Trojaner-Board - Win Vista Advanced System Protector & RegClean Pro

Hallo,

auf dem Laptop einer Bekannten habe ich Advanced System Protector und RegClean Pro gefunden, außerdem ist er sehr langsam geworden.
Sollte ich das System lieber komplett neu aufsetzen oder gibt es eine Chance die Malware nachhaltig zu entfernen.
Falls ich nun ein Backup von den vorhandenen Daten erstelle und es später wieder auf den neu aufgesetzen Laptop spiele, würde ich dann die Malware mit überspielen?

Die Scans habe ich bereits gemacht, siehe Logs.
Vielen Dank vorab!

defogger_disable

Code:

defogger_disable by jpshortstuff (23.02.10.1)

Log created at 22:48 on 16/08/2013 (Gabi)
 

Checking for autostart values...

HKCU\~\Run values retrieved.

HKLM\~\Run values retrieved.
 

Checking for services/drivers...
 
 

-=E.O.F=-

FRST

Code:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 16-08-2013 01

Ran by Gabi (administrator) on 16-08-2013 23:01:27

Running from D:\Users\Gabi\Desktop

Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: German Standard

Internet Explorer Version 9

Boot Mode: Normal
 

==================== Processes (Whitelisted) ===================
 

(ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe

(ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe

(Microsoft Corporation) C:\Windows\system32\SLsvc.exe

() C:\Program Files\ATK Hotkey\ASLDRSrv.exe

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Just Develop It) C:\Program Files\MyPC Backup\BackupStack.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

() C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe

(Syntek America Inc.) C:\Windows\System32\StkCSrv.exe

() C:\Program Files\Amazon Browser Bar\ToolbarUpdaterService.exe

() C:\Program Files\XSManager\WTGService.exe

(4G Systems GmbH & Co. KG) C:\Windows\service4g.exe

(Systweak) C:\Program Files\Advanced System Protector\AdvancedSystemProtector.exe

() C:\Program Files\ASUS\ASUS Live Update\ALU.exe

(ATK0100) C:\Program Files\ATK Hotkey\Hcontrol.exe

() C:\Program Files\ATKOSD2\ATKOSD2.exe

() C:\Program Files\Wireless Console 2\wcourier.exe

(ATK) C:\Program Files\P4G\BatteryLife.exe

(Systweak Inc) C:\Program Files\RegClean Pro\RegCleanPro.exe

(ATK) C:\Program Files\ASUS\Splendid\ACMON.exe

(ASUSTeK) C:\Windows\System32\ACEngSvr.exe

() C:\Program Files\ATK Hotkey\ATKOSD.exe

(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe

(Motorola Inc.) C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

(ASUSTeK Computer INC.) C:\Program Files\ASUS\ATK Media\DMedia.exe

(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(ASUS) C:\Windows\System32\ASUSTPE.exe

() C:\Windows\ASScrPro.exe

(4G Systems GmbH & Co. KG) C:\Windows\starter4g.exe

(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jusched.exe

() C:\Program Files\ATK Hotkey\KBFiltr.exe

(Ask) C:\Program Files\Ask.com\Updater\Updater.exe

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe

(Elgato Systems) C:\Program Files\Common Files\TerraTec\Remote\TTTvRc.exe

(Microsoft Corporation) C:\Windows\ehome\ehtray.exe

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE

(Honest Technology) C:\Program Files\honestech Audio Recorder 2.0 Deluxe\HTARLauncher.exe

(Dropbox, Inc.) C:\Users\Gabi\AppData\Roaming\Dropbox\bin\Dropbox.exe

(Facebook) C:\Users\Gabi\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe

(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe

(MyPCBackup.com) C:\Program Files\MyPC Backup\MyPC Backup.exe

(Smart PC Solutions) C:\Program Files\PC Speed Maximizer\SPMSmartScan.exe

(Smart PC Solutions) C:\Program Files\PC Speed Maximizer\SPMReminder.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Microsoft Corporation) C:\Windows\system32\conime.exe

(Microsoft Corporation) C:\Windows\system32\wuauclt.exe

(Microsoft Corporation) C:\Windows\System32\mobsync.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

() C:\Program Files\Amazon Browser Bar\AmazonBrowserBarSSB.3.0.dll

(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-19] (Microsoft Corporation)

HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [4390912 2007-02-15] (Realtek Semiconductor)

HKLM\...\Run: [SMSERIAL] - C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [1458176 2009-10-26] (Motorola Inc.)

HKLM\...\Run: [ATKMEDIA] - C:\Program Files\ASUS\ATK Media\DMEDIA.EXE [61440 2006-11-02] (ASUSTeK Computer INC.)

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [815104 2006-11-22] (Synaptics, Inc.)

HKLM\...\Run: [ASUSTPE] - C:\Windows\system32\ASUSTPE.exe [106496 2006-12-13] (ASUS)

HKLM\...\Run: [ASUS Camera ScreenSaver] - C:\Windows\ASScrProlog.exe [37232 2011-01-26] ()

HKLM\...\Run: [ASUS Screen Saver Protector] - C:\Windows\ASScrPro.exe [33136 2011-01-26] ()

HKLM\...\Run: [Zshutdown1] - c:\preload\patch\sysprep1.cmd [x]

HKLM\...\Run: [starter4g] - C:\Windows\starter4g.exe [157968 2009-06-17] (4G Systems GmbH & Co. KG)

HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-01-28] (Apple Inc.)

HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)

HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Java\jre6\bin\jusched.exe [148888 2012-10-28] (Sun Microsystems, Inc.)

HKLM\...\Run: [] -  [x]

HKLM\...\Run: [ApnUpdater] - C:\Program Files\Ask.com\Updater\Updater.exe [1644680 2013-02-08] (Ask)

HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [345144 2013-07-01] (Avira Operations GmbH & Co. KG)

HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)

HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-02-20] (Apple Inc.)

HKCU\...\Run: [Remote Control Editor] - C:\Program Files\Common Files\TerraTec\Remote\TTTvRc.exe [1689088 2010-06-09] (Elgato Systems)

HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)

HKCU\...\Run: [Sony PC Companion] - "C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" /Background [x]

HKCU\...\Run: [Facebook Update] - C:\Users\Gabi\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-15] (Facebook Inc.)

HKCU\...\Run: [DriverTurbo] - C:\Program Files\DriverTurbo\DriverTurbo.exe [4803688 2013-04-09] ()

HKCU\...\Run: [PC Speed Maximizer] - C:\Program Files\PC Speed Maximizer\SPMLauncher.exe [134456 2013-03-09] (Smart PC Solutions)

HKCU\...\RunOnce: [Application Restart #2] - C:\Program Files\Google\Chrome\Application\chrome.exe  --flag-switches-begin --flag-switches-end --restore-last-session -- hxxp://www.facebook.com/n/?dorothea.kerkhoff%2Fposts%2F171327733018616&from_close_friend=1&mid=7affe11G5af3b67ac70aGbfe0b6G79&bcode=1.1363542243.AbkPfNDEe0GkYEDQ&n_m=gabimathias%40arcor.de [846288 2013-07-25] (Google Inc.)

MountPoints2: G - G:\autorun.exe

MountPoints2: {43491e52-4678-11e0-948a-001d60d2c546} - I:\Startme.exe

MountPoints2: {5a2d03c0-2a44-11e0-865b-001d60d2c546} - F:\autorun.exe

MountPoints2: {c38b8f2f-4ffb-11e2-bfa6-001d60d2c546} - F:\install.bat

HKU\Default\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2009-04-11] (Microsoft Corporation)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\honestech Audio Recorder 2.0 Deluxe Launcher.lnk

ShortcutTarget: honestech Audio Recorder 2.0 Deluxe Launcher.lnk -> C:\Program Files\honestech Audio Recorder 2.0 Deluxe\HTARLauncher.exe (Honest Technology)

Startup: C:\Users\Gabi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

ShortcutTarget: Dropbox.lnk -> C:\Users\Gabi\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

Startup: C:\Users\Gabi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk

ShortcutTarget: Facebook Messenger.lnk -> C:\Users\Gabi\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe (Facebook)

Startup: C:\Users\Gabi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk

ShortcutTarget: MyPC Backup.lnk -> C:\Program Files\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
 

==================== Internet (Whitelisted) ====================
 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.amazon.de/gp/bit/amazonserp/ref=bit_bds-p07_serp_ie_de_display?ie=UTF8&tagbase=bds-p07&tbrId=v1_abb-channel-7_2dd0f2b9d42e4cc8988dee811d308b7f_30_46_20130802_DE_ie_sp_

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.asus.com

SearchScopes: HKCU - DefaultScope {B3B3A6AC-74EC-BD56-BCDB-EFA4799FB9DF} URL = hxxp://www.amazon.de/gp/bit/amazonserp/ref=bit_bds-p07_serp_ie_de_display?ie=UTF8&tagbase=bds-p07&tag=bds-p07-serp-de-ie-21&tbrId=v1_abb-channel-7_2dd0f2b9d42e4cc8988dee811d308b7f_30_46_20130802_DE_ie_ds_&query={searchTerms}

SearchScopes: HKCU - {63C02DDB-8C88-4ABF-A1B1-E8B44F6C6D26} URL = hxxp://www.google.de/search?q={searchTerms}&rlz=

SearchScopes: HKCU - {B3B3A6AC-74EC-BD56-BCDB-EFA4799FB9DF} URL = hxxp://www.amazon.de/gp/bit/amazonserp/ref=bit_bds-p07_serp_ie_de_display?ie=UTF8&tagbase=bds-p07&tag=bds-p07-serp-de-ie-21&tbrId=v1_abb-channel-7_2dd0f2b9d42e4cc8988dee811d308b7f_30_46_20130802_DE_ie_ds_&query={searchTerms}

SearchScopes: HKCU - {D4F12365-5A89-4622-B3FD-E6EEFD4DD8AB} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=53af0453-94c5-48f4-a7a1-74c2063da324&apn_sauid=DBB92CA6-1D1F-4335-9D82-BAAAD90E2FEC

BHO: LyricXeeker - {17E58097-6CA5-448B-830F-2A19678248FB} - C:\Program Files\LyriXeeker\125.dll (LyriXeeker Tech)

BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

BHO: Avira SearchFree Toolbar plus Web Protection - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)

BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

BHO: AlxHelper Class - {F443A627-5009-4323-9C1D-7FD598D0D712} - C:\Program Files\Amazon Browser Bar\AmazonBrowserBar.3.0.dll (Amazon.com)

Toolbar: HKLM - TerraTec Home Cinema - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\PROGRA~1\TerraTec\TERRAT~1\THCDES~1.DLL (TerraTec Electronic GmbH)

Toolbar: HKLM - Avira SearchFree Toolbar plus Web Protection - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)

Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

Toolbar: HKLM - Amazon Browser Bar - {EA582743-9076-4178-9AA6-7393FDF4D5CE} - C:\Program Files\Amazon Browser Bar\AmazonBrowserBar.3.0.dll (Amazon.com)

Toolbar: HKCU -&Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation)

Toolbar: HKCU -Avira SearchFree Toolbar plus Web Protection - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)

Winsock: Catalog5 06 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)

Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9 03 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9 04 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9 05 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9 06 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9 07 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9 08 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9 20 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
 

Chrome: 

=======

CHR HomePage: hxxp://www.amazon.de/gp/bit/amazonserp/ref=bit_bds-p07_serp_cr_de_display?ie=UTF8&tagbase=bds-p07&tbrId=v1_abb-channel-7_2dd0f2b9d42e4cc8988dee811d308b7f_30_46_20130802_DE_cr_sp_

CHR RestoreOnStartup: "hxxp://www.amazon.de/gp/bit/amazonserp/ref=bit_bds-p07_serp_cr_de_display?ie=UTF8&tagbase=bds-p07&tbrId=v1_abb-channel-7_2dd0f2b9d42e4cc8988dee811d308b7f_30_46_20130802_DE_cr_sp_"

CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}

CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}

CHR Plugin: (Remoting Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll ()

CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\28.0.1500.95\pdf.dll ()

CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\28.0.1500.95\gcswf32.dll No File

CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)

CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)

CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File

CHR Plugin: (Media Go Detector) - C:\Program Files\Sony\Media Go\npmediago.dll (Sony Media Software and Services Inc)

CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

CHR Plugin: (Facebook Desktop) - C:\Users\Gabi\AppData\Local\Facebook\Messenger\2.1.4631.0\npFbDesktopPlugin.dll No File

CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

CHR Extension: (YouTube) - C:\Users\Gabi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0

CHR Extension: (Google Search) - C:\Users\Gabi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0

CHR Extension: (Skype Click to Call) - C:\Users\Gabi\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0

CHR Extension: (LyricXeeker) - C:\Users\Gabi\AppData\Local\Google\Chrome\User Data\Default\Extensions\odnofacmifkjndflfmmplhckcbfjckhj\1.125_0

CHR Extension: (Amazon for Chrome) - C:\Users\Gabi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam\2.2.2012.272_0

CHR Extension: (Gmail) - C:\Users\Gabi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_2

CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx

CHR HKLM\...\Chrome\Extension: [odnofacmifkjndflfmmplhckcbfjckhj] - C:\Program Files\LyriXeeker\125.crx
 

========================== Services (Whitelisted) =================
 

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [84024 2013-07-01] (Avira Operations GmbH & Co. KG)

R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [108088 2013-07-01] (Avira Operations GmbH & Co. KG)

R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [589368 2013-07-01] (Avira Operations GmbH & Co. KG)

R2 ASLDRService; C:\Program Files\ATK Hotkey\ASLDRSrv.exe [94208 2007-02-06] ()

R2 BackupStack; C:\Program Files\MyPC Backup\BackupStack.exe [32808 2013-07-01] (Just Develop It)

R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3064000 2012-10-02] (Skype Technologies S.A.)

S3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155320 2012-01-18] (Avanquest Software)

R2 spmgr; C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe [123248 2006-12-29] ()

R2 StkSSrv; C:\Windows\System32\StkCSrv.exe [24576 2006-12-10] (Syntek America Inc.)

R2 Updater Service for AMZN; C:\Program Files\Amazon Browser Bar\ToolbarUpdaterService.exe [222368 2013-03-21] ()

R2 WTGService; C:\Program Files\XSManager\WTGService.exe [304592 2009-06-22] ()

R2 XS Stick Service; C:\Windows\service4g.exe [125200 2009-06-17] (4G Systems GmbH & Co. KG)

S2 CLTNetCnService; "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [x]
 

==================== Drivers (Whitelisted) ====================
 

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [84744 2013-04-03] (Avira Operations GmbH & Co. KG)

R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135136 2013-04-03] (Avira Operations GmbH & Co. KG)

R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-04-03] (Avira Operations GmbH & Co. KG)

S3 cmnsusbser; C:\Windows\System32\DRIVERS\cmnsusbser.sys [103424 2008-10-31] (Mobile Connector)

R2 ghaio; C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys [18688 2006-12-28] ()

R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [5632 2007-01-24] ( )

S3 mod7700; C:\Windows\System32\DRIVERS\dvb7700all.sys [449408 2007-11-16] (DiBcom)

R3 MTsensor; C:\Windows\System32\DRIVERS\ATKACPI.sys [7680 2006-12-14] (ATK0100)

R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-03-01] (Avira GmbH)

R3 StkCMini; C:\Windows\System32\Drivers\StkCMini.sys [1324544 2007-01-19] (Syntek)

S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x]

S3 IpInIp; system32\DRIVERS\ipinip.sys [x]

S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]

S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2013-08-16 22:48 - 2013-08-16 22:48 - 00000000 _____ C:\Users\Gabi\defogger_reenable

2013-08-16 22:46 - 2013-08-16 22:46 - 01069019 _____ (Farbar) D:\Users\Gabi\Desktop\FRST.exe

2013-08-16 22:46 - 2013-08-16 22:46 - 00377856 _____ D:\Users\Gabi\Desktop\gmer_2.1.19163.exe

2013-08-16 22:44 - 2013-08-16 22:44 - 00050477 _____ D:\Users\Gabi\Desktop\Defogger.exe

2013-08-15 22:14 - 2013-08-16 22:25 - 00001374 _____ D:\Users\Gabi\Desktop\Registry kostenlos entrümpeln!.lnk

2013-08-06 20:57 - 2013-08-06 20:57 - 00001005 _____ C:\Users\Public\Desktop\Advanced System Protector.lnk

2013-08-06 20:57 - 2013-08-06 20:57 - 00000000 ____D C:\ProgramData\Systweak

2013-08-06 20:57 - 2013-08-06 20:57 - 00000000 ____D C:\Program Files\Advanced System Protector

2013-08-06 20:57 - 2012-07-25 12:03 - 00017136 _____ C:\Windows\system32\sasnative32.exe

2013-08-06 20:56 - 2013-08-08 15:20 - 00000270 _____ C:\Windows\Tasks\RegClean Pro_UPDATES.job

2013-08-06 20:56 - 2013-08-08 15:20 - 00000262 _____ C:\Windows\Tasks\RegClean Pro_DEFAULT.job

2013-08-06 20:56 - 2013-08-08 15:20 - 00000000 ____D C:\Program Files\MyPC Backup

2013-08-06 20:56 - 2013-08-06 20:57 - 00000000 ____D C:\Users\Gabi\AppData\Roaming\Systweak

2013-08-06 20:56 - 2013-08-06 20:56 - 00000854 _____ C:\Users\Public\Desktop\RegClean Pro.lnk

2013-08-06 20:56 - 2013-08-06 20:56 - 00000789 _____ D:\Users\Gabi\Desktop\MyPC Backup.lnk

2013-08-06 20:56 - 2013-08-06 20:56 - 00000000 ____D C:\Users\Gabi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup

2013-08-06 20:56 - 2013-08-06 20:56 - 00000000 ____D C:\Program Files\RegClean Pro

2013-08-06 20:56 - 2013-05-27 16:01 - 00018776 _____ (Systweak Inc., (www.systweak.com)) C:\Windows\system32\roboot.exe

2013-08-02 14:13 - 2013-08-02 14:13 - 00000000 ____D C:\Users\Gabi\AppData\Roaming\PC Speed Maximizer

2013-08-02 13:46 - 2013-08-06 23:21 - 00000000 ____D C:\Users\Gabi\AppData\Roaming\vlc

2013-08-02 13:45 - 2013-08-02 13:45 - 00000866 _____ C:\Users\Public\Desktop\VLC media player.lnk

2013-08-02 13:45 - 2013-08-02 13:45 - 00000000 ____D C:\Program Files\VideoLAN

2013-08-02 13:44 - 2013-08-02 13:44 - 00000000 ____D C:\Users\Gabi\AppData\Local\Amazon Browser Bar

2013-08-02 13:44 - 2013-08-02 13:44 - 00000000 ____D C:\Program Files\Amazon

2013-08-02 13:43 - 2013-08-16 22:26 - 00000362 _____ C:\Windows\Tasks\LyricXeeker Update.job

2013-08-02 13:43 - 2013-08-02 13:44 - 00000000 ____D C:\Program Files\Amazon Browser Bar

2013-08-02 13:43 - 2013-08-02 13:43 - 22657136 _____ D:\Users\Gabi\Documents\VLC_player_Setup [1].exe

2013-08-02 13:43 - 2013-08-02 13:43 - 00129536 _____ C:\Users\Public\AlexaNSISPlugin.2572.dll

2013-08-02 13:43 - 2013-08-02 13:43 - 00000795 _____ D:\Users\Gabi\Desktop\PC Speed Maximizer.lnk

2013-08-02 13:43 - 2013-08-02 13:43 - 00000000 ____D C:\Program Files\PC Speed Maximizer

2013-08-02 13:43 - 2013-08-02 13:43 - 00000000 ____D C:\Program Files\LyriXeeker

2013-07-29 15:54 - 2013-07-29 15:54 - 00002080 _____ C:\Users\Public\Desktop\Google Earth.lnk

2013-07-29 15:48 - 2013-07-29 15:51 - 00000000 ____D C:\Windows\system32\MRT

2013-07-19 20:28 - 2013-05-29 03:56 - 12333568 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2013-07-19 20:28 - 2013-05-29 03:50 - 01800704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2013-07-19 20:28 - 2013-05-29 03:48 - 09738752 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2013-07-19 20:28 - 2013-05-29 03:41 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2013-07-19 20:28 - 2013-05-29 03:41 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2013-07-19 20:28 - 2013-05-29 03:41 - 01104384 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2013-07-19 20:28 - 2013-05-29 03:40 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll

2013-07-19 20:28 - 2013-05-29 03:38 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2013-07-19 20:28 - 2013-05-29 03:37 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2013-07-19 20:28 - 2013-05-29 03:36 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2013-07-19 20:28 - 2013-05-29 03:35 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2013-07-19 20:28 - 2013-05-29 03:35 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2013-07-19 20:28 - 2013-05-29 03:33 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2013-07-19 20:28 - 2013-05-29 03:33 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2013-07-19 20:28 - 2013-05-29 03:33 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2013-07-19 20:28 - 2013-05-29 03:29 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2013-07-17 21:25 - 2013-06-04 03:50 - 02049024 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2013-07-17 21:25 - 2013-06-01 06:06 - 00505344 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll

2013-07-17 21:25 - 2013-05-08 06:04 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL

2013-07-17 21:25 - 2013-04-17 13:28 - 01029120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll

2013-07-17 21:25 - 2013-04-17 13:28 - 00219648 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll

2013-07-17 21:25 - 2013-04-17 13:28 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll

2013-07-17 21:25 - 2013-04-17 13:28 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll

2013-07-17 21:25 - 2013-04-17 12:34 - 01172480 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll

2013-07-17 21:25 - 2013-04-17 12:33 - 00486400 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll

2013-07-17 21:25 - 2013-04-17 12:14 - 00683008 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll

2013-07-17 21:25 - 2013-04-17 12:10 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll

2013-07-17 21:25 - 2013-04-17 12:10 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
 

==================== One Month Modified Files and Folders =======
 

2013-08-16 22:52 - 2011-01-27 21:32 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2013-08-16 22:51 - 2011-01-26 04:48 - 01188658 _____ C:\Windows\WindowsUpdate.log

2013-08-16 22:50 - 2013-08-16 22:50 - 00000000 ____D C:\FRST

2013-08-16 22:48 - 2013-08-16 22:48 - 00000000 _____ C:\Users\Gabi\defogger_reenable

2013-08-16 22:48 - 2011-01-25 21:37 - 00000000 ____D C:\Users\Gabi

2013-08-16 22:46 - 2013-08-16 22:46 - 01069019 _____ (Farbar) D:\Users\Gabi\Desktop\FRST.exe

2013-08-16 22:46 - 2013-08-16 22:46 - 00377856 _____ D:\Users\Gabi\Desktop\gmer_2.1.19163.exe

2013-08-16 22:44 - 2013-08-16 22:44 - 00050477 _____ D:\Users\Gabi\Desktop\Defogger.exe

2013-08-16 22:40 - 2012-06-05 21:57 - 00000000 ___RD C:\Users\Gabi\Dropbox

2013-08-16 22:40 - 2012-06-05 21:51 - 00000000 ____D C:\Users\Gabi\AppData\Roaming\Dropbox

2013-08-16 22:26 - 2013-08-02 13:43 - 00000362 _____ C:\Windows\Tasks\LyricXeeker Update.job

2013-08-16 22:25 - 2013-08-15 22:14 - 00001374 _____ D:\Users\Gabi\Desktop\Registry kostenlos entrümpeln!.lnk

2013-08-16 22:25 - 2006-11-02 14:52 - 00065695 _____ C:\Windows\setupact.log

2013-08-16 22:24 - 2012-05-02 18:35 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-08-16 22:22 - 2011-01-27 21:32 - 00001090 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2013-08-16 22:22 - 2011-01-26 05:30 - 00045056 _____ C:\Windows\system32\acovcnt.exe

2013-08-16 22:21 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2013-08-16 22:21 - 2006-11-02 14:47 - 00003168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

2013-08-16 22:21 - 2006-11-02 14:47 - 00003168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

2013-08-15 23:17 - 2007-04-18 10:33 - 00000012 _____ C:\Windows\bthservsdp.dat

2013-08-15 23:17 - 2006-11-02 15:01 - 00032514 _____ C:\Windows\Tasks\SCHEDLGU.TXT

2013-08-09 21:13 - 2012-07-08 21:03 - 00001134 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2480746026-3097824191-831488896-1000UA.job

2013-08-08 15:20 - 2013-08-06 20:56 - 00000270 _____ C:\Windows\Tasks\RegClean Pro_UPDATES.job

2013-08-08 15:20 - 2013-08-06 20:56 - 00000262 _____ C:\Windows\Tasks\RegClean Pro_DEFAULT.job

2013-08-08 15:20 - 2013-08-06 20:56 - 00000000 ____D C:\Program Files\MyPC Backup

2013-08-06 23:21 - 2013-08-02 13:46 - 00000000 ____D C:\Users\Gabi\AppData\Roaming\vlc

2013-08-06 20:57 - 2013-08-06 20:57 - 00001005 _____ C:\Users\Public\Desktop\Advanced System Protector.lnk

2013-08-06 20:57 - 2013-08-06 20:57 - 00000000 ____D C:\ProgramData\Systweak

2013-08-06 20:57 - 2013-08-06 20:57 - 00000000 ____D C:\Program Files\Advanced System Protector

2013-08-06 20:57 - 2013-08-06 20:56 - 00000000 ____D C:\Users\Gabi\AppData\Roaming\Systweak

2013-08-06 20:56 - 2013-08-06 20:56 - 00000854 _____ C:\Users\Public\Desktop\RegClean Pro.lnk

2013-08-06 20:56 - 2013-08-06 20:56 - 00000789 _____ D:\Users\Gabi\Desktop\MyPC Backup.lnk

2013-08-06 20:56 - 2013-08-06 20:56 - 00000000 ____D C:\Users\Gabi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup

2013-08-06 20:56 - 2013-08-06 20:56 - 00000000 ____D C:\Program Files\RegClean Pro

2013-08-05 00:13 - 2012-07-08 21:03 - 00001112 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2480746026-3097824191-831488896-1000Core.job

2013-08-02 14:13 - 2013-08-02 14:13 - 00000000 ____D C:\Users\Gabi\AppData\Roaming\PC Speed Maximizer

2013-08-02 13:55 - 2011-01-25 22:47 - 00159744 _____ C:\Users\Gabi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2013-08-02 13:45 - 2013-08-02 13:45 - 00000866 _____ C:\Users\Public\Desktop\VLC media player.lnk

2013-08-02 13:45 - 2013-08-02 13:45 - 00000000 ____D C:\Program Files\VideoLAN

2013-08-02 13:44 - 2013-08-02 13:44 - 00000000 ____D C:\Users\Gabi\AppData\Local\Amazon Browser Bar

2013-08-02 13:44 - 2013-08-02 13:44 - 00000000 ____D C:\Program Files\Amazon

2013-08-02 13:44 - 2013-08-02 13:43 - 00000000 ____D C:\Program Files\Amazon Browser Bar

2013-08-02 13:43 - 2013-08-02 13:43 - 22657136 _____ D:\Users\Gabi\Documents\VLC_player_Setup [1].exe

2013-08-02 13:43 - 2013-08-02 13:43 - 00129536 _____ C:\Users\Public\AlexaNSISPlugin.2572.dll

2013-08-02 13:43 - 2013-08-02 13:43 - 00000795 _____ D:\Users\Gabi\Desktop\PC Speed Maximizer.lnk

2013-08-02 13:43 - 2013-08-02 13:43 - 00000000 ____D C:\Program Files\PC Speed Maximizer

2013-08-02 13:43 - 2013-08-02 13:43 - 00000000 ____D C:\Program Files\LyriXeeker

2013-08-02 13:43 - 2006-11-02 13:18 - 00000000 ___RD C:\Users\Public

2013-07-29 19:06 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\Microsoft.NET

2013-07-29 18:52 - 2006-11-02 12:33 - 01445116 _____ C:\Windows\system32\PerfStringBackup.INI

2013-07-29 15:54 - 2013-07-29 15:54 - 00002080 _____ C:\Users\Public\Desktop\Google Earth.lnk

2013-07-29 15:54 - 2011-01-27 21:32 - 00000000 ____D C:\Program Files\Google

2013-07-29 15:51 - 2013-07-29 15:48 - 00000000 ____D C:\Windows\system32\MRT

2013-07-19 21:00 - 2006-11-02 14:47 - 00374088 _____ C:\Windows\system32\FNTCACHE.DAT

2013-07-19 20:56 - 2006-11-02 14:37 - 00000000 ____D C:\Windows\system32\XPSViewer

2013-07-19 20:14 - 2006-11-02 14:37 - 00000000 ____D C:\Program Files\Windows Journal
 

==================== Bamital & volsnap Check =================
 

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 

LastRegBack: 2013-08-16 22:26
 

==================== End Of Log ============================

Addition

Code:

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 16-08-2013 01

Ran by Gabi at 2013-08-16 23:03:15

Running from D:\Users\Gabi\Desktop

Boot Mode: Normal

==========================================================
 
 

==================== Installed Programs =======================
 

2007 Microsoft Office Suite Service Pack 1 (SP1)

Adobe Flash Player 11 ActiveX (Version: 11.7.700.224)

Adobe Reader X (10.1.7) - Deutsch (Version: 10.1.7)

Advanced System Protector (Version: 2.1.1000.10905)

Amazon Browser Bar (Version: 3.0)

Apple Application Support (Version: 2.3.3)

Apple Mobile Device Support (Version: 6.1.0.13)

Apple Software Update (Version: 2.1.3.127)

Ask Toolbar (Version: 1.15.18.0)

ASUS InstantFun (Version: 1.0.0014)

ASUS Live Update (Version: 2.5.1)

ASUS Splendid Video Enhancement Technology (Version: 1.02.15)

ASUS Touch Pad Extra

Asus_Camera_ScreenSaver (Version: 2.0.0005)

Atheros Driver Installation Program (Version: 7.1)

ATI Catalyst Install Manager (Version: 3.0.641.0)

ATI Uninstaller

ATK Hotkey (Version: 1.00.0012)

ATK Media

ATKOSD2 (Version: 6.64.1.4)

Avira Free Antivirus (Version: 13.0.0.3885)

Avira SearchFree Toolbar plus Web Protection Updater (HKCU Version: 1.2.4.37268)

Bonjour (Version: 3.0.0.10)

Catalyst Control Center Core Implementation (Version: 2007.0316.2332.40221)

Catalyst Control Center Graphics Full Existing (Version: 2007.0316.2332.40221)

Catalyst Control Center Graphics Full New (Version: 2007.0316.2332.40221)

Catalyst Control Center Graphics Light (Version: 2007.0316.2332.40221)

Catalyst Control Center Graphics Previews Common (Version: 2007.0316.2332.40221)

Catalyst Control Center Graphics Previews Vista (Version: 2007.0316.2332.40221)

Catalyst Control Center Localization Chinese Standard (Version: 2007.0316.2332.40221)

Catalyst Control Center Localization Chinese Traditional (Version: 2007.0316.2332.40221)

Catalyst Control Center Localization Czech (Version: 2007.0316.2332.40221)

Catalyst Control Center Localization Danish (Version: 2007.0316.2332.40221)

Catalyst Control Center Localization Dutch (Version: 2007.0316.2332.40221)

Catalyst Control Center Localization Finnish (Version: 2007.0316.2332.40221)

Catalyst Control Center Localization French (Version: 2007.0316.2332.40221)

Catalyst Control Center Localization German (Version: 2007.0316.2332.40221)

Catalyst Control Center Localization Greek (Version: 2007.0316.2332.40221)

Catalyst Control Center Localization Hungarian (Version: 2007.0316.2332.40221)

Catalyst Control Center Localization Italian (Version: 2007.0316.2332.40221)

Catalyst Control Center Localization Japanese (Version: 2007.0316.2332.40221)

Catalyst Control Center Localization Korean (Version: 2007.0316.2332.40221)

Catalyst Control Center Localization Norwegian (Version: 2007.0316.2332.40221)

Catalyst Control Center Localization Polish (Version: 2007.0316.2332.40221)

Catalyst Control Center Localization Portuguese (Version: 2007.0316.2332.40221)

Catalyst Control Center Localization Russian (Version: 2007.0316.2332.40221)

Catalyst Control Center Localization Spanish (Version: 2007.0316.2332.40221)

Catalyst Control Center Localization Swedish (Version: 2007.0316.2332.40221)

Catalyst Control Center Localization Thai (Version: 2007.0316.2332.40221)

Catalyst Control Center Localization Turkish (Version: 2007.0316.2332.40221)

CCC Help Chinese Standard (Version: 2007.0316.2331.40221)

CCC Help Chinese Traditional (Version: 2007.0316.2331.40221)

CCC Help Czech (Version: 2007.0316.2331.40221)

CCC Help Danish (Version: 2007.0316.2331.40221)

CCC Help Dutch (Version: 2007.0316.2331.40221)

CCC Help English (Version: 2007.0316.2331.40221)

CCC Help Finnish (Version: 2007.0316.2331.40221)

CCC Help French (Version: 2007.0316.2331.40221)

CCC Help German (Version: 2007.0316.2331.40221)

CCC Help Greek (Version: 2007.0316.2331.40221)

CCC Help Hungarian (Version: 2007.0316.2331.40221)

CCC Help Italian (Version: 2007.0316.2331.40221)

CCC Help Japanese (Version: 2007.0316.2331.40221)

CCC Help Korean (Version: 2007.0316.2331.40221)

CCC Help Norwegian (Version: 2007.0316.2331.40221)

CCC Help Polish (Version: 2007.0316.2331.40221)

CCC Help Portuguese (Version: 2007.0316.2331.40221)

CCC Help Russian (Version: 2007.0316.2331.40221)

CCC Help Spanish (Version: 2007.0316.2331.40221)

CCC Help Swedish (Version: 2007.0316.2331.40221)

CCC Help Thai (Version: 2007.0316.2331.40221)

CCC Help Turkish (Version: 2007.0316.2331.40221)

ccc-Branding (Version: 1.00.0000)

ccc-core-static (Version: 2007.0316.2332.40221)

ccc-utility (Version: 2007.0316.2332.40221)

DriverTurbo (Version: 3.0.0)

Dropbox (HKCU Version: 2.0.22)

Facebook Messenger 2.1.4814.0 (Version: 2.1.4814.0)

Gehirnjogging 5 (Version: 1.1)

Google Chrome (Version: 28.0.1500.95)

Google Earth (Version: 7.1.1.1888)

Google Toolbar for Internet Explorer (Version: 1.0.0)

Google Toolbar for Internet Explorer (Version: 7.5.4209.2358)

Google Update Helper (Version: 1.3.21.153)

honestech Audio Recorder 2.0 Deluxe (Version: 2.0)

iTunes (Version: 11.0.2.26)

Java(TM) 6 Update 12 (Version: 6.0.120)

Kakuro 25.000 Edition v2.0 (Version: 2.0)

KODAK Create@Home Software (für dm) (Version: 7.3.4392)

LifeFrame2 (Version: 2.0.14)

LyricXeeker

Media Go (Version: 1.5.312)

Microsoft .NET Framework 3.5 Language Pack SP1 - DEU

Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729)

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)

Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)

Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)

Microsoft Office Access MUI (German) 2007 (Version: 12.0.6215.1000)

Microsoft Office Enterprise 2007 (Version: 12.0.6215.1000)

Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6215.1000)

Microsoft Office Groove MUI (German) 2007 (Version: 12.0.6215.1000)

Microsoft Office InfoPath MUI (German) 2007 (Version: 12.0.6215.1000)

Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6215.1000)

Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.6215.1000)

Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6215.1000)

Microsoft Office Proof (English) 2007 (Version: 12.0.6213.1000)

Microsoft Office Proof (French) 2007 (Version: 12.0.6213.1000)

Microsoft Office Proof (German) 2007 (Version: 12.0.6213.1000)

Microsoft Office Proof (Italian) 2007 (Version: 12.0.6213.1000)

Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014)

Microsoft Office Publisher MUI (German) 2007 (Version: 12.0.6215.1000)

Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6215.1000)

Microsoft Office Word MUI (German) 2007 (Version: 12.0.6215.1000)

Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)

Motorola SM56 Speakerphone Modem (Version: 6.12.25.06)

MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)

MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)

MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)

MyPC Backup  (Version: )

NB Probe

PC Speed Maximizer v3.1 (Version: 3.1)

PlayStation(R)Network Downloader (Version: 2.03.00126)

PlayStation(R)Store (Version: 3.2.11.09227)

Power4Gear eXtreme (Version: 1.00.0011)

QuickTime (Version: 7.73.80.64)

Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista (Version: 1.00.0000)

Realtek High Definition Audio Driver (Version: 6.0.1.5374)

Realtek USB 2.0 Card Reader (Version: )

RegClean Pro (Version: 6.21)

Skins (Version: 2007.0316.2332.40221)

Skype Click to Call (Version: 6.3.11079)

Skype™ 5.10 (Version: 5.10.116)

Sony PC Companion 2.10.108 (Version: 2.10.108)

Synaptics Pointing Device Driver (Version: 9.1.5.0)

TerraTec Home Cinema (Version: 6.15.11)

Update for Microsoft .NET Framework 3.5 SP1 (KB2836940) (Version: 1)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)

USB2.0 1.3M WebCam

VLC media player 2.0.2 (Version: 2.0.2)

WinFlash

Wireless Console 2 (Version: 2.0.8)

XSManager (Version: 3.0)

 
 

==================== Restore Points  =========================
 

04-07-2013 19:52:00 Geplanter Prüfpunkt

19-07-2013 18:11:59 Windows Update

29-07-2013 13:36:43 Windows Update

06-08-2013 18:59:25 RegClean Pro Di, Aug 06, 13  20:59

16-08-2013 20:27:26 Windows Update
 

==================== Hosts content: ==========================
 

2006-11-02 12:23 - 2006-09-18 23:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

::1             localhost
 

==================== Scheduled Tasks (whitelisted) =============
 

Task: {07DA2D3D-C9B8-4967-BED4-9EE6891A3CA4} - System32\Tasks\RegClean Pro_DEFAULT => C:\Program Files\RegClean Pro\RegCleanPro.exe [2013-05-27] (Systweak Inc)

Task: {16405C05-6FA4-41D9-B46A-5EABDC6DA95A} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2480746026-3097824191-831488896-1000Core => C:\Users\Gabi\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-15] (Facebook Inc.)

Task: {1AE70078-2C7F-4492-AE68-1B03BDBBED60} - System32\Tasks\LyricXeeker Update => C:\Program Files\LyriXeeker\LyriXupdate.exe [2013-07-27] (LyriXeeker Tech)

Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM

Task: {210101BB-3B90-4113-A769-DBC08444D2AB} - System32\Tasks\Advanced System Protector_startup => C:\Program Files\Advanced System Protector\AdvancedSystemProtector.exe [2013-05-24] (Systweak)

Task: {31AE4BC2-BE63-4564-867B-D6A6E7BB74F9} - System32\Tasks\RegClean Pro => C:\Program Files\RegClean Pro\RegCleanPro.exe [2013-05-27] (Systweak Inc)

Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages

Task: {405DBCFC-8381-4CD0-BBCB-D1BA9F966F06} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files\Ask.com\UpdateTask.exe [2013-02-08] ()

Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-19] (Microsoft Corporation)

Task: {627238A5-C2E6-4D37-A3AE-90A4F243C818} - System32\Tasks\User_Feed_Synchronization-{43E4CAF3-4546-4E16-A9CB-D37A85C17455} => C:\Windows\system32\msfeedssync.exe [2012-05-06] (Microsoft Corporation)

Task: {64F8AD4D-9D2D-4510-B991-8A3FDBF9502C} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2011-01-26] (Microsoft Corporation)

Task: {80D08BCD-D12D-42F4-A553-27559A85CF35} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-01-27] (Google Inc.)

Task: {85D6FAC9-071A-463E-8DF4-4E3C641A089C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-30] (Adobe Systems Incorporated)

Task: {A61555D3-7840-45C1-A5A9-0D49851DE37A} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\OptinNotification => C:\Windows\System32\wsqmcons.exe [2008-01-19] (Microsoft Corporation)

Task: {AA2A77DC-BBAF-45BF-A219-483833178386} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2480746026-3097824191-831488896-1000UA => C:\Users\Gabi\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-15] (Facebook Inc.)

Task: {C5447497-D6CD-48C9-8D8A-A80F64B704F1} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\schtasks.exe [2008-01-19] (Microsoft Corporation)

Task: {C94CB566-7930-41D9-B0CB-082CC2FA0437} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Gabi => C:\Program Files\Windows Calendar\wincal.exe [2009-04-11] (Microsoft Corporation)

Task: {C95C54BA-F07B-46B7-A0F5-CBCEC6B2EE92} - System32\Tasks\RegClean Pro_UPDATES => C:\Program Files\RegClean Pro\RegCleanPro.exe [2013-05-27] (Systweak Inc)

Task: {D1D24C99-80BF-4008-877A-D47F2E1A011A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-01-27] (Google Inc.)

Task: {D5C50808-EB0C-4826-A7F3-9B244FE5C252} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\VistaSP1CEIP => C:\Windows\system32\schtasks.exe [2008-01-19] (Microsoft Corporation)

Task: {DE74487C-709B-4EA9-B7B9-C47F40D03B90} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {E12F597B-FC56-4151-862E-FD5EA6252CA7} - System32\Tasks\ASUS Live Update => C:\Program Files\ASUS\ASUS Live Update\ALU.exe [2007-02-09] ()

Task: {E4D357A1-F52E-45FC-B78F-7C21D2B81D92} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI

Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2011-01-26] ()

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2480746026-3097824191-831488896-1000Core.job => C:\Users\Gabi\AppData\Local\Facebook\Update\FacebookUpdate.exe

Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2480746026-3097824191-831488896-1000UA.job => C:\Users\Gabi\AppData\Local\Facebook\Update\FacebookUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\LyricXeeker Update.job => C:\Program Files\LyriXeeker\LyriXupdate.exe

Task: C:\Windows\Tasks\RegClean Pro_DEFAULT.job => C:\Program Files\RegClean Pro\RegCleanPro.exe

Task: C:\Windows\Tasks\RegClean Pro_UPDATES.job => C:\Program Files\RegClean Pro\RegCleanPro.exe
 

==================== Faulty Device Manager Devices =============
 
 

==================== Event log errors: =========================
 

Application errors:

==================

Error: (08/16/2013 10:42:16 PM) (Source: Application Hang) (User: )

Description: Programm iexplore.exe, Version 9.0.8112.16496 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen.

Prozess-ID: 125c

Anfangszeit: 01ce9ac0d7a4f29c

Zeitpunkt der Beendigung: 47
 

Error: (08/06/2013 11:26:10 PM) (Source: EventSystem) (User: )

Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}
 

Error: (08/06/2013 08:59:16 PM) (Source: VSS) (User: )

Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005.

Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.
 
 

Vorgang:

   Generatordaten werden gesammelt
 

Kontext:

   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}

   Generatorname: System Writer

   Generatorinstanz-ID: {68729f22-429d-460b-ae17-e0595190e275}
 

Error: (08/06/2013 08:38:22 PM) (Source: Application Hang) (User: )

Description: Programm iexplore.exe, Version 9.0.8112.16496 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen.

Prozess-ID: ed8

Anfangszeit: 01ce92d3e55d5baf

Zeitpunkt der Beendigung: 29
 

Error: (08/04/2013 06:53:03 PM) (Source: MsiInstaller) (User: NT-AUTORITÄT)

Description: Product: Skype Click to Call -- Error 1609. An error occurred while applying security settings. Users is not a valid user or group. This could be a problem with the package, or a problem connecting to a domain controller on the network. Check your network connection and click Retry, or Cancel to end the install. Unable to locate the user's SID, system error 1332(NULL)(NULL)(NULL)(NULL)
 

Error: (08/02/2013 03:53:51 PM) (Source: EventSystem) (User: )

Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}
 

Error: (07/29/2013 03:59:10 PM) (Source: EventSystem) (User: )

Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}
 

Error: (07/26/2013 01:45:21 PM) (Source: MsiInstaller) (User: NT-AUTORITÄT)

Description: Product: Skype Click to Call -- Error 1609. An error occurred while applying security settings. Users is not a valid user or group. This could be a problem with the package, or a problem connecting to a domain controller on the network. Check your network connection and click Retry, or Cancel to end the install. Unable to locate the user's SID, system error 1332(NULL)(NULL)(NULL)(NULL)
 

Error: (07/23/2013 10:35:25 PM) (Source: EventSystem) (User: )

Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}
 

Error: (07/22/2013 11:20:05 PM) (Source: EventSystem) (User: )

Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}
 
 

System errors:

=============

Error: (08/16/2013 10:37:19 PM) (Source: Application Popup) (User: )

Description: {Vorgang fehlgeschlagen}

Der Vorgang konnte nicht durchgeführt werden.
 

Error: (08/16/2013 10:35:30 PM) (Source: Application Popup) (User: )

Description: {Vorgang fehlgeschlagen}

Der Vorgang konnte nicht durchgeführt werden.
 

Error: (08/16/2013 10:33:19 PM) (Source: Application Popup) (User: )

Description: {Vorgang fehlgeschlagen}

Der Vorgang konnte nicht durchgeführt werden.
 

Error: (08/16/2013 10:28:43 PM) (Source: Application Popup) (User: )

Description: {Vorgang fehlgeschlagen}

Der Vorgang konnte nicht durchgeführt werden.
 

Error: (08/16/2013 10:27:20 PM) (Source: Application Popup) (User: )

Description: {Vorgang fehlgeschlagen}

Der Vorgang konnte nicht durchgeführt werden.
 

Error: (08/16/2013 10:26:00 PM) (Source: Application Popup) (User: )

Description: {Vorgang fehlgeschlagen}

Der Vorgang konnte nicht durchgeführt werden.
 

Error: (08/15/2013 11:16:54 PM) (Source: DCOM) (User: )

Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
 

Error: (08/15/2013 10:18:28 PM) (Source: Dhcp) (User: )

Description: Die IP-Adresslease 192.168.2.102 für die Netzwerkkarte mit der Netzwerkadresse 0015AF42E068 wurde durch den DHCP-Server 0.0.0.0 abgelehnt (der DHCP-Server hat eine DHCPNACK-Meldung gesendet).
 

Error: (08/09/2013 09:29:45 PM) (Source: DCOM) (User: )

Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
 

Error: (08/08/2013 03:56:24 PM) (Source: DCOM) (User: )

Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
 
 

Microsoft Office Sessions:

=========================

Error: (02/15/2011 02:38:27 PM) (Source: Microsoft Office 12 Sessions)(User: )

Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 17 seconds with 0 seconds of active time.  This session ended with a crash.
 
 

CodeIntegrity Errors:

===================================

  Date: 2012-12-24 11:50:03.784

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\atiumdag.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2012-12-24 11:50:03.288

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\atiumdag.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2012-05-02 18:44:04.246

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2012-05-02 18:44:04.011

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2012-05-02 18:44:03.808

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2012-05-02 18:44:03.605

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2012-05-02 18:44:03.402

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2012-01-12 21:26:53.500

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\atiumdag.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2012-01-12 21:26:53.259

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\atiumdag.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2011-02-20 16:47:16.350

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\atiumdag.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 
 

==================== Memory info =========================== 
 

Percentage of memory in use: 76%

Total physical RAM: 2046.54 MB

Available physical RAM: 471.86 MB

Total Pagefile: 4348.35 MB

Available Pagefile: 2303.22 MB

Total Virtual: 2047.88 MB

Available Virtual: 1938.48 MB
 

==================== Drives ================================
 

Drive c: (VistaOS) (Fixed) (Total:67.07 GB) (Free:21.98 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

Drive d: (DATA) (Fixed) (Total:44.71 GB) (Free:19.89 GB) NTFS
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 112 GB) (Disk ID: 762D7019)

Partition 1: (Active) - (Size=67 GB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=45 GB) - (Type=OF Extended)
 

==================== End Of Log ============================

Gmer

Code:

GMER 2.1.19163 - hxxp://www.gmer.net

Rootkit scan 2013-08-16 23:38:20

Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2 ST9120822AS rev.3.ALC 111,79GB

Running: gmer_2.1.19163.exe; Driver: C:\Users\Gabi\AppData\Local\Temp\kwtdqpod.sys
 
 

---- System - GMER 2.1 ----
 

SSDT            89C37D06                                                                                         ZwCreateSection

SSDT            89C37D10                                                                                         ZwRequestWaitReplyPort

SSDT            89C37D0B                                                                                         ZwSetContextThread

SSDT            89C37D15                                                                                         ZwSetSecurityObject

SSDT            89C37D1A                                                                                         ZwSystemDebugControl

SSDT            89C37CA7                                                                                         ZwTerminateProcess
 

---- Kernel code sections - GMER 2.1 ----
 

.text           ntkrnlpa.exe!KeSetEvent + 215                                                                    820B77E0 4 Bytes  [06, 7D, C3, 89]

.text           ntkrnlpa.exe!KeSetEvent + 539                                                                    820B7B04 4 Bytes  [10, 7D, C3, 89]

.text           ntkrnlpa.exe!KeSetEvent + 56D                                                                    820B7B38 4 Bytes  [0B, 7D, C3, 89]

.text           ntkrnlpa.exe!KeSetEvent + 5D1                                                                    820B7B9C 4 Bytes  [15, 7D, C3, 89]

.text           ntkrnlpa.exe!KeSetEvent + 619                                                                    820B7BE4 4 Bytes  [1A, 7D, C3, 89]

.text           ...                                                                                              
 

---- Devices - GMER 2.1 ----
 

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                          Wdf01000.sys

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                          Wdf01000.sys

AttachedDevice  \FileSystem\fastfat \Fat                                                                         fltmgr.sys
 

---- Registry - GMER 2.1 ----
 

Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0018f337f16b                      

Reg             HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0018f337f16b (not active ControlSet)  
 

---- EOF - GMER 2.1 ----

Erstmal vielen Dank für die superschnelle Hilfe.
Das hört sich zum Glück ja doch nicht so schlimm an wie ich erst befürchtet habe.
Ich habe alle Programme deinstalliert und die Schritte ausgeführt. Anbei die Logs:

AdwCleaner

Code:

# AdwCleaner v2.306 - Datei am 17/08/2013 um 11:03:52 erstellt

# Aktualisiert am 19/07/2013 von Xplode

# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)

# Benutzer : Gabi - GABI-PC

# Bootmodus : Normal

# Ausgeführt unter : D:\Users\Gabi\Desktop\adwcleaner.exe

# Option [Löschen]
 
 

**** [Dienste] ****
 
 

***** [Dateien / Ordner] *****
 

Datei Gelöscht : C:\Windows\system32\roboot.exe

Ordner Gelöscht : C:\Program Files\Ask.com

Ordner Gelöscht : C:\Users\Gabi\AppData\Local\APN

Ordner Gelöscht : C:\Users\Gabi\AppData\Local\AskToolbar

Ordner Gelöscht : C:\Users\Gabi\AppData\Local\Temp\AskSearch

Ordner Gelöscht : C:\Users\Gabi\AppData\LocalLow\AskToolbar

Ordner Gelöscht : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
 

***** [Registrierungsdatenbank] *****
 

Schlüssel Gelöscht : HKCU\Software\Alexa Internet

Schlüssel Gelöscht : HKCU\Software\APN

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\AskToolbar

Schlüssel Gelöscht : HKCU\Software\Ask.com

Schlüssel Gelöscht : HKCU\Software\AskToolbar

Schlüssel Gelöscht : HKCU\Software\InstallCore

Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}

Schlüssel Gelöscht : HKLM\Software\APN

Schlüssel Gelöscht : HKLM\Software\AskToolbar

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C17DC5CF-54FF-4E63-8AC7-94335D6DA231}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D14D0EE2-2DD1-4230-BE70-3F3AD6172C40}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{05366194-3126-4601-AC1A-DDE573E093DC}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{061F450C-37B9-4330-9235-0F25D9F75B33}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{22FEB0F5-0BA0-4D4B-8A66-55A21667BC31}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{26249267-15F4-4DA3-8247-C5A78E4FA918}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{39B217B4-8C69-4E45-A8DC-8CC4DAD3CF0A}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3CB4CE45-8849-4638-9226-D6B615A15827}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{43AB7B5D-4C40-4103-A549-7002A116A7D5}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{996ED20F-A740-47A2-A7EF-9620D422BB4E}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D2B79F7D-2D7D-4420-B2A9-ECE52C7C83A0}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1

Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF

Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{061F450C-37B9-4330-9235-0F25D9F75B33}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{22FEB0F5-0BA0-4D4B-8A66-55A21667BC31}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D2B79F7D-2D7D-4420-B2A9-ECE52C7C83A0}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHost.Tool

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{1D55DAA5-04AC-4036-B0BE-DA81EE9676CD}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{58CBF821-A0C7-4AE8-9430-77DD1AF38E99}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{72BCBFF7-2837-4CA0-B3B5-3DAED7F54601}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{824125FD-7732-4DA2-9277-3A7D0A0A0813}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C17DC5CF-54FF-4E63-8AC7-94335D6DA231}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D14D0EE2-2DD1-4230-BE70-3F3AD6172C40}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F994E0D9-8335-48F1-99C2-A712C21F8D5F}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00F1A65D97AD1E11D8D76334268807B9

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\029DEE7E67AD1E113852DB04268807B9

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\03576BC0A7AD1E1188A9A434268807B9

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\04CFD72C0A6D1E1179AC85E3268807B9

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\07B0B68797AD1E118A6A4E24268807B9

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0828D86187AD1E1129764B14268807B9

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\088A41FE97AD1E114BD41434268807B9

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\090E991ED42E1E11D93A5C2F168807B9

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0F968E620A6D1E11B999E6D3268807B9

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF1D43997AD1E11FA430034268807B9

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\120DFADEB50841F408F04D2A278F9509

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2010C0B997AD1E111983F034268807B9

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\20414E2897AD1E116B041F24268807B9

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\241E1DAF97AD1E11CBD65434268807B9

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2BDF3E992C0908741B7C11F4B4E0F775

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2D5CB10287AD1E112AF1CB14268807B9

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\41B9E26133CD1E114A4E096D168807B9

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\42B7416F0A6D1E112971B6E3268807B9

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\435ED11E0A6D1E1138C146E3268807B9

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\466B1A160A6D1E11DAFD1AD3268807B9

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\600642CA97AD1E11EB30A134268807B9

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\61C07F78D42E1E113849882F168807B9

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\638A55350A6D1E114AE6C9D3268807B9

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\63C6A3960A6D1E1199A78AD3268807B9

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\65BE09BB77AD1E1129594214268807B9

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\67F9C62077AD1E11BA0CBC04268807B9

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6967575E4ADD1E11E9E591AF068807B9

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6A0601CF0A6D1E11EA66D6E3268807B9

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6B3BC4CF5ECE1F54BBA174C13A1AB907

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6D34269C97AD1E11DAE42334268807B9

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6DE790BA0A6D1E111B7A93E3268807B9

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F874FC077AD1E11FB2CCC04268807B9

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\72D3312E1E95E8C4AAA81BADB30D5FC0

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\74E6A1B4EEAA8A942B405B51643FD2FC

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\800967B40A6D1E1129B8C8D3268807B9

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\814DDE340A6D1E11B833B8D3268807B9

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\818F60F20A6D1E1149E987D3268807B9

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8225E07F67AD1E1138657C04268807B9

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\83011A2A97AD1E1139DD6134268807B9

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\85D3F53D0A6D1E112BC9F5E3268807B9

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\860F3B99848D1E119B5569D6168807B9

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\87B1CC30A7AD1E117BC59434268807B9

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8849E84D67AD1E11A8881B04268807B9

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8A7FEEA8848D1E11D8ABF7D6168807B9

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8B065BD72ADD1E116B25978F068807B9

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8B58DAA50A6D1E11C924D9D3268807B9

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8B8DC47DD42E1E119948EB2F168807B9

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8BCF643B0A6D1E113A80C4E3268807B9

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8C52E23087AD1E11BB364914268807B9

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\980D2637EBB4E31449BDFE2D7447AE03

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D0E499F53381f84992C7A212CF1D8F5

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A301910E5ADD1E11CBD5C1BF068807B9

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A51CAA4F77AD1E116923D714268807B9

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A6EA75AD0A6D1E116B9506E3268807B9

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A81E6B410A6D1E11B98E66D3268807B9

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AD31AEF90A6D1E112B67A2E3268807B9

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF79D8530A6D1E11296968D3268807B9

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B5BAE2ED018083A4C8DA86D6E3F4B024

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BA82713BF2918244BB38D4D3626E2F31

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BEABAA33A5E68374DBF197F2A00CD011

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C5A5C56BD42E1E11AA061B2F168807B9

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C61425DC0A6D1E11488AE5E3268807B9

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C6D6135E97AD1E11783A0434268807B9

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C6D68CEE0A6D1E1129B096E3268807B9

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CB5F24F10A6D1E118B7AD6D3268807B9

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CB61AF52AD64B6B45930BE969F316720

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CBE5FFA897AD1E11CA349F24268807B9

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CC46BC9AD42E1E11B93ADA2F168807B9

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E0B84F7CD42E1E113A65AB2F168807B9

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E0C668D287AD1E117AAAFB14268807B9

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E318FDD30A6D1E115956A8D3268807B9

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E58C26300A6D1E11EBCF16D3268807B9

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E81243990A6D1E117B9C52E3268807B9

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E90A558E0A6D1E111A4356E3268807B9

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E942FF4ABC342DA42A4C40617E8ADC8C

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF874E5B67AD1E113A7B2A04268807B9

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

Schlüssel Gelöscht : HKLM\Software\systweak

Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]

Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
 

***** [Internet Browser] *****
 

-\\ Internet Explorer v9.0.8112.16502
 

[OK] Die Registrierungsdatenbank ist sauber.
 

-\\ Google Chrome v28.0.1500.95
 

Datei : C:\Users\Gabi\AppData\Local\Google\Chrome\User Data\Default\Preferences
 

Gelöscht [l.2164] : homepage = "hxxp://search.avira.com/?l=dis&o=APN10261&gct=hp&dc=EU&locale=de_DE",
 

*************************
 

AdwCleaner[S1].txt - [20028 octets] - [17/08/2013 11:03:52]
 

########## EOF - C:\AdwCleaner[S1].txt - [20089 octets] ##########

FRST

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 16-08-2013 01

Ran by Gabi (administrator) on 17-08-2013 11:11:04

Running from D:\Users\Gabi\Desktop

Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: German Standard

Internet Explorer Version 9

Boot Mode: Normal
 

==================== Processes (Whitelisted) ===================
 

(ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe

(ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe

(Microsoft Corporation) C:\Windows\system32\SLsvc.exe

() C:\Program Files\ATK Hotkey\ASLDRSrv.exe

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe

() C:\Program Files\ASUS\ASUS Live Update\ALU.exe

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

() C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe

(ATK0100) C:\Program Files\ATK Hotkey\Hcontrol.exe

(Syntek America Inc.) C:\Windows\System32\StkCSrv.exe

() C:\Program Files\ATKOSD2\ATKOSD2.exe

() C:\Program Files\XSManager\WTGService.exe

() C:\Program Files\Wireless Console 2\wcourier.exe

(ATK) C:\Program Files\P4G\BatteryLife.exe

(ATK) C:\Program Files\ASUS\Splendid\ACMON.exe

(4G Systems GmbH & Co. KG) C:\Windows\service4g.exe

(ASUSTeK) C:\Windows\System32\ACEngSvr.exe

() C:\Program Files\ATK Hotkey\ATKOSD.exe

(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe

(Motorola Inc.) C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

(ASUSTeK Computer INC.) C:\Program Files\ASUS\ATK Media\DMedia.exe

(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(ASUS) C:\Windows\System32\ASUSTPE.exe

() C:\Windows\ASScrPro.exe

(4G Systems GmbH & Co. KG) C:\Windows\starter4g.exe

(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jusched.exe

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe

(Elgato Systems) C:\Program Files\Common Files\TerraTec\Remote\TTTvRc.exe

(Microsoft Corporation) C:\Windows\ehome\ehtray.exe

() C:\Program Files\ATK Hotkey\KBFiltr.exe

(Honest Technology) C:\Program Files\honestech Audio Recorder 2.0 Deluxe\HTARLauncher.exe

(Dropbox, Inc.) C:\Users\Gabi\AppData\Roaming\Dropbox\bin\Dropbox.exe

(Facebook) C:\Users\Gabi\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe

(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE

(Microsoft Corporation) C:\Windows\System32\mobsync.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Microsoft Corporation) C:\Windows\system32\msiexec.exe
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-19] (Microsoft Corporation)

HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [4390912 2007-02-15] (Realtek Semiconductor)

HKLM\...\Run: [SMSERIAL] - C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [1458176 2009-10-26] (Motorola Inc.)

HKLM\...\Run: [ATKMEDIA] - C:\Program Files\ASUS\ATK Media\DMEDIA.EXE [61440 2006-11-02] (ASUSTeK Computer INC.)

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [815104 2006-11-22] (Synaptics, Inc.)

HKLM\...\Run: [ASUSTPE] - C:\Windows\system32\ASUSTPE.exe [106496 2006-12-13] (ASUS)

HKLM\...\Run: [ASUS Camera ScreenSaver] - C:\Windows\ASScrProlog.exe [37232 2011-01-26] ()

HKLM\...\Run: [ASUS Screen Saver Protector] - C:\Windows\ASScrPro.exe [33136 2011-01-26] ()

HKLM\...\Run: [Zshutdown1] - c:\preload\patch\sysprep1.cmd [x]

HKLM\...\Run: [starter4g] - C:\Windows\starter4g.exe [157968 2009-06-17] (4G Systems GmbH & Co. KG)

HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-01-28] (Apple Inc.)

HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)

HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Java\jre6\bin\jusched.exe [148888 2012-10-28] (Sun Microsystems, Inc.)

HKLM\...\Run: [] -  [x]

HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [345144 2013-07-01] (Avira Operations GmbH & Co. KG)

HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)

HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-02-20] (Apple Inc.)

HKCU\...\Run: [Remote Control Editor] - C:\Program Files\Common Files\TerraTec\Remote\TTTvRc.exe [1689088 2010-06-09] (Elgato Systems)

HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)

HKCU\...\Run: [Sony PC Companion] - "C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" /Background [x]

HKCU\...\Run: [Facebook Update] - C:\Users\Gabi\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-15] (Facebook Inc.)

HKCU\...\Run: [DriverTurbo] - C:\Program Files\DriverTurbo\DriverTurbo.exe [x]

HKCU\...\RunOnce: [Application Restart #2] - C:\Program Files\Google\Chrome\Application\chrome.exe  --flag-switches-begin --flag-switches-end --restore-last-session -- hxxp://www.facebook.com/n/?dorothea.kerkhoff%2Fposts%2F171327733018616&from_close_friend=1&mid=7affe11G5af3b67ac70aGbfe0b6G79&bcode=1.1363542243.AbkPfNDEe0GkYEDQ&n_m=gabimathias%40arcor.de [846288 2013-07-25] (Google Inc.)

MountPoints2: G - G:\autorun.exe

MountPoints2: {43491e52-4678-11e0-948a-001d60d2c546} - I:\Startme.exe

MountPoints2: {5a2d03c0-2a44-11e0-865b-001d60d2c546} - F:\autorun.exe

MountPoints2: {c38b8f2f-4ffb-11e2-bfa6-001d60d2c546} - F:\install.bat

HKU\Default\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2009-04-11] (Microsoft Corporation)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\honestech Audio Recorder 2.0 Deluxe Launcher.lnk

ShortcutTarget: honestech Audio Recorder 2.0 Deluxe Launcher.lnk -> C:\Program Files\honestech Audio Recorder 2.0 Deluxe\HTARLauncher.exe (Honest Technology)

Startup: C:\Users\Gabi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

ShortcutTarget: Dropbox.lnk -> C:\Users\Gabi\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

Startup: C:\Users\Gabi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk

ShortcutTarget: Facebook Messenger.lnk -> C:\Users\Gabi\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe (Facebook)
 

==================== Internet (Whitelisted) ====================
 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.asus.com

SearchScopes: HKLM - DefaultScope value is missing.

SearchScopes: HKCU - {63C02DDB-8C88-4ABF-A1B1-E8B44F6C6D26} URL = hxxp://www.google.de/search?q={searchTerms}&rlz=

SearchScopes: HKCU - {D4F12365-5A89-4622-B3FD-E6EEFD4DD8AB} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=53af0453-94c5-48f4-a7a1-74c2063da324&apn_sauid=DBB92CA6-1D1F-4335-9D82-BAAAD90E2FEC

BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

Toolbar: HKLM - TerraTec Home Cinema - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\PROGRA~1\TerraTec\TERRAT~1\THCDES~1.DLL (TerraTec Electronic GmbH)

Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

Toolbar: HKCU -&Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation)

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)

Winsock: Catalog5 06 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)

Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9 03 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9 04 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9 05 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9 06 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9 07 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9 08 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9 20 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
 

Chrome: 

=======

CHR HomePage: hxxp://www.google.com/

CHR RestoreOnStartup: "hxxp://www.google.com/"

CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}

CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}

CHR Plugin: (Remoting Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll ()

CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\28.0.1500.95\pdf.dll ()

CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\28.0.1500.95\gcswf32.dll No File

CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)

CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)

CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File

CHR Plugin: (Media Go Detector) - C:\Program Files\Sony\Media Go\npmediago.dll (Sony Media Software and Services Inc)

CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

CHR Plugin: (Facebook Desktop) - C:\Users\Gabi\AppData\Local\Facebook\Messenger\2.1.4631.0\npFbDesktopPlugin.dll No File

CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

CHR Extension: (YouTube) - C:\Users\Gabi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0

CHR Extension: (Google Search) - C:\Users\Gabi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0

CHR Extension: (Skype Click to Call) - C:\Users\Gabi\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0

CHR Extension: (LyricXeeker) - C:\Users\Gabi\AppData\Local\Google\Chrome\User Data\Default\Extensions\odnofacmifkjndflfmmplhckcbfjckhj\1.125_0

CHR Extension: (Amazon for Chrome) - C:\Users\Gabi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam\2.2.2012.272_0

CHR Extension: (Gmail) - C:\Users\Gabi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_2

CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
 

========================== Services (Whitelisted) =================
 

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [84024 2013-07-01] (Avira Operations GmbH & Co. KG)

R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [108088 2013-07-01] (Avira Operations GmbH & Co. KG)

R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [589368 2013-07-01] (Avira Operations GmbH & Co. KG)

R2 ASLDRService; C:\Program Files\ATK Hotkey\ASLDRSrv.exe [94208 2007-02-06] ()

R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3064000 2012-10-02] (Skype Technologies S.A.)

S3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155320 2012-01-18] (Avanquest Software)

R2 spmgr; C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe [123248 2006-12-29] ()

R2 StkSSrv; C:\Windows\System32\StkCSrv.exe [24576 2006-12-10] (Syntek America Inc.)

R2 WTGService; C:\Program Files\XSManager\WTGService.exe [304592 2009-06-22] ()

R2 XS Stick Service; C:\Windows\service4g.exe [125200 2009-06-17] (4G Systems GmbH & Co. KG)

S2 CLTNetCnService; "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [x]
 

==================== Drivers (Whitelisted) ====================
 

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [84744 2013-04-03] (Avira Operations GmbH & Co. KG)

R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135136 2013-04-03] (Avira Operations GmbH & Co. KG)

R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-04-03] (Avira Operations GmbH & Co. KG)

S3 cmnsusbser; C:\Windows\System32\DRIVERS\cmnsusbser.sys [103424 2008-10-31] (Mobile Connector)

R2 ghaio; C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys [18688 2006-12-28] ()

R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [5632 2007-01-24] ( )

S3 mod7700; C:\Windows\System32\DRIVERS\dvb7700all.sys [449408 2007-11-16] (DiBcom)

R3 MTsensor; C:\Windows\System32\DRIVERS\ATKACPI.sys [7680 2006-12-14] (ATK0100)

R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-03-01] (Avira GmbH)

R3 StkCMini; C:\Windows\System32\Drivers\StkCMini.sys [1324544 2007-01-19] (Syntek)

S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x]

S3 IpInIp; system32\DRIVERS\ipinip.sys [x]

S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]

S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2013-08-17 11:03 - 2013-08-17 11:03 - 00666633 _____ D:\Users\Gabi\Desktop\adwcleaner.exe

2013-08-16 23:38 - 2013-08-16 23:38 - 00002725 _____ D:\Users\Gabi\Desktop\Gmer.txt

2013-08-16 23:03 - 2013-08-16 23:03 - 00023409 _____ D:\Users\Gabi\Desktop\Addition.txt

2013-08-16 22:50 - 2013-08-16 22:50 - 00000000 ____D C:\FRST

2013-08-16 22:48 - 2013-08-16 22:48 - 00000000 _____ C:\Users\Gabi\defogger_reenable

2013-08-16 22:46 - 2013-08-16 22:46 - 01069019 _____ (Farbar) D:\Users\Gabi\Desktop\FRST.exe

2013-08-16 22:46 - 2013-08-16 22:46 - 00377856 _____ D:\Users\Gabi\Desktop\gmer_2.1.19163.exe

2013-08-16 22:44 - 2013-08-16 22:44 - 00050477 _____ D:\Users\Gabi\Desktop\Defogger.exe

2013-08-16 22:30 - 2013-07-25 04:40 - 12334080 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2013-08-16 22:30 - 2013-07-25 04:32 - 01800704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2013-08-16 22:30 - 2013-07-25 04:30 - 09738752 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2013-08-16 22:30 - 2013-07-25 04:26 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2013-08-16 22:30 - 2013-07-25 04:26 - 01104384 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2013-08-16 22:30 - 2013-07-25 04:25 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2013-08-16 22:30 - 2013-07-25 04:24 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll

2013-08-16 22:30 - 2013-07-25 04:24 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2013-08-16 22:30 - 2013-07-25 04:23 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2013-08-16 22:30 - 2013-07-25 04:23 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2013-08-16 22:30 - 2013-07-25 04:23 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2013-08-16 22:30 - 2013-07-25 04:23 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2013-08-16 22:30 - 2013-07-25 04:23 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2013-08-16 22:30 - 2013-07-25 04:22 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2013-08-16 22:30 - 2013-07-25 04:22 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2013-08-16 22:30 - 2013-07-25 04:22 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2013-08-06 20:56 - 2013-08-17 10:49 - 00000000 ____D C:\Users\Gabi\AppData\Roaming\Systweak

2013-08-06 20:56 - 2013-08-17 10:48 - 00000000 ____D C:\Program Files\MyPC Backup

2013-08-02 13:46 - 2013-08-06 23:21 - 00000000 ____D C:\Users\Gabi\AppData\Roaming\vlc

2013-08-02 13:45 - 2013-08-02 13:45 - 00000866 _____ C:\Users\Public\Desktop\VLC media player.lnk

2013-08-02 13:45 - 2013-08-02 13:45 - 00000000 ____D C:\Program Files\VideoLAN

2013-08-02 13:43 - 2013-08-02 13:43 - 22657136 _____ D:\Users\Gabi\Documents\VLC_player_Setup [1].exe

2013-08-02 13:43 - 2013-08-02 13:43 - 00129536 _____ C:\Users\Public\AlexaNSISPlugin.2572.dll

2013-07-29 15:54 - 2013-07-29 15:54 - 00002080 _____ C:\Users\Public\Desktop\Google Earth.lnk

2013-07-29 15:48 - 2013-07-29 15:51 - 00000000 ____D C:\Windows\system32\MRT
 

==================== One Month Modified Files and Folders =======
 

2013-08-17 11:10 - 2012-06-05 21:57 - 00000000 ___RD C:\Users\Gabi\Dropbox

2013-08-17 11:10 - 2012-06-05 21:51 - 00000000 ____D C:\Users\Gabi\AppData\Roaming\Dropbox

2013-08-17 11:08 - 2011-01-27 21:32 - 00001090 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2013-08-17 11:08 - 2011-01-26 05:30 - 00045056 _____ C:\Windows\system32\acovcnt.exe

2013-08-17 11:08 - 2006-11-02 14:47 - 00003168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

2013-08-17 11:08 - 2006-11-02 14:47 - 00003168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

2013-08-17 11:07 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2013-08-17 11:06 - 2011-01-26 04:48 - 01213096 _____ C:\Windows\WindowsUpdate.log

2013-08-17 11:06 - 2007-04-18 10:33 - 00000012 _____ C:\Windows\bthservsdp.dat

2013-08-17 11:06 - 2006-11-02 15:01 - 00032514 _____ C:\Windows\Tasks\SCHEDLGU.TXT

2013-08-17 11:05 - 2013-08-17 11:03 - 00020159 _____ C:\AdwCleaner[S1].txt

2013-08-17 11:03 - 2013-08-17 11:03 - 00666633 _____ D:\Users\Gabi\Desktop\adwcleaner.exe

2013-08-17 10:56 - 2011-01-26 05:29 - 00081426 _____ C:\Windows\PFRO.log

2013-08-17 10:54 - 2012-07-08 21:03 - 00001112 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2480746026-3097824191-831488896-1000Core.job

2013-08-17 10:52 - 2011-01-27 21:32 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2013-08-17 10:49 - 2013-08-06 20:56 - 00000000 ____D C:\Users\Gabi\AppData\Roaming\Systweak

2013-08-17 10:48 - 2013-08-06 20:56 - 00000000 ____D C:\Program Files\MyPC Backup

2013-08-17 10:47 - 2013-05-02 19:36 - 00000000 ____D C:\Users\Gabi\AppData\Roaming\DriverTurbo

2013-08-17 10:42 - 2012-07-08 21:03 - 00001134 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2480746026-3097824191-831488896-1000UA.job

2013-08-17 10:42 - 2012-05-02 18:35 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-08-16 23:38 - 2013-08-16 23:38 - 00002725 _____ D:\Users\Gabi\Desktop\Gmer.txt

2013-08-16 23:03 - 2013-08-16 23:03 - 00023409 _____ D:\Users\Gabi\Desktop\Addition.txt

2013-08-16 22:50 - 2013-08-16 22:50 - 00000000 ____D C:\FRST

2013-08-16 22:48 - 2013-08-16 22:48 - 00000000 _____ C:\Users\Gabi\defogger_reenable

2013-08-16 22:48 - 2011-01-25 21:37 - 00000000 ____D C:\Users\Gabi

2013-08-16 22:46 - 2013-08-16 22:46 - 01069019 _____ (Farbar) D:\Users\Gabi\Desktop\FRST.exe

2013-08-16 22:46 - 2013-08-16 22:46 - 00377856 _____ D:\Users\Gabi\Desktop\gmer_2.1.19163.exe

2013-08-16 22:44 - 2013-08-16 22:44 - 00050477 _____ D:\Users\Gabi\Desktop\Defogger.exe

2013-08-16 22:25 - 2006-11-02 14:52 - 00065695 _____ C:\Windows\setupact.log

2013-08-06 23:21 - 2013-08-02 13:46 - 00000000 ____D C:\Users\Gabi\AppData\Roaming\vlc

2013-08-02 13:55 - 2011-01-25 22:47 - 00159744 _____ C:\Users\Gabi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2013-08-02 13:45 - 2013-08-02 13:45 - 00000866 _____ C:\Users\Public\Desktop\VLC media player.lnk

2013-08-02 13:45 - 2013-08-02 13:45 - 00000000 ____D C:\Program Files\VideoLAN

2013-08-02 13:43 - 2013-08-02 13:43 - 22657136 _____ D:\Users\Gabi\Documents\VLC_player_Setup [1].exe

2013-08-02 13:43 - 2013-08-02 13:43 - 00129536 _____ C:\Users\Public\AlexaNSISPlugin.2572.dll

2013-08-02 13:43 - 2006-11-02 13:18 - 00000000 ___RD C:\Users\Public

2013-07-29 19:06 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\Microsoft.NET

2013-07-29 18:52 - 2006-11-02 12:33 - 01445116 _____ C:\Windows\system32\PerfStringBackup.INI

2013-07-29 15:54 - 2013-07-29 15:54 - 00002080 _____ C:\Users\Public\Desktop\Google Earth.lnk

2013-07-29 15:54 - 2011-01-27 21:32 - 00000000 ____D C:\Program Files\Google

2013-07-29 15:51 - 2013-07-29 15:48 - 00000000 ____D C:\Windows\system32\MRT

2013-07-25 04:40 - 2013-08-16 22:30 - 12334080 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2013-07-25 04:32 - 2013-08-16 22:30 - 01800704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2013-07-25 04:30 - 2013-08-16 22:30 - 09738752 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2013-07-25 04:26 - 2013-08-16 22:30 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2013-07-25 04:26 - 2013-08-16 22:30 - 01104384 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2013-07-25 04:25 - 2013-08-16 22:30 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2013-07-25 04:24 - 2013-08-16 22:30 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll

2013-07-25 04:24 - 2013-08-16 22:30 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2013-07-25 04:23 - 2013-08-16 22:30 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2013-07-25 04:23 - 2013-08-16 22:30 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2013-07-25 04:23 - 2013-08-16 22:30 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2013-07-25 04:23 - 2013-08-16 22:30 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2013-07-25 04:23 - 2013-08-16 22:30 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2013-07-25 04:22 - 2013-08-16 22:30 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2013-07-25 04:22 - 2013-08-16 22:30 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2013-07-25 04:22 - 2013-08-16 22:30 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2013-07-19 21:00 - 2006-11-02 14:47 - 00374088 _____ C:\Windows\system32\FNTCACHE.DAT

2013-07-19 20:56 - 2006-11-02 14:37 - 00000000 ____D C:\Windows\system32\XPSViewer

2013-07-19 20:14 - 2006-11-02 14:37 - 00000000 ____D C:\Program Files\Windows Journal
 

==================== Bamital & volsnap Check =================
 

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 

LastRegBack: 2013-08-17 11:13
 

==================== End Of Log ============================

--- --- ---