014-04-14 11:58 - 00059362 _____ () C:\Users\Max\Desktop\Addition.txt 2014-04-14 11:57 - 2014-04-16 13:47 - 02054144 _____ (Farbar) C:\Users\Max\Desktop\FRST64.exe 2014-04-14 11:57 - 2014-04-16 13:47 - 00023353 _____ () C:\Users\Max\Desktop\FRST.txt 2014-04-13 23:24 - 2014-04-16 13:47 - 00000000 ____D () C:\FRST 2014-04-05 14:32 - 2014-04-05 14:32 - 00000198 _____ () C:\Users\Max\Desktop\Hitman Codename 47.url 2014-03-27 21:43 - 2014-03-27 21:43 - 00000222 _____ () C:\Users\Max\Desktop\Betrayer.url ==================== One Month Modified Files and Folders ======= 2014-04-16 13:47 - 2014-04-16 13:47 - 00000000 ____D () C:\Users\Max\Desktop\FRST-OlderVersion 2014-04-16 13:47 - 2014-04-14 11:57 - 02054144 _____ (Farbar) C:\Users\Max\Desktop\FRST64.exe 2014-04-16 13:47 - 2014-04-14 11:57 - 00023353 _____ () C:\Users\Max\Desktop\FRST.txt 2014-04-16 13:47 - 2014-04-13 23:24 - 00000000 ____D () C:\FRST 2014-04-16 13:46 - 2014-04-16 13:46 - 00001543 _____ () C:\Users\Max\Desktop\JRT.txt 2014-04-16 13:44 - 2009-07-14 06:45 - 00023024 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-04-16 13:44 - 2009-07-14 06:45 - 00023024 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-04-16 13:38 - 2014-04-16 13:38 - 00000000 ____D () C:\Windows\ERUNT 2014-04-16 13:38 - 2014-04-16 13:00 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-04-16 13:36 - 2014-04-16 13:36 - 00034682 _____ () C:\Users\Max\Desktop\AdwCleaner[S0].txt 2014-04-16 13:36 - 2012-10-11 20:53 - 00001100 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-04-16 13:35 - 2010-10-13 17:58 - 01841499 _____ () C:\Windows\WindowsUpdate.log 2014-04-16 13:35 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-04-16 13:35 - 2009-07-14 06:51 - 00227700 _____ () C:\Windows\setupact.log 2014-04-16 13:34 - 2014-04-16 13:31 - 00000000 ____D () C:\AdwCleaner 2014-04-16 13:30 - 2014-04-16 13:30 - 00002285 _____ () C:\Users\Max\Desktop\mbam.txt 2014-04-16 13:20 - 2012-10-11 20:53 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-04-16 13:01 - 2010-07-20 23:46 - 00697550 _____ () C:\Windows\system32\perfh007.dat 2014-04-16 13:01 - 2010-07-20 23:46 - 00148556 _____ () C:\Windows\system32\perfc007.dat 2014-04-16 13:01 - 2009-07-14 07:13 - 01614964 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-04-16 13:00 - 2014-04-16 13:00 - 00001098 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-04-16 13:00 - 2014-04-16 13:00 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-04-16 13:00 - 2014-04-16 13:00 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-04-16 12:57 - 2014-04-16 13:37 - 01016261 _____ (Thisisu) C:\Users\Max\Desktop\JRT.exe 2014-04-16 12:56 - 2014-04-16 13:31 - 01426178 _____ () C:\Users\Max\Desktop\adwcleaner.exe 2014-04-16 12:55 - 2014-04-16 12:59 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Max\Desktop\mbam-setup-2.0.1.1004.exe 2014-04-16 12:52 - 2010-12-21 14:24 - 00359354 _____ () C:\Windows\PFRO.log 2014-04-15 12:15 - 2014-04-15 12:15 - 00020409 _____ () C:\Users\Max\Desktop\combofix.txt 2014-04-15 12:13 - 2014-04-15 12:13 - 00020409 _____ () C:\ComboFix.txt 2014-04-15 12:13 - 2014-04-15 11:55 - 00000000 ____D () C:\Qoobox 2014-04-15 12:08 - 2014-04-15 11:54 - 00000000 ____D () C:\Windows\erdnt 2014-04-15 12:07 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini 2014-04-15 12:06 - 2010-12-21 14:28 - 00000000 ____D () C:\Users\Max 2014-04-15 11:50 - 2014-04-15 11:53 - 05194807 ____R (Swearware) C:\Users\Max\Desktop\ComboFix.exe 2014-04-14 11:58 - 2014-04-14 11:58 - 00059362 _____ () C:\Users\Max\Desktop\Addition.txt 2014-04-14 00:55 - 2010-12-21 14:33 - 00000000 ___RD () C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-04-13 01:53 - 2012-06-17 14:13 - 00000000 ____D () C:\ProgramData\Origin 2014-04-13 01:46 - 2013-03-28 14:59 - 00000000 ____D () C:\Users\Max\Documents\FIFA 13 2014-04-13 01:03 - 2011-04-07 21:20 - 00000000 ____D () C:\Users\Max\AppData\Roaming\Mumble 2014-04-12 21:49 - 2012-06-17 14:13 - 00000000 ____D () C:\Program Files (x86)\Origin 2014-04-12 12:18 - 2012-10-11 20:56 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-04-10 20:11 - 2011-07-21 17:19 - 00003174 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForMax 2014-04-10 20:11 - 2011-07-21 17:19 - 00000324 _____ () C:\Windows\Tasks\HPCeeScheduleForMax.job 2014-04-09 18:34 - 2013-04-07 22:20 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-04-09 18:33 - 2013-08-07 18:14 - 00000000 ____D () C:\Windows\system32\MRT 2014-04-09 18:31 - 2011-05-06 17:19 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-04-08 20:32 - 2011-02-07 13:13 - 00000000 ____D () C:\Program Files (x86)\Steam 2014-04-05 14:57 - 2010-12-26 22:03 - 00000000 ____D () C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games 2014-04-05 14:32 - 2014-04-05 14:32 - 00000198 _____ () C:\Users\Max\Desktop\Hitman Codename 47.url 2014-04-03 09:51 - 2014-04-16 13:00 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-04-03 09:51 - 2014-04-16 13:00 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-04-03 09:50 - 2014-04-16 13:00 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-03-31 21:57 - 2010-12-22 19:54 - 00000000 ____D () C:\Users\Max\AppData\Local\CrashDumps 2014-03-30 02:56 - 2012-10-11 20:53 - 00000000 ____D () C:\Users\Max\AppData\Local\Google 2014-03-30 02:15 - 2012-10-11 20:53 - 00004100 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-03-30 02:15 - 2012-10-11 20:53 - 00003848 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-03-29 18:40 - 2013-07-06 13:35 - 00000000 ____D () C:\Users\Max\Documents\My Games 2014-03-29 18:40 - 2010-07-20 14:20 - 00332559 _____ () C:\Windows\DirectX.log 2014-03-27 21:43 - 2014-03-27 21:43 - 00000222 _____ () C:\Users\Max\Desktop\Betrayer.url 2014-03-24 18:59 - 2012-08-23 16:03 - 00000000 ____D () C:\Users\Max\AppData\Roaming\HpUpdate 2014-03-23 19:06 - 2012-06-17 14:13 - 00000000 ____D () C:\Users\Max\AppData\Roaming\Origin 2014-03-23 19:06 - 2012-06-17 14:13 - 00000000 ____D () C:\Users\Max\AppData\Local\Origin 2014-03-18 20:29 - 2011-04-06 20:36 - 00000000 ____D () C:\Users\Max\AppData\Roaming\.minecraft Some content of TEMP: ==================== C:\Users\Max\AppData\Local\Temp\avgnt.exe C:\Users\Max\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-04-01 18:43 ==================== End Of Log ============================ --- --- --- |
|
17.04.2014, 10:00
| #10 |
| /// the machine /// TB-Ausbilder | Bundesamt für Sicherheit-Trojaner - Abgsichter Modus fährt direkt wieder herunterESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
18.04.2014, 11:40
| #11 |
| | Bundesamt für Sicherheit-Trojaner - Abgsichter Modus fährt direkt wieder herunter Moin, Probleme hab ich eigentlich schon länger nicht mehr, ich weiß daher nicht ob noch weitere Schritte notwendig sind. Anbei -wie zuvor- die gewünschten Logs. VG Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=c339ec5cfe7aed4baf6695bf586581b1
# engine=17937
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-04-18 10:28:46
# local_time=2014-04-18 12:28:46 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=1799 16775165 100 94 8066 168488231 53330 0
# compatibility_mode=5893 16776573 100 94 168112 149446776 0 0
# scanned=370022
# found=1
# cleaned=0
# scan_time=7400
sh=8B45492BEA018EB43481F9DF393DE7CCCB050555 ft=1 fh=f8eae07a49b8c689 vn="a variant of Win32/Kryptik.BZRY trojan" ac=I fn="C:\FRST\Quarantine\C\ProgramData\2992199F9A\ywvjryk.cpp.xBAD"
Code:
ATTFilter Results of screen317's Security Check version 0.99.81 Windows 7 x64 (UAC is disabled!) Out of date service pack!! ``````````````Antivirus/Firewall Check:`````````````` Avira Desktop Antivirus up to date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` Java(TM) 6 Update 22 Java(TM) 6 Update 33 Java 7 Update 13 Java version out of Date! Adobe Flash Player 10 Flash Player out of Date! Adobe Reader 9 Adobe Reader out of Date! Mozilla Firefox 20.0.1 Firefox out of Date! Google Chrome 33.0.1750.154 Google Chrome 34.0.1847.116 ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbam.exe Avira Antivir avgnt.exe Avira Antivir avguard.exe Malwarebytes Anti-Malware mbamscheduler.exe Symantec Norton Online Backup NOBuAgent.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-04-2014 01 Ran by Max (administrator) on MAX-HP on 18-04-2014 12:36:14 Running from C:\Users\Max\Desktop Windows 7 Home Premium (X64) OS Language: German Standard Internet Explorer Version 8 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\system32\atiesrxx.exe (Microsoft Corporation) C:\Windows\system32\WLANExt.exe (AMD) C:\Windows\system32\atieclxx.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe (Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe (DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe (Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe () C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe (Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Realtek Semiconductor Corp.) C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe (Realtek Semiconductor Corp.) C:\Program Files\Realtek\RtVOsd\RtVOsd.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2095400 2010-04-16] (Synaptics Incorporated) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6234144 2010-03-13] (Realtek Semiconductor) HKLM\...\Run: [HPWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-06-18] (Hewlett-Packard Company) HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-13] (Intel Corporation) HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [602680 2010-07-02] (Hewlett-Packard Company) HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-05-24] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-21] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated) HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1 HKU\S-1-5-21-3566709276-7339287-2280055418-1000\...\Run: [HPAdvisorDock] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe [1712184 2010-02-09] () HKU\S-1-5-21-3566709276-7339287-2280055418-1000\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2010-05-19] (Hewlett-Packard Company) HKU\S-1-5-21-3566709276-7339287-2280055418-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [357696 2010-04-01] (DT Soft Ltd) HKU\S-1-5-21-3566709276-7339287-2280055418-1000\...\Run: [HP Officejet 6700 (NET)] => C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe [2676584 2011-09-09] (Hewlett-Packard Co.) HKU\S-1-5-21-3566709276-7339287-2280055418-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-10-11] (Google Inc.) HKU\S-1-5-21-3566709276-7339287-2280055418-1000\...\Policies\system: [DisableLockWorkstation] 0 HKU\S-1-5-21-3566709276-7339287-2280055418-1000\...\Policies\system: [DisableChangePassword] 0 Startup: C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () Startup: C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet 6700 (Netzwerk).lnk ShortcutTarget: Tintenwarnungen überwachen - HP Officejet 6700 (Netzwerk).lnk -> C:\Program Files\HP\HP Officejet 6700\Bin\HPStatusBL.dll (Hewlett-Packard Co.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4 URLSearchHook: HKLM-x32 - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046} StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM - {3C5B6162-D957-49D4-9106-9B2DA73FD0F0} URL = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms} SearchScopes: HKLM - {76AFE0DB-0DF5-40C1-865D-5EA136F32395} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF SearchScopes: HKLM-x32 - {76AFE0DB-0DF5-40C1-865D-5EA136F32395} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF SearchScopes: HKCU - DefaultScope {69AF4F20-24D3-4581-8547-03CB2E70DE1F} URL = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7AURU_deDE505 SearchScopes: HKCU - {69AF4F20-24D3-4581-8547-03CB2E70DE1F} URL = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7AURU_deDE505 SearchScopes: HKCU - {76AFE0DB-0DF5-40C1-865D-5EA136F32395} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg64.dll (Google Inc.) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.) BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO-x32: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\jmhzq83h.default FF DefaultSearchEngine: ICQ Search FF SelectedSearchEngine: Wikipedia (de) FF NetworkProxy: "type", 0 FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @java.com/DTPlugin,version=10.13.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.13.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.) FF SearchPlugin: C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\jmhzq83h.default\searchplugins\searchplugins-backup FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\jmhzq83h.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2012-11-21] FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2013-05-02] FF HKLM-x32\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension FF Extension: SmartPrintButton - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2012-08-23] Chrome: ======= CHR HomePage: hxxp://www.google.com/ CHR StartupUrls: "hxxp://www.google.com/" CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll No File CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\gcswf32.dll No File CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () CHR Plugin: (Remoting Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\pdf.dll () CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File CHR Plugin: (Java(TM) Platform SE 6 U33) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) CHR Plugin: (Java Deployment Toolkit 6.0.330.5) - C:\Windows\SysWOW64\npdeployJava1.dll (Oracle Corporation) CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File CHR Extension: (McAfee Security Scan+) - C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh [2014-02-25] CHR Extension: (Google Wallet) - C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22] CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Users\Max\AppData\Roaming\DVDVideoSoft\dvsYoutubeDownload.crx [2012-09-18] ==================== Services (Whitelisted) ================= R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-21] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-21] (Avira Operations GmbH & Co. KG) S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1017424 2014-02-21] (Avira Operations GmbH & Co. KG) R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [27192 2010-07-02] () R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [289256 2014-01-16] (McAfee, Inc.) R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation) ==================== Drivers (Whitelisted) ==================== U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [303616 2013-06-15] () R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-18] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-18] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG) S2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [35328 2013-06-15] () R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-04-18] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation) S3 RSUSBSTOR; C:\Windows\SysWOW64\Drivers\RtsUStor.sys [225280 2009-09-23] (Realtek Semiconductor Corp.) R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2011-01-24] () U3 aui46neg; C:\Windows\System32\Drivers\aui46neg.sys [0 ] (Microsoft Corporation) S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 X6va012; \??\C:\Windows\SysWOW64\Drivers\X6va012 [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-04-18 12:32 - 2014-04-18 10:18 - 00987448 _____ () C:\Users\Max\Desktop\SecurityCheck.exe 2014-04-18 10:19 - 2014-04-17 17:44 - 02347384 _____ (ESET) C:\Users\Max\Desktop\esetsmartinstaller_enu.exe 2014-04-16 13:47 - 2014-04-18 12:36 - 00000000 ____D () C:\Users\Max\Desktop\FRST-OlderVersion 2014-04-16 13:46 - 2014-04-16 13:46 - 00001543 _____ () C:\Users\Max\Desktop\JRT.txt 2014-04-16 13:38 - 2014-04-16 13:38 - 00000000 ____D () C:\Windows\ERUNT 2014-04-16 13:37 - 2014-04-16 12:57 - 01016261 _____ (Thisisu) C:\Users\Max\Desktop\JRT.exe 2014-04-16 13:36 - 2014-04-16 13:36 - 00034682 _____ () C:\Users\Max\Desktop\AdwCleaner[S0].txt 2014-04-16 13:31 - 2014-04-16 13:34 - 00000000 ____D () C:\AdwCleaner 2014-04-16 13:31 - 2014-04-16 12:56 - 01426178 _____ () C:\Users\Max\Desktop\adwcleaner.exe 2014-04-16 13:30 - 2014-04-16 13:30 - 00002285 _____ () C:\Users\Max\Desktop\mbam.txt 2014-04-16 13:00 - 2014-04-18 10:51 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-04-16 13:00 - 2014-04-16 13:00 - 00001098 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-04-16 13:00 - 2014-04-16 13:00 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-04-16 13:00 - 2014-04-16 13:00 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-04-16 13:00 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-04-16 13:00 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-04-16 13:00 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-04-16 12:59 - 2014-04-16 12:55 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Max\Desktop\mbam-setup-2.0.1.1004.exe 2014-04-15 12:15 - 2014-04-15 12:15 - 00020409 _____ () C:\Users\Max\Desktop\combofix.txt 2014-04-15 12:13 - 2014-04-15 12:13 - 00020409 _____ () C:\ComboFix.txt 2014-04-15 11:55 - 2014-04-15 12:13 - 00000000 ____D () C:\Qoobox 2014-04-15 11:55 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe 2014-04-15 11:55 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe 2014-04-15 11:55 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2014-04-15 11:55 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2014-04-15 11:55 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2014-04-15 11:55 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe 2014-04-15 11:55 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe 2014-04-15 11:55 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe 2014-04-15 11:54 - 2014-04-15 12:08 - 00000000 ____D () C:\Windows\erdnt 2014-04-15 11:53 - 2014-04-15 11:50 - 05194807 ____R (Swearware) C:\Users\Max\Desktop\ComboFix.exe 2014-04-14 11:58 - 2014-04-14 11:58 - 00059362 _____ () C:\Users\Max\Desktop\Addition.txt 2014-04-14 11:57 - 2014-04-18 12:36 - 02158592 _____ (Farbar) C:\Users\Max\Desktop\FRST64.exe 2014-04-14 11:57 - 2014-04-18 12:36 - 00023271 _____ () C:\Users\Max\Desktop\FRST.txt 2014-04-13 23:24 - 2014-04-18 12:36 - 00000000 ____D () C:\FRST 2014-04-05 14:32 - 2014-04-05 14:32 - 00000198 _____ () C:\Users\Max\Desktop\Hitman Codename 47.url 2014-03-27 21:43 - 2014-03-27 21:43 - 00000222 _____ () C:\Users\Max\Desktop\Betrayer.url ==================== One Month Modified Files and Folders ======= 2014-04-18 12:36 - 2014-04-16 13:47 - 00000000 ____D () C:\Users\Max\Desktop\FRST-OlderVersion 2014-04-18 12:36 - 2014-04-14 11:57 - 02158592 _____ (Farbar) C:\Users\Max\Desktop\FRST64.exe 2014-04-18 12:36 - 2014-04-14 11:57 - 00023271 _____ () C:\Users\Max\Desktop\FRST.txt 2014-04-18 12:36 - 2014-04-13 23:24 - 00000000 ____D () C:\FRST 2014-04-18 12:30 - 2010-10-13 17:58 - 01893283 _____ () C:\Windows\WindowsUpdate.log 2014-04-18 12:20 - 2012-10-11 20:53 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-04-18 10:51 - 2014-04-16 13:00 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-04-18 10:23 - 2009-07-14 06:45 - 00023024 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-04-18 10:23 - 2009-07-14 06:45 - 00023024 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-04-18 10:18 - 2014-04-18 12:32 - 00987448 _____ () C:\Users\Max\Desktop\SecurityCheck.exe 2014-04-18 10:14 - 2012-10-11 20:53 - 00001100 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-04-18 10:14 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-04-18 10:14 - 2009-07-14 06:51 - 00228092 _____ () C:\Windows\setupact.log 2014-04-18 00:03 - 2012-06-17 14:13 - 00000000 ____D () C:\ProgramData\Origin 2014-04-18 00:03 - 2011-04-07 21:20 - 00000000 ____D () C:\Users\Max\AppData\Roaming\Mumble 2014-04-17 20:44 - 2013-03-28 14:59 - 00000000 ____D () C:\Users\Max\Documents\FIFA 13 2014-04-17 17:44 - 2014-04-18 10:19 - 02347384 _____ (ESET) C:\Users\Max\Desktop\esetsmartinstaller_enu.exe 2014-04-17 17:00 - 2012-06-17 14:13 - 00000000 ____D () C:\Program Files (x86)\Origin 2014-04-16 13:46 - 2014-04-16 13:46 - 00001543 _____ () C:\Users\Max\Desktop\JRT.txt 2014-04-16 13:38 - 2014-04-16 13:38 - 00000000 ____D () C:\Windows\ERUNT 2014-04-16 13:36 - 2014-04-16 13:36 - 00034682 _____ () C:\Users\Max\Desktop\AdwCleaner[S0].txt 2014-04-16 13:34 - 2014-04-16 13:31 - 00000000 ____D () C:\AdwCleaner 2014-04-16 13:33 - 2011-04-03 20:49 - 00000000 ____D () C:\ProgramData\ICQ 2014-04-16 13:30 - 2014-04-16 13:30 - 00002285 _____ () C:\Users\Max\Desktop\mbam.txt 2014-04-16 13:01 - 2010-07-20 23:46 - 00697550 _____ () C:\Windows\system32\perfh007.dat 2014-04-16 13:01 - 2010-07-20 23:46 - 00148556 _____ () C:\Windows\system32\perfc007.dat 2014-04-16 13:01 - 2009-07-14 07:13 - 01614964 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-04-16 13:00 - 2014-04-16 13:00 - 00001098 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-04-16 13:00 - 2014-04-16 13:00 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-04-16 13:00 - 2014-04-16 13:00 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-04-16 12:57 - 2014-04-16 13:37 - 01016261 _____ (Thisisu) C:\Users\Max\Desktop\JRT.exe 2014-04-16 12:56 - 2014-04-16 13:31 - 01426178 _____ () C:\Users\Max\Desktop\adwcleaner.exe 2014-04-16 12:55 - 2014-04-16 12:59 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Max\Desktop\mbam-setup-2.0.1.1004.exe 2014-04-16 12:52 - 2010-12-21 14:24 - 00359354 _____ () C:\Windows\PFRO.log 2014-04-15 12:15 - 2014-04-15 12:15 - 00020409 _____ () C:\Users\Max\Desktop\combofix.txt 2014-04-15 12:13 - 2014-04-15 12:13 - 00020409 _____ () C:\ComboFix.txt 2014-04-15 12:13 - 2014-04-15 11:55 - 00000000 ____D () C:\Qoobox 2014-04-15 12:08 - 2014-04-15 11:54 - 00000000 ____D () C:\Windows\erdnt 2014-04-15 12:07 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini 2014-04-15 12:06 - 2010-12-21 14:28 - 00000000 ____D () C:\Users\Max 2014-04-15 11:50 - 2014-04-15 11:53 - 05194807 ____R (Swearware) C:\Users\Max\Desktop\ComboFix.exe 2014-04-14 11:58 - 2014-04-14 11:58 - 00059362 _____ () C:\Users\Max\Desktop\Addition.txt 2014-04-14 00:55 - 2010-12-21 14:33 - 00000000 ___RD () C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-04-12 12:18 - 2012-10-11 20:56 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-04-10 20:11 - 2011-07-21 17:19 - 00003174 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForMax 2014-04-10 20:11 - 2011-07-21 17:19 - 00000324 _____ () C:\Windows\Tasks\HPCeeScheduleForMax.job 2014-04-09 18:34 - 2013-04-07 22:20 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-04-09 18:33 - 2013-08-07 18:14 - 00000000 ____D () C:\Windows\system32\MRT 2014-04-09 18:31 - 2011-05-06 17:19 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-04-08 20:32 - 2011-02-07 13:13 - 00000000 ____D () C:\Program Files (x86)\Steam 2014-04-05 14:57 - 2010-12-26 22:03 - 00000000 ____D () C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games 2014-04-05 14:32 - 2014-04-05 14:32 - 00000198 _____ () C:\Users\Max\Desktop\Hitman Codename 47.url 2014-04-03 09:51 - 2014-04-16 13:00 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-04-03 09:51 - 2014-04-16 13:00 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-04-03 09:50 - 2014-04-16 13:00 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-03-31 21:57 - 2010-12-22 19:54 - 00000000 ____D () C:\Users\Max\AppData\Local\CrashDumps 2014-03-31 09:35 - 2011-03-05 20:12 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2014-03-30 02:56 - 2012-10-11 20:53 - 00000000 ____D () C:\Users\Max\AppData\Local\Google 2014-03-30 02:15 - 2012-10-11 20:53 - 00004100 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-03-30 02:15 - 2012-10-11 20:53 - 00003848 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-03-29 18:40 - 2013-07-06 13:35 - 00000000 ____D () C:\Users\Max\Documents\My Games 2014-03-29 18:40 - 2010-07-20 14:20 - 00332559 _____ () C:\Windows\DirectX.log 2014-03-27 21:43 - 2014-03-27 21:43 - 00000222 _____ () C:\Users\Max\Desktop\Betrayer.url 2014-03-24 18:59 - 2012-08-23 16:03 - 00000000 ____D () C:\Users\Max\AppData\Roaming\HpUpdate 2014-03-23 19:06 - 2012-06-17 14:13 - 00000000 ____D () C:\Users\Max\AppData\Roaming\Origin 2014-03-23 19:06 - 2012-06-17 14:13 - 00000000 ____D () C:\Users\Max\AppData\Local\Origin Some content of TEMP: ==================== C:\Users\Max\AppData\Local\Temp\avgnt.exe C:\Users\Max\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-04-01 18:43 ==================== End Of Log ============================ |
|
19.04.2014, 05:10
| #12 |
| /// the machine /// TB-Ausbilder | Bundesamt für Sicherheit-Trojaner - Abgsichter Modus fährt direkt wieder herunter Java, FLash, Adobe und Firefox updaten. Unbedingt Windows updaten, da fehlt ein ganzes Servicepack. Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Bundesamt für Sicherheit-Trojaner - Abgsichter Modus fährt direkt wieder herunter |
| adobe, antivir, association, avg, avira, bootmgr, desktop, download, entfernen, explorer, google, gvu - trojaner - abgesicherter modus, home, igdpmd64.sys, launch, logfile, microsoft, netzwerk, officejet, opera, problem, realtek, registry, secure, security, services.exe, svchost.exe, symantec, system, temp, trojaner, usbvideo.sys, winlogon.exe |
WARNUNG an die MITLESER: 
Linear-Darstellung
