Trojaner-Board - Monstermarketplace.com - Grüne Wörter mit Verlinkungen Monstermarketplace.com

Hier die Combofix LOG-Datei

Code:

ComboFix 13-08-27.02 - Joachim Groß 27.08.2013  20:16:54.1.2 - x64

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4092.2160 [GMT 2:00]

ausgeführt von:: c:\users\Joachim Gro¯\Desktop\ComboFix.exe

AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files (x86)\Common Files\packardbell.ico

c:\program files (x86)\EasyLife

c:\program files (x86)\EasyLife\sprotector.dll

c:\program files (x86)\EasyLife\uninstall.exe

c:\program files (x86)\LyricsPal

c:\program files (x86)\LyricsPal\00.crx

c:\program files (x86)\LyricsPal\00.xpi

c:\program files (x86)\LyricsPal\01.crx

c:\program files (x86)\LyricsPal\01.xpi

c:\program files (x86)\LyricsPal\02.crx

c:\program files (x86)\LyricsPal\02.xpi

c:\program files (x86)\LyricsPal\130.crx

c:\program files (x86)\LyricsPal\130.dat

c:\program files (x86)\LyricsPal\130.dll

c:\program files (x86)\LyricsPal\130.xpi

c:\program files (x86)\LyricsPal\chrome.manifest

c:\program files (x86)\LyricsPal\crx.dat

c:\program files (x86)\LyricsPal\crx.db

c:\program files (x86)\LyricsPal\Lyrics.exe

c:\program files (x86)\LyricsPal\sqlite3.dll

c:\program files (x86)\LyricsPal\Uninstall.exe

c:\program files (x86)\LyricsPal\xpi.dat

c:\program files (x86)\LyricsPal\xpi.db

c:\programdata\BetterSoft\OptimizerPro

c:\programdata\BetterSoft\OptimizerPro\3036567561.ini

c:\users\Joachim Groß\AppData\Roaming\.#

c:\users\Joachim Groß\AppData\Roaming\.#\MBX@41C@312790.###

c:\users\Joachim Groß\AppData\Roaming\.#\MBX@41C@3127C0.###

c:\users\Joachim Groß\Documents\ZDS07562.TMP

c:\windows\Installer\{366D38BF-E12D-48FB-9F01-EEF3E7DCADEF}\BT.Setup.Updater.T_CD8CBA3468C240F981B372C3EA3FF361.exe

c:\windows\security\Database\tmp.edb

.

.

(((((((((((((((((((((((   Dateien erstellt von 2013-07-27 bis 2013-08-27  ))))))))))))))))))))))))))))))

.

.

2013-08-27 18:27 . 2013-08-27 18:27        --------        d-----w-        c:\users\Default\AppData\Local\temp

2013-08-26 22:36 . 2013-08-26 22:36        --------        d-----w-        C:\FRST

2013-08-26 19:50 . 2013-08-26 19:50        --------        d-----w-        c:\program files (x86)\Mozilla Maintenance Service

2013-08-13 22:15 . 2013-08-13 22:17        --------        d-----w-        c:\windows\system32\MRT

2013-08-13 21:02 . 2013-07-09 05:52        224256        ----a-w-        c:\windows\system32\wintrust.dll

2013-08-08 18:21 . 2010-03-31 12:42        443792        ----a-w-        c:\windows\SysWow64\CT32_DLL.BAK

2013-08-08 18:05 . 2013-08-08 18:06        --------        d-----w-        c:\users\Joachim Groß\.openecard

2013-08-08 16:41 . 2013-08-08 16:57        --------        d-----w-        c:\users\Joachim Groß\.ausweisapp

2013-08-08 16:34 . 2013-08-08 16:34        116864        ----a-w-        c:\windows\system32\drivers\KOBCCID.sys

2013-08-08 16:33 . 2013-08-08 18:21        --------        d-----w-        c:\program files (x86)\KOBIL Systems

2013-08-08 16:33 . 2010-03-31 12:42        443792        ----a-w-        c:\windows\SysWow64\CT32.dll

2013-08-08 16:33 . 2010-05-03 19:06        1717664        ----a-w-        c:\windows\SysWow64\CTAPI_Control.cpl

2013-08-08 16:33 . 2010-03-31 12:40        476576        ----a-w-        c:\windows\SysWow64\CTAPIUtilities.dll

2013-07-29 19:04 . 2013-03-14 20:17        21600        ----a-w-        c:\windows\system32\drivers\amdkmafd.sys

2013-07-29 19:03 . 2013-03-27 17:40        455888        ----a-w-        c:\windows\system32\drivers\k57nd60a.sys

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-08-21 18:36 . 2012-09-04 18:00        71048        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-08-21 18:36 . 2012-09-04 18:00        692104        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe

2013-08-13 22:15 . 2012-09-05 10:14        78161360        ----a-w-        c:\windows\system32\MRT.exe

2013-07-27 08:57 . 2012-09-21 12:38        893552        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll

2013-07-27 08:57 . 2012-09-21 12:37        42776        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll

2013-07-09 04:45 . 2013-08-13 21:02        44032        ----a-w-        c:\windows\apppatch\acwow64.dll

2013-07-08 20:04 . 2013-07-08 20:05        96168        ----a-w-        c:\windows\SysWow64\WindowsAccessBridge-32.dll

2013-07-08 20:04 . 2012-09-10 12:13        789416        ----a-w-        c:\windows\SysWow64\deployJava1.dll

2013-07-08 20:04 . 2012-09-10 12:13        867240        ----a-w-        c:\windows\SysWow64\npDeployJava1.dll

2013-07-01 17:08 . 2013-05-06 11:39        83672        ----a-w-        c:\windows\system32\drivers\avnetflt.sys

2013-06-05 03:34 . 2013-07-10 18:29        3153920        ----a-w-        c:\windows\system32\win32k.sys

2013-06-04 07:15 . 2013-06-04 07:15        103448        ----a-w-        c:\windows\system32\drivers\ssudbus.sys

2013-06-04 07:15 . 2013-06-04 07:15        203672        ----a-w-        c:\windows\system32\drivers\ssudmdm.sys

2013-06-04 06:00 . 2013-07-10 18:29        624128        ----a-w-        c:\windows\system32\qedit.dll

2013-06-04 04:53 . 2013-07-10 18:29        509440        ----a-w-        c:\windows\SysWow64\qedit.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0}]

2010-11-05 01:58        297808        ----a-w-        c:\windows\System32\mscoree.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]

2009-08-24 21:41        433648        ----a-w-        c:\programdata\Partner\Partner.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SAFE2009_Safe"="p:\program files (x86)\Steganos Safe 11\Safe.exe" [2010-12-20 1433696]

"KiesPDLR"="p:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2013-05-23 1106288]

"KiesPreload"="p:\program files (x86)\Samsung\Kies\Kies.exe" [2013-05-23 1561968]

"KiesAirMessage"="p:\program files (x86)\Samsung\Kies\KiesAirMessage.exe" [2013-03-20 578560]

"DriverMax"="p:\program files (x86)\Innovative Solutions\DriverMax\drivermax.exe" [2013-07-15 7162744]

"DriverMax_RESTART"="p:\program files (x86)\Innovative Solutions\DriverMax\drivermax.exe" [2013-07-15 7162744]

"Shotty"="p:\program files\Shotty\Shotty.exe" [2013-08-15 724480]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-29 98304]

"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-08-18 1157128]

"VideoWebCamera"="c:\program files (x86)\VideoWebCamera\VideoWebCamera.exe" [2009-07-28 1507448]

"RSA Card Conversion Utility"="c:\program files (x86)\Common Files\RSA Shared\RSA Card Conversion Utility\RSACardConversionUtility.exe" [2010-08-27 3499728]

"Acrobat Assistant 8.0"="p:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2013-05-08 642664]

"KiesTrayAgent"="p:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2013-05-23 311152]

"avgnt"="p:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-07-01 345144]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]

.

c:\users\Joachim Groß\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

FAXRX.lnk - c:\program files (x86)\Brother\Brmfl08z\FAXRX.exe -Net "MFC-6890CDW LAN" [2012-9-4 524288]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

DSL-Manager.lnk - p:\program files (x86)\DSL-Manager\DslMgr.exe [2010-5-5 1085440]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"EnableLinkedConnections"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"Userinit"="userinit.exe"

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"BrMfcWnd"=c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN

"ControlCenter3"=c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun

"GrooveMonitor"="p:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

"SAFE2009 HotKeys"="p:\program files (x86)\Steganos Safe 11\SteganosHotKeyService.exe"

"SAFE2009 File Redirection Starter"="p:\program files (x86)\Steganos Safe 11\fredirstarter.exe"

"KiesTrayAgent"=p:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe

"Adobe Acrobat Speed Launcher"="p:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime

"iTunesHelper"="p:\program files (x86)\iTunes\iTunesHelper.exe"

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

"EaseUS EPM tray"=p:\program files (x86)\EaseUS\EaseUS Partition Master 9.2.1 Home Edition\bin\EpmNews.exe

"TrueImageMonitor.exe"=p:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe

"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe" -h -k                                                                                                                                                                           

"RemoteControl8"="c:\program files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe"

"AcronisTimounterMonitor"=p:\program files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe

.

R0 amdkmafd;AMD Audio Bus Lower Filter;c:\windows\system32\DRIVERS\amdkmafd.sys;c:\windows\SYSNATIVE\DRIVERS\amdkmafd.sys [x]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 SkypeUpdate;Skype Updater;p:\program files (x86)\Skype\Updater\Updater.exe;p:\program files (x86)\Skype\Updater\Updater.exe [x]

R3 dc3d;Microsoft-Hardware – Geräteerkennungstreiber;c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]

R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]

R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys;c:\windows\SYSNATIVE\drivers\dgderdrv.sys [x]

R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys;c:\windows\SYSNATIVE\epmntdrv.sys [x]

R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys;c:\windows\SYSNATIVE\EuGdiDrv.sys [x]

R3 KOBCCID;KOBCCID;c:\windows\system32\drivers\KOBCCID.sys;c:\windows\SYSNATIVE\drivers\KOBCCID.sys [x]

R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]

R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys;c:\windows\SYSNATIVE\pwdrvio.sys [x]

R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys;c:\windows\SYSNATIVE\pwdspio.sys [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]

R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]

R3 TDslMgrService;DSL-Manager;p:\program files (x86)\DSL-Manager\DslMgrSvc.exe;p:\program files (x86)\DSL-Manager\DslMgrSvc.exe [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R4 Greg_Service;GRegService;c:\program files (x86)\Packard Bell\Registration\GregHSRW.exe;c:\program files (x86)\Packard Bell\Registration\GregHSRW.exe [x]

R4 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe;c:\program files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe [x]

R4 Partner Service;Partner Service;c:\programdata\Partner\Partner.exe;c:\programdata\Partner\Partner.exe [x]

R4 WinRiskXAAppService;InterRisk WinRisk Anwendungsdienst;p:\program files (x86)\InterRisk\WinRiskXA\server\bin\WinRiskXAServer.exe;p:\program files (x86)\InterRisk\WinRiskXA\server\bin\WinRiskXAServer.exe [x]

R4 WinRiskXAServiceHandler;InterRisk WinRisk Dienststeuerung;p:\program files (x86)\InterRisk\WinRiskXA\client\bin\BWServiceHandler.exe;p:\program files (x86)\InterRisk\WinRiskXA\client\bin\BWServiceHandler.exe [x]

R4 WinRiskXASoftwareUpdate;InterRisk WinRisk Softwareaktualisierung;p:\program files (x86)\InterRisk\WinRiskXA\client\bin\BWUpdater.exe;p:\program files (x86)\InterRisk\WinRiskXA\client\bin\BWUpdater.exe [x]

S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]

S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]

S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]

S1 DslMNLwf;DSL-Manager NDIS LightWeight Filter;c:\windows\system32\DRIVERS\dslmnlwf.sys;c:\windows\SYSNATIVE\DRIVERS\dslmnlwf.sys [x]

S1 SLEE_17_DRIVER;Steganos Live Encryption Engine 17 [Driver];c:\windows\Sleen1764.sys;c:\windows\Sleen1764.sys [x]

S2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe;c:\program files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]

S2 AntiVirSchedulerService;Avira Planer;p:\program files (x86)\Avira\AntiVir Desktop\sched.exe;p:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]

S2 ePowerSvc;Acer ePower Service;c:\program files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe;c:\program files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [x]

S2 Live Updater Service;Live Updater Service;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe [x]

S2 NbgAutoUpdater;NÜRNBERGER AutoUpdater;p:\program files (x86)\NÜRNBERGER AutoUpdater\BT.Setup.InstallationsDienst.exe;p:\program files (x86)\NÜRNBERGER AutoUpdater\BT.Setup.InstallationsDienst.exe [x]

S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]

S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;p:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe;p:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [x]

S2 Updater Service;Updater Service;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe [x]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]

S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]

S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;p:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys;p:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [x]

S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]

S3 whfltr2k;WheelMouse USB Lower Filter Driver;c:\windows\system32\DRIVERS\whfltr2k.sys;c:\windows\SYSNATIVE\DRIVERS\whfltr2k.sys [x]

.

.

Inhalt des "geplante Tasks" Ordners

.

2013-08-26 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-04 18:36]

.

2012-09-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-04 17:54]

.

2012-09-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-04 17:54]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]

2009-08-24 21:41        750064        ----a-w-        c:\programdata\Partner\Partner64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-04-24 12480616]

"Acer ePower Management"="c:\program files\Packard Bell\Packard Bell Power Management\ePowerTray.exe" [2009-08-06 828960]

"PLFSetL"="c:\windows\PLFSetL.exe" [2010-02-12 99712]

"SNUVCDSM"="c:\windows\snuvcdsm.exe" [2010-02-12 30080]

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs

UxTuneUp

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = hxxp://feed.snap.do/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=DE&userid=b10c90ad-bfd3-4a3c-a388-650cf8130566&searchtype=hp&installDate={installDate}

uLocal Page = c:\windows\system32\blank.htm

mStart Page = hxxp://search.easylifeapp.com/?pid=356&src=ie1&r=2013/03/17&hid=465647422&lg=EN&cc=DE

uInternet Settings,ProxyOverride = *.local;<local>

uSearchAssistant = hxxp://feed.snap.do/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=DE&userid=b10c90ad-bfd3-4a3c-a388-650cf8130566&searchtype=ds&q={searchTerms}&installDate={installDate}

IE: An vorhandene PDF-Datei anfügen - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: In Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Linkziel in Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Nach Microsoft E&xel exportieren - p:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.178.1

FF - ProfilePath - c:\users\Joachim Groß\AppData\Roaming\Mozilla\Firefox\Profiles\of8ze4aq.default\

FF - prefs.js: browser.search.defaulturl - 

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/

FF - prefs.js: keyword.URL - 

FF - ExtSQL: 2013-08-26 19:05; {be3f2680-f8c4-43d8-ac73-87231c1666dc}; c:\program files (x86)\LyricsPal\130.xpi

FF - user.js: network.http.max-persistent-connections-per-server - 4

FF - user.js: nglayout.initialpaint.delay - 600

FF - user.js: content.notify.interval - 600000

FF - user.js: content.max.tokenizing.time - 1800000

FF - user.js: content.switch.threshold - 600000

FF - user.js: extensions.autoDisableScopes - 0

FF - user.js: extensions.shownSelectionUI - true

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

BHO-{e0ebc96b-04ef-47be-a73a-5c11c6de7331} - c:\program files (x86)\LyricsPal\130.dll

Toolbar-Locked - (no file)

Wow6432Node-HKLM-Run-<NO NAME> - (no file)

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\NÜRNBERGER AutoUpdater.lnk - c:\windows\Installer\{366D38BF-E12D-48FB-9F01-EEF3E7DCADEF}\BT.Setup.Updater.T_CD8CBA3468C240F981B372C3EA3FF361.exe

HKLM_Wow6432Node-ActiveSetup-{5CCF8330-F742-411A-8A04-719806D168B5} - msiexec

Toolbar-Locked - (no file)

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

AddRemove-SP_d33a5824 - c:\program files (x86)\EasyLife\uninstall.exe

AddRemove-{55717f25-41a2-400a-89df-6e256412f7e0} - c:\program files (x86)\LyricsPal\Uninstall.exe

.

.

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Zeit der Fertigstellung: 2013-08-27  20:31:12

ComboFix-quarantined-files.txt  2013-08-27 18:31

.

Vor Suchlauf: 14 Verzeichnis(se), 120.455.135.232 Bytes frei

Nach Suchlauf: 19 Verzeichnis(se), 119.984.873.472 Bytes frei

.

- - End Of File - - 07E1FD44F8F376B6D33968341A3D37DE

A36C5E4F47E84449FF07ED3517B43A31

Mache jetzt mit Schritt 2 weiter.

Und hier die LOG-Datei von adwcleaner:

Code:



        Code:


        
# AdwCleaner v3.001 - Report created 27/08/2013 at 20:36:18

# Updated 24/08/2013 by Xplode

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

# Username : Joachim Groß - JOACHIMGROß-PC

# Running from : C:\Users\Joachim Groß\Desktop\adwcleaner.exe

# Option : Clean
 

***** [ Services ] *****
 

[#] Service Deleted : Partner Service
 

***** [ Files / Folders ] *****
 

Folder Deleted : C:\ProgramData\BetterSoft

Folder Deleted : C:\ProgramData\boost_interprocess

Folder Deleted : C:\ProgramData\InstallMate

Folder Deleted : C:\ProgramData\Partner

Folder Deleted : C:\ProgramData\simplitec

Folder Deleted : C:\ProgramData\SoftSafe

Folder Deleted : C:\Program Files (x86)\optimizer pro

Folder Deleted : C:\Users\Joachim Groß\AppData\Local\Wajam

Folder Deleted : C:\Users\Joachim Groß\AppData\Roaming\simplitec

Folder Deleted : C:\Users\Joachim Groß\AppData\Roaming\Mozilla\Firefox\Profiles\of8ze4aq.default\Conduit

Folder Deleted : C:\Users\Joachim Groß\AppData\Roaming\Mozilla\Firefox\Profiles\of8ze4aq.default\ConduitCommon

Folder Deleted : C:\Users\Joachim Groß\AppData\Roaming\Mozilla\Firefox\Profiles\of8ze4aq.default\Extensions\software@loadtubes.com

File Deleted : C:\Users\Joachim Groß\AppData\Roaming\Mozilla\Firefox\Profiles\of8ze4aq.default\user.js
 

***** [ Shortcuts ] *****
 
 

***** [ Registry ] *****
 

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp

Key Deleted : HKLM\SOFTWARE\Classes\AppID\kt_bho_dll.dll

Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL

Key Deleted : HKLM\SOFTWARE\Classes\IESmartBar.BandObjectAttribute

Key Deleted : HKLM\SOFTWARE\Classes\IESmartBar.BHO

Key Deleted : HKLM\SOFTWARE\Classes\IESmartBar.DockingPanel

Key Deleted : HKLM\SOFTWARE\Classes\IESmartBar.IESmartBar

Key Deleted : HKLM\SOFTWARE\Classes\IESmartBar.IESmartBarBandObject

Key Deleted : HKLM\SOFTWARE\Classes\IESmartBar.SmartbarDisplayState

Key Deleted : HKLM\SOFTWARE\Classes\IESmartBar.SmartbarMenuForm

Key Deleted : HKLM\SOFTWARE\Classes\kt_bho.KettleBho

Key Deleted : HKLM\SOFTWARE\Classes\kt_bho.KettleBho.1

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SP_d33a5824

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SP_f2a323db

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_avery-designpro_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_avery-designpro_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_t-dsl-speed-manager_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_t-dsl-speed-manager_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_virtual-dj-free-home-edition_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_virtual-dj-free-home-edition_RASMANCS

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{28A88B70-D874-4F73-BBBA-9B2B222FB7D6}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{14F35FFC-522A-4DD1-A07E-6B8B65C6891E}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{86676E13-D6D8-4652-9FCF-F2047F1FB000}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{01BD49D7-C76B-4310-8BEB-14D7E5F322C6}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{01BD49D7-C76B-4310-8BEB-14D7E5F322C6}

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

Key Deleted : HKCU\Software\BI

Key Deleted : HKCU\Software\powerpack

Key Deleted : HKCU\Software\Softonic

Key Deleted : HKCU\Software\YahooPartnerToolbar

Key Deleted : HKCU\Software\AppDataLow\SProtector

Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong

Key Deleted : HKLM\Software\SP Global

Key Deleted : HKLM\Software\SProtector

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OptimizerPro
 

***** [ Browsers ] *****
 

-\\ Internet Explorer v0.0.0.0
 

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant]

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]
 

-\\ Mozilla Firefox v23.0.1 (de)
 

[ File : C:\Users\Joachim Groß\AppData\Roaming\Mozilla\Firefox\Profiles\of8ze4aq.default\prefs.js ]
 

Line Deleted : user_pref("CT2438727..clientLogIsEnabled", false);

Line Deleted : user_pref("CT2438727..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");

Line Deleted : user_pref("CT2438727..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");

Line Deleted : user_pref("CT2438727.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);

Line Deleted : user_pref("CT2438727.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");

Line Deleted : user_pref("CT2438727.BrowserCompStateIsOpen_1000515", true);

Line Deleted : user_pref("CT2438727.CT2438727", "CT2438727");

Line Deleted : user_pref("CT2438727.CurrentServerDate", "18-4-2013");

Line Deleted : user_pref("CT2438727.DSInstall", false);

Line Deleted : user_pref("CT2438727.DialogsAlignMode", "LTR");

Line Deleted : user_pref("CT2438727.DialogsGetterLastCheckTime", "Wed Apr 17 2013 19:39:08 GMT+0200");

Line Deleted : user_pref("CT2438727.DownloadReferralCookieData", "");

Line Deleted : user_pref("CT2438727.FirstServerDate", "18-3-2013");

Line Deleted : user_pref("CT2438727.FirstTime", true);

Line Deleted : user_pref("CT2438727.FirstTimeFF3", true);

Line Deleted : user_pref("CT2438727.FirstTimeHiddenVer", true);

Line Deleted : user_pref("CT2438727.FixPageNotFoundErrors", true);

Line Deleted : user_pref("CT2438727.GroupingServerCheckInterval", 1440);

Line Deleted : user_pref("CT2438727.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");

Line Deleted : user_pref("CT2438727.HPInstall", false);

Line Deleted : user_pref("CT2438727.HasUserGlobalKeys", true);

Line Deleted : user_pref("CT2438727.HomePageProtectorEnabled", false);

Line Deleted : user_pref("CT2438727.HomepageBeforeUnload", "hxxp://www.google.de/");

Line Deleted : user_pref("CT2438727.Initialize", true);

Line Deleted : user_pref("CT2438727.InitializeCommonPrefs", true);

Line Deleted : user_pref("CT2438727.InstallationAndCookieDataSentCount", 3);

Line Deleted : user_pref("CT2438727.InstallationType", "Unknown");

Line Deleted : user_pref("CT2438727.InstalledDate", "Mon Mar 18 2013 16:10:31 GMT+0100");

Line Deleted : user_pref("CT2438727.IsAlertDBUpdated", true);

Line Deleted : user_pref("CT2438727.IsGrouping", false);

Line Deleted : user_pref("CT2438727.IsInitSetupIni", true);

Line Deleted : user_pref("CT2438727.IsMulticommunity", false);

Line Deleted : user_pref("CT2438727.IsOpenThankYouPage", true);

Line Deleted : user_pref("CT2438727.IsOpenUninstallPage", true);

Line Deleted : user_pref("CT2438727.IsProtectorsInit", true);

Line Deleted : user_pref("CT2438727.LanguagePackLastCheckTime", "Thu Apr 18 2013 12:08:42 GMT+0200");

Line Deleted : user_pref("CT2438727.LanguagePackReloadIntervalMM", 1440);

Line Deleted : user_pref("CT2438727.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");

Line Deleted : user_pref("CT2438727.LastLogin_3.18.0.7", "Thu Apr 18 2013 12:08:42 GMT+0200");

Line Deleted : user_pref("CT2438727.LatestVersion", "3.18.0.7");

Line Deleted : user_pref("CT2438727.Locale", "en");

Line Deleted : user_pref("CT2438727.MCDetectTooltipHeight", "83");

Line Deleted : user_pref("CT2438727.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");

Line Deleted : user_pref("CT2438727.MCDetectTooltipWidth", "295");

Line Deleted : user_pref("CT2438727.MyStuffEnabledAtInstallation", false);

Line Deleted : user_pref("CT2438727.OriginalFirstVersion", "3.18.0.7");

Line Deleted : user_pref("CT2438727.SearchCaption", "Zynga Customized Web Search");

Line Deleted : user_pref("CT2438727.SearchEngineBeforeUnload", "chrome://browser-region/locale/region.properties");

Line Deleted : user_pref("CT2438727.SearchFromAddressBarIsInit", true);

Line Deleted : user_pref("CT2438727.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2438727&SearchSource=2&CUI=SB_CUI&UM=UM_ID&q=");

Line Deleted : user_pref("CT2438727.SearchInNewTabEnabled", true);

Line Deleted : user_pref("CT2438727.SearchInNewTabIntervalMM", 1440);

Line Deleted : user_pref("CT2438727.SearchInNewTabLastCheckTime", "Thu Apr 18 2013 12:08:38 GMT+0200");

Line Deleted : user_pref("CT2438727.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID&UM=UM_ID");

Line Deleted : user_pref("CT2438727.SearchInNewTabUserEnabled", false);

Line Deleted : user_pref("CT2438727.SearchProtectorEnabled", false);

Line Deleted : user_pref("CT2438727.SearchProtectorToolbarDisabled", false);

Line Deleted : user_pref("CT2438727.SendProtectorDataViaLogin", true);

Line Deleted : user_pref("CT2438727.ServiceMapLastCheckTime", "Thu Apr 18 2013 12:08:40 GMT+0200");

Line Deleted : user_pref("CT2438727.SettingsLastCheckTime", "Thu Apr 18 2013 12:08:37 GMT+0200");

Line Deleted : user_pref("CT2438727.SettingsLastUpdate", "1366272643");

Line Deleted : user_pref("CT2438727.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2438727&SearchSource=13");

Line Deleted : user_pref("CT2438727.ThirdPartyComponentsInterval", 504);

Line Deleted : user_pref("CT2438727.ThirdPartyComponentsLastCheck", "Tue Apr 09 2013 19:21:15 GMT+0200");

Line Deleted : user_pref("CT2438727.ThirdPartyComponentsLastUpdate", "1331805997");

Line Deleted : user_pref("CT2438727.ToolbarShrinkedFromSetup", false);

Line Deleted : user_pref("CT2438727.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2438727");

Line Deleted : user_pref("CT2438727.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com,MyBlogToolbar.com,MyCity[...]

Line Deleted : user_pref("CT2438727.UserID", "UN00806567641585542");

Line Deleted : user_pref("CT2438727.ValidationData_Toolbar", 2);

Line Deleted : user_pref("CT2438727.alertChannelId", "832836");

Line Deleted : user_pref("CT2438727.backendstorage.facebook_mode", "32");

Line Deleted : user_pref("CT2438727.backendstorage.facebook_user_locale", "6465");

Line Deleted : user_pref("CT2438727.components.1000515", true);

Line Deleted : user_pref("CT2438727.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlPattern\":\"hxxp://appdown[...]

Line Deleted : user_pref("CT2438727.globalFirstTimeInfoLastCheckTime", "Thu Apr 18 2013 12:08:42 GMT+0200");

Line Deleted : user_pref("CT2438727.homepageProtectorEnableByLogin", true);

Line Deleted : user_pref("CT2438727.initDone", true);

Line Deleted : user_pref("CT2438727.isAppTrackingManagerOn", false);

Line Deleted : user_pref("CT2438727.myStuffEnabled", true);

Line Deleted : user_pref("CT2438727.myStuffPublihserMinWidth", 400);

Line Deleted : user_pref("CT2438727.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");

Line Deleted : user_pref("CT2438727.myStuffServiceIntervalMM", 1440);

Line Deleted : user_pref("CT2438727.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");

Line Deleted : user_pref("CT2438727.navigateToUrlOnSearch", false);

Line Deleted : user_pref("CT2438727.revertSettingsEnabled", true);

Line Deleted : user_pref("CT2438727.searchProtectorDialogDelayInSec", 10);

Line Deleted : user_pref("CT2438727.searchProtectorEnableByLogin", true);

Line Deleted : user_pref("CT2438727.testingCtid", "");

Line Deleted : user_pref("CT2438727.toolbarAppMetaDataLastCheckTime", "Thu Apr 18 2013 12:08:42 GMT+0200");

Line Deleted : user_pref("CT2438727.toolbarContextMenuLastCheckTime", "Mon Apr 15 2013 22:38:27 GMT+0200");

Line Deleted : user_pref("CT2438727.usagesFlag", 2);

Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2438727/CT2438727", "\"987f1767846cdf4d60cd9e74e433d9be3\"");

Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/832836/828639/DE", "\"0\"");

Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2438727", "\"0\"");

Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=EB_LOCALE", "G9mW7heT/8xIX1frcduu0A==");

Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en", "G9mW7heT/8xIX1frcduu0A==");

Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=EB_LOCALE", "mfQ70fvlD2zuBxSBj8rQqA==");

Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en", "2E1/v7EfCEDbv3VaBQMELg==");

Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=EB_LOCALE", "UgzXjW7BIkfdx+x39Ruv3w==");

Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en", "UgzXjW7BIkfdx+x39Ruv3w==");

Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=EB_LOCALE", "4BgM4MhF/sOgPsDNmIs3Yw==");

Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en", "FqddrIU7eyJgaaLyHDeVMQ==");

Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"0ea11bd291bce1:0\"");

Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.18.0.7", "\"0343677cfb1cd1:0\"");

Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2438727", "\"2cf4f33c40cf096b2e9e9778267eb346\"");

Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE", "\"afda199882cb0a9af5ebca57343c5048\"");

Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"21691c1dc0146969b1180084eca8a6a1\"");

Line Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Joachim Gro?\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\of8ze4aq.default\\conduitCommon\\modules\\3.18.0.7");

Line Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.18.0.7");

Line Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "");

Line Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2438727");

Line Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2438727");

Line Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT2438727");

Line Deleted : user_pref("CommunityToolbar.globalUserId", "e7a438fc-6666-4d64-8fae-9a97e6d27775");

Line Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);

Line Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);

Line Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Tue Apr 16 2013 21:33:43 GMT+0200");

Line Deleted : user_pref("CommunityToolbar.notifications.alertEnabled", false);

Line Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);

Line Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Mon Mar 18 2013 16:10:36 GMT+0100");

Line Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");

Line Deleted : user_pref("CommunityToolbar.notifications.locale", "en");

Line Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);

Line Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Thu Apr 18 2013 12:08:41 GMT+0200");

Line Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");

Line Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);

Line Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");

Line Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);

Line Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);

Line Deleted : user_pref("CommunityToolbar.notifications.userId", "af2369f3-9357-48b7-bd08-40174bc51cf9");

Line Deleted : user_pref("CommunityToolbar.originalHomepage", "hxxp://www.google.de/");

Line Deleted : user_pref("CommunityToolbar.originalSearchEngine", "chrome://browser-region/locale/region.properties");

Line Deleted : user_pref("aol_toolbar.default.homepage.check", false);

Line Deleted : user_pref("aol_toolbar.default.search.check", false);

Line Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 0);

Line Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);

Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");

Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");

Line Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");

Line Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "");

Line Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");

Line Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");

Line Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");

Line Deleted : user_pref("sweetim.toolbar.searchguard.enable", "");
 

*************************
 

AdwCleaner[R0].txt - [23013 octets] - [27/08/2013 20:35:35]

AdwCleaner[S0].txt - [22248 octets] - [27/08/2013 20:36:18]
 

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [22309 octets] ##########

Und hier der JRT-LOG:

Code:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 5.5.4 (08.22.2013:1)

OS: Windows 7 Home Premium x64

Ran by Joachim Groá on 27.08.2013 at 20:47:07,89

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 

~~~ Services
 
 
 

~~~ Registry Values
 
 
 

~~~ Registry Keys
 

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\lyricspal

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\pricegong_rasapi32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\pricegong_rasmancs

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\Lyrics_RASAPI32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\Lyrics_RASMANCS

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\Lyrics_RASAPI32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\Lyrics_RASMANCS

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e0ebc96b-04ef-47be-a73a-5c11c6de7331}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{e0ebc96b-04ef-47be-a73a-5c11c6de7331}
 
 
 

~~~ Files
 
 
 

~~~ Folders
 
 
 

~~~ Event Viewer Logs were cleared
 
 
 
 
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 27.08.2013 at 20:53:44,46

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Und hie die letzte LOG-Datei:

Code:

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org
 

Datenbank Version: v2013.08.27.07
 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Joachim Groß :: JOACHIMGROß-PC [Administrator]
 

27.08.2013 21:00:15

mbam-log-2013-08-27 (21-00-15).txt
 

Art des Suchlaufs: Quick-Scan

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 224373

Laufzeit: 6 Minute(n), 12 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 3

C:\Users\Joachim Groß\Downloads\BallparkWeiner_downloader_by_Ffonts.exe (PUP.Optional.Somoto) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Users\Joachim Groß\Downloads\MuenchnerFraktur_downloader_by_SchriftartenFontsde.exe (PUP.Optional.Somoto) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Users\Joachim Groß\Downloads\SoftonicDownloader_fuer_t-dsl-speed-manager.exe (PUP.Optional.Softonic) -> Erfolgreich gelöscht und in Quarantäne gestellt.
 

(Ende)

So. Jetzt bin ich mal gespannt.
Hab ja gesehen, dass einiges gelöscht wurde.
Easy Life hatte ich schon länger drauf und dachte eigentlich, dass ich es entfernt hatte. Zumindest startete der Browser nicht mehr mit der Suchmaschine.
KLassischer Fall von Denkste!

FRST-LOG:

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-08-2013

Ran by Joachim Groß (administrator) on 28-08-2013 21:53:30

Running from C:\Users\Joachim Groß\Desktop

Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard

Internet Explorer Version 9

Boot Mode: Normal
 

==================== Processes (Whitelisted) =================
 

(AMD) C:\Windows\system32\atiesrxx.exe

(AMD) C:\Windows\system32\atieclxx.exe

(Avira Operations GmbH & Co. KG) P:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe

(Adobe Systems Incorporated) c:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe

(Avira Operations GmbH & Co. KG) P:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Microsoft Corporation) c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe

(Microsoft Corporation) c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe

(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe

(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe

(NÜRNBERGER Versicherungsgruppe) P:\Program Files (x86)\NÜRNBERGER AutoUpdater\BT.Setup.InstallationsDienst.exe

(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

() C:\Program Files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe

(Avira Operations GmbH & Co. KG) P:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

(TuneUp Software) P:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe

(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

() C:\Windows\snuvcdsm.exe

(Steganos GmbH) P:\Program Files (x86)\Steganos Safe 11\Safe.exe

(Samsung) P:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

(Samsung) P:\Program Files (x86)\Samsung\Kies\Kies.exe

(TuneUp Software) P:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe

(Innovative Solutions) P:\Program Files (x86)\Innovative Solutions\DriverMax\drivermax.exe

(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerEvent.exe

(hxxp://shotty.devs-on.net) P:\Program Files\Shotty\Shotty.exe

(Brother Industries Ltd.) C:\Program Files (x86)\Brother\Brmfl08z\FAXRX.exe

(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(Suyin) C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe

(RSA, The Security Division of EMC.) C:\Program Files (x86)\Common Files\RSA Shared\RSA Card Conversion Utility\RSACardConversionUtility.exe

(Adobe Systems Inc.) P:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

(Samsung Electronics Co., Ltd.) P:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe

(Avira Operations GmbH & Co. KG) P:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe

(Microsoft Corporation) P:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE

(Mozilla Corporation) P:\Program Files (x86)\Mozilla Firefox\firefox.exe
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12480616 2012-04-24] (Realtek Semiconductor)

HKLM\...\Run: [Acer ePower Management] - C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe [828960 2009-08-06] (Acer Incorporated)

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1808168 2009-06-18] (Synaptics Incorporated)

HKLM\...\Run: [PLFSetL] - C:\Windows\PLFSetL.exe [99712 2010-02-12] (Sonix Technology Co., Ltd.)

HKLM\...\Run: [SNUVCDSM] - C:\Windows\snuvcdsm.exe [30080 2010-02-12] ()

HKCU\...\Run: [SAFE2009_Safe] - P:\Program Files (x86)\Steganos Safe 11\Safe.exe [1433696 2010-12-20] (Steganos GmbH)

HKCU\...\Run: [KiesPDLR] - P:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [1106288 2013-05-23] (Samsung)

HKCU\...\Run: [KiesPreload] - P:\Program Files (x86)\Samsung\Kies\Kies.exe [1561968 2013-05-23] (Samsung)

HKCU\...\Run: [KiesAirMessage] - P:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe [578560 2013-03-20] (Samsung Electronics)

HKCU\...\Run: [DriverMax] - P:\Program Files (x86)\Innovative Solutions\DriverMax\drivermax.exe [7162744 2013-07-15] (Innovative Solutions)

HKCU\...\Run: [DriverMax_RESTART] - P:\Program Files (x86)\Innovative Solutions\DriverMax\drivermax.exe [7162744 2013-07-15] (Innovative Solutions)

HKCU\...\Run: [Shotty] - P:\Program Files\Shotty\Shotty.exe [724480 2013-08-15] (hxxp://shotty.devs-on.net)

HKCU\...\Run: [] - P:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [1106288 2013-05-23] (Samsung)

HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-07-29] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [1157128 2009-08-18] (Dritek System Inc.)

HKLM-x32\...\Run: [VideoWebCamera] - C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe [1507448 2009-07-28] (Suyin)

HKLM-x32\...\Run: [RSA Card Conversion Utility] - C:\Program Files (x86)\Common Files\RSA Shared\RSA Card Conversion Utility\RSACardConversionUtility.exe [3499728 2010-08-27] (RSA, The Security Division of EMC.)

HKLM-x32\...\Run: [] -  [x]

HKLM-x32\...\Run: [Acrobat Assistant 8.0] - P:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [642664 2013-05-08] (Adobe Systems Inc.)

HKLM-x32\...\Run: [KiesTrayAgent] - P:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-05-23] (Samsung Electronics Co., Ltd.)

HKLM-x32\...\Run: [avgnt] - P:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [345144 2013-07-01] (Avira Operations GmbH & Co. KG)

HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)

HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Packard Bell\Screensaver\run_Packard Bell.exe [162336 2009-07-22] ()

Lsa: [Authentication Packages] msv1_0 relog_ap

Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk

ShortcutTarget: DSL-Manager.lnk -> P:\Program Files (x86)\DSL-Manager\DslMgr.exe (T-Systems Enterprise Services GmbH)

Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk

ShortcutTarget: DSL-Manager.lnk -> P:\Program Files (x86)\DSL-Manager\DslMgr.exe (T-Systems Enterprise Services GmbH)

Startup: C:\Users\Joachim Groß\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FAXRX.lnk

ShortcutTarget: FAXRX.lnk -> C:\Program Files (x86)\Brother\Brmfl08z\FAXRX.exe (Brother Industries Ltd.)
 

==================== Internet (Whitelisted) ====================
 

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_lj71&r=27360912y715l0314z1l5f4832t24o

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - P:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - P:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - P:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File

Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - P:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)

Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - P:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
 

FireFox:

========

FF ProfilePath: C:\Users\Joachim Groß\AppData\Roaming\Mozilla\Firefox\Profiles\of8ze4aq.default

FF SelectedSearchEngine: Google

FF Homepage: hxxp://www.google.de/

FF Keyword.URL: user_pref("keyword.URL", "");

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()

FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - P:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)

FF Plugin: @java.com/DTPlugin,version=10.17.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()

FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)

FF Plugin-x32: @Apple.com/iTunes,version=1.0 - P:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - P:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)

FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - P:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8064.0206 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: Adobe Acrobat - P:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)

FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Extension: Onlinestarter - C:\Users\Joachim Groß\AppData\Roaming\Mozilla\Firefox\Profiles\of8ze4aq.default\Extensions\webmaster@biss-net.com

FF Extension: Flagfox - C:\Users\Joachim Groß\AppData\Roaming\Mozilla\Firefox\Profiles\of8ze4aq.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}

FF Extension: IE Tab 2 (FF 3.6+) - C:\Users\Joachim Groß\AppData\Roaming\Mozilla\Firefox\Profiles\of8ze4aq.default\Extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}

FF Extension: WOT - C:\Users\Joachim Groß\AppData\Roaming\Mozilla\Firefox\Profiles\of8ze4aq.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}

FF Extension: DownloadHelper - C:\Users\Joachim Groß\AppData\Roaming\Mozilla\Firefox\Profiles\of8ze4aq.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

FF Extension: amznUWL2 - C:\Users\Joachim Groß\AppData\Roaming\Mozilla\Firefox\Profiles\of8ze4aq.default\Extensions\amznUWL2@amazon.com.xpi

FF Extension: No Name - C:\Users\Joachim Groß\AppData\Roaming\Mozilla\Firefox\Profiles\of8ze4aq.default\Extensions\sfStatistics.xml

FF Extension: testpilot - C:\Users\Joachim Groß\AppData\Roaming\Mozilla\Firefox\Profiles\of8ze4aq.default\Extensions\testpilot@labs.mozilla.com.xpi

FF Extension: toolbar - C:\Users\Joachim Groß\AppData\Roaming\Mozilla\Firefox\Profiles\of8ze4aq.default\Extensions\toolbar@gmx.net.xpi

FF Extension: No Name - C:\Users\Joachim Groß\AppData\Roaming\Mozilla\Firefox\Profiles\of8ze4aq.default\Extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}.xpi

FF Extension: No Name - C:\Users\Joachim Groß\AppData\Roaming\Mozilla\Firefox\Profiles\of8ze4aq.default\Extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi

FF Extension: No Name - C:\Users\Joachim Groß\AppData\Roaming\Mozilla\Firefox\Profiles\of8ze4aq.default\Extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi

FF Extension: No Name - C:\Users\Joachim Groß\AppData\Roaming\Mozilla\Firefox\Profiles\of8ze4aq.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

FF Extension: No Name - C:\Users\Joachim Groß\AppData\Roaming\Mozilla\Firefox\Profiles\of8ze4aq.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi

FF HKCU\...\Firefox\Extensions: [{be3f2680-f8c4-43d8-ac73-87231c1666dc}] C:\Program Files (x86)\LyricsPal\130.xpi

FF StartMenuInternet: FIREFOX.EXE - P:\Program Files (x86)\Mozilla Firefox\firefox.exe
 

==================== Services (Whitelisted) =================
 

R2 AntiVirSchedulerService; P:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-07-01] (Avira Operations GmbH & Co. KG)

R2 AntiVirService; P:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-07-01] (Avira Operations GmbH & Co. KG)

R2 ePowerSvc; C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [844320 2009-08-06] (Acer Incorporated)

S4 Greg_Service; C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe [1150496 2009-06-04] (Acer Incorporated)

R2 Live Updater Service; C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [255376 2012-04-05] (Acer Incorporated)

S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)

S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

S3 Microsoft Office Groove Audit Service; P:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [64856 2009-02-26] (Microsoft Corporation)

R2 NbgAutoUpdater; P:\Program Files (x86)\NÜRNBERGER AutoUpdater\BT.Setup.InstallationsDienst.exe [21072 2013-04-25] (NÜRNBERGER Versicherungsgruppe)

S4 NTI IScheduleSvc; C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe [62720 2009-08-21] (NewTech Infosystems, Inc.)

S2 SkypeUpdate; P:\Program Files (x86)\Skype\Updater\Updater.exe [162408 2013-06-03] (Skype Technologies)

S3 TDslMgrService; P:\Program Files (x86)\DSL-Manager\DslMgrSvc.exe [307200 2008-10-23] (T-Systems Enterprise Services GmbH)

R2 TryAndDecideService; C:\Program Files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe [498952 2008-04-21] ()

R2 TuneUp.UtilitiesSvc; P:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [2402080 2013-01-28] (TuneUp Software)

R2 Updater Service; C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [255376 2012-04-05] (Acer Incorporated)

S4 WinRiskXAAppService; P:\Program Files (x86)\InterRisk\WinRiskXA\server\bin\WinRiskXAServer.exe [101888 2012-09-12] ()

S4 WinRiskXAServiceHandler; P:\Program Files (x86)\InterRisk\WinRiskXA\client\bin\BWServiceHandler.exe [90112 2012-04-18] ()

S4 WinRiskXASoftwareUpdate; P:\Program Files (x86)\InterRisk\WinRiskXA\client\bin\BWUpdater.exe [24576 2012-04-18] (BISS GmbH)
 

==================== Drivers (Whitelisted) ====================
 

S0 amdkmafd; C:\Windows\System32\DRIVERS\amdkmafd.sys [21600 2013-03-14] (Advanced Micro Devices, Inc.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-02-26] (Avira Operations GmbH & Co. KG)

R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-02-26] (Avira Operations GmbH & Co. KG)

R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-03-06] (Avira Operations GmbH & Co. KG)

R1 DslMNLwf; C:\Windows\System32\DRIVERS\dslmnlwf.sys [19008 2007-08-01] (T-Systems Enterprise Services GmbH)

S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [17480 2012-12-21] ()

S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [17480 2012-12-21] ()

S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9800 2012-12-21] ()

S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9800 2012-12-21] ()

S3 KOBCCID; C:\Windows\System32\drivers\KOBCCID.sys [116864 2013-08-08] (KOBIL Systems GmbH)

S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)

S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)

S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19032 2012-08-20] ()

S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19032 2012-08-20] ()

S3 pwdspio; C:\Windows\system32\pwdspio.sys [12384 2012-08-20] ()

S3 pwdspio; C:\Windows\system32\pwdspio.sys [12384 2012-08-20] ()

R1 SLEE_17_DRIVER; C:\Windows\Sleen1764.sys [108256 2010-02-17] (Softwareentwicklung Remus - ArchiCrypt - )

R1 SLEE_17_DRIVER; C:\Windows\Sleen1764.sys [108256 2010-02-17] (Softwareentwicklung Remus - ArchiCrypt - )

R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1806592 2010-02-12] ()

R3 TuneUpUtilitiesDrv; P:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [11880 2012-08-28] (TuneUp Software)

R3 whfltr2k; C:\Windows\System32\DRIVERS\whfltr2k.sys [10368 2009-09-17] ()

S3 catchme; \??\C:\ComboFix\catchme.sys [x]

S3 dgderdrv; System32\drivers\dgderdrv.sys [x]
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2013-08-28 20:34 - 2013-08-28 20:34 - 00000433 _____ C:\Users\Joachim Groß\Desktop\Privat.lnk

2013-08-27 20:57 - 2013-08-27 20:57 - 00001125 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-08-27 20:57 - 2013-08-27 20:57 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-08-27 20:57 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2013-08-27 20:56 - 2013-08-27 20:56 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Joachim Groß\Desktop\mbam-setup-1.75.0.1300.exe

2013-08-27 20:53 - 2013-08-27 20:53 - 00001630 _____ C:\Users\Joachim Groß\Desktop\JRT.txt

2013-08-27 20:47 - 2013-08-27 20:47 - 00000000 ____D C:\Windows\ERUNT

2013-08-27 20:46 - 2013-08-27 20:46 - 01021434 _____ (Thisisu) C:\Users\Joachim Groß\Desktop\JRT.exe

2013-08-27 20:35 - 2013-08-27 20:36 - 00000000 ____D C:\AdwCleaner

2013-08-27 20:34 - 2013-08-27 20:34 - 00994642 _____ C:\Users\Joachim Groß\Desktop\adwcleaner.exe

2013-08-27 20:31 - 2013-08-27 20:31 - 00025835 _____ C:\ComboFix.txt

2013-08-27 20:13 - 2013-08-27 20:31 - 00000000 ____D C:\Qoobox

2013-08-27 20:13 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe

2013-08-27 20:13 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe

2013-08-27 20:13 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe

2013-08-27 20:13 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe

2013-08-27 20:13 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe

2013-08-27 20:13 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe

2013-08-27 20:13 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe

2013-08-27 20:13 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe

2013-08-27 20:12 - 2013-08-27 20:29 - 00000000 ____D C:\Windows\erdnt

2013-08-27 20:10 - 2013-08-27 20:10 - 05114158 ____R (Swearware) C:\Users\Joachim Groß\Desktop\ComboFix.exe

2013-08-27 00:37 - 2013-08-27 00:37 - 00022281 _____ C:\Users\Joachim Groß\Desktop\Addition.txt

2013-08-27 00:36 - 2013-08-27 00:36 - 00000000 ____D C:\FRST

2013-08-26 21:50 - 2013-08-26 21:50 - 00000831 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk

2013-08-26 21:50 - 2013-08-26 21:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

2013-08-26 21:47 - 2013-08-26 21:47 - 00173696 _____ C:\Users\JOACHI~1\AppData\Local\GDIPFONTCACHEV1.DAT

2013-08-26 21:45 - 2013-08-28 20:30 - 00002910 _____ C:\Windows\PFRO.log

2013-08-26 21:45 - 2013-08-28 20:30 - 00000280 _____ C:\Windows\setupact.log

2013-08-26 21:45 - 2013-08-26 21:45 - 00559392 _____ C:\Windows\system32\FNTCACHE.DAT

2013-08-26 21:45 - 2013-08-26 21:45 - 00000000 _____ C:\Windows\setuperr.log

2013-08-23 21:15 - 2013-08-23 21:15 - 02256152 _____ (Microsoft Corporation) C:\Users\Joachim Groß\Downloads\WcPlugin(1).exe

2013-08-21 19:54 - 2013-08-21 20:04 - 136637283 _____ C:\Users\Joachim Groß\Downloads\S6102XXMC1_S6102XENLC1_XEN(1).zip

2013-08-20 20:25 - 2013-08-20 20:49 - 00020480 _____ C:\Users\Joachim Groß\Desktop\AML-Liste.xls

2013-08-15 16:02 - 2013-08-15 16:02 - 00067782 _____ C:\Users\Joachim Groß\Downloads\meyne-textur.zip

2013-08-15 15:16 - 2013-08-15 15:16 - 02321613 _____ (xiles                                                       ) C:\Users\Joachim Groß\Downloads\NexusFontSetup2.5.8.exe

2013-08-15 09:52 - 2013-08-15 09:52 - 00001012 _____ C:\Users\Joachim Groß\AppData\Roaming\Microsoft\Windows\Start Menu\Shotty.lnk

2013-08-15 09:51 - 2013-08-15 09:51 - 00000000 ____D C:\Users\Joachim Groß\Downloads\Shotty_-_2.0.2

2013-08-14 00:15 - 2013-08-14 00:17 - 00000000 ____D C:\Windows\system32\MRT

2013-08-14 00:12 - 2013-07-25 05:54 - 17830400 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2013-08-14 00:12 - 2013-07-25 05:37 - 02312704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2013-08-14 00:12 - 2013-07-25 05:35 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2013-08-14 00:12 - 2013-07-25 05:31 - 01346560 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2013-08-14 00:12 - 2013-07-25 05:30 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2013-08-14 00:12 - 2013-07-25 05:29 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2013-08-14 00:12 - 2013-07-25 05:29 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll

2013-08-14 00:12 - 2013-07-25 05:29 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2013-08-14 00:12 - 2013-07-25 05:28 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2013-08-14 00:12 - 2013-07-25 05:28 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2013-08-14 00:12 - 2013-07-25 05:28 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2013-08-14 00:12 - 2013-07-25 05:28 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2013-08-14 00:12 - 2013-07-25 05:28 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2013-08-14 00:12 - 2013-07-25 05:27 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2013-08-14 00:12 - 2013-07-25 05:27 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2013-08-14 00:12 - 2013-07-25 05:26 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2013-08-14 00:12 - 2013-07-25 04:40 - 12334080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2013-08-14 00:12 - 2013-07-25 04:32 - 01800704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2013-08-14 00:12 - 2013-07-25 04:30 - 09738752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2013-08-14 00:12 - 2013-07-25 04:26 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2013-08-14 00:12 - 2013-07-25 04:26 - 01104384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2013-08-14 00:12 - 2013-07-25 04:25 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2013-08-14 00:12 - 2013-07-25 04:24 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2013-08-14 00:12 - 2013-07-25 04:24 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2013-08-14 00:12 - 2013-07-25 04:23 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2013-08-14 00:12 - 2013-07-25 04:23 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2013-08-14 00:12 - 2013-07-25 04:23 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2013-08-14 00:12 - 2013-07-25 04:23 - 00420864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2013-08-14 00:12 - 2013-07-25 04:23 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2013-08-14 00:12 - 2013-07-25 04:22 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2013-08-14 00:12 - 2013-07-25 04:22 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2013-08-14 00:12 - 2013-07-25 04:22 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2013-08-13 23:02 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL

2013-08-13 23:02 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL

2013-08-13 23:02 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll

2013-08-13 23:02 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

2013-08-13 23:02 - 2013-07-09 08:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2013-08-13 23:02 - 2013-07-09 07:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll

2013-08-13 23:02 - 2013-07-09 07:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll

2013-08-13 23:02 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll

2013-08-13 23:02 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll

2013-08-13 23:02 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll

2013-08-13 23:02 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll

2013-08-13 23:02 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll

2013-08-13 23:02 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe

2013-08-13 23:02 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe

2013-08-13 23:02 - 2013-07-09 06:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll

2013-08-13 23:02 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll

2013-08-13 23:02 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll

2013-08-13 23:02 - 2013-07-09 06:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll

2013-08-13 23:02 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll

2013-08-13 23:02 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll

2013-08-13 23:02 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll

2013-08-13 23:02 - 2013-07-09 04:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe

2013-08-13 23:02 - 2013-07-09 04:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll

2013-08-13 23:02 - 2013-07-09 04:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe

2013-08-13 23:02 - 2013-07-09 04:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe

2013-08-13 23:02 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys

2013-08-13 23:02 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys

2013-08-12 21:32 - 2013-08-12 21:32 - 00000000 ____D C:\Users\Joachim Groß\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SopCast

2013-08-12 21:31 - 2013-08-12 21:31 - 00000000 ____D C:\Users\Joachim Groß\Downloads\SopCast

2013-08-08 20:47 - 2013-08-08 20:47 - 00000327 _____ C:\Users\Joachim Groß\Downloads\smartcard_w7hp_x64.zip

2013-08-08 20:21 - 2010-03-31 14:42 - 00443792 _____ (KOBIL Systems GmbH) C:\Windows\SysWOW64\CT32_DLL.BAK

2013-08-08 20:19 - 2013-08-08 20:20 - 26740992 _____ C:\Users\Joachim Groß\Downloads\KOBILTreiberSetup_x64x86_v2.3.03111(1).exe

2013-08-08 20:07 - 2013-08-08 20:07 - 07876512 _____ (Adobe Systems Inc.) C:\Users\Joachim Groß\Downloads\Shockwave_Installer_Slim(2).exe

2013-08-08 20:05 - 2013-08-08 20:06 - 00000000 ____D C:\Users\Joachim Groß\.openecard

2013-08-08 19:44 - 2013-08-08 19:44 - 00000001 _____ C:\Users\Joachim Groß\.SIG_PINSTATUS_VOREINSTELLUNG

2013-08-08 19:44 - 2013-08-08 19:44 - 00000001 _____ C:\Users\Joachim Groß\.SIG_DIALOG_VOREINSTELLUNG

2013-08-08 18:41 - 2013-08-08 18:57 - 00000000 ____D C:\Users\Joachim Groß\.ausweisapp

2013-08-08 18:34 - 2013-08-08 18:34 - 00116864 _____ (KOBIL Systems GmbH) C:\Windows\system32\Drivers\KOBCCID.sys

2013-08-08 18:33 - 2013-08-08 20:21 - 00000000 ____D C:\Program Files (x86)\KOBIL Systems

2013-08-08 18:33 - 2010-05-03 21:06 - 01717664 _____ (KOBIL Systems) C:\Windows\SysWOW64\CTAPI_Control.cpl

2013-08-08 18:33 - 2010-03-31 14:42 - 00443792 _____ (KOBIL Systems GmbH) C:\Windows\SysWOW64\CT32.dll

2013-08-08 18:33 - 2010-03-31 14:40 - 00476576 _____ (KOBIL Systems) C:\Windows\SysWOW64\CTAPIUtilities.dll

2013-08-08 18:33 - 2002-11-25 13:36 - 00384187 _____ C:\Windows\SysWOW64\CTAPI CONTROL.HLP

2013-07-29 21:04 - 2013-03-14 22:17 - 00021600 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\amdkmafd.sys

2013-07-29 21:03 - 2013-03-27 19:40 - 00455888 _____ (Broadcom Corporation) C:\Windows\system32\Drivers\k57nd60a.sys
 

==================== One Month Modified Files and Folders =======
 

2013-08-28 21:52 - 2013-08-28 21:52 - 01579080 _____ (Farbar) C:\Users\Joachim Groß\Desktop\FRST64.exe

2013-08-28 21:36 - 2012-09-04 20:00 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-08-28 20:38 - 2009-07-14 06:45 - 00009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-08-28 20:38 - 2009-07-14 06:45 - 00009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-08-28 20:35 - 2012-09-04 18:10 - 01201317 _____ C:\Windows\WindowsUpdate.log

2013-08-28 20:34 - 2013-08-28 20:34 - 00000433 _____ C:\Users\Joachim Groß\Desktop\Privat.lnk

2013-08-28 20:30 - 2013-08-26 21:45 - 00002910 _____ C:\Windows\PFRO.log

2013-08-28 20:30 - 2013-08-26 21:45 - 00000280 _____ C:\Windows\setupact.log

2013-08-28 20:30 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2013-08-27 20:57 - 2013-08-27 20:57 - 00001125 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-08-27 20:57 - 2013-08-27 20:57 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-08-27 20:56 - 2013-08-27 20:56 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Joachim Groß\Desktop\mbam-setup-1.75.0.1300.exe

2013-08-27 20:53 - 2013-08-27 20:53 - 00001630 _____ C:\Users\Joachim Groß\Desktop\JRT.txt

2013-08-27 20:47 - 2013-08-27 20:47 - 00000000 ____D C:\Windows\ERUNT

2013-08-27 20:46 - 2013-08-27 20:46 - 01021434 _____ (Thisisu) C:\Users\Joachim Groß\Desktop\JRT.exe

2013-08-27 20:36 - 2013-08-27 20:35 - 00000000 ____D C:\AdwCleaner

2013-08-27 20:34 - 2013-08-27 20:34 - 00994642 _____ C:\Users\Joachim Groß\Desktop\adwcleaner.exe

2013-08-27 20:31 - 2013-08-27 20:31 - 00025835 _____ C:\ComboFix.txt

2013-08-27 20:31 - 2013-08-27 20:13 - 00000000 ____D C:\Qoobox

2013-08-27 20:29 - 2013-08-27 20:12 - 00000000 ____D C:\Windows\erdnt

2013-08-27 20:28 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini

2013-08-27 20:10 - 2013-08-27 20:10 - 05114158 ____R (Swearware) C:\Users\Joachim Groß\Desktop\ComboFix.exe

2013-08-27 00:37 - 2013-08-27 00:37 - 00022281 _____ C:\Users\Joachim Groß\Desktop\Addition.txt

2013-08-27 00:36 - 2013-08-27 00:36 - 00000000 ____D C:\FRST

2013-08-26 22:17 - 2012-09-05 03:57 - 00700418 _____ C:\Windows\system32\perfh007.dat

2013-08-26 22:17 - 2012-09-05 03:57 - 00149182 _____ C:\Windows\system32\perfc007.dat

2013-08-26 22:17 - 2009-07-14 07:13 - 01621244 _____ C:\Windows\system32\PerfStringBackup.INI

2013-08-26 21:50 - 2013-08-26 21:50 - 00000831 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk

2013-08-26 21:50 - 2013-08-26 21:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

2013-08-26 21:47 - 2013-08-26 21:47 - 00173696 _____ C:\Users\JOACHI~1\AppData\Local\GDIPFONTCACHEV1.DAT

2013-08-26 21:45 - 2013-08-26 21:45 - 00559392 _____ C:\Windows\system32\FNTCACHE.DAT

2013-08-26 21:45 - 2013-08-26 21:45 - 00000000 _____ C:\Windows\setuperr.log

2013-08-26 21:44 - 2009-08-25 00:10 - 00000000 ____D C:\Windows\Panther

2013-08-24 09:53 - 2013-05-16 07:37 - 00000000 ____D C:\Users\Joachim Groß\Desktop\Neufahrn-zu erledigen

2013-08-23 21:15 - 2013-08-23 21:15 - 02256152 _____ (Microsoft Corporation) C:\Users\Joachim Groß\Downloads\WcPlugin(1).exe

2013-08-21 20:36 - 2012-09-04 20:00 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2013-08-21 20:36 - 2012-09-04 20:00 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2013-08-21 20:36 - 2012-09-04 20:00 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater

2013-08-21 20:04 - 2013-08-21 19:54 - 136637283 _____ C:\Users\Joachim Groß\Downloads\S6102XXMC1_S6102XENLC1_XEN(1).zip

2013-08-20 20:49 - 2013-08-20 20:25 - 00020480 _____ C:\Users\Joachim Groß\Desktop\AML-Liste.xls

2013-08-17 11:30 - 2012-09-24 17:17 - 00000000 ____D C:\Users\JOACHI~1\AppData\Local\Apple Computer

2013-08-15 21:38 - 2012-09-04 15:03 - 00000000 ____D C:\Users\Joachim Groß\Desktop\Anwendungen

2013-08-15 17:23 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache

2013-08-15 16:02 - 2013-08-15 16:02 - 00067782 _____ C:\Users\Joachim Groß\Downloads\meyne-textur.zip

2013-08-15 15:16 - 2013-08-15 15:16 - 02321613 _____ (xiles                                                       ) C:\Users\Joachim Groß\Downloads\NexusFontSetup2.5.8.exe

2013-08-15 15:13 - 2012-09-04 18:23 - 00000000 ____D C:\Users\Joachim Groß

2013-08-15 09:52 - 2013-08-15 09:52 - 00001012 _____ C:\Users\Joachim Groß\AppData\Roaming\Microsoft\Windows\Start Menu\Shotty.lnk

2013-08-15 09:51 - 2013-08-15 09:51 - 00000000 ____D C:\Users\Joachim Groß\Downloads\Shotty_-_2.0.2

2013-08-14 00:26 - 2009-08-24 23:28 - 00000000 ____D C:\ProgramData\Microsoft Help

2013-08-14 00:17 - 2013-08-14 00:15 - 00000000 ____D C:\Windows\system32\MRT

2013-08-14 00:15 - 2012-09-05 12:14 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2013-08-13 22:09 - 2012-11-20 17:29 - 00000000 ____D C:\Users\Joachim Groß\Desktop\ARUNA-Postfach

2013-08-12 21:32 - 2013-08-12 21:32 - 00000000 ____D C:\Users\Joachim Groß\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SopCast

2013-08-12 21:31 - 2013-08-12 21:31 - 00000000 ____D C:\Users\Joachim Groß\Downloads\SopCast

2013-08-11 23:39 - 2012-09-07 14:30 - 00003694 _____ C:\Windows\System32\Tasks\Adobe-Online-Aktualisierungsprogramm

2013-08-08 20:47 - 2013-08-08 20:47 - 00000327 _____ C:\Users\Joachim Groß\Downloads\smartcard_w7hp_x64.zip

2013-08-08 20:21 - 2013-08-08 18:33 - 00000000 ____D C:\Program Files (x86)\KOBIL Systems

2013-08-08 20:20 - 2013-08-08 20:19 - 26740992 _____ C:\Users\Joachim Groß\Downloads\KOBILTreiberSetup_x64x86_v2.3.03111(1).exe

2013-08-08 20:11 - 2012-09-04 19:44 - 00000000 ____D C:\Users\JOACHI~1\AppData\Local\Adobe

2013-08-08 20:10 - 2009-08-24 23:48 - 00000000 ____D C:\Program Files (x86)\Adobe

2013-08-08 20:07 - 2013-08-08 20:07 - 07876512 _____ (Adobe Systems Inc.) C:\Users\Joachim Groß\Downloads\Shockwave_Installer_Slim(2).exe

2013-08-08 20:06 - 2013-08-08 20:05 - 00000000 ____D C:\Users\Joachim Groß\.openecard

2013-08-08 19:44 - 2013-08-08 19:44 - 00000001 _____ C:\Users\Joachim Groß\.SIG_PINSTATUS_VOREINSTELLUNG

2013-08-08 19:44 - 2013-08-08 19:44 - 00000001 _____ C:\Users\Joachim Groß\.SIG_DIALOG_VOREINSTELLUNG

2013-08-08 18:57 - 2013-08-08 18:41 - 00000000 ____D C:\Users\Joachim Groß\.ausweisapp

2013-08-08 18:34 - 2013-08-08 18:34 - 00116864 _____ (KOBIL Systems GmbH) C:\Windows\system32\Drivers\KOBCCID.sys

2013-08-08 18:33 - 2009-08-24 23:16 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information

2013-08-08 18:20 - 2012-10-30 16:11 - 00000946 _____ C:\lxdo.log

2013-08-08 07:09 - 2012-09-04 15:07 - 00000000 ___RD C:\Users\Joachim Groß\Desktop\Tarifrechner
 

Files to move or delete:

====================

C:\Users\JOACHI~1\AppData\Local\Temp\Quarantine.exe

C:\Users\JOACHI~1\AppData\Local\Temp\jrt\erunt\ERUNT.EXE
 

==================== Bamital & volsnap Check =================
 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 

LastRegBack: 2013-08-26 23:06
 

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

--- --- ---

Addition-LOG:

Code:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-08-2013

Ran by Joachim Groß at 2013-08-28 21:54:57

Running from C:\Users\Joachim Groß\Desktop

Boot Mode: Normal

==========================================================
 
 

==================== Installed Programs =======================
 

   

7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)

ABBYY FineReader 6.0 Sprint (x32 Version: 6.00.2146.41621)

Acronis*True*Image*Home (x32 Version: 11.0.8105)

Adobe Acrobat  9 Standard - English, Français, Deutsch (x32 Version: 9.5.5)

Adobe Acrobat 9.5.5 - CPSID_83708 (x32)

Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.94)

Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94)

Adobe Photoshop Elements 7.0 (x32 Version: 7.0.1)

Adobe Photoshop Elements 7.0 (x32 Version: 7.0.1.3)

Adobe Reader XI (11.0.03) - Deutsch (x32 Version: 11.0.03)

Adobe Shockwave Player 12.0 (x32 Version: 12.0.3.133)

Advertising Center (x32 Version: 0.0.0.2)

Alice Greenfingers (x32)

Amazonia (x32)

AMD USB Filter Driver (x32 Version: 1.0.11.86)

Apple Application Support (x32 Version: 2.3.4)

Apple Mobile Device Support (Version: 6.1.0.13)

Apple Software Update (x32 Version: 2.1.3.127)

ATI Catalyst Install Manager (Version: 3.0.732.0)

Avira Free Antivirus (x32 Version: 13.0.0.3885)

AxCrypt 1.7.2126.0 (Version: 1.7.2126.0)

Backup Manager Basic (x32 Version: 2.0.0.22)

Bonjour (Version: 3.0.0.10)

Brother MFL-Pro Suite MFC-260C (x32 Version: 1.0.2.0)

Brother MFL-Pro Suite MFC-6890CDW (x32 Version: 1.0.1.0)

Catalyst Control Center - Branding (x32 Version: 1.00.0000)

Catalyst Control Center Core Implementation (x32 Version: 2009.0729.2227.38498)

Catalyst Control Center Graphics Full Existing (x32 Version: 2009.0729.2227.38498)

Catalyst Control Center Graphics Full New (x32 Version: 2009.0729.2227.38498)

Catalyst Control Center Graphics Light (x32 Version: 2009.0729.2227.38498)

Catalyst Control Center InstallProxy (x32 Version: 2009.0729.2227.38498)

Catalyst Control Center Localization All (x32 Version: 2009.0729.2227.38498)

CCC Help Chinese Standard (x32 Version: 2009.0729.2226.38498)

CCC Help Chinese Traditional (x32 Version: 2009.0729.2226.38498)

CCC Help Czech (x32 Version: 2009.0729.2226.38498)

CCC Help Danish (x32 Version: 2009.0729.2226.38498)

CCC Help Dutch (x32 Version: 2009.0729.2226.38498)

CCC Help English (x32 Version: 2009.0729.2226.38498)

CCC Help Finnish (x32 Version: 2009.0729.2226.38498)

CCC Help French (x32 Version: 2009.0729.2226.38498)

CCC Help German (x32 Version: 2009.0729.2226.38498)

CCC Help Greek (x32 Version: 2009.0729.2226.38498)

CCC Help Hungarian (x32 Version: 2009.0729.2226.38498)

CCC Help Italian (x32 Version: 2009.0729.2226.38498)

CCC Help Japanese (x32 Version: 2009.0729.2226.38498)

CCC Help Korean (x32 Version: 2009.0729.2226.38498)

CCC Help Norwegian (x32 Version: 2009.0729.2226.38498)

CCC Help Polish (x32 Version: 2009.0729.2226.38498)

CCC Help Portuguese (x32 Version: 2009.0729.2226.38498)

CCC Help Russian (x32 Version: 2009.0729.2226.38498)

CCC Help Spanish (x32 Version: 2009.0729.2226.38498)

CCC Help Swedish (x32 Version: 2009.0729.2226.38498)

CCC Help Thai (x32 Version: 2009.0729.2226.38498)

CCC Help Turkish (x32 Version: 2009.0729.2226.38498)

ccc-core-static (x32 Version: 2009.0729.2227.38498)

ccc-utility64 (Version: 2009.0729.2227.38498)

Chicken Invaders 2 (x32)

Choice Guard (x32 Version: 1.2.87.0)

Compatibility Pack für 2007 Office System (x32 Version: 12.0.6612.1000)

CyberLink PowerDVD 8 (x32 Version: 8.0.3805.50)

Dairy Dash (x32)

DesignPro 5 (x32 Version: 5.5.708)

Deutsche Post E-Porto (x32 Version: 2.3.0)

Dream Day First Home (x32)

DriverMax 7 (x32 Version: 7.15.0.27)

DSL-Manager (x32)

DVDFab 8.0.8.5 (19/03/2011) (x32)

EaseUS Partition Master 9.2.1 Home Edition (x32)

eBay Worldwide (x32 Version: 2.1.0703)

Farm Frenzy 2 (x32)

FileZilla Client 3.7.1 (x32 Version: 3.7.1)

Google Update Helper (x32 Version: 1.3.21.123)

Granny In Paradise (x32)

Heroes of Hellas (x32)

Identity Card (x32 Version: 1.00.3001)

ImagXpress (x32 Version: 7.0.74.0)

inSSIDer 3 (x32 Version: 3.0.6.42)

InterRisk WinRisk 5.0.1 (x32 Version: 5.0.126.1)

iTunes (Version: 11.0.4.4)

Janitos Offline-Tarifrechner 3.2.5.2 (x32)

Java 7 Update 25 (x32 Version: 7.0.250)

Java Auto Updater (x32 Version: 2.1.9.5)

JoGoVEREIN (x32 Version: 9.2.9)

Junior Icon Editor (x32 Version: 4.31)

Junk Mail filter update (x32 Version: 14.0.8064.206)

K-Lite Mega Codec Pack 9.7.2 (x32 Version: 9.7.2)

KOBIL drivers x64x86 installation (x32 Version: 1.013.02221)

KOBIL Kartenleser Treiber v2.3 (x32 Version: 2.3.03111)

KS-Win 2008 (HKCU Version: 1.4.50)

LAME v3.99.3 (for Windows) (x32)

Launch Manager (x32 Version: 3.0.04)

MAGIX Web Designer MX Premium (Version: 8.0.2.21761)

MAGIX Web Designer MX Premium (x32 Version: 8.0.2.21761)

Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300)

Merriam Websters Spell Jam (x32)

Metaboli (x32 Version: 1.00.0006)

Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320)

Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30320)

Microsoft .NET Framework 4 Extended (Version: 4.0.30320)

Microsoft Application Error Reporting (Version: 12.0.6015.5000)

Microsoft Office 2007 Service Pack 3 (SP3) (x32)

Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000)

Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000)

Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000)

Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003)

Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.6612.1000)

Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6612.1000)

Microsoft Office Live Add-in 1.5 (x32 Version: 2.0.4024.1)

Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)

Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000)

Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000)

Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000)

Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000)

Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000)

Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000)

Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000)

Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014)

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32)

Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000)

Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000)

Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000)

Microsoft Office Suite Activation Assistant (x32 Version: 2.9)

Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000)

Microsoft Silverlight (Version: 5.1.20513.0)

Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)

Microsoft SQL Server Compact 3.5 SP1 (Deutsch) (x32 Version: 3.5.5692.0)

Microsoft SQL Server Compact 3.5 SP1 x64 (Deutsch) (Version: 3.5.5692.0)

Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)

Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)

Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)

Microsoft XML Parser (x32 Version: 8.70.1104.04)

Microsoft-Maus- und Tastatur-Center (Version: 2.1.177.0)

MiniTool Partition Wizard Home Edition 7.6 (x32)

MozBackup 1.5.1 (x32)

Mozilla Firefox 23.0.1 (x86 de) (x32 Version: 23.0.1)

Mozilla Maintenance Service (x32 Version: 23.0.1)

Mp3tag v2.54 (x32 Version: v2.54)

MSVCRT (x32 Version: 14.0.1468.721)

MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)

MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)

MSXML 4.0 SP3 Parser (KB2721691) (x32 Version: 4.30.2114.0)

MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0)

MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0)

MyFreeCodec (HKCU)

MyPhoneExplorer (x32 Version: 1.8.4)

NAVIGON Fresh 3.4.1 (x32 Version: 3.4.1)

Nero 9 Essentials (x32)

Nero ControlCenter (x32 Version: 9.0.0.1)

Nero DiscSpeed (x32 Version: 5.4.7.201)

Nero DiscSpeed Help (x32 Version: 5.4.4.100)

Nero DriveSpeed (x32 Version: 4.4.7.201)

Nero DriveSpeed Help (x32 Version: 4.4.4.100)

Nero Express Help (x32 Version: 9.4.9.100)

Nero InfoTool (x32 Version: 6.4.7.201)

Nero InfoTool Help (x32 Version: 6.4.4.100)

Nero Installer (x32 Version: 4.4.8.1)

Nero Online Upgrade (x32 Version: 1.3.0.0)

Nero StartSmart (x32 Version: 9.4.11.209)

Nero StartSmart Help (x32 Version: 9.4.1.100)

Nero StartSmart OEM (x32 Version: 9.4.10.100)

NeroExpress (x32 Version: 9.4.10.505)

neroxml (x32 Version: 1.0.0)

NexusFont 2.5 (ver 2.5.8.1582) (x32)

Notepad++ (x32 Version: 6.1.8)

NÜRNBERGER AutoUpdater (x32 Version: 1.2)

NÜRNBERGER BTplus 12.2012 (x32 Version: 12.12.4961.23628)

Packard Bell GameZone Console (x32 Version: 5.1.2.3)

Packard Bell InfoCentre (x32 Version: 3.02.3000)

Packard Bell MyBackup (x32 Version: 2.0.0.22)

Packard Bell Power Management (x32 Version: 4.05.3002)

Packard Bell Recovery Management (x32 Version: 4.05.3002)

Packard Bell Registration (x32 Version: 1.02.3004)

Packard Bell ScreenSaver (x32 Version: 1.4.0730)

Packard Bell Updater (x32 Version: 1.02.3502)

PaperPort Image Printer 64-bit (Version: 1.00.0000)

PDF-XChange Viewer (Version: 2.5.197.0)

QuickTime (x32 Version: 7.74.80.86)

Realtek High Definition Audio Driver (x32 Version: 6.0.1.6622)

Realtek USB 2.0 Card Reader (x32 Version: 6.1.7600.30102)

RSA SecurID Software Token (x32 Version: 4.1.0)

RSA Smart Card Middleware 3.5 (x32 Version: 3.5.3.36)

SAliA (x32)

Samsung Kies (x32 Version: 2.5.2.13021_10)

Samsung Story Album Viewer (x32 Version: 1.0.0.13052_1)

SAMSUNG USB Driver for Mobile Phones (Version: 1.5.24.0)

serviceOFFICE (x32 Version: 07/2012)

Skype Click to Call (x32 Version: 6.3.11079)

Skype™ 6.5 (x32 Version: 6.5.158)

SopCast 3.4.8 (x32 Version: 3.4.8)

Star Defender 4 (x32)

Steganos Safe 11 (x32 Version: 11.1.6)

swMSM (x32 Version: 12.0.0.1)

Synaptics Pointing Device Driver (Version: 13.2.2.0)

tty - Kleines aber eindrucksvolles Screenshot Tool (Version: 2.0.2.216)

TuneUp Utilities 2013 (x32 Version: 13.0.3020.2)

TuneUp Utilities Language Pack (de-DE) (x32 Version: 12.0.3600.73)

TuneUp Utilities Language Pack (de-DE) (x32 Version: 13.0.3020.2)

Update for 2007 Microsoft Office System (KB967642) (x32)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)

Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32)

Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition (x32)

Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition (x32)

Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32)

Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32)

Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32)

Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (x32)

Update for Microsoft Office Outlook 2007 (KB2768023) 32-Bit Edition (x32)

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817642) 32-Bit Edition (x32)

Update für Microsoft Office Excel 2007 Help (KB963678) (x32)

Update für Microsoft Office Outlook 2007 Help (KB963677) (x32)

Update für Microsoft Office Powerpoint 2007 Help (KB963669) (x32)

Update für Microsoft Office Word 2007 Help (KB963665) (x32)

VHV RECOMAX (x32 Version: 7.00)

VHV-Tarifprogramm (x32 Version: 50.0.37)

Video Web Camera (x32 Version: 0.5.11.1)

VirtualDJ Home FREE (x32 Version: 7.0.5)

Web Designer Premium MX Update (Version: 8.1.4.24749)

Welcome Center (x32 Version: 1.00.3005)

Win7codecs (x32 Version: 3.9.8)

Windows Live Anmelde-Assistent (x32 Version: 5.000.818.5)

Windows Live Call (x32 Version: 14.0.8064.0206)

Windows Live Communications Platform (x32 Version: 14.0.8064.206)

Windows Live Essentials (x32 Version: 14.0.8064.0206)

Windows Live Essentials (x32 Version: 14.0.8064.206)

Windows Live Fotogalerie (x32 Version: 14.0.8064.206)

Windows Live Mail (x32 Version: 14.0.8064.0206)

Windows Live Sync (x32 Version: 14.0.8064.206)

Windows Live Writer (x32 Version: 14.0.8064.0206)

Windows Live-Uploadtool (x32 Version: 14.0.8014.1029)

Windows-Treiberpaket - Microsoft (USBCCID) SmartCardReader  (05/17/2005 5.2.3790.2444) (Version: 05/17/2005 5.2.3790.2444)

winOVAG (x32 Version: 3.5.2)

WinRAR 4.20 (64-Bit) (Version: 4.20.0)

x64 Components v3.9.8 (Version: 3.9.8)
 

==================== Restore Points  =========================
 

22-08-2013 23:19:05 Installed 7-Zip 9.20 (x64 edition)

27-08-2013 18:13:26 ComboFix created restore point
 

==================== Hosts content: ==========================
 

2009-07-14 04:34 - 2013-08-27 20:28 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost
 

==================== Scheduled Tasks (whitelisted) =============
 

Task: {044BD47D-B05E-48D9-998A-AADCA6D0830D} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => P:\Program Files (x86)\TuneUp Utilities 2013\OneClick.exe [2013-01-28] (TuneUp Software)

Task: {0845338B-E4A7-45A9-BB3E-DF943E5E81A6} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-01-29] (Microsoft Corporation)

Task: {088482FA-65B8-4E17-9ABF-1DCD48E8D373} - System32\Tasks\Microsoft\Windows\Tcpip\IpAddressConflict1 => C:\Windows\System32\ndfapi.dll [2009-07-14] (Microsoft Corporation)

Task: {09F06BFE-A3C8-40E3-846A-6E6F4000C238} - System32\Tasks\Microsoft\Windows\Tcpip\IpAddressConflict2 => C:\Windows\System32\ndfapi.dll [2009-07-14] (Microsoft Corporation)

Task: {1B995A56-0108-4E08-A34F-31A313FE30CE} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-01-29] (Microsoft Corporation)

Task: {33CD4F2D-786D-497B-A784-733F05AE63AF} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe [2010-11-20] (Microsoft Corporation)

Task: {4DEDCA63-BC35-4DD8-8EFC-96CA7CB48CA5} - System32\Tasks\WPD\SqmUpload_S-1-5-21-1440365351-2256435467-2640812653-1000 => C:\Windows\System32\portabledeviceapi.dll [2010-11-20] (Microsoft Corporation)

Task: {4E6B8204-CC18-4E01-8F84-5A68190A4969} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-09-04] (Google Inc.)

Task: {78505BE2-969D-4F86-BF39-CCFC8E9B1F91} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-01-29] (Microsoft Corporation)

Task: {7F822FA9-E58F-4FCD-845C-1B107C0675DA} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04] (Adobe Systems Incorporated)

Task: {8D930525-6E9C-466D-9DC1-3EEFC8EC512C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-21] (Adobe Systems Incorporated)

Task: {994C86AD-A929-4B2C-88A0-4E25A107A029} - System32\Tasks\Microsoft\Windows\SystemRestore\SR => C:\Windows\System32\srrstr.dll [2010-11-20] (Microsoft Corporation)

Task: {A7C73732-9F11-4281-8D19-764D4EC9D94D} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => C:\Windows\System32\aepdu.dll [2010-11-20] (Microsoft Corporation)

Task: {A7E59F34-F144-4164-BE5E-3596110D676B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-09-04] (Google Inc.)

Task: {ABE1491D-846B-400B-B40D-0A749C18B919} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-03-12] (Oracle Corporation)

Task: {B3B1B254-1BBD-436E-A342-CDC613402AC4} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-01-29] (Microsoft Corporation)

Task: {C7730512-6D3A-4F44-BDFB-56170CC90600} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {D7B6E81D-3CF4-432C-84D2-24213F4316E6} - System32\Tasks\Microsoft\Windows\Autochk\Proxy => C:\Windows\System32\acproxy.dll [2009-07-14] (Microsoft Corporation)

Task: {D835D69B-3728-4281-B8D9-986FC20DB712} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-01-29] (Microsoft)

Task: {D89EE9C5-4AAB-4CA5-BD76-8FE3888E579A} - System32\Tasks\Recovery Management\Burn Notification => C:\Program Files\Packard Bell\Packard Bell Recovery Management\NotificationCenter\Notification.exe [2009-07-09] (Acer)

Task: {E22A8667-F75B-4BA9-BA46-067ED4429DE8} - System32\Tasks\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange => C:\Windows\System32\bfe.dll [2010-11-20] (Microsoft Corporation)

Task: {F970DE6F-93E8-48CD-AA48-8083795EB9B1} - System32\Tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector => C:\Windows\System32\dfdts.dll [2009-07-14] (Microsoft Corporation)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 

==================== Alternate Data Streams (whitelisted) ==========
 

AlternateDataStreams: C:\ProgramData\Temp:0B9176C0

AlternateDataStreams: C:\ProgramData\Temp:5D7E5A8F
 
 

==================== Faulty Device Manager Devices =============
 
 

==================== Event log errors: =========================
 

Application errors:

==================

Error: (08/27/2013 09:46:00 PM) (Source: Application Hang) (User: )

Description: Programm integrator.exe, Version 13.0.3020.2 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
 

Prozess-ID: 108c
 

Startzeit: 01cea35d8460a4b9
 

Endzeit: 14
 

Anwendungspfad: P:\Program Files (x86)\TuneUp Utilities 2013\integrator.exe
 

Berichts-ID: 4880065c-0f51-11e3-8766-00262265cf54
 

Error: (08/27/2013 09:45:11 PM) (Source: Application Error) (User: )

Description: Name der fehlerhaften Anwendung: integrator.exe, Version: 13.0.3020.2, Zeitstempel: 0x510679ce

Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18015, Zeitstempel: 0x50b83c8a

Ausnahmecode: 0x0eedfade

Fehleroffset: 0x0000c41f

ID des fehlerhaften Prozesses: 0x108c

Startzeit der fehlerhaften Anwendung: 0xintegrator.exe0

Pfad der fehlerhaften Anwendung: integrator.exe1

Pfad des fehlerhaften Moduls: integrator.exe2

Berichtskennung: integrator.exe3
 
 

System errors:

=============

Error: (08/28/2013 08:33:40 PM) (Source: WMPNetworkSvc) (User: )

Description: WMPNetworkSvc0x80070422
 

Error: (08/28/2013 08:33:25 PM) (Source: WMPNetworkSvc) (User: )

Description: WMPNetworkSvc0x80070422
 

Error: (08/28/2013 08:31:35 PM) (Source: Service Control Manager) (User: )

Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 

amdkmafd
 

Error: (08/27/2013 09:15:40 PM) (Source: WMPNetworkSvc) (User: )

Description: WMPNetworkSvc0x80070422
 

Error: (08/27/2013 09:15:18 PM) (Source: WMPNetworkSvc) (User: )

Description: WMPNetworkSvc0x80070422
 

Error: (08/27/2013 09:13:38 PM) (Source: Service Control Manager) (User: )

Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 

amdkmafd
 
 

Microsoft Office Sessions:

=========================
 

CodeIntegrity Errors:

===================================

  Date: 2013-08-27 20:26:38.763

  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
 

  Date: 2013-08-27 20:26:38.422

  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
 
 

==================== Memory info =========================== 
 

Percentage of memory in use: 40%

Total physical RAM: 4092.2 MB

Available physical RAM: 2439.01 MB

Total Pagefile: 8182.59 MB

Available Pagefile: 5969.92 MB

Total Virtual: 8192 MB

Available Virtual: 8191.83 MB
 

==================== Drives ================================
 

Drive c: (Packard Bell) (Fixed) (Total:203.48 GB) (Free:111.48 GB) NTFS

Drive e: (Externe Daten-1TB-01) (Fixed) (Total:931.51 GB) (Free:553.09 GB) NTFS

Drive p: (Programme und Daten) (Fixed) (Total:250.17 GB) (Free:25.43 GB) NTFS

Drive z: (Privat) (Removable) (Total:35.07 GB) (Free:18.59 GB) NTFS
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 4C79441A)

Partition 1: (Not Active) - (Size=12 GB) - (Type=27)

Partition 2: (Active) - (Size=102 MB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=203 GB) - (Type=07 NTFS)

Partition 4: (Not Active) - (Size=250 GB) - (Type=OF Extended)
 

========================================================

Disk: 1 (Size: 932 GB) (Disk ID: 0D555636)

Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)
 

==================== End Of Log ============================

SYSTEM-Look LOG:

Code:

SystemLook 30.07.11 by jpshortstuff

Log created at 21:59 on 28/08/2013 by Joachim Groß

Administrator - Elevation successful
 

========== filefind ==========
 

Searching for "*EasyLife*"

No files found.
 

Searching for "*LyricsPal*"

No files found.
 

Searching for "*simplitec*"

No files found.
 

Searching for "*Softonic*"

No files found.
 

========== folderfind ==========
 

Searching for "*EasyLife*"

C:\Qoobox\Quarantine\C\Program Files (x86)\EasyLife        d------        [18:26 27/08/2013]
 

Searching for "*LyricsPal*"

C:\Qoobox\Quarantine\C\Program Files (x86)\LyricsPal        d------        [18:26 27/08/2013]
 

Searching for "*simplitec*"

C:\AdwCleaner\Quarantine\C\ProgramData\simplitec        d------        [18:36 27/08/2013]

C:\AdwCleaner\Quarantine\C\Users\Joachim Groß\AppData\Roaming\simplitec        d------        [18:36 27/08/2013]
 

Searching for "*Softonic*"

No folders found.
 

========== regfind ==========
 

Searching for "EasyLife"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\easylifeapp.com]

[HKEY_USERS\S-1-5-21-1440365351-2256435467-2640812653-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\easylifeapp.com]
 

Searching for "LyricsPal"

[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]

"{be3f2680-f8c4-43d8-ac73-87231c1666dc}"="C:\Program Files (x86)\LyricsPal\130.xpi"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pnbbffeddnekkhjmokkhdebbfbibbflc]

"Path"="C:\Program Files (x86)\LyricsPal\130.crx"

[HKEY_USERS\S-1-5-21-1440365351-2256435467-2640812653-1000\Software\Mozilla\Firefox\Extensions]

"{be3f2680-f8c4-43d8-ac73-87231c1666dc}"="C:\Program Files (x86)\LyricsPal\130.xpi"
 

Searching for "simplitec"

No data found.
 

Searching for "Softonic"

No data found.
 

-= EOF =-

Sieht aus als wäre alles sauber.
Keine - zumindest nicht erkennbare - Probleme mit Malware.
Rechner läuft rund und schneller asl zuvor.

Vielen Dank noch mal.