Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Plugin Start! Poppt auf, nach wh. Spam-Mail (https://www.trojaner-board.de/145873-plugin-start-poppt-wh-spam-mail.html)

Sabomnim 10.12.2013 16:52
Plugin Start! Poppt auf, nach wh. Spam-Mail
 
Hallo Trojaner-Board-Team!

Ich habe vorher eine E-Mail geöffnet (lt. Absender von DHL) und den Anhang geöffnet, da es hieß dort steht mehr über meine Lieferung. Seitdem poppt ein Fenster auf "Plugin Start"! und nur ein OK Butten steht zur Verfügung. Ich traue mich jetzt nicht, diesen Button anzuklicken. Manchmal dauert es jetzt auch ewig, einen neuen Tab im Browser zu öffnen.

Vielen Dank für die baldige Antwort.

Im Anhang die Logs, weil diese zu groß für diese Nachriccht waren

schrauber 10.12.2013 17:11
Hi,

Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.


So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

Sabomnim 10.12.2013 17:15
Ok! Hier die ersten drei


Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 14:30 on 10/12/2013 (user)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...
SPTD -> Already disabled


-=E.O.F=-

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-12-2013
Ran by user (administrator) on MICHI on 10-12-2013 14:32:22
Running from C:\Users\user\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe
(Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
(HP) C:\Windows\System32\HPSIsvc.exe
() C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
(ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Windows\System32\alg.exe
() C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe
() C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESGfxMgr.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(AVM Berlin) C:\Users\user\AppData\Local\Apps\2.0\32WW39EP.APM\9NQMZ9EZ.4Y9\frit..tion_8488884cfbcefd60_0002.0003_f406d43803d5433d\fritzbox-usb-fernanschluss.exe
(Oracle Corporation) C:\Program Files (x86)\MySQL\MySQL Notifier 1.1.4\MySQLNotifier.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Dropbox, Inc.) C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update Common\VUAgent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277992 2011-11-15] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2283816 2010-11-18] (Synaptics Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [497648 2010-07-29] (Adobe Systems Incorporated)
HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277992 2011-11-15] (Realtek Semiconductor)
HKCU\...\Run: [Facebook Update] - C:\Users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-12] ()
HKCU\...\Run: [AVMUSBFernanschluss] - C:\Users\user\AppData\Local\Apps\2.0\32WW39EP.APM\9NQMZ9EZ.4Y9\frit..tion_8488884cfbcefd60_0002.0003_f406d43803d5433d\AVMAutoStart.exe [139264 2012-12-22] (AVM Berlin)
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19875432 2013-06-21] (Skype Technologies S.A.)
HKCU\...\Run: [MySQL Notifier] - C:\Program Files (x86)\MySQL\MySQL Notifier 1.1.4\MySQLNotifier.exe [762368 2013-07-05] (Oracle Corporation)
HKCU\...\RunOnce: [sidebar] - C:\Users\user\AppData\Roaming\Sample.lnk [871 2013-12-10] ()
HKCU\...\Policies\system: [DisableLockWorkstation] 0
MountPoints2: {460e5720-5aea-11e2-9d35-90004eaab123} - F:\setup.exe -a
MountPoints2: {85a75559-0286-11e3-b64c-f0bf97152eab} - F:\LaunchU3.exe -a
MountPoints2: {8be32837-bf5c-11e2-b6a5-f0bf97152eab} - F:\SISetup.exe
MountPoints2: {948e19bb-a4e4-11e1-bdcb-90004eaab123} - E:\setup.exe
MountPoints2: {c1aade4b-12da-11e1-817c-90004eaab123} - E:\Setup.exe
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-09-13] (Intel Corporation)
HKLM-x32\...\Run: [Norton Online Backup] - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [PMBVolumeWatcher] - C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [648032 2010-11-27] (Sony Corporation)
HKLM-x32\...\Run: [Sophos AutoUpdate Monitor] - C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe [900160 2012-08-08] (Sophos Limited)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [348664 2012-08-08] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-01-27] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [522744 2012-06-07] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [PDFPrint] - C:\Program Files (x86)\PDF24\pdf24.exe [163000 2012-12-12] (Geek Software GmbH)
AppInit_DLLs: c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll c:\progra~2\sophos\sophos~1\sophos~2.dll [ ] ()
AppInit_DLLs-x32: c:\progra~3\bitguard\271832~1.68\{c16c1~1\bitguard.dll  [3618304 2013-11-18] ()
Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lsass.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=058df872-e2e9-4cec-68b3-f8486825a952&searchtype=ds&q={searchTerms}&installDate=01/10/2013
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.searchgol.com/?babsrc=HP_ss_Btisdt7&mntrId=6680F0BF97152EAB&affID=123621&tsp=5022
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SVEF&bmod=SVEF
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=058df872-e2e9-4cec-68b3-f8486825a952&searchtype=ds&q={searchTerms}&installDate=01/10/2013
HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www.searchgol.com/?babsrc=HP_ss_Btisdt7&mntrId=6680F0BF97152EAB&affID=123621&tsp=5022
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=058df872-e2e9-4cec-68b3-f8486825a952&searchtype=ds&q={searchTerms}&installDate=01/10/2013
SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=058df872-e2e9-4cec-68b3-f8486825a952&searchtype=ds&q={searchTerms}&installDate=01/10/2013
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=058df872-e2e9-4cec-68b3-f8486825a952&searchtype=ds&q={searchTerms}&installDate=01/10/2013
SearchScopes: HKCU - bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=058df872-e2e9-4cec-68b3-f8486825a952&searchtype=ds&q={searchTerms}&installDate=01/10/2013
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.searchgol.com/?q={searchTerms}&babsrc=SP_ss_Btisdt7&mntrId=6680F0BF97152EAB&affID=123621&tsp=5022
SearchScopes: HKCU - {21E65FE6-8C22-4527-8D3D-77E7D924299D} URL = hxxp://rover.ebay.com/rover/1/707-37276-16609-16/4?mpre=hxxp://shop.ebay.de/?_nkw={searchTerms}
SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
SearchScopes: HKCU - {C73F90D8-128A-4161-AA44-82A1E0595562} URL = hxxp://services.zinio.com/search?s={searchTerms}&rf=sonyslices
SearchScopes: HKCU - {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = hxxp://mystart.incredibar.com/mb201/?search={searchTerms}&loc=IB_DS&a=6PQVSbGKpO&i=26
SearchScopes: HKCU - {DD469079-DD4D-4DC2-8FB6-9AB2B562859C} URL = hxxp://de.shopping.com/?linkin_id=8056363
SearchScopes: HKCU - {FFF853DF-3C6F-47DB-8D14-EC4683EADF3E} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=0C3BB902-103D-4FA3-8D3D-7EC07F629C50&apn_sauid=6D039B75-C18A-40A3-B60A-C93D91632CA3
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: delta Helper Object - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.24.6\bh\delta.dll (Delta-search.com)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM-x32 - Delta Toolbar - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.24.6\deltaTlbr.dll (Delta-search.com)
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} -  No File
Toolbar: HKCU - No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} -  No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog9 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Winsock: Catalog9 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Winsock: Catalog9 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Winsock: Catalog9 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Winsock: Catalog9 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Winsock: Catalog9 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Winsock: Catalog9 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Winsock: Catalog9 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Winsock: Catalog9 24 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Winsock: Catalog9-x64 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [126528] (Sophos Limited)
Winsock: Catalog9-x64 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [126528] (Sophos Limited)
Winsock: Catalog9-x64 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [126528] (Sophos Limited)
Winsock: Catalog9-x64 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [126528] (Sophos Limited)
Winsock: Catalog9-x64 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [126528] (Sophos Limited)
Winsock: Catalog9-x64 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [126528] (Sophos Limited)
Winsock: Catalog9-x64 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [126528] (Sophos Limited)
Winsock: Catalog9-x64 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [126528] (Sophos Limited)
Winsock: Catalog9-x64 24 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [126528] (Sophos Limited)
Tcpip\..\Interfaces\{B003EFE9-2051-4BF7-92A4-78938871341D}: [NameServer]10.150.128.2

FireFox:
========
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fq22leav.default
FF user.js: detected! => C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fq22leav.default\user.js
FF NewTab: about:blank
FF DefaultSearchEngine: MyStart Search
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.searchgol.com/?babsrc=HP_ss_Btisdt7&mntrId=6680F0BF97152EAB&affID=123621&tsp=5022
FF Keyword.URL: hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=058df872-e2e9-4cec-68b3-f8486825a952&searchtype=ds&installDate=01/10/2013&q=
FF NetworkProxy: "no_proxies_on", "localho,t,127.0.0.1,*.local"
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll ()
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.11.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.11.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll ()
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\user\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF SearchPlugin: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fq22leav.default\searchplugins\askcom.xml
FF SearchPlugin: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fq22leav.default\searchplugins\MyStart Search.xml
FF SearchPlugin: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fq22leav.default\searchplugins\Web Search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
FF Extension: anonymoX - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fq22leav.default\Extensions\client@anonymox.net
FF Extension: Delta Toolbar - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fq22leav.default\Extensions\ffxtlbr@delta.com
FF Extension: incredibar.com - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fq22leav.default\Extensions\ffxtlbr@incredibar.com
FF Extension: No Name - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fq22leav.default\Extensions\staged
FF Extension: client - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fq22leav.default\Extensions\client@anonymox.net.xpi
FF Extension: firefox-hotfix - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fq22leav.default\Extensions\firefox-hotfix@mozilla.org.xpi
FF Extension: DVDVideoSoft Menu - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fq22leav.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi

Chrome:
=======
CHR HomePage: hxxp://www.searchgol.com/?babsrc=HP_ss&mntrId=6680F0BF97152EAB&affID=123621&tsp=5022
CHR RestoreOnStartup: "hxxp://golem.de/"
CHR DefaultSearchKeyword: google.de
CHR DefaultSearchProvider: Google
CHR DefaultSearchURL: {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR DefaultSuggestURL: {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\gcswf32.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\user\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.290.11) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U29) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\user\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Extension: (ProxTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek\1.2.6_0
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (AdBlock) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.54_0
CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [eooncjejnppfjjklapaamhcdmjbilmde] - C:\Users\user\AppData\Roaming\BabSolution\CR\Delta.crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe [375760 2012-05-22] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [86224 2012-05-22] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [110032 2012-05-22] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [465360 2012-05-22] (Avira Operations GmbH & Co. KG)
R2 BitGuard; C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe [3780064 2013-11-18] ()
R2 MotoHelper; C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [226624 2011-01-27] ()
S3 MySQL56; C:\ProgramData\MySQL\MySQL Server 5.6\my.ini [14236 2013-10-11] ()
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 SAVAdminService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [216640 2012-09-17] (Sophos Limited)
R2 SAVService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [139840 2012-07-26] (Sophos Limited)
S2 SkypeUpdate; C:\Program Files (x86)\Skype\Updater\Updater.exe [162408 2013-06-21] ()
S2 Sophos AutoUpdate Service; C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe [232512 2012-08-08] ()
R2 Sophos Web Control Service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [357400 2012-07-26] (Sophos Limited)
R2 swi_service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [2863168 2012-09-17] (Sophos Limited)
S2 swi_update_64; C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe [2009152 2012-08-08] ()
R2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.)
S3 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [887000 2011-01-20] (Sony Corporation)

==================== Drivers (Whitelisted) ====================

R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98848 2012-05-22] (Avira GmbH)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132832 2012-05-22] (Avira GmbH)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [27760 2011-10-11] (Avira GmbH)
R3 avmaudio; C:\Windows\System32\DRIVERS\avmaudio.sys [116480 2012-12-22] (AVM Berlin)
R3 avmaura; C:\Windows\System32\DRIVERS\avmaura.sys [116480 2012-12-22] (AVM Berlin)
R1 cnnctfy2; C:\Windows\System32\DRIVERS\cnnctfy2.sys [31344 2013-01-15] (Connectify)
R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-05-28] (DT Soft Ltd)
S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2012-12-24] (Marvell Semiconductor, Inc.)
R2 risdsnpe; C:\Windows\system32\drivers\risdsnxc64.sys [98816 2010-12-27] (REDC)
R1 SAVOnAccess; C:\Windows\System32\DRIVERS\savonaccess.sys [144672 2012-07-26] (Sophos Limited)
S3 sdcfilter; C:\Windows\System32\DRIVERS\sdcfilter.sys [36640 2012-07-26] (Sophos Limited)
S4 SophosBootDriver; C:\Windows\System32\DRIVERS\SophosBootDriver.sys [25608 2011-07-31] (Sophos Plc)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2013-07-16] (Duplex Secure Ltd.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-10 14:32 - 2013-12-10 14:33 - 00029605 _____ C:\Users\user\Downloads\FRST.txt
2013-12-10 14:32 - 2013-12-10 14:32 - 00000000 ____D C:\FRST
2013-12-10 14:31 - 2013-12-10 14:31 - 01927982 _____ (Farbar) C:\Users\user\Downloads\FRST64.exe
2013-12-10 14:12 - 2013-12-10 14:12 - 00000000 ___HD C:\Users\user\AppData\Roaming\DataWork
2013-12-10 14:09 - 2013-12-10 14:30 - 00000522 _____ C:\Users\user\Downloads\defogger_disable.log
2013-12-10 14:09 - 2013-12-10 14:09 - 00050477 _____ C:\Users\user\Downloads\Defogger.exe
2013-12-10 14:09 - 2013-12-10 14:09 - 00000188 _____ C:\Users\user\defogger_reenable
2013-12-10 13:31 - 2013-12-10 14:12 - 00000871 _____ C:\Users\user\AppData\Roaming\Sample.lnk
2013-12-09 14:50 - 2013-12-09 14:50 - 00000000 ____D C:\Users\user\.argouml
2013-12-09 14:49 - 2013-12-09 14:49 - 00002213 _____ C:\Users\user\Desktop\ArgoUML.lnk
2013-12-09 14:49 - 2013-12-09 14:49 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ArgoUML
2013-12-09 14:49 - 2013-12-09 14:49 - 00000000 ____D C:\Program Files (x86)\ArgoUML
2013-12-09 14:31 - 2013-12-09 14:32 - 16530652 _____ C:\Users\user\Downloads\ArgoUML-0.34-setup.exe
2013-12-06 13:17 - 2013-12-09 11:01 - 00000151 _____ C:\Users\user\Desktop\Mitbringsel.txt
2013-12-06 12:48 - 2013-12-06 12:49 - 00000043 _____ C:\Users\user\Desktop\Pflichtenehft.txt
2013-11-30 08:01 - 2013-12-10 03:06 - 00009089 _____ C:\Windows\IE11_main.log
2013-11-29 08:50 - 2013-11-29 08:50 - 19875432 _____ (Skype Technologies S.A.) C:\Users\user\Downloads\Skype.exe
2013-11-27 23:07 - 2013-11-27 23:07 - 00001136 _____ C:\Users\user\Desktop\Dokumente - Verknüpfung.lnk
2013-11-21 22:09 - 2013-11-21 22:09 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard
2013-11-21 17:47 - 2013-11-21 17:47 - 00000672 _____ C:\Users\user\Desktop\luna.lnk
2013-11-20 15:39 - 2013-11-20 15:39 - 00003114 _____ C:\Windows\System32\Tasks\{8E8E6C90-1937-4189-A3C5-D35B328A10CF}
2013-11-17 19:07 - 2013-11-17 19:07 - 00000000 ____D C:\Team17
2013-11-17 03:03 - 2013-11-17 03:03 - 00296728 _____ C:\Windows\Minidump\111713-21044-01.dmp
2013-11-16 21:57 - 2013-11-16 21:58 - 00000000 ____D C:\Users\user\AppData\Roaming\dvdcss
2013-11-14 23:23 - 2013-10-12 09:45 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-14 23:23 - 2013-10-12 09:45 - 01364992 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-14 23:23 - 2013-10-12 09:45 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-14 23:23 - 2013-10-12 09:43 - 19269632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-14 23:23 - 2013-10-12 09:43 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-14 23:23 - 2013-10-12 09:43 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-14 23:23 - 2013-10-12 09:43 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-14 23:23 - 2013-10-12 09:43 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-14 23:23 - 2013-10-12 09:43 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-14 23:23 - 2013-10-12 09:43 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-14 23:23 - 2013-10-12 09:43 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-14 23:23 - 2013-10-12 09:43 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-14 23:23 - 2013-10-12 09:43 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-14 23:23 - 2013-10-12 09:43 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-14 23:23 - 2013-10-12 08:03 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-14 23:23 - 2013-10-12 08:03 - 01138176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-14 23:23 - 2013-10-12 08:02 - 14355968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-14 23:23 - 2013-10-12 08:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-14 23:23 - 2013-10-12 08:02 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-14 23:23 - 2013-10-12 08:02 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-14 23:23 - 2013-10-12 08:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-14 23:23 - 2013-10-12 08:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-14 23:23 - 2013-10-12 08:02 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-14 23:23 - 2013-10-12 08:02 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-14 23:23 - 2013-10-12 08:02 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-14 23:23 - 2013-10-12 08:02 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-14 23:23 - 2013-10-12 08:02 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-14 23:23 - 2013-10-12 07:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-14 23:23 - 2013-10-12 07:08 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-14 23:23 - 2013-10-12 06:44 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-14 23:23 - 2013-10-12 06:15 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-14 09:42 - 2013-11-14 09:42 - 00000000 ____D C:\Users\user\AppData\Local\e-academy Inc
2013-11-14 08:48 - 2013-10-12 03:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-11-14 08:48 - 2013-10-12 03:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-14 08:48 - 2013-10-12 03:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-14 08:48 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-11-14 08:48 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-11-14 08:48 - 2013-10-05 21:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-14 08:48 - 2013-10-05 20:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-14 08:48 - 2013-10-04 03:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-11-14 08:48 - 2013-10-04 03:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-11-14 08:48 - 2013-10-04 03:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-14 08:48 - 2013-10-04 02:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2013-11-14 08:48 - 2013-10-04 02:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-14 08:48 - 2013-10-04 02:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2013-11-14 08:48 - 2013-10-03 03:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-14 08:48 - 2013-10-03 03:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-14 08:48 - 2013-09-28 02:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-11-14 08:48 - 2013-09-25 03:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-11-14 08:48 - 2013-09-25 03:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-11-14 08:48 - 2013-09-25 03:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-11-14 08:48 - 2013-09-25 03:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-11-14 08:48 - 2013-09-25 03:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-11-14 08:48 - 2013-09-25 03:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-14 08:48 - 2013-09-25 03:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-11-14 08:48 - 2013-09-25 03:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-11-14 08:48 - 2013-09-25 02:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-11-14 08:48 - 2013-09-25 02:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-14 08:48 - 2013-09-25 02:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-11-14 08:48 - 2013-09-25 02:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-11-14 08:48 - 2013-09-25 02:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-11-14 08:48 - 2013-07-04 13:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-11-10 01:15 - 2013-11-10 01:15 - 00000000 ____D C:\Windows\SysWOW64\searchplugins
2013-11-10 01:15 - 2013-11-10 01:15 - 00000000 ____D C:\Windows\SysWOW64\Extensions

==================== One Month Modified Files and Folders =======

2013-12-10 14:33 - 2013-12-10 14:32 - 00029605 _____ C:\Users\user\Downloads\FRST.txt
2013-12-10 14:32 - 2013-12-10 14:32 - 00000000 ____D C:\FRST
2013-12-10 14:31 - 2013-12-10 14:31 - 01927982 _____ (Farbar) C:\Users\user\Downloads\FRST64.exe
2013-12-10 14:30 - 2013-12-10 14:09 - 00000522 _____ C:\Users\user\Downloads\defogger_disable.log
2013-12-10 14:26 - 2011-07-31 18:20 - 00000000 ____D C:\Users\user\AppData\Roaming\Skype
2013-12-10 14:18 - 2009-07-14 05:45 - 00013664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-10 14:18 - 2009-07-14 05:45 - 00013664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-10 14:17 - 2011-03-03 12:42 - 00665934 _____ C:\Windows\system32\perfh007.dat
2013-12-10 14:17 - 2011-03-03 12:42 - 00135522 _____ C:\Windows\system32\perfc007.dat
2013-12-10 14:17 - 2009-07-14 06:13 - 01531240 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-10 14:14 - 2011-04-01 16:39 - 01698976 _____ C:\Windows\WindowsUpdate.log
2013-12-10 14:12 - 2013-12-10 14:12 - 00000000 ___HD C:\Users\user\AppData\Roaming\DataWork
2013-12-10 14:12 - 2013-12-10 13:31 - 00000871 _____ C:\Users\user\AppData\Roaming\Sample.lnk
2013-12-10 14:12 - 2012-10-15 21:46 - 00000000 ___RD C:\Users\user\DropBox
2013-12-10 14:12 - 2012-10-15 21:42 - 00000000 ____D C:\Users\user\AppData\Roaming\Dropbox
2013-12-10 14:10 - 2013-01-15 12:36 - 00000433 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2013-12-10 14:10 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-10 14:10 - 2009-07-14 05:51 - 00169664 _____ C:\Windows\setupact.log
2013-12-10 14:09 - 2013-12-10 14:09 - 00050477 _____ C:\Users\user\Downloads\Defogger.exe
2013-12-10 14:09 - 2013-12-10 14:09 - 00000188 _____ C:\Users\user\defogger_reenable
2013-12-10 14:09 - 2011-09-05 17:42 - 00000000 ____D C:\Users\user\Documents\Outlook-Dateien
2013-12-10 13:31 - 2011-04-01 16:42 - 00000000 ___RD C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-12-10 12:07 - 2011-09-07 20:05 - 00001134 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1197489842-2163357240-3087932191-1000UA.job
2013-12-10 03:07 - 2011-09-07 20:05 - 00001112 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1197489842-2163357240-3087932191-1000Core.job
2013-12-10 03:06 - 2013-11-30 08:01 - 00009089 _____ C:\Windows\IE11_main.log
2013-12-09 19:39 - 2012-01-09 16:11 - 00036232 _____ C:\Windows\avmacc.log
2013-12-09 14:50 - 2013-12-09 14:50 - 00000000 ____D C:\Users\user\.argouml
2013-12-09 14:49 - 2013-12-09 14:49 - 00002213 _____ C:\Users\user\Desktop\ArgoUML.lnk
2013-12-09 14:49 - 2013-12-09 14:49 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ArgoUML
2013-12-09 14:49 - 2013-12-09 14:49 - 00000000 ____D C:\Program Files (x86)\ArgoUML
2013-12-09 14:35 - 2011-03-03 04:02 - 00000000 ____D C:\Program Files (x86)\Java
2013-12-09 14:32 - 2013-12-09 14:31 - 16530652 _____ C:\Users\user\Downloads\ArgoUML-0.34-setup.exe
2013-12-09 14:30 - 2013-10-31 15:39 - 00000000 ____D C:\Users\user\AppData\Local\Eclipse
2013-12-09 11:01 - 2013-12-06 13:17 - 00000151 _____ C:\Users\user\Desktop\Mitbringsel.txt
2013-12-06 12:49 - 2013-12-06 12:48 - 00000043 _____ C:\Users\user\Desktop\Pflichtenehft.txt
2013-12-02 16:38 - 2011-08-04 14:54 - 00000000 ____D C:\Users\user\Documents\Freizeit
2013-11-30 21:45 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2013-11-30 08:17 - 2011-07-31 15:13 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-11-30 08:17 - 2011-03-03 04:48 - 00168364 _____ C:\Windows\PFRO.log
2013-11-30 08:00 - 2009-07-14 03:34 - 00000510 _____ C:\Windows\win.ini
2013-11-29 08:50 - 2013-11-29 08:50 - 19875432 _____ (Skype Technologies S.A.) C:\Users\user\Downloads\Skype.exe
2013-11-28 13:59 - 2013-10-21 17:09 - 00000000 ____D C:\Users\user\AppData\Roaming\vlc
2013-11-27 23:07 - 2013-11-27 23:07 - 00001136 _____ C:\Users\user\Desktop\Dokumente - Verknüpfung.lnk
2013-11-25 13:22 - 2011-07-31 15:13 - 00000000 ____D C:\Users\user\AppData\Local\Microsoft Help
2013-11-25 12:32 - 2011-11-07 12:01 - 00000000 ____D C:\JAVAWORK
2013-11-25 12:13 - 2013-10-17 14:14 - 00000000 ____D C:\Users\user\AppData\Local\WinZip
2013-11-25 11:26 - 2013-10-01 09:13 - 00000000 ____D C:\ProgramData\BitGuard
2013-11-21 22:09 - 2013-11-21 22:09 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard
2013-11-21 17:47 - 2013-11-21 17:47 - 00000672 _____ C:\Users\user\Desktop\luna.lnk
2013-11-20 16:01 - 2013-08-02 16:19 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Active@ ISO Burner
2013-11-20 15:49 - 2011-03-03 04:04 - 00000000 ____D C:\ProgramData\Sony Corporation
2013-11-20 15:49 - 2011-03-03 03:52 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-11-20 15:47 - 2011-04-12 11:09 - 00000000 ____D C:\Users\user\AppData\Local\Sony Corporation
2013-11-20 15:47 - 2011-03-03 04:04 - 00000000 ____D C:\Program Files\Sony
2013-11-20 15:40 - 2012-05-27 19:19 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-11-20 15:39 - 2013-11-20 15:39 - 00003114 _____ C:\Windows\System32\Tasks\{8E8E6C90-1937-4189-A3C5-D35B328A10CF}
2013-11-20 15:38 - 2011-03-03 04:04 - 00000000 ____D C:\Windows\System32\Tasks\SONY
2013-11-20 15:37 - 2011-03-03 04:04 - 00000000 ____D C:\Program Files (x86)\Sony
2013-11-20 11:06 - 2013-10-11 12:07 - 00000000 ____D C:\Users\user\AppData\Roaming\Oracle
2013-11-19 09:51 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-11-17 19:13 - 2011-03-03 04:28 - 00426708 _____ C:\Windows\DirectX.log
2013-11-17 19:09 - 2012-05-30 17:40 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2013-11-17 19:09 - 2011-04-01 16:42 - 00000000 ____D C:\Users\user\AppData\Local\VirtualStore
2013-11-17 19:07 - 2013-11-17 19:07 - 00000000 ____D C:\Team17
2013-11-17 03:03 - 2013-11-17 03:03 - 00296728 _____ C:\Windows\Minidump\111713-21044-01.dmp
2013-11-17 03:03 - 2011-10-13 17:19 - 580261658 _____ C:\Windows\MEMORY.DMP
2013-11-17 03:03 - 2011-10-13 17:19 - 00000000 ____D C:\Windows\Minidump
2013-11-16 21:58 - 2013-11-16 21:57 - 00000000 ____D C:\Users\user\AppData\Roaming\dvdcss
2013-11-15 10:17 - 2011-07-30 16:47 - 00022237 _____ C:\test.xml
2013-11-14 23:20 - 2013-07-14 02:02 - 00000000 ____D C:\Windows\system32\MRT
2013-11-14 23:17 - 2011-12-18 14:09 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-11-14 09:42 - 2013-11-14 09:42 - 00000000 ____D C:\Users\user\AppData\Local\e-academy Inc
2013-11-12 14:23 - 2012-11-26 22:26 - 00000000 ____D C:\Eclipse
2013-11-11 05:50 - 2011-07-31 15:24 - 00267936 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2013-11-10 01:15 - 2013-11-10 01:15 - 00000000 ____D C:\Windows\SysWOW64\searchplugins
2013-11-10 01:15 - 2013-11-10 01:15 - 00000000 ____D C:\Windows\SysWOW64\Extensions

Some content of TEMP:
====================
C:\Users\user\AppData\Local\Temp\SkypeSetup.exe
C:\Users\user\AppData\Local\Temp\SpotifyUninstall.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-12-10 03:28

==================== End Of Log ============================
--- --- ---


Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-12-2013
Ran by user at 2013-12-10 14:34:01
Running from C:\Users\user\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Sophos Anti-Virus (Enabled - Out of date) {65FBD860-96D8-75EF-C7ED-7BE27E6C498A}
AV: Avira Desktop (Disabled - Out of date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Disabled - Out of date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Sophos Anti-Virus (Enabled - Out of date) {DE9A3984-B0E2-7A61-FD5D-409005EB0337}

==================== Installed Programs ======================

Active@ ISO Burner (x32 Version: 2.5.1)
Adobe AIR (x32 Version: 1.5.3.9130)
Adobe Community Help (x32 Version: 3.2.1)
Adobe Community Help (x32 Version: 3.2.1.650)
Adobe Flash Player 11 ActiveX (x32 Version: 11.5.502.146)
Adobe Flash Player 11 Plugin (x32 Version: 11.4.402.287)
Adobe Photoshop Elements 9 (x32 Version: 9.0)
Adobe Premiere Elements 9 (x32 Version: 9.0)
Adobe Reader 9.4.7 MUI (x32 Version: 9.4.7)
AGEIA PhysX v7.03.21 (x32 Version: 7.03.21)
Apple Application Support (x32 Version: 2.3.2)
Apple Mobile Device Support (Version: 6.0.1.3)
Apple Software Update (x32 Version: 2.1.3.127)
ArcSoft Magic-i Visual Effects 2 (x32 Version: 2.0.1.134)
ArcSoft WebCam Companion 4 (x32 Version: 4.0.21.444)
ArgoUML 0.34 (x32 Version: 0.34)
ATI Catalyst Install Manager (Version: 3.0.808.0)
Avira Antivirus Premium 2012 (x32 Version: 12.0.0.1185)
BitGuard (x32) <==== ATTENTION
Bonjour (Version: 3.0.0.10)
Call of Duty(R) 4 - Modern Warfare(TM) (x32 Version: 1.00.0000)
Call of Duty(R) 4 - Modern Warfare(TM) (x32 Version: 1.7)
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch (x32 Version: 1.6)
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch (x32)
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch (x32 Version: 1.7)
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch (x32)
Catalyst Control Center Graphics Previews Common (x32 Version: 2011.0127.629.11510)
Catalyst Control Center InstallProxy (x32 Version: 2011.0127.629.11510)
Catalyst Control Center Localization All (x32 Version: 2011.0127.629.11510)
CCC Help Chinese Standard (x32 Version: 2011.0127.0628.11510)
CCC Help Chinese Traditional (x32 Version: 2011.0127.0628.11510)
CCC Help Czech (x32 Version: 2011.0127.0628.11510)
CCC Help Danish (x32 Version: 2011.0127.0628.11510)
CCC Help Dutch (x32 Version: 2011.0127.0628.11510)
CCC Help English (x32 Version: 2011.0127.0628.11510)
CCC Help Finnish (x32 Version: 2011.0127.0628.11510)
CCC Help French (x32 Version: 2011.0127.0628.11510)
CCC Help German (x32 Version: 2011.0127.0628.11510)
CCC Help Greek (x32 Version: 2011.0127.0628.11510)
CCC Help Hungarian (x32 Version: 2011.0127.0628.11510)
CCC Help Italian (x32 Version: 2011.0127.0628.11510)
CCC Help Japanese (x32 Version: 2011.0127.0628.11510)
CCC Help Korean (x32 Version: 2011.0127.0628.11510)
CCC Help Norwegian (x32 Version: 2011.0127.0628.11510)
CCC Help Polish (x32 Version: 2011.0127.0628.11510)
CCC Help Portuguese (x32 Version: 2011.0127.0628.11510)
CCC Help Russian (x32 Version: 2011.0127.0628.11510)
CCC Help Spanish (x32 Version: 2011.0127.0628.11510)
CCC Help Swedish (x32 Version: 2011.0127.0628.11510)
CCC Help Thai (x32 Version: 2011.0127.0628.11510)
ccc-core-static (x32 Version: 2011.0127.629.11510)
ccc-utility64 (Version: 2011.0127.629.11510)
Cisco AnyConnect Secure Mobility Client  (x32 Version: 3.0.08057)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.0.08057)
Cisco Systems VPN Client 5.0.07.0290 (Version: 5.0.7)
Command & Conquer 3 (x32 Version: 1.00.0000)
Command & Conquer™ 3: Kanes Rache (x32 Version: 1.00.0000)
Complément Messenger (x32 Version: 15.4.3502.0922)
D3DX10 (x32 Version: 15.4.2368.0902)
DAEMON Tools Lite (x32 Version: 4.45.4.0314)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)
Delta Chrome Toolbar (x32) <==== ATTENTION
Delta toolbar  (x32 Version: 1.8.24.6) <==== ATTENTION
Dropbox (HKCU Version: 1.4.17)
Elements 9 Organizer (x32 Version: 9.0)
Elements STI Installer (x32 Version: 1.0)
Empire Earth - Ultimate Edition (x32 Version: 1.0)
Empire Earth III Public Demo (x32 Version: 1.00.0000)
Facebook Video Calling 1.2.0.159 (x32 Version: 1.2.159)
Free Studio version 5.7.7.1031 (x32 Version: 5.7.7.1031)
Free YouTube to MP3 Converter version 3.11.35.1031 (x32 Version: 3.11.35.1031)
FRITZ!Box USB-Fernanschluss (HKCU Version: 2.3.0.2)
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922)
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922)
Google Chrome (x32 Version: 21.0.1180.89)
Google Earth (x32 Version: 6.2.2.6613)
Google Update Helper (x32 Version: 1.3.21.115)
HP LaserJet Professional P1100-P1560-P1600 Series
ImgBurn (x32 Version: 2.5.7.0)
Intel(R) Management Engine Components (x32 Version: 7.0.0.1144)
Intel(R) Rapid Storage Technology (x32 Version: 10.0.0.1046)
iTunes (Version: 10.6.3.25)
Java 7 Update 11 (x32 Version: 7.0.110)
Java Auto Updater (x32 Version: 2.1.9.0)
Java(TM) 6 Update 29 (64-bit) (Version: 6.0.290)
Java(TM) 6 Update 29 (x32 Version: 6.0.290)
Java(TM) SE Development Kit 6 Update 29 (64-bit) (Version: 1.6.0.290)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
Mesh Runtime (x32 Version: 15.4.5722.2)
Messenger Companion (x32 Version: 15.4.3502.0922)
Microsoft .NET Framework 1.1 (x32 Version: 1.1.4322)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000)
Microsoft Office Klick-und-Los 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000)
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Outlook Connector (x32 Version: 14.0.6106.5001)
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Professional 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft PowerPoint Viewer (x32 Version: 14.0.7015.1000)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000)
MotoHelper 2.0.45 Driver 5.0.0 (x32 Version: 2.0.45)
MotoHelper MergeModules (x32 Version: 1.2.0)
Motorola Mobile Drivers Installation 5.0.0 (Version: 5.0.0)
Mozilla Firefox 15.0.1 (x86 de) (x32 Version: 15.0.1)
Mozilla Maintenance Service (x32 Version: 15.0.1)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP3 Parser (KB2721691) (x32 Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (KB973685) (x32 Version: 4.30.2107.0)
MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0)
MySQL Connector C++ 1.1.3 (Version: 1.1.3)
MySQL Connector J (x32 Version: 5.1.26)
MySQL Connector Net 6.7.4 (x32 Version: 6.7.4)
MySQL Connector/ODBC 5.2 64bit (community edition) (Version: 5.2.5)
MySQL Documents 5.6 (x32 Version: 5.6.14)
MySQL Examples and Samples 5.6 (x32 Version: 5.6.14)
MySQL For Excel 1.1.1 (x32 Version: 1.1.1)
MySQL Installer (x32 Version: 1.3.3.0)
MySQL Notifier 1.1.4 (x32 Version: 1.1.4)
MySQL Server 5.6 (Version: 5.6.14)
MySQL Utilities (x32 Version: 1.3.4)
MySQL Workbench 6.0 CE (x32 Version: 6.0.7)
Norton Online Backup (x32 Version: 2.1.17869)
Notepad++ (x32 Version: 5.9.5)
Outlook Backup Assistant 7 (Testversion) (x32 Version: 7.0)
PDF24 Creator 5.2.0 (x32)
PDFCreator (x32 Version: 1.7.1)
PMB (x32 Version: 5.5.00.11260)
PMB VAIO Edition Plug-in (Version: 1.5.10.05300)
PMB VAIO Edition Plug-in (x32 Version: 1.4.00.09190)
PMB VAIO Edition Plug-in (x32 Version: 1.5.10.06150)
Quick Web Access (x32 Version: 1.4.7.0)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922)
Realtek HDMI Audio Driver for ATI (x32 Version: 6.0.1.6034)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6526)
Remote Keyboard (x32 Version: 1.1.1.07060)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.26.0)
Secure Download Manager (x32 Version: 3.1.30)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32)
Skype Click to Call (x32 Version: 6.3.11079)
Skype™ 6.6 (x32 Version: 6.6.106)
SmartSound Quicktracks for Premiere Elements 9.0 (x32 Version: 3.12.3090)
Sophos Anti-Virus (x32 Version: 10.0.8)
Sophos AutoUpdate (x32 Version: 2.7.4.317)
Synaptics Pointing Device Driver (Version: 15.1.8.0)
Universal Adb Driver (x32 Version: 1.0.0)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (x32)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2494150) (x32)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (x32)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (x32)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (x32)
Update for Microsoft Word 2010 (KB2827323) 32-Bit Edition (x32)
VAIO - PMB VAIO Edition Guide (x32 Version: 1.5.00.03020)
VAIO - PMB VAIO Edition Plug-in (x32 Version: 1.6.10.11160)
VAIO - Remote-Tastatur  (x32 Version: 1.1.0.07060)
VAIO Control Center (x32 Version: 4.4.0.11260)
VAIO Data Restore Tool (x32 Version: 1.5.0.10140)
VAIO Gate (x32 Version: 2.4.1.09230)
VAIO Gate Default (x32 Version: 2.3.0.11220)
VAIO Hardware Diagnostics (x32 Version: 4.1.0.10120)
VAIO Media plus (Version: 2.1.0.23300)
VAIO Media plus (x32 Version: 2.1.0.23300)
VAIO Media plus Opening Movie (x32 Version: 2.1.0.13220)
VAIO Update (x32 Version: 5.6.1.02150)
VAIO Update Merge Module x64 (Version: 5.6.10270)
VAIO Update Merge Module x64 (Version: 5.7.13130)
VAIO-Handbuch (x32 Version: 1.2.0.11040)
VAIO-Support für Übertragungen (x32 Version: 1.3.0.11250)
VLC media player 2.1.0 (Version: 2.1.0)
VU5x64 (Version: 1.0.0)
VU5x86 (x32 Version: 1.0.0)
WIDCOMM Bluetooth Software (Version: 6.3.0.6300)
Windows Live (x32 Version: 15.4.3502.0922)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3502.0922)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2)
Windows Live Messenger (x32 Version: 15.4.3502.0922)
Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3502.0922)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3502.0922)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
WinZip 17.5 (Version: 17.5.10480)
Компаньон Messenger (x32 Version: 15.4.3502.0922)
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922)
Почта Windows Live (x32 Version: 15.4.3502.0922)
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922)

==================== Restore Points  =========================

29-11-2013 07:52:50 Windows Update
30-11-2013 02:01:33 Windows Update
02-12-2013 02:00:54 Windows Update
06-12-2013 14:57:49 Windows Update
09-12-2013 13:34:28 Installed Java(TM) 6 Update 2
09-12-2013 18:33:48 Gerätetreiber-Paketinstallation: AVM Berlin AVM USB-Fernanschluss
10-12-2013 02:00:46 Windows Update

==================== Hosts content: ==========================

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0E306389-2D72-47E3-88AE-A65F6139BC3F} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update 5 => C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe [2012-01-17] ()
Task: {0FAF5D0E-A493-4D66-A019-E4460720CDBC} - System32\Tasks\MotoHelper MUM => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-01-27] ()
Task: {14C82AC7-2D10-4A0B-907F-6D60E833F543} - System32\Tasks\{2D475C70-344E-4433-B51F-86E43DF54A71} => Chrome.exe hxxp://ui.skype.com/ui/0/6.6.0.106/en/abandoninstall?page=tsProgressBar
Task: {1F5DC3B2-85CE-4590-BE36-5E6D2BDA0799} - System32\Tasks\Sony Corporation\VAIO Gate\StartExecuteProxy => C:\Program Files\Sony\VAIO Gate\ExecutionProxy.exe [2011-09-23] (Sony Corporation)
Task: {2309D48F-B96A-4F88-A638-43AB9F58D0D2} - System32\Tasks\SONY\VAIO Power Management\VPM Unlock => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2010-12-06] (Sony Corporation)
Task: {2A8BD871-38BD-4411-838D-935EF4160E46} - System32\Tasks\Sony Corporation\VAIO Update\Launch Application => C:\Program Files\Sony\VAIO Update Common\ShellExeProxy.exe [2012-01-13] (Sony Corporation)
Task: {5A85730D-CEE9-42B2-8ABD-958FFDB9C4CF} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1197489842-2163357240-3087932191-1000UA => C:\Users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] ()
Task: {60BE8BCC-2CFE-4100-9D9F-2616D45535C9} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1197489842-2163357240-3087932191-1000Core => C:\Users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] ()
Task: {645A0943-87CF-4FFF-8232-B6D252916D86} - System32\Tasks\SONY\VAIO Power Management\VPM Logon Start => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2010-12-06] (Sony Corporation)
Task: {6764E7C2-1930-40BB-85AD-92047DE74823} - System32\Tasks\MotoHelper Update => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-01-27] ()
Task: {9F1DFD1C-EB6A-498A-80F2-0DF8B3610C16} - System32\Tasks\{B5285F32-E8E2-4E65-91AF-D75DC24DA72B} => Chrome.exe hxxp://ui.skype.com/ui/0/6.3.0.107/en/go/help.faq.installer?LastError=1601
Task: {9FC4F3BD-A42A-495C-A8D9-4BC448EC34DB} - System32\Tasks\MotoHelper Routing => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-01-27] ()
Task: {A18D72D2-CAE7-492D-95CF-5B8C8BF66562} - System32\Tasks\SONY\SUS-BCF\Level4Month => C:\Program Files (x86)\Sony\Setting Utility Series\WBCBatteryCare.exe [2011-03-04] (Sony Corporation)
Task: {AA1D380C-4D5B-46BF-A75F-866A85350AD2} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2012-07-03] ()
Task: {B04CD458-22CE-45ED-97E1-6619D51DCFBA} - System32\Tasks\MotoHelper Initial Update => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-01-27] ()
Task: {C1729742-D671-4F83-B069-50C2968602AD} - System32\Tasks\SONY\SUS-BCF\Level4Daily => C:\Program Files (x86)\Sony\Setting Utility Series\WBCBatteryCare.exe [2011-03-04] (Sony Corporation)
Task: {C23AD0E1-F059-4613-9FBC-8D18D90B6D9C} - System32\Tasks\SONY\VAIO Power Management\VPM Session Change => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2010-12-06] (Sony Corporation)
Task: {C7AED403-6C93-406E-A647-5511BDA33E25} - System32\Tasks\Sony Corporation\VAIO Gate\VAIO Gate Restart => C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe [2011-09-23] (Sony Corporation)
Task: {CB2D04A0-8169-49F4-B1EA-45EAD1AE857F} - System32\Tasks\Sony Corporation\VAIO Gate\VAIO Gate => C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe [2011-09-23] (Sony Corporation)
Task: {E52BCF34-9F67-438C-BC2F-A875DD3FDCBE} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-12-03] (Adobe Systems Incorporated)
Task: {F61B6CC9-8693-4154-849E-CF9426520F57} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] ()
Task: {FB4BEB31-1AEC-4BFB-BD4A-51406D654955} - System32\Tasks\EPUpdater => C:\Users\user\AppData\Roaming\BabSolution\Shared\BabMaint.exe [2013-08-04] () <==== ATTENTION
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1197489842-2163357240-3087932191-1000Core.job => C:\Users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1197489842-2163357240-3087932191-1000UA.job => C:\Users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-11-21 22:09 - 2013-11-18 15:32 - 01958880 _____ () C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\loader.dll
2011-07-18 22:04 - 2011-07-18 22:04 - 00301568 _____ () C:\Program Files (x86)\Notepad++\NppShell_04.dll
2011-01-27 06:27 - 2011-01-27 06:27 - 00243712 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2013-11-21 22:09 - 2013-11-18 15:31 - 03618304 _____ () C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.dll
2011-10-13 17:26 - 2012-05-22 21:52 - 00398288 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2012-02-20 20:29 - 2012-02-20 20:29 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-02-20 20:28 - 2012-02-20 20:28 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2010-03-23 12:26 - 2010-03-23 12:26 - 00201512 _____ () C:\Program Files (x86)\Cisco Systems\VPN Client\vpnapi.dll
2011-03-03 04:04 - 2010-12-23 16:24 - 00013824 _____ () C:\Program Files (x86)\Sony\VAIO Event Service\VESBasePS.dll
2013-08-16 23:03 - 2013-08-16 23:03 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\cd9a4b4dbc1a4b564ebed696e18cadb6\IsdiInterop.ni.dll
2011-03-03 03:55 - 2010-09-13 18:28 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2012-09-01 14:08 - 2012-08-30 03:58 - 03997720 _____ () C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\pdf.dll
2012-09-01 14:08 - 2012-08-30 03:58 - 00442392 _____ () C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll
2012-09-01 14:08 - 2012-08-30 03:57 - 02480680 _____ () C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\avcodec-54.dll
2012-09-01 14:08 - 2012-08-30 03:57 - 00144424 _____ () C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\avutil-51.dll
2012-09-01 14:08 - 2012-08-30 03:57 - 00266792 _____ () C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\avformat-54.dll
2012-09-01 14:08 - 2012-08-30 03:58 - 12237336 _____ () C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
2012-09-01 14:08 - 2012-08-30 03:57 - 00526872 _____ () C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\libglesv2.dll
2012-09-01 14:08 - 2012-08-30 03:57 - 00104984 _____ () C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\libegl.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Windows:nlsPreferences

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SAVService => ""="service"

==================== Faulty Device Manager Devices =============

Name: Cisco Systems VPN Adapter for 64-bit Windows
Description: Cisco Systems VPN Adapter for 64-bit Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: AVM USB-Fernanschluss
Description: AVM USB-Fernanschluss
Class Guid: {59e75f1d-160e-4aba-bb5c-1c179b8e9b7a}
Manufacturer: AVM Berlin
Service: avmaura
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: AVM USB-Fernanschluss
Description: AVM USB-Fernanschluss
Class Guid: {59e75f1d-160e-4aba-bb5c-1c179b8e9b7a}
Manufacturer: AVM Berlin
Service: avmaura
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/10/2013 02:10:42 PM) (Source: Avira Antivirus) (User: NT-AUTORITÄT)
Description: Die Lizenzdatei enthält keine gültige Lizenz. Der Dienst wird beendet!

Error: (12/10/2013 01:38:17 PM) (Source: Avira Antivirus) (User: NT-AUTORITÄT)
Description: Die Lizenzdatei enthält keine gültige Lizenz. Der Dienst wird beendet!

Error: (12/10/2013 01:29:17 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: wmiprvse.exe, Version: 6.1.7601.17514, Zeitstempel: 0x4ce79d42
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521eaf24
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000020a7a
ID des fehlerhaften Prozesses: 0x16b0
Startzeit der fehlerhaften Anwendung: 0xwmiprvse.exe0
Pfad der fehlerhaften Anwendung: wmiprvse.exe1
Pfad des fehlerhaften Moduls: wmiprvse.exe2
Berichtskennung: wmiprvse.exe3

Error: (12/10/2013 01:22:41 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (12/10/2013 10:42:45 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2028

Error: (12/10/2013 10:42:45 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2028

Error: (12/10/2013 10:42:45 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/10/2013 10:42:44 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1014

Error: (12/10/2013 10:42:44 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1014

Error: (12/10/2013 10:42:44 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (12/10/2013 02:10:42 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Avira Browser Schutz" wurde mit folgendem dienstspezifischem Fehler beendet: %%1.

Error: (12/10/2013 02:10:42 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Avira Email Schutz" wurde mit folgendem dienstspezifischem Fehler beendet: %%1.

Error: (12/10/2013 02:10:38 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Sophos AutoUpdate Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%5

Error: (12/10/2013 02:10:12 PM) (Source: avmaura) (User: )
Description: AURA

Error: (12/10/2013 02:10:12 PM) (Source: avmaura) (User: )
Description: AURA

Error: (12/10/2013 01:38:24 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Avira Browser Schutz" wurde mit folgendem dienstspezifischem Fehler beendet: %%1.

Error: (12/10/2013 01:38:23 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Avira Email Schutz" wurde mit folgendem dienstspezifischem Fehler beendet: %%1.

Error: (12/10/2013 01:38:14 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Sophos AutoUpdate Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%5

Error: (12/10/2013 01:36:34 PM) (Source: avmaura) (User: )
Description: AURA

Error: (12/10/2013 01:36:34 PM) (Source: avmaura) (User: )
Description: AURA


Microsoft Office Sessions:
=========================
Error: (12/10/2013 02:10:42 PM) (Source: Avira Antivirus)(User: NT-AUTORITÄT)
Description: 0x0

Error: (12/10/2013 01:38:17 PM) (Source: Avira Antivirus)(User: NT-AUTORITÄT)
Description: 0x0

Error: (12/10/2013 01:29:17 PM) (Source: Application Error)(User: )
Description: wmiprvse.exe6.1.7601.175144ce79d42ntdll.dll6.1.7601.18247521eaf24c00000050000000000020a7a16b001cef421fc8cd031C:\Windows\system32\wbem\wmiprvse.exeC:\Windows\SYSTEM32\ntdll.dllaf72cc8a-6196-11e3-809a-f0bf97152eab

Error: (12/10/2013 01:22:41 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\$Recycle.Bin\S-1-5-21-1197489842-2163357240-3087932191-1000\$RBCJ41L.exe

Error: (12/10/2013 10:42:45 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2028

Error: (12/10/2013 10:42:45 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2028

Error: (12/10/2013 10:42:45 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/10/2013 10:42:44 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1014

Error: (12/10/2013 10:42:44 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1014

Error: (12/10/2013 10:42:44 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second


==================== Memory info ===========================

Percentage of memory in use: 56%
Total physical RAM: 4077.28 MB
Available physical RAM: 1783.37 MB
Total Pagefile: 8152.74 MB
Available Pagefile: 5248.8 MB
Total Virtual: 8192 MB
Available Virtual: 8191.79 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:281.15 GB) (Free:142.1 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: E6E59FC3)
Partition 1: (Not Active) - (Size=17 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=281 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Sabomnim 10.12.2013 17:16
Und noch Gmer:

Code:
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-12-10 16:18:48
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.GH01 298,09GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\user\AppData\Local\Temp\pxldypow.sys


---- User code sections - GMER 2.1 ----

.text  C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe[1248] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                                                                  000000007740cfca 5 bytes JMP 0000000173707440
.text  C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe[1248] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                        0000000077a61465 2 bytes [A6, 77]
.text  C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe[1248] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                        0000000077a614bb 2 bytes [A6, 77]
.text  ...                                                                                                                                                                                                                  * 2
.text  C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[1924] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                                              000000007740cfca 5 bytes JMP 0000000173707440
.text  C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[1924] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                      0000000077a61465 2 bytes [A6, 77]
.text  C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[1924] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                    0000000077a614bb 2 bytes [A6, 77]
.text  ...                                                                                                                                                                                                                  * 2
.text  C:\Windows\system32\Dwm.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtQueryDirectoryFile                                                                                                                                  0000000077901600 6 bytes [48, B8, 60, 23, BF, 02]
.text  C:\Windows\system32\Dwm.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtQueryDirectoryFile + 8                                                                                                                              0000000077901608 4 bytes {ADD [RAX], AL; JMP RAX}
.text  C:\Windows\system32\Dwm.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread                                                                                                                                        00000000779017d0 6 bytes [48, B8, 40, 2B, BF, 02]
.text  C:\Windows\system32\Dwm.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread + 8                                                                                                                                    00000000779017d8 4 bytes {ADD [RAX], AL; JMP RAX}
.text  C:\Windows\system32\Dwm.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey                                                                                                                                        00000000779018b0 6 bytes [48, B8, B0, 2E, BF, 02]
.text  C:\Windows\system32\Dwm.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8                                                                                                                                    00000000779018b8 4 bytes {ADD [RAX], AL; JMP RAX}
.text  C:\Windows\system32\Dwm.exe[536] C:\Windows\SYSTEM32\ntdll.dll!DbgUiRemoteBreakin + 1                                                                                                                                00000000779a7f11 11 bytes {MOV EAX, 0x2bf2e20; ADD [RAX], AL; ADD [RAX], AL; JMP RAX}
.text  C:\Windows\system32\Dwm.exe[536] C:\Windows\system32\WS2_32.dll!send + 1                                                                                                                                            000007fefdde8001 11 bytes {MOV EAX, 0x2bf4490; ADD [RAX], AL; ADD [RAX], AL; JMP RAX}
.text  C:\Windows\Explorer.EXE[1364] C:\Windows\SYSTEM32\ntdll.dll!NtQueryDirectoryFile                                                                                                                                    0000000077901600 6 bytes [48, B8, 60, 23, 2E, 03]
.text  C:\Windows\Explorer.EXE[1364] C:\Windows\SYSTEM32\ntdll.dll!NtQueryDirectoryFile + 8                                                                                                                                0000000077901608 4 bytes {ADD [RAX], AL; JMP RAX}
.text  C:\Windows\Explorer.EXE[1364] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread                                                                                                                                          00000000779017d0 6 bytes [48, B8, 40, 2B, 2E, 03]
.text  C:\Windows\Explorer.EXE[1364] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread + 8                                                                                                                                      00000000779017d8 4 bytes {ADD [RAX], AL; JMP RAX}
.text  C:\Windows\Explorer.EXE[1364] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey                                                                                                                                            00000000779018b0 6 bytes [48, B8, B0, 2E, 2E, 03]
.text  C:\Windows\Explorer.EXE[1364] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8                                                                                                                                        00000000779018b8 4 bytes {ADD [RAX], AL; JMP RAX}
.text  C:\Windows\Explorer.EXE[1364] C:\Windows\SYSTEM32\ntdll.dll!DbgUiRemoteBreakin + 1                                                                                                                                  00000000779a7f11 11 bytes {MOV EAX, 0x32e2e20; ADD [RAX], AL; ADD [RAX], AL; JMP RAX}
.text  C:\Windows\Explorer.EXE[1364] C:\Windows\system32\kernel32.dll!CopyFileExW                                                                                                                                          00000000777a23d0 5 bytes JMP 000000016fff00d8
.text  C:\Windows\Explorer.EXE[1364] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW                                                                                                                                000000007781f6c0 8 bytes JMP 000000016fff0110
.text  C:\Windows\Explorer.EXE[1364] C:\Windows\system32\ole32.dll!CoCreateInstance                                                                                                                                        000007fefe7f7490 11 bytes JMP 000007fffe7c00d8
.text  C:\Windows\system32\taskhost.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtQueryDirectoryFile                                                                                                                            0000000077901600 6 bytes [48, B8, 60, 23, 94, 04]
.text  C:\Windows\system32\taskhost.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtQueryDirectoryFile + 8                                                                                                                        0000000077901608 4 bytes {ADD [RAX], AL; JMP RAX}
.text  C:\Windows\system32\taskhost.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread                                                                                                                                  00000000779017d0 6 bytes [48, B8, 40, 2B, 94, 04]
.text  C:\Windows\system32\taskhost.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread + 8                                                                                                                              00000000779017d8 4 bytes {ADD [RAX], AL; JMP RAX}
.text  C:\Windows\system32\taskhost.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey                                                                                                                                  00000000779018b0 6 bytes [48, B8, B0, 2E, 94, 04]
.text  C:\Windows\system32\taskhost.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8                                                                                                                              00000000779018b8 4 bytes {ADD [RAX], AL; JMP RAX}
.text  C:\Windows\system32\taskhost.exe[1672] C:\Windows\SYSTEM32\ntdll.dll!DbgUiRemoteBreakin + 1                                                                                                                          00000000779a7f11 11 bytes {MOV EAX, 0x4942e20; ADD [RAX], AL; ADD [RAX], AL; JMP RAX}
.text  C:\Windows\system32\taskhost.exe[1672] C:\Windows\system32\WS2_32.dll!send + 1                                                                                                                                      000007fefdde8001 11 bytes {MOV EAX, 0x4944490; ADD [RAX], AL; ADD [RAX], AL; JMP RAX}
.text  C:\Windows\system32\taskhost.exe[1672] C:\Windows\system32\wininet.dll!HttpSendRequestW + 1                                                                                                                          000007fefde46f11 11 bytes {MOV EAX, 0x4943100; ADD [RAX], AL; ADD [RAX], AL; JMP RAX}
.text  C:\Windows\system32\taskhost.exe[1672] C:\Windows\system32\wininet.dll!HttpSendRequestA + 1                                                                                                                          000007fefdf2cb61 11 bytes {MOV EAX, 0x49433a0; ADD [RAX], AL; ADD [RAX], AL; JMP RAX}
.text  C:\Windows\system32\taskeng.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtQueryDirectoryFile                                                                                                                            0000000077901600 6 bytes [48, B8, 60, 23, EE, 01]
.text  C:\Windows\system32\taskeng.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtQueryDirectoryFile + 8                                                                                                                        0000000077901608 4 bytes {ADD [RAX], AL; JMP RAX}
.text  C:\Windows\system32\taskeng.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread                                                                                                                                  00000000779017d0 6 bytes [48, B8, 40, 2B, EE, 01]
.text  C:\Windows\system32\taskeng.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread + 8                                                                                                                              00000000779017d8 4 bytes {ADD [RAX], AL; JMP RAX}
.text  C:\Windows\system32\taskeng.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey                                                                                                                                    00000000779018b0 6 bytes [48, B8, B0, 2E, EE, 01]
.text  C:\Windows\system32\taskeng.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8                                                                                                                                00000000779018b8 4 bytes {ADD [RAX], AL; JMP RAX}
.text  C:\Windows\system32\taskeng.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!DbgUiRemoteBreakin + 1                                                                                                                          00000000779a7f11 11 bytes {MOV EAX, 0x1ee2e20; ADD [RAX], AL; ADD [RAX], AL; JMP RAX}
.text  C:\Windows\system32\taskeng.exe[2088] C:\Windows\system32\WS2_32.dll!send + 1                                                                                                                                        000007fefdde8001 11 bytes {MOV EAX, 0x1ee4490; ADD [RAX], AL; ADD [RAX], AL; JMP RAX}
.text  C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2276] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                                    000000007740cfca 5 bytes JMP 0000000173707440
.text  C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2276] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                          0000000077a61465 2 bytes [A6, 77]
.text  C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2276] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                          0000000077a614bb 2 bytes [A6, 77]
.text  ...                                                                                                                                                                                                                  * 2
.text  C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe[2328] C:\Windows\syswow64\kernel32.dll!LoadLibraryW                                                                          0000000075a048cb 5 bytes JMP 00000001737143d0
.text  C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe[2328] C:\Windows\syswow64\kernel32.dll!LoadLibraryA                                                                          0000000075a04977 5 bytes JMP 0000000173714200
.text  C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe[2328] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                                        000000007740cfca 5 bytes JMP 0000000173707440
.text  C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe[2328] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                0000000077a61465 2 bytes [A6, 77]
.text  C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe[2328] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                              0000000077a614bb 2 bytes [A6, 77]
.text  ...                                                                                                                                                                                                                  * 2
.text  C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe[2448] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                                                                      000000007740cfca 5 bytes JMP 0000000173707440
.text  C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe[2448] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                              0000000077a61465 2 bytes [A6, 77]
.text  C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe[2448] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                            0000000077a614bb 2 bytes [A6, 77]
.text  ...                                                                                                                                                                                                                  * 2
.text  C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe[2500] C:\Windows\syswow64\kernel32.dll!LoadLibraryW                                                                          0000000075a048cb 5 bytes JMP 00000001737143d0
.text  C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe[2500] C:\Windows\syswow64\kernel32.dll!LoadLibraryA                                                                          0000000075a04977 5 bytes JMP 0000000173714200
.text  C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe[2500] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                                        000000007740cfca 5 bytes JMP 0000000173707440
.text  C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe[2500] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                0000000077a61465 2 bytes [A6, 77]
.text  C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe[2500] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                              0000000077a614bb 2 bytes [A6, 77]
.text  ...                                                                                                                                                                                                                  * 2
.text  C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe[2776] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                                                                000000007740cfca 5 bytes JMP 0000000173707440
.text  C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe[2776] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                      0000000077a61465 2 bytes [A6, 77]
.text  C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe[2776] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                      0000000077a614bb 2 bytes [A6, 77]
.text  ...                                                                                                                                                                                                                  * 2
.text  C:\Windows\SysWOW64\NLSSRV32.EXE[2820] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                                                                                                000000007740cfca 5 bytes JMP 0000000173707440
.text  C:\Windows\SysWOW64\NLSSRV32.EXE[2820] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                                                      0000000077a61465 2 bytes [A6, 77]
.text  C:\Windows\SysWOW64\NLSSRV32.EXE[2820] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                                                      0000000077a614bb 2 bytes [A6, 77]
.text  ...                                                                                                                                                                                                                  * 2
.text  C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe[2892] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                                                                      000000007740cfca 5 bytes JMP 0000000173707440
.text  C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe[2892] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                              0000000077a61465 2 bytes [A6, 77]
.text  C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe[2892] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                            0000000077a614bb 2 bytes [A6, 77]
.text  ...                                                                                                                                                                                                                  * 2
.text  C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2372] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                                                  000000007740cfca 5 bytes JMP 0000000173707440
.text  C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2372] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                          0000000077a61465 2 bytes [A6, 77]
.text  C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2372] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                        0000000077a614bb 2 bytes [A6, 77]
.text  ...                                                                                                                                                                                                                  * 2
.text  C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2548] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                                                                000000007740cfca 5 bytes JMP 0000000173707440
.text  C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2548] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                        0000000077a61465 2 bytes [A6, 77]
.text  C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2548] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                      0000000077a614bb 2 bytes [A6, 77]
.text  ...                                                                                                                                                                                                                  * 2
.text  C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe[1976] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                                                    000000007740cfca 5 bytes JMP 0000000173707440
.text  C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe[1976] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                            0000000077a61465 2 bytes [A6, 77]
.text  C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe[1976] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                          0000000077a614bb 2 bytes [A6, 77]
.text  ...                                                                                                                                                                                                                  * 2
.text  C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe[3076] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                                                000000007740cfca 5 bytes JMP 0000000173707440
.text  C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe[3076] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                      0000000077a61465 2 bytes [A6, 77]
.text  C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe[3076] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                      0000000077a614bb 2 bytes [A6, 77]
.text  ...                                                                                                                                                                                                                  * 2
.text  C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[3140] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                                                        000000007740cfca 5 bytes JMP 0000000173707440
.text  C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[3140] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                0000000077a61465 2 bytes [A6, 77]
.text  C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[3140] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                              0000000077a614bb 2 bytes [A6, 77]
.text  ...                                                                                                                                                                                                                  * 2
.text  C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe[3236] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                                                                      000000007740cfca 5 bytes JMP 0000000173707440
.text  C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe[3236] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                              0000000077a61465 2 bytes [A6, 77]
.text  C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe[3236] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                            0000000077a614bb 2 bytes [A6, 77]
.text  ...                                                                                                                                                                                                                  * 2
.text  C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[3320] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                                                                    000000007740cfca 5 bytes JMP 0000000173707440
.text  C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[3320] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                          0000000077a61465 2 bytes [A6, 77]
.text  C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[3320] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                          0000000077a614bb 2 bytes [A6, 77]
.text  ...                                                                                                                                                                                                                  * 2
.text  C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[3328] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                                                                    000000007740cfca 5 bytes JMP 0000000173707440
.text  C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[3328] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                          0000000077a61465 2 bytes [A6, 77]
.text  C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[3328] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                          0000000077a614bb 2 bytes [A6, 77]
.text  ...                                                                                                                                                                                                                  * 2
.text  C:\Windows\SysWOW64\DllHost.exe[3400] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                                                                                                000000007740cfca 5 bytes JMP 0000000173707440
.text  C:\Windows\SysWOW64\DllHost.exe[3400] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                                                        0000000077a61465 2 bytes [A6, 77]
.text  C:\Windows\SysWOW64\DllHost.exe[3400] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                                                      0000000077a614bb 2 bytes [A6, 77]
.text  ...                                                                                                                                                                                                                  * 2
.text  C:\Windows\SysWOW64\DllHost.exe[3512] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                                                                                                000000007740cfca 5 bytes JMP 0000000173707440
.text  C:\Windows\SysWOW64\DllHost.exe[3512] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                                                        0000000077a61465 2 bytes [A6, 77]
.text  C:\Windows\SysWOW64\DllHost.exe[3512] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                                                      0000000077a614bb 2 bytes [A6, 77]
.text  ...                                                                                                                                                                                                                  * 2
.text  C:\Program Files (x86)\Sony\VAIO Event Service\VESGfxMgr.exe[3784] C:\Windows\SYSTEM32\ntdll.dll!NtQueryDirectoryFile                                                                                                0000000077901600 5 bytes [48, B8, 60, 23, 31]
.text  C:\Program Files (x86)\Sony\VAIO Event Service\VESGfxMgr.exe[3784] C:\Windows\SYSTEM32\ntdll.dll!NtQueryDirectoryFile + 8                                                                                            0000000077901608 4 bytes {ADD [RAX], AL; JMP RAX}
.text  C:\Program Files (x86)\Sony\VAIO Event Service\VESGfxMgr.exe[3784] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread                                                                                                      00000000779017d0 5 bytes [48, B8, 40, 2B, 31]
.text  C:\Program Files (x86)\Sony\VAIO Event Service\VESGfxMgr.exe[3784] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread + 8                                                                                                  00000000779017d8 4 bytes {ADD [RAX], AL; JMP RAX}
.text  C:\Program Files (x86)\Sony\VAIO Event Service\VESGfxMgr.exe[3784] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey                                                                                                      00000000779018b0 5 bytes [48, B8, B0, 2E, 31]
.text  C:\Program Files (x86)\Sony\VAIO Event Service\VESGfxMgr.exe[3784] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8                                                                                                  00000000779018b8 4 bytes {ADD [RAX], AL; JMP RAX}
.text  C:\Program Files (x86)\Sony\VAIO Event Service\VESGfxMgr.exe[3784] C:\Windows\SYSTEM32\ntdll.dll!DbgUiRemoteBreakin + 1                                                                                              00000000779a7f11 11 bytes {MOV EAX, 0x312e20; ADD [RAX], AL; ADD [RAX], AL; JMP RAX}
.text  C:\Program Files (x86)\Sony\VAIO Event Service\VESGfxMgr.exe[3784] C:\Windows\system32\WS2_32.dll!send + 1                                                                                                          000007fefdde8001 11 bytes {MOV EAX, 0x314490; ADD [RAX], AL; ADD [RAX], AL; JMP RAX}
.text  C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3940] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                                                  000000007740cfca 5 bytes JMP 0000000173707440
.text  C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3940] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                        0000000077a61465 2 bytes [A6, 77]
.text  C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3940] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                        0000000077a614bb 2 bytes [A6, 77]
.text  ...                                                                                                                                                                                                                  * 2
.text  C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3736] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                                          000000007740cfca 5 bytes JMP 0000000173707440
.text  C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3736] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                0000000077a61465 2 bytes [A6, 77]
.text  C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3736] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                0000000077a614bb 2 bytes [A6, 77]
.text  ...                                                                                                                                                                                                                  * 2
.text  C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe[5104] C:\Windows\SysWOW64\ntdll.dll!NtQueryDirectoryFile                                                                                              0000000077aafd98 6 bytes [68, 40, 1C, C6, 03, C3]
.text  C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe[5104] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread                                                                                                    0000000077ab0068 6 bytes [68, 70, 21, C6, 03, C3]
.text  C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe[5104] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey                                                                                                    0000000077ab01c4 6 bytes [68, 70, 24, C6, 03, C3]
.text  C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe[5104] C:\Windows\SysWOW64\ntdll.dll!DbgUiRemoteBreakin                                                                                                0000000077b2f8ea 7 bytes [68, 10, 24, C6, 03, C3, 7D]
.text  C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe[5104] C:\Windows\syswow64\WS2_32.dll!send                                                                                                            0000000076f06f01 6 bytes [68, C0, 36, C6, 03, C3]
.text  C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe[5104] C:\Windows\syswow64\WININET.dll!HttpSendRequestW                                                                                                00000000774e7676 6 bytes [68, 30, 26, C6, 03, C3]
.text  C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe[5104] C:\Windows\syswow64\WININET.dll!HttpSendRequestA                                                                                                00000000775b3456 6 bytes [68, 00, 28, C6, 03, C3]
.text  C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe[5104] C:\Windows\syswow64\user32.DLL!DialogBoxParamW                                                                                                  000000007740cfca 5 bytes JMP 0000000173707440
.text  C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe[5104] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                        0000000077a61465 2 bytes [A6, 77]
.text  C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe[5104] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                        0000000077a614bb 2 bytes [A6, 77]
.text  ...                                                                                                                                                                                                                  * 2
.text  C:\Windows\SysWOW64\schtasks.exe[4436] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                                                                                                000000007740cfca 5 bytes JMP 0000000173707440
.text  C:\Windows\SysWOW64\schtasks.exe[4436] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                                                      0000000077a61465 2 bytes [A6, 77]
.text  C:\Windows\SysWOW64\schtasks.exe[4436] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                                                      0000000077a614bb 2 bytes [A6, 77]
.text  ...                                                                                                                                                                                                                  * 2
.text  C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4596] C:\Windows\SYSTEM32\ntdll.dll!NtQueryDirectoryFile                                                                                                              0000000077901600 6 bytes [48, B8, 60, 23, 13, 02]
.text  C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4596] C:\Windows\SYSTEM32\ntdll.dll!NtQueryDirectoryFile + 8                                                                                                          0000000077901608 4 bytes {ADD [RAX], AL; JMP RAX}
.text  C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4596] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread                                                                                                                    00000000779017d0 6 bytes [48, B8, 40, 2B, 13, 02]
.text  C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4596] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread + 8                                                                                                                00000000779017d8 4 bytes {ADD [RAX], AL; JMP RAX}
.text  C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4596] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey                                                                                                                    00000000779018b0 6 bytes [48, B8, B0, 2E, 13, 02]
.text  C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4596] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8                                                                                                                00000000779018b8 4 bytes {ADD [RAX], AL; JMP RAX}
.text  C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4596] C:\Windows\SYSTEM32\ntdll.dll!DbgUiRemoteBreakin + 1                                                                                                            00000000779a7f11 11 bytes {MOV EAX, 0x2132e20; ADD [RAX], AL; ADD [RAX], AL; JMP RAX}
.text  C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4596] C:\Windows\system32\WS2_32.dll!send + 1                                                                                                                        000007fefdde8001 11 bytes {MOV EAX, 0x2134490; ADD [RAX], AL; ADD [RAX], AL; JMP RAX}
.text  C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4616] C:\Windows\SYSTEM32\ntdll.dll!NtQueryDirectoryFile                                                                                                              0000000077901600 6 bytes [48, B8, 60, 23, 0B, 02]
.text  C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4616] C:\Windows\SYSTEM32\ntdll.dll!NtQueryDirectoryFile + 8                                                                                                          0000000077901608 4 bytes {ADD [RAX], AL; JMP RAX}
.text  C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4616] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread                                                                                                                    00000000779017d0 6 bytes [48, B8, 40, 2B, 0B, 02]
.text  C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4616] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread + 8                                                                                                                00000000779017d8 4 bytes {ADD [RAX], AL; JMP RAX}
.text  C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4616] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey                                                                                                                      00000000779018b0 6 bytes [48, B8, B0, 2E, 0B, 02]
.text  C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4616] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8                                                                                                                  00000000779018b8 4 bytes {ADD [RAX], AL; JMP RAX}
.text  C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4616] C:\Windows\SYSTEM32\ntdll.dll!DbgUiRemoteBreakin + 1                                                                                                            00000000779a7f11 11 bytes {MOV EAX, 0x20b2e20; ADD [RAX], AL; ADD [RAX], AL; JMP RAX}
.text  C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4616] C:\Windows\system32\WS2_32.dll!send + 1                                                                                                                          000007fefdde8001 11 bytes {MOV EAX, 0x20b4490; ADD [RAX], AL; ADD [RAX], AL; JMP RAX}
.text  C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4616] C:\Windows\system32\WININET.dll!HttpSendRequestW + 1                                                                                                            000007fefde46f11 11 bytes {MOV EAX, 0x20b3100; ADD [RAX], AL; ADD [RAX], AL; JMP RAX}
.text  C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4616] C:\Windows\system32\WININET.dll!HttpSendRequestA + 1                                                                                                            000007fefdf2cb61 11 bytes {MOV EAX, 0x20b33a0; ADD [RAX], AL; ADD [RAX], AL; JMP RAX}
.text  C:\Users\user\AppData\Local\Apps\2.0\32WW39EP.APM\9NQMZ9EZ.4Y9\frit..tion_8488884cfbcefd60_0002.0003_f406d43803d5433d\fritzbox-usb-fernanschluss.exe[4320] C:\Windows\SysWOW64\ntdll.dll!NtQueryDirectoryFile        0000000077aafd98 4 bytes [68, 40, 1C, 4F]
.text  C:\Users\user\AppData\Local\Apps\2.0\32WW39EP.APM\9NQMZ9EZ.4Y9\frit..tion_8488884cfbcefd60_0002.0003_f406d43803d5433d\fritzbox-usb-fernanschluss.exe[4320] C:\Windows\SysWOW64\ntdll.dll!NtQueryDirectoryFile + 5    0000000077aafd9d 1 byte [C3]
.text  C:\Users\user\AppData\Local\Apps\2.0\32WW39EP.APM\9NQMZ9EZ.4Y9\frit..tion_8488884cfbcefd60_0002.0003_f406d43803d5433d\fritzbox-usb-fernanschluss.exe[4320] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread              0000000077ab0068 4 bytes [68, 70, 21, 4F]
.text  C:\Users\user\AppData\Local\Apps\2.0\32WW39EP.APM\9NQMZ9EZ.4Y9\frit..tion_8488884cfbcefd60_0002.0003_f406d43803d5433d\fritzbox-usb-fernanschluss.exe[4320] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread + 5          0000000077ab006d 1 byte [C3]
.text  C:\Users\user\AppData\Local\Apps\2.0\32WW39EP.APM\9NQMZ9EZ.4Y9\frit..tion_8488884cfbcefd60_0002.0003_f406d43803d5433d\fritzbox-usb-fernanschluss.exe[4320] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey              0000000077ab01c4 4 bytes [68, 70, 24, 4F]
.text  C:\Users\user\AppData\Local\Apps\2.0\32WW39EP.APM\9NQMZ9EZ.4Y9\frit..tion_8488884cfbcefd60_0002.0003_f406d43803d5433d\fritzbox-usb-fernanschluss.exe[4320] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey + 5          0000000077ab01c9 1 byte [C3]
.text  C:\Users\user\AppData\Local\Apps\2.0\32WW39EP.APM\9NQMZ9EZ.4Y9\frit..tion_8488884cfbcefd60_0002.0003_f406d43803d5433d\fritzbox-usb-fernanschluss.exe[4320] C:\Windows\SysWOW64\ntdll.dll!DbgUiRemoteBreakin          0000000077b2f8ea 7 bytes [68, 10, 24, 4F, 00, C3, 7D]
.text  C:\Users\user\AppData\Local\Apps\2.0\32WW39EP.APM\9NQMZ9EZ.4Y9\frit..tion_8488884cfbcefd60_0002.0003_f406d43803d5433d\fritzbox-usb-fernanschluss.exe[4320] C:\Windows\syswow64\USER32.dll!DialogBoxParamW            000000007740cfca 5 bytes JMP 0000000173707440
.text  C:\Users\user\AppData\Local\Apps\2.0\32WW39EP.APM\9NQMZ9EZ.4Y9\frit..tion_8488884cfbcefd60_0002.0003_f406d43803d5433d\fritzbox-usb-fernanschluss.exe[4320] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69  0000000077a61465 2 bytes [A6, 77]
.text  C:\Users\user\AppData\Local\Apps\2.0\32WW39EP.APM\9NQMZ9EZ.4Y9\frit..tion_8488884cfbcefd60_0002.0003_f406d43803d5433d\fritzbox-usb-fernanschluss.exe[4320] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  0000000077a614bb 2 bytes [A6, 77]
.text  ...                                                                                                                                                                                                                  * 2
.text  C:\Users\user\AppData\Local\Apps\2.0\32WW39EP.APM\9NQMZ9EZ.4Y9\frit..tion_8488884cfbcefd60_0002.0003_f406d43803d5433d\fritzbox-usb-fernanschluss.exe[4320] C:\Windows\syswow64\WININET.dll!HttpSendRequestW          00000000774e7676 6 bytes [68, 30, 26, 4F, 00, C3]
.text  C:\Users\user\AppData\Local\Apps\2.0\32WW39EP.APM\9NQMZ9EZ.4Y9\frit..tion_8488884cfbcefd60_0002.0003_f406d43803d5433d\fritzbox-usb-fernanschluss.exe[4320] C:\Windows\syswow64\WININET.dll!HttpSendRequestA          00000000775b3456 6 bytes [68, 00, 28, 4F, 00, C3]
.text  C:\Users\user\AppData\Local\Apps\2.0\32WW39EP.APM\9NQMZ9EZ.4Y9\frit..tion_8488884cfbcefd60_0002.0003_f406d43803d5433d\fritzbox-usb-fernanschluss.exe[4320] C:\Windows\syswow64\WS2_32.dll!send                      0000000076f06f01 6 bytes [68, C0, 36, 4F, 00, C3]
.text  C:\Program Files (x86)\MySQL\MySQL Notifier 1.1.4\MySQLNotifier.exe[2700] C:\Windows\SysWOW64\ntdll.dll!NtQueryDirectoryFile                                                                                        0000000077aafd98 4 bytes [68, 40, 1C, E4]
.text  C:\Program Files (x86)\MySQL\MySQL Notifier 1.1.4\MySQLNotifier.exe[2700] C:\Windows\SysWOW64\ntdll.dll!NtQueryDirectoryFile + 5                                                                                    0000000077aafd9d 1 byte [C3]
.text  C:\Program Files (x86)\MySQL\MySQL Notifier 1.1.4\MySQLNotifier.exe[2700] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread                                                                                              0000000077ab0068 4 bytes [68, 70, 21, E4]
.text  C:\Program Files (x86)\MySQL\MySQL Notifier 1.1.4\MySQLNotifier.exe[2700] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread + 5                                                                                          0000000077ab006d 1 byte [C3]
.text  C:\Program Files (x86)\MySQL\MySQL Notifier 1.1.4\MySQLNotifier.exe[2700] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey                                                                                                0000000077ab01c4 4 bytes [68, 70, 24, E4]
.text  C:\Program Files (x86)\MySQL\MySQL Notifier 1.1.4\MySQLNotifier.exe[2700] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey + 5                                                                                            0000000077ab01c9 1 byte [C3]
.text  C:\Program Files (x86)\MySQL\MySQL Notifier 1.1.4\MySQLNotifier.exe[2700] C:\Windows\SysWOW64\ntdll.dll!DbgUiRemoteBreakin                                                                                          0000000077b2f8ea 7 bytes [68, 10, 24, E4, 00, C3, 7D]
.text  C:\Program Files (x86)\MySQL\MySQL Notifier 1.1.4\MySQLNotifier.exe[2700] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                                                            000000007740cfca 5 bytes JMP 0000000173707440
.text  C:\Program Files (x86)\MySQL\MySQL Notifier 1.1.4\MySQLNotifier.exe[2700] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                    0000000077a61465 2 bytes [A6, 77]
.text  C:\Program Files (x86)\MySQL\MySQL Notifier 1.1.4\MySQLNotifier.exe[2700] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                  0000000077a614bb 2 bytes [A6, 77]
.text  ...                                                                                                                                                                                                                  * 2
.text  C:\Program Files (x86)\MySQL\MySQL Notifier 1.1.4\MySQLNotifier.exe[2700] C:\Windows\syswow64\WININET.dll!HttpSendRequestW                                                                                          00000000774e7676 6 bytes [68, 30, 26, E4, 00, C3]
.text  C:\Program Files (x86)\MySQL\MySQL Notifier 1.1.4\MySQLNotifier.exe[2700] C:\Windows\syswow64\WININET.dll!HttpSendRequestA                                                                                          00000000775b3456 6 bytes [68, 00, 28, E4, 00, C3]
.text  C:\Program Files (x86)\MySQL\MySQL Notifier 1.1.4\MySQLNotifier.exe[2700] C:\Windows\syswow64\WS2_32.dll!send                                                                                                        0000000076f06f01 6 bytes [68, C0, 36, E4, 00, C3]
.text  C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtQueryDirectoryFile                                                                                                      0000000077901600 6 bytes [48, B8, 60, 23, F1, 02]
.text  C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtQueryDirectoryFile + 8                                                                                                  0000000077901608 4 bytes {ADD [RAX], AL; JMP RAX}
.text  C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread                                                                                                            00000000779017d0 6 bytes [48, B8, 40, 2B, F1, 02]
.text  C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread + 8                                                                                                        00000000779017d8 4 bytes {ADD [RAX], AL; JMP RAX}
.text  C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey                                                                                                            00000000779018b0 6 bytes [48, B8, B0, 2E, F1, 02]
.text  C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8                                                                                                        00000000779018b8 4 bytes {ADD [RAX], AL; JMP RAX}
.text  C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!DbgUiRemoteBreakin + 1                                                                                                    00000000779a7f11 11 bytes {MOV EAX, 0x2f12e20; ADD [RAX], AL; ADD [RAX], AL; JMP RAX}
.text  C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2172] C:\Windows\system32\WS2_32.dll!send + 1                                                                                                                000007fefdde8001 11 bytes {MOV EAX, 0x2f14490; ADD [RAX], AL; ADD [RAX], AL; JMP RAX}
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4296] C:\Windows\SysWOW64\ntdll.dll!NtQueryDirectoryFile                                                                              0000000077aafd98 4 bytes [68, 40, 1C, 63]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4296] C:\Windows\SysWOW64\ntdll.dll!NtQueryDirectoryFile + 5                                                                          0000000077aafd9d 1 byte [C3]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4296] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread                                                                                    0000000077ab0068 4 bytes [68, 70, 21, 63]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4296] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread + 5                                                                                0000000077ab006d 1 byte [C3]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4296] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey                                                                                      0000000077ab01c4 4 bytes [68, 70, 24, 63]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4296] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey + 5                                                                                  0000000077ab01c9 1 byte [C3]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4296] C:\Windows\SysWOW64\ntdll.dll!DbgUiRemoteBreakin                                                                                0000000077b2f8ea 7 bytes [68, 10, 24, 63, 00, C3, 7D]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4296] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                                                  000000007740cfca 5 bytes JMP 0000000173707440
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4296] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                          0000000077a61465 2 bytes [A6, 77]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4296] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                        0000000077a614bb 2 bytes [A6, 77]
.text  ...                                                                                                                                                                                                                  * 2
.text  C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe[4672] C:\Windows\SysWOW64\ntdll.dll!NtQueryDirectoryFile                                                                                                        0000000077aafd98 4 bytes [68, 40, 1C, 2F]
.text  C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe[4672] C:\Windows\SysWOW64\ntdll.dll!NtQueryDirectoryFile + 5                                                                                                    0000000077aafd9d 1 byte [C3]
.text  C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe[4672] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread                                                                                                              0000000077ab0068 4 bytes [68, 70, 21, 2F]
.text  C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe[4672] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread + 5                                                                                                          0000000077ab006d 1 byte [C3]
.text  C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe[4672] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey                                                                                                              0000000077ab01c4 4 bytes [68, 70, 24, 2F]
.text  C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe[4672] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey + 5                                                                                                          0000000077ab01c9 1 byte [C3]
.text  C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe[4672] C:\Windows\SysWOW64\ntdll.dll!DbgUiRemoteBreakin                                                                                                          0000000077b2f8ea 7 bytes [68, 10, 24, 2F, 00, C3, 7D]
.text  C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe[4672] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                                                                            000000007740cfca 5 bytes JMP 0000000173707440
.text  C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe[4672] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                                  0000000077a61465 2 bytes [A6, 77]
.text  C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe[4672] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                                  0000000077a614bb 2 bytes [A6, 77]
.text  ...                                                                                                                                                                                                                  * 2
.text  C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe[4672] C:\Windows\syswow64\WININET.dll!HttpSendRequestW                                                                                                          00000000774e7676 6 bytes [68, 30, 26, 2F, 00, C3]
.text  C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe[4672] C:\Windows\syswow64\WININET.dll!HttpSendRequestA                                                                                                          00000000775b3456 6 bytes [68, 00, 28, 2F, 00, C3]
.text  C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe[4752] C:\Windows\SysWOW64\ntdll.dll!NtQueryDirectoryFile                                                                              0000000077aafd98 6 bytes [68, 40, 1C, 68, 02, C3]
.text  C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe[4752] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread                                                                                    0000000077ab0068 6 bytes [68, 70, 21, 68, 02, C3]
.text  C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe[4752] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey                                                                                    0000000077ab01c4 6 bytes [68, 70, 24, 68, 02, C3]
.text  C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe[4752] C:\Windows\SysWOW64\ntdll.dll!DbgUiRemoteBreakin                                                                                0000000077b2f8ea 7 bytes [68, 10, 24, 68, 02, C3, 7D]
.text  C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe[4752] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                                                  000000007740cfca 5 bytes JMP 0000000173707440
.text  C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe[4752] C:\Windows\syswow64\WS2_32.dll!send                                                                                            0000000076f06f01 6 bytes [68, C0, 36, 68, 02, C3]
.text  C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe[4752] C:\Windows\syswow64\WININET.dll!HttpSendRequestW                                                                                00000000774e7676 6 bytes [68, 30, 26, 68, 02, C3]
.text  C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe[4752] C:\Windows\syswow64\WININET.dll!HttpSendRequestA                                                                                00000000775b3456 6 bytes [68, 00, 28, 68, 02, C3]
.text  C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe[4752] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                        0000000077a61465 2 bytes [A6, 77]
.text  C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe[4752] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                        0000000077a614bb 2 bytes [A6, 77]
.text  ...                                                                                                                                                                                                                  * 2
.text  C:\Program Files (x86)\PDF24\pdf24.exe[4620] C:\Windows\SysWOW64\ntdll.dll!NtQueryDirectoryFile                                                                                                                      0000000077aafd98 4 bytes [68, 40, 1C, 4A]
.text  C:\Program Files (x86)\PDF24\pdf24.exe[4620] C:\Windows\SysWOW64\ntdll.dll!NtQueryDirectoryFile + 5                                                                                                                  0000000077aafd9d 1 byte [C3]
.text  C:\Program Files (x86)\PDF24\pdf24.exe[4620] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread                                                                                                                            0000000077ab0068 4 bytes [68, 70, 21, 4A]
.text  C:\Program Files (x86)\PDF24\pdf24.exe[4620] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread + 5                                                                                                                        0000000077ab006d 1 byte [C3]
.text  C:\Program Files (x86)\PDF24\pdf24.exe[4620] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey                                                                                                                            0000000077ab01c4 4 bytes [68, 70, 24, 4A]
.text  C:\Program Files (x86)\PDF24\pdf24.exe[4620] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey + 5                                                                                                                        0000000077ab01c9 1 byte [C3]
.text  C:\Program Files (x86)\PDF24\pdf24.exe[4620] C:\Windows\SysWOW64\ntdll.dll!DbgUiRemoteBreakin                                                                                                                        0000000077b2f8ea 7 bytes [68, 10, 24, 4A, 00, C3, 7D]
.text  C:\Program Files (x86)\PDF24\pdf24.exe[4620] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                                                                                          000000007740cfca 5 bytes JMP 0000000173707440
.text  C:\Program Files (x86)\PDF24\pdf24.exe[4620] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                                                0000000077a61465 2 bytes [A6, 77]
.text  C:\Program Files (x86)\PDF24\pdf24.exe[4620] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                                                0000000077a614bb 2 bytes [A6, 77]
.text  ...                                                                                                                                                                                                                  * 2
.text  C:\Windows\SysWOW64\RunDll32.exe[5252] C:\Windows\SysWOW64\ntdll.dll!NtQueryDirectoryFile                                                                                                                            0000000077aafd98 4 bytes [68, 40, 1C, 1E]
.text  C:\Windows\SysWOW64\RunDll32.exe[5252] C:\Windows\SysWOW64\ntdll.dll!NtQueryDirectoryFile + 5                                                                                                                        0000000077aafd9d 1 byte [C3]
.text  C:\Windows\SysWOW64\RunDll32.exe[5252] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread                                                                                                                                  0000000077ab0068 4 bytes [68, 70, 21, 1E]
.text  C:\Windows\SysWOW64\RunDll32.exe[5252] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread + 5                                                                                                                              0000000077ab006d 1 byte [C3]
.text  C:\Windows\SysWOW64\RunDll32.exe[5252] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey                                                                                                                                  0000000077ab01c4 4 bytes [68, 70, 24, 1E]
.text  C:\Windows\SysWOW64\RunDll32.exe[5252] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey + 5                                                                                                                              0000000077ab01c9 1 byte [C3]
.text  C:\Windows\SysWOW64\RunDll32.exe[5252] C:\Windows\SysWOW64\ntdll.dll!DbgUiRemoteBreakin                                                                                                                              0000000077b2f8ea 7 bytes [68, 10, 24, 1E, 00, C3, 7D]
.text  C:\Windows\SysWOW64\RunDll32.exe[5252] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                                                                                                000000007740cfca 5 bytes JMP 0000000173707440
.text  C:\Windows\SysWOW64\RunDll32.exe[5252] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                                                      0000000077a61465 2 bytes [A6, 77]
.text  C:\Windows\SysWOW64\RunDll32.exe[5252] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                                                      0000000077a614bb 2 bytes [A6, 77]
.text  ...                                                                                                                                                                                                                  * 2
.text  C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[5288] C:\Windows\SYSTEM32\ntdll.dll!NtQueryDirectoryFile                                                                                              0000000077901600 6 bytes [48, B8, 60, 23, D9, 07]
.text  C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[5288] C:\Windows\SYSTEM32\ntdll.dll!NtQueryDirectoryFile + 8                                                                                          0000000077901608 4 bytes {ADD [RAX], AL; JMP RAX}
.text  C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[5288] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread                                                                                                    00000000779017d0 6 bytes [48, B8, 40, 2B, D9, 07]
.text  C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[5288] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread + 8                                                                                                00000000779017d8 4 bytes {ADD [RAX], AL; JMP RAX}
.text  C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[5288] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey                                                                                                      00000000779018b0 6 bytes [48, B8, B0, 2E, D9, 07]
.text  C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[5288] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8                                                                                                  00000000779018b8 4 bytes {ADD [RAX], AL; JMP RAX}
.text  C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[5288] C:\Windows\SYSTEM32\ntdll.dll!DbgUiRemoteBreakin + 1                                                                                            00000000779a7f11 11 bytes {MOV EAX, 0x7d92e20; ADD [RAX], AL; ADD [RAX], AL; JMP RAX}
.text  C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[5288] C:\Windows\system32\WS2_32.dll!send + 1                                                                                                          000007fefdde8001 11 bytes {MOV EAX, 0x7d94490; ADD [RAX], AL; ADD [RAX], AL; JMP RAX}
.text  C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe[5348] C:\Windows\SysWOW64\ntdll.dll!NtQueryDirectoryFile                                                                                                      0000000077aafd98 6 bytes [68, 40, 1C, 0A, 06, C3]
.text  C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe[5348] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread                                                                                                            0000000077ab0068 6 bytes [68, 70, 21, 0A, 06, C3]
.text  C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe[5348] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey                                                                                                              0000000077ab01c4 6 bytes [68, 70, 24, 0A, 06, C3]
.text  C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe[5348] C:\Windows\SysWOW64\ntdll.dll!DbgUiRemoteBreakin                                                                                                        0000000077b2f8ea 7 bytes [68, 10, 24, 0A, 06, C3, 7D]
.text  C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe[5348] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                                                                          000000007740cfca 5 bytes JMP 0000000173707440
.text  C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe[5348] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                                  0000000077a61465 2 bytes [A6, 77]
.text  C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe[5348] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                                0000000077a614bb 2 bytes [A6, 77]
.text  ...                                                                                                                                                                                                                  * 2
.text  C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe[5348] C:\Windows\syswow64\WS2_32.dll!send                                                                                                                      0000000076f06f01 6 bytes [68, C0, 36, 0A, 06, C3]
.text  C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[5580] C:\Windows\SysWOW64\ntdll.dll!NtQueryDirectoryFile                                                                                      0000000077aafd98 4 bytes [68, 40, 1C, 2A]
.text  C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[5580] C:\Windows\SysWOW64\ntdll.dll!NtQueryDirectoryFile + 5                                                                                  0000000077aafd9d 1 byte [C3]
.text  C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[5580] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread                                                                                            0000000077ab0068 4 bytes [68, 70, 21, 2A]
.text  C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[5580] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread + 5                                                                                        0000000077ab006d 1 byte [C3]
.text  C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[5580] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey                                                                                              0000000077ab01c4 4 bytes [68, 70, 24, 2A]
.text  C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[5580] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey + 5                                                                                          0000000077ab01c9 1 byte [C3]
.text  C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[5580] C:\Windows\SysWOW64\ntdll.dll!DbgUiRemoteBreakin                                                                                        0000000077b2f8ea 7 bytes [68, 10, 24, 2A, 00, C3, 7D]
.text  C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[5580] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                                                          000000007740cfca 5 bytes JMP 0000000173707440
.text  C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[5580] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                  0000000077a61465 2 bytes [A6, 77]
.text  C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[5580] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                0000000077a614bb 2 bytes [A6, 77]
.text  ...                                                                                                                                                                                                                  * 2
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[7120] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                                            000000007740cfca 5 bytes JMP 0000000173707440
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[7120] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                    0000000077a61465 2 bytes [A6, 77]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[7120] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                  0000000077a614bb 2 bytes [A6, 77]
.text  ...                                                                                                                                                                                                                  * 2
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6500] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                                                  000000007740cfca 5 bytes JMP 0000000173707440
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6500] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                        0000000077a61465 2 bytes [A6, 77]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6500] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                        0000000077a614bb 2 bytes [A6, 77]
.text  ...                                                                                                                                                                                                                  * 2
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6752] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                                                  000000007740cfca 5 bytes JMP 0000000173707440
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6752] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                        0000000077a61465 2 bytes [A6, 77]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6752] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                        0000000077a614bb 2 bytes [A6, 77]
.text  ...                                                                                                                                                                                                                  * 2
.text  C:\Users\user\Downloads\gmer_2.1.19163.exe[1388] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                                                                                      000000007740cfca 5 bytes JMP 0000000173707440
.text  C:\Users\user\Downloads\gmer_2.1.19163.exe[1388] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                                            0000000077a61465 2 bytes [A6, 77]
.text  C:\Users\user\Downloads\gmer_2.1.19163.exe[1388] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                                            0000000077a614bb 2 bytes [A6, 77]
.text  ...                                                                                                                                                                                                                  * 2

---- Threads - GMER 2.1 ----

Thread  C:\Windows\system32\Dwm.exe [536:5388]                                                                                                                                                                              0000000002bf0000
Thread  C:\Windows\system32\Dwm.exe [536:1652]                                                                                                                                                                              0000000002bf5470
Thread  C:\Windows\Explorer.EXE [1364:5168]                                                                                                                                                                                  00000000032e0000
Thread  C:\Windows\Explorer.EXE [1364:5172]                                                                                                                                                                                  00000000032e5470
Thread  C:\Windows\Explorer.EXE [1364:5176]                                                                                                                                                                                  00000000032e6840
Thread  C:\Windows\Explorer.EXE [1364:5180]                                                                                                                                                                                  00000000032e6630
Thread  C:\Windows\system32\taskhost.exe [1672:4608]                                                                                                                                                                        0000000004940000
Thread  C:\Windows\system32\taskhost.exe [1672:4808]                                                                                                                                                                        0000000004945470
Thread  C:\Windows\system32\taskeng.exe [2088:4604]                                                                                                                                                                          0000000001ee0000
Thread  C:\Windows\system32\taskeng.exe [2088:2228]                                                                                                                                                                          0000000001ee5470
Thread  C:\Windows\SysWOW64\RunDll32.exe [5252:4180]                                                                                                                                                                        00000000001e0000
Thread  C:\Windows\SysWOW64\RunDll32.exe [5252:3068]                                                                                                                                                                        00000000001e4430

---- Registry - GMER 2.1 ----

Reg    HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\18f46ae2c02b                                                                                                                                         
Reg    HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\90004eaab123                                                                                                                                         
Reg    HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\90004eaab123@502d1d2cfbda                                                                                                                            0x84 0xD3 0x8D 0x39 ...
Reg    HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\18f46ae2c02b (not active ControlSet)                                                                                                                     
Reg    HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\90004eaab123 (not active ControlSet)                                                                                                                     
Reg    HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\90004eaab123@502d1d2cfbda                                                                                                                                0x84 0xD3 0x8D 0x39 ...

---- EOF - GMER 2.1 ----

schrauber 11.12.2013 10:03
hi,

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Sabomnim 11.12.2013 10:54
Hi Schrauber, erstmal vielen Dank für deine Unterstützung soweit!
Ich habe die combofix durchlaufen lassen, allerdings hat sie sich oft beschwert, dass der Zugriff verweigert wurde und immer wieder ist ein Fenster aufgepoppt, dass eine Datei nicht vorhanden wäre... Das Fenster musste ich manuell schließen, damit es weitergeht - war das falsch?

VG, Michi
Code:
ComboFix 13-12-10.01 - user 11.12.2013  10:28:57.1.4 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.4077.2227 [GMT 1:00]
ausgeführt von:: c:\users\user\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Outdated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AV: Sophos Anti-Virus *Enabled/Outdated* {65FBD860-96D8-75EF-C7ED-7BE27E6C498A}
SP: Avira Desktop *Disabled/Outdated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Sophos Anti-Virus *Enabled/Outdated* {DE9A3984-B0E2-7A61-FD5D-409005EB0337}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
ADS - Windows: deleted 192 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\user\AppData\Local\assembly\tmp
c:\users\user\AppData\Roaming\DataWork
c:\users\user\AppData\Roaming\DataWork\lsass.exe
c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lsass.exe
c:\windows\Installer\{467D5E81-8349-4892-9E81-C3674ED8E451}\Icon09DB8A851.exe
c:\windows\security\Database\tmp.edb
.
.
(((((((((((((((((((((((((((((((((((((((  Treiber/Dienste  )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_vpnagent
.
.
(((((((((((((((((((((((  Dateien erstellt von 2013-11-11 bis 2013-12-11  ))))))))))))))))))))))))))))))
.
.
2013-12-11 09:39 . 2013-12-11 09:39        --------        d-----w-        c:\users\Default\AppData\Local\temp
2013-12-11 09:30 . 2013-12-11 09:30        75888        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{03E4D2D5-D2ED-40A8-8DD7-7B47100B43B0}\offreg.dll
2013-12-10 15:37 . 2013-12-10 15:37        --------        d-----w-        c:\program files (x86)\7-Zip
2013-12-10 13:32 . 2013-12-10 13:32        --------        d-----w-        C:\FRST
2013-12-10 09:08 . 2013-11-08 03:12        10285968        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{03E4D2D5-D2ED-40A8-8DD7-7B47100B43B0}\mpengine.dll
2013-12-09 13:50 . 2013-12-09 13:50        --------        d-----w-        c:\users\user\.argouml
2013-12-09 13:49 . 2013-12-09 13:49        --------        d-----w-        c:\program files (x86)\ArgoUML
2013-11-20 14:31 . 2013-11-20 14:31        --------        d-----w-        c:\program files (x86)\Common Files\PDF Architect
2013-11-17 18:07 . 2013-11-17 18:07        --------        d-----w-        C:\Team17
2013-11-16 20:57 . 2013-11-16 20:58        --------        d-----w-        c:\users\user\AppData\Roaming\dvdcss
2013-11-14 08:42 . 2013-11-14 08:42        --------        d-----w-        c:\users\user\AppData\Local\e-academy Inc
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-14 22:17 . 2011-12-18 13:09        82896128        ----a-w-        c:\windows\system32\MRT.exe
2013-11-11 04:50 . 2011-07-31 14:24        267936        ------w-        c:\windows\system32\MpSigStub.exe
2013-10-19 18:01 . 2013-10-19 18:01        0        ----a-w-        c:\windows\SysWow64\shoFE3A.tmp
2013-10-14 21:42 . 2013-10-14 21:42        0        ----a-w-        c:\windows\SysWow64\shoAFC1.tmp
2013-09-14 13:02 . 2013-09-14 13:02        0        ----a-w-        c:\windows\SysWow64\sho3D8D.tmp
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}]
2013-08-15 08:08        314264        ----a-w-        c:\program files (x86)\Delta\delta\1.8.24.6\bh\delta.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{82E1477C-B154-48D3-9891-33D83C26BCD3}"= "c:\program files (x86)\Delta\delta\1.8.24.6\deltaTlbr.dll" [2013-08-15 300952]
.
[HKEY_CLASSES_ROOT\clsid\{82e1477c-b154-48d3-9891-33d83c26bcd3}]
[HKEY_CLASSES_ROOT\delta.deltadskBnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}]
[HKEY_CLASSES_ROOT\delta.deltadskBnd]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19        94208        ----a-w-        c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19        94208        ----a-w-        c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19        94208        ----a-w-        c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="c:\users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-12 138096]
"AVMUSBFernanschluss"="c:\users\user\AppData\Local\Apps\2.0\32WW39EP.APM\9NQMZ9EZ.4Y9\frit..tion_8488884cfbcefd60_0002.0003_f406d43803d5433d\AVMAutoStart.exe" [2012-12-22 139264]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-06-21 19875432]
"MySQL Notifier"="c:\program files (x86)\MySQL\MySQL Notifier 1.1.4\MySqlNotifier.exe" [2013-07-05 762368]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-09-13 283160]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2010-11-26 648032]
"Sophos AutoUpdate Monitor"="c:\program files (x86)\Sophos\AutoUpdate\almon.exe" [2012-08-08 900160]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-01-27 336384]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"Cisco AnyConnect Secure Mobility Agent for Windows"="c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" [2012-06-07 522744]
"PDFPrint"="c:\program files (x86)\PDF24\pdf24.exe" [2012-12-12 163000]
.
c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2012-8-27 26924984]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-7-29 1132320]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~3\BitGuard\271832~1.68\{C16C1~1\BitGuard.dll
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService]
@="service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 AntiVirMailService;Avira Email Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avmailc.exe;c:\program files (x86)\Avira\AntiVir Desktop\avmailc.exe [x]
R2 AntiVirWebService;Avira Browser Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 swi_update_64;Sophos Web Intelligence Update;c:\programdata\Sophos\Web Intelligence\swi_update_64.exe;c:\programdata\Sophos\Web Intelligence\swi_update_64.exe [x]
R3 acsock;acsock;c:\windows\system32\DRIVERS\acsock64.sys;c:\windows\SYSNATIVE\DRIVERS\acsock64.sys [x]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys;c:\windows\SYSNATIVE\DRIVERS\motfilt.sys [x]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1y60x64.sys [x]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys;c:\windows\SYSNATIVE\DRIVERS\motccgp.sys [x]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys;c:\windows\SYSNATIVE\DRIVERS\motccgpfl.sys [x]
R3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys;c:\windows\SYSNATIVE\DRIVERS\motodrv.sys [x]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys;c:\windows\SYSNATIVE\DRIVERS\Motousbnet.sys [x]
R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys;c:\windows\SYSNATIVE\DRIVERS\motusbdevice.sys [x]
R3 mvusbews;USB EWS Device;c:\windows\system32\Drivers\mvusbews.sys;c:\windows\SYSNATIVE\Drivers\mvusbews.sys [x]
R3 MySQL56;MySQL56;C:/Program Files/MySQL/MySQL Server 5.6/bin\mysqld --defaults-file=c:\programdata\MySQL\MySQL Server 5.6\my.ini MySQL56;C:/Program Files/MySQL/MySQL Server 5.6/bin\mysqld --defaults-file=c:\programdata\MySQL\MySQL Server 5.6\my.ini MySQL56 [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
R3 sdcfilter;sdcfilter;c:\windows\system32\DRIVERS\sdcfilter.sys;c:\windows\SYSNATIVE\DRIVERS\sdcfilter.sys [x]
R3 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [x]
R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [x]
R3 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [x]
R3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [x]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [x]
R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [x]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [x]
R3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update Common\VUAgent.exe;c:\program files\Sony\VAIO Update Common\VUAgent.exe [x]
R4 SophosBootDriver;SophosBootDriver;c:\windows\system32\DRIVERS\SophosBootDriver.sys;c:\windows\SYSNATIVE\DRIVERS\SophosBootDriver.sys [x]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 cnnctfy2;Connectify LightWeight Filter;c:\windows\system32\DRIVERS\cnnctfy2.sys;c:\windows\SYSNATIVE\DRIVERS\cnnctfy2.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 SAVOnAccess;SAVOnAccess;c:\windows\system32\DRIVERS\savonaccess.sys;c:\windows\SYSNATIVE\DRIVERS\savonaccess.sys [x]
S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 BitGuard;BitGuard;c:\programdata\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe;c:\programdata\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe;c:\windows\SYSNATIVE\HPSIsvc.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [x]
S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\NLSSRV32.EXE;c:\windows\SysWOW64\NLSSRV32.EXE [x]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [x]
S2 rimspci;rimspci;c:\windows\system32\drivers\rimssne64.sys;c:\windows\SYSNATIVE\drivers\rimssne64.sys [x]
S2 risdsnpe;risdsnpe;c:\windows\system32\drivers\risdsnxc64.sys;c:\windows\SYSNATIVE\drivers\risdsnxc64.sys [x]
S2 SAVAdminService;Sophos Anti-Virus Statusreporter;c:\program files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe;c:\program files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [x]
S2 SAVService;Sophos Anti-Virus;c:\program files (x86)\Sophos\Sophos Anti-Virus\SavService.exe;c:\program files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
S2 Sophos Web Control Service;Sophos Web Control Service;c:\program files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe;c:\program files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [x]
S2 swi_service;Sophos Web Intelligence Service;c:\program files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe;c:\program files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [x]
S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe;c:\program files\Sony\VAIO Power Management\SPMService.exe [x]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys;c:\windows\SYSNATIVE\DRIVERS\ArcSoftKsUFilter.sys [x]
S3 avmaudio;AVM Audio;c:\windows\system32\DRIVERS\avmaudio.sys;c:\windows\SYSNATIVE\DRIVERS\avmaudio.sys [x]
S3 avmaura;AVM USB-Fernanschluss;c:\windows\system32\DRIVERS\avmaura.sys;c:\windows\SYSNATIVE\DRIVERS\avmaura.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys;c:\windows\SYSNATIVE\drivers\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys;c:\windows\SYSNATIVE\drivers\nusb3xhc.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys;c:\windows\SYSNATIVE\drivers\SFEP.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-12-11 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1197489842-2163357240-3087932191-1000Core.job
- c:\users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-07 01:01]
.
2013-12-11 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1197489842-2163357240-3087932191-1000UA.job
- c:\users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-07 01:01]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19        97792        ----a-w-        c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19        97792        ----a-w-        c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19        97792        ----a-w-        c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19        97792        ----a-w-        c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-11-15 2277992]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-07-29 497648]
"RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-11-15 2277992]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll c:\progra~2\sophos\sophos~1\sophos_detoured_x64.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.searchgol.com/?babsrc=HP_ss_Btisdt7&mntrId=6680F0BF97152EAB&affID=123621&tsp=5022
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;<local>;192.168.*.*
uSearchAssistant = hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=058df872-e2e9-4cec-68b3-f8486825a952&searchtype=ds&q={searchTerms}&installDate=01/10/2013
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Free YouTube Download - c:\users\user\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\users\user\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
LSP: c:\programdata\Sophos\Web Intelligence\swi_ifslsp.dll
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 10.156.33.53 129.187.5.1
TCP: Interfaces\{B003EFE9-2051-4BF7-92A4-78938871341D}: NameServer = 10.150.128.2
FF - ProfilePath - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fq22leav.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.searchgol.com/?babsrc=HP_ss_Btisdt7&mntrId=6680F0BF97152EAB&affID=123621&tsp=5022
FF - prefs.js: keyword.URL - hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=058df872-e2e9-4cec-68b3-f8486825a952&searchtype=ds&installDate=01/10/2013&q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6PQVSbGKpO&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - 6680af0a000000000000021c12ff0dd6
FF - user.js: extensions.incredibar_i.instlDay - 15720
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1412:34
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6PQVSbGKpO
FF - user.js: extensions.incredibar_i.upn2n - 92544275879262936
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10643
FF - user.js: extensions.incredibar_i.ppd - 1
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - 6680af0a000000000000f0bf97152eab
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15979
FF - user.js: extensions.delta.vrsn - 1.8.24.6
FF - user.js: extensions.delta.vrsni - 1.8.24.6
FF - user.js: extensions.delta.vrsnTs - 1.8.24.610:13
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - de
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta_i.babTrack - affID=123621&tsp=5022
FF - user.js: extensions.delta_i.babExt -
FF - user.js: extensions.delta_i.srcExt - ss
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk - c:\windows\Installer\{467D5E81-8349-4892-9E81-C3674ED8E451}\Icon09DB8A851.exe -user_logon
WebBrowser-{872B5B88-9DB5-4310-BDD0-AC189557E5F5} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MySQL56]
"ImagePath"="\"C:/Program Files/MySQL/MySQL Server 5.6/bin\mysqld\" --defaults-file=\"c:\programdata\MySQL\MySQL Server 5.6\my.ini\" MySQL56"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MySQL56]
"ImagePath"="\"C:/Program Files/MySQL/MySQL Server 5.6/bin\mysqld\" --defaults-file=\"c:\programdata\MySQL\MySQL Server 5.6\my.ini\" MySQL56"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1197489842-2163357240-3087932191-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:46,9b,a1,ba,5e,52,91,7e,bf,92,b7,d5,04,ef,c8,ed,61,48,ef,4e,e7,55,6d,
  fc,cb,3c,0b,74,9a,6f,c6,42,dd,b3,ae,5f,52,b9,4d,a5,4b,a5,a2,c6,b8,6f,ec,45,\
"??"=hex:5d,2e,bc,00,9b,07,bc,9c,34,34,87,88,c9,ab,ca,0d
.
[HKEY_USERS\S-1-5-21-1197489842-2163357240-3087932191-1000\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:63,b0,72,d4,61,ae,93,b6,1f,a6,66,9b,fb,ef,5b,80,19,82,19,19,59,
  c2,40,9b,9d,b1,c6,af,a6,6c,12,b3,f2,f4,b9,9d,27,e7,99,87,87,3d,c4,ab,5c,38,\
"rkeysecu"=hex:dd,bc,ad,1e,30,35,24,4f,1a,47,c7,1e,c5,3b,48,c4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
  00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Cisco Systems\VPN Client\cvpnd.exe
c:\program files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
c:\program files (x86)\Sony\VAIO Event Service\VESMgr.exe
c:\windows\SysWOW64\schtasks.exe
c:\program files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
c:\program files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
c:\windows\SysWOW64\DllHost.exe
c:\windows\SysWOW64\DllHost.exe
c:\users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe
c:\windows\SysWOW64\RunDll32.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-12-11  10:49:50 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-12-11 09:49
.
Vor Suchlauf: 18 Verzeichnis(se), 151.702.679.552 Bytes frei
Nach Suchlauf: 26 Verzeichnis(se), 151.479.955.456 Bytes frei
.
- - End Of File - - D156F4E1ED5C183BD513E2494901EE34

schrauber 12.12.2013 09:03
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

Sabomnim 12.12.2013 13:23
Hier Anti-Malware
Code:
Malwarebytes Anti-Malware (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.12.12.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16736
user :: MICHI [Administrator]

Schutz: Aktiviert

12.12.2013 12:39:02
mbam-log-2013-12-12 (12-39-02).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 217934
Laufzeit: 8 Minute(n), 12 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 26
HKCR\CLSID\{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE} (PUP.Optional.Delta) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\escort.escortIEPane.1 (PUP.Optional.Delta) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\escort.escortIEPane (PUP.Optional.Delta) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} (PUP.Optional.Delta) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} (PUP.Optional.Delta) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{261DD098-8A3E-43D4-87AA-63324FA897D8} (PUP.Optional.Delta) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3} (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\Typelib\{4599D05A-D545-4069-BB42-5895B4EAE05B} (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\Interface\{1231839B-064E-4788-B865-465A1B5266FD} (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85} (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\DataMngr_Toolbar (PUP.Optional.DataMngr.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\DELTA\DELTA (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\DELTA\DELTA\IESTRG (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings (PUP.Optional.BProtector.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Delta\delta\Instl (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta Chrome Toolbar (PUP.Optional.BabSolution.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26} (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\delta.deltaappCore.1 (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\delta.deltaappCore (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{86838207-681D-469D-9511-D0DCC6F19F9B} (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\delta (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 10
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{82E1477C-B154-48D3-9891-33D83C26BCD3} (PUP.Optional.Delta.A) -> Daten: Delta Toolbar -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{82E1477C-B154-48D3-9891-33D83C26BCD3} (PUP.Optional.Delta.A) -> Daten:  -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Delta\Delta|tlbrSrchUrl (PUP.Optional.Delta.A) -> Daten:  -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|bProtector Start Page (PUP.BProtector) -> Daten: hxxp://www.searchgol.com/?babsrc=HP_ss_Btisdt7&mntrId=6680F0BF97152EAB&affID=123621&tsp=5022 -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|bProtectorDefaultScope (PUP.BProtector) -> Daten: {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\Software\Delta\delta|lastB (PUP.Optional.Delta.A) -> Daten: hxxp://www.searchgol.com/?babsrc=HP_ss&mntrId=6680F0BF97152EAB&affID=123621&tsp=5022 -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\Software\Delta\delta\iestrg|tlbrsrchurl (PUP.Optional.Delta.A) -> Daten:  -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Daten: zr1M1OtGtDtH1G1O1KtI0TtG0G -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Daten: {0723D87C-1754-4340-9D17-3F97F128EC3B} -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Daten: {0723D87C-1754-4340-9D17-3F97F128EC3B} -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 3
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.StartPage.A) -> Bösartig: (hxxp://www.searchgol.com/?babsrc=HP_ss_Btisdt7&mntrId=6680F0BF97152EAB&affID=123621&tsp=5022) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search|Default_Search_URL (PUP.Optional.Snapdo) -> Bösartig: (hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=058df872-e2e9-4cec-68b3-f8486825a952&searchtype=ds&q={searchTerms}&installDate=01/10/2013) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search|SearchAssistant (PUP.Optional.Snapdo) -> Bösartig: (hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=058df872-e2e9-4cec-68b3-f8486825a952&searchtype=ds&q={searchTerms}&installDate=01/10/2013) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt.

Infizierte Verzeichnisse: 18
C:\Users\user\AppData\Roaming\Babylon (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\user\AppData\Roaming\Delta (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\user\AppData\Roaming\BabSolution (PUP.Optional.BabSolution.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\user\AppData\Roaming\BabSolution\Shared (PUP.Optional.BabSolution.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Delta\delta\1.8.24.6 (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Delta\delta\1.8.24.6\bh (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\user\AppData\Roaming\OpenCandy (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\user\AppData\Roaming\OpenCandy\4C3F41A0051F4EB19DEF9C50119501FA (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\user\AppData\Roaming\OpenCandy\5F321254728348198E85431A86D62673 (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\user\AppData\Roaming\OpenCandy\6786DA8E77B248ECA517C927C0DEA4F1 (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\user\AppData\Roaming\OpenCandy\75AF558DB6514F70B3A62000639A511E (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\user\AppData\Roaming\OpenCandy\D13132B5D9B14C2090C22225D8C2EF15 (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\user\AppData\Roaming\OpenCandy\DB6701A3B2974776A20398FC03E7A3A9 (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\user\AppData\Roaming\OpenCandy\FA4F1AD8F1334BDDA6BACF6BA20C7E96 (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\user\AppData\Roaming\OpenCandy\OpenCandy_4C3F41A0051F4EB19DEF9C50119501FA (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SweetIM\Toolbars (PUP.Optional.SweetIM.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer (PUP.Optional.SweetIM.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT (PUP.Optional.SweetIM.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 32
C:\Program Files (x86)\Delta\delta\1.8.24.6\bh\delta.dll (PUP.Optional.Delta) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Delta\delta\1.8.24.6\deltaTlbr.dll (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\DSearchLink\DSearchLink.exe (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\user\AppData\Roaming\BabSolution\Shared\BabMaint.exe (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\user\AppData\Roaming\OpenCandy\6786DA8E77B248ECA517C927C0DEA4F1\Installer.exe (PUP.Optional.Linkury.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\user\AppData\Roaming\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\user\AppData\Roaming\Delta\sqlite3.dll (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\user\AppData\Roaming\BabSolution\Shared\BUSolution.dll (PUP.Optional.BabSolution.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\user\AppData\Roaming\BabSolution\Shared\chu.js (PUP.Optional.BabSolution.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\user\AppData\Roaming\BabSolution\Shared\Delta.ico (PUP.Optional.BabSolution.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\user\AppData\Roaming\BabSolution\Shared\GUninstaller.exe (PUP.Optional.BabSolution.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\user\AppData\Roaming\BabSolution\Shared\SetupParams.ini (PUP.Optional.BabSolution.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\user\AppData\Roaming\BabSolution\Shared\sqlite3.dll (PUP.Optional.BabSolution.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Delta\delta\1.8.24.6\deltaApp.dll (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Delta\delta\1.8.24.6\deltaEng.dll (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Delta\delta\1.8.24.6\deltasrv.exe (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Delta\delta\1.8.24.6\GUninstaller.exe (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Delta\delta\1.8.24.6\uninstall.exe (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\user\AppData\Roaming\OpenCandy\4C3F41A0051F4EB19DEF9C50119501FA\TuneUpUtilities2012_1002094_de-DE.exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\user\AppData\Roaming\OpenCandy\5F321254728348198E85431A86D62673\2787.ico (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\user\AppData\Roaming\OpenCandy\5F321254728348198E85431A86D62673\EBB77268-338F-4C6A-8590-AD88FED26F4A (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\user\AppData\Roaming\OpenCandy\5F321254728348198E85431A86D62673\Linkury_ALL_p2v1.exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\user\AppData\Roaming\OpenCandy\5F321254728348198E85431A86D62673\OCBrowserHelper_1.0.3.85.dll (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\user\AppData\Roaming\OpenCandy\5F321254728348198E85431A86D62673\RAWinstaller.exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\user\AppData\Roaming\OpenCandy\75AF558DB6514F70B3A62000639A511E\Trial-14.0.1000.89_de-DE_1004732_DE-1.exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\user\AppData\Roaming\OpenCandy\D13132B5D9B14C2090C22225D8C2EF15\TuneUpUtilities2013_2200218_de-DE.exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\user\AppData\Roaming\OpenCandy\DB6701A3B2974776A20398FC03E7A3A9\TuneUpUtilities2013_2200218_de-DE.exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\user\AppData\Roaming\OpenCandy\FA4F1AD8F1334BDDA6BACF6BA20C7E96\2787.ico (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\user\AppData\Roaming\OpenCandy\FA4F1AD8F1334BDDA6BACF6BA20C7E96\EBB77268-338F-4C6A-8590-AD88FED26F4A (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\user\AppData\Roaming\OpenCandy\FA4F1AD8F1334BDDA6BACF6BA20C7E96\Installer.exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\user\AppData\Roaming\OpenCandy\FA4F1AD8F1334BDDA6BACF6BA20C7E96\Linkury_ALL_p2v1.exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\user\AppData\Roaming\OpenCandy\FA4F1AD8F1334BDDA6BACF6BA20C7E96\OCBrowserHelper_1.0.3.85.dll (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
Code:
2013/12/12 12:36:28 +0100        MICHI        user        MESSAGE        Starting protection
2013/12/12 12:36:28 +0100        MICHI        user        MESSAGE        Protection started successfully
2013/12/12 12:36:28 +0100        MICHI        user        MESSAGE        Starting IP protection
2013/12/12 12:36:41 +0100        MICHI        user        MESSAGE        IP Protection started successfully
2013/12/12 12:36:48 +0100        MICHI        user        MESSAGE        Starting database refresh
2013/12/12 12:36:48 +0100        MICHI        user        MESSAGE        Stopping IP protection
2013/12/12 12:36:51 +0100        MICHI        user        MESSAGE        IP Protection stopped successfully
2013/12/12 12:36:53 +0100        MICHI        user        MESSAGE        Database refreshed successfully
2013/12/12 12:36:53 +0100        MICHI        user        MESSAGE        Starting IP protection
2013/12/12 12:36:55 +0100        MICHI        user        MESSAGE        IP Protection started successfully
2013/12/12 12:42:12 +0100        MICHI        user        MESSAGE        Executing scheduled update:  Daily
2013/12/12 12:42:13 +0100        MICHI        user        MESSAGE        Database already up-to-date
2013/12/12 12:50:57 +0100        MICHI        (null)        MESSAGE        Starting protection
2013/12/12 12:50:57 +0100        MICHI        (null)        MESSAGE        Protection started successfully
2013/12/12 12:50:57 +0100        MICHI        (null)        MESSAGE        Starting IP protection
2013/12/12 12:50:59 +0100        MICHI        (null)        MESSAGE        IP Protection started successfully
2013/12/12 12:51:06 +0100        MICHI        user        DETECTION        C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\loader.dll        Rogue.InternetSecurityEssentials        QUARANTINE
2013/12/12 12:59:26 +0100        MICHI        (null)        MESSAGE        Starting protection
2013/12/12 12:59:26 +0100        MICHI        (null)        MESSAGE        Protection started successfully
2013/12/12 12:59:26 +0100        MICHI        (null)        MESSAGE        Starting IP protection
2013/12/12 12:59:28 +0100        MICHI        (null)        MESSAGE        IP Protection started successfully
und ADW Cleaner

Code:
# AdwCleaner v3.015 - Bericht erstellt am 12/12/2013 um 12:56:49
# Updated 10/12/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : user - MICHI
# Gestartet von : C:\Users\user\Downloads\adwcleaner.exe
# Option : Suchen

***** [ Dienste ] *****

Dienst Gefunden : BitGuard

***** [ Dateien / Ordner ] *****

Datei Gefunden : C:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fq22leav.default\bprotector_extensions.sqlite
Datei Gefunden : C:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fq22leav.default\bprotector_prefs.js
Datei Gefunden : C:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fq22leav.default\searchplugins\Askcom.xml
Datei Gefunden : C:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fq22leav.default\searchplugins\MyStart Search.xml
Datei Gefunden : C:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fq22leav.default\searchplugins\Web Search.xml
Datei Gefunden : C:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fq22leav.default\user.js
Ordner Gefunden : C:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fq22leav.default\Extensions\ffxtlbr@delta.com
Ordner Gefunden : C:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fq22leav.default\Extensions\ffxtlbr@incredibar.com
Ordner Gefunden C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
Ordner Gefunden C:\Program Files (x86)\Conduit
Ordner Gefunden C:\Program Files (x86)\Delta
Ordner Gefunden C:\Program Files (x86)\SweetIM
Ordner Gefunden C:\ProgramData\Ask
Ordner Gefunden C:\ProgramData\Babylon
Ordner Gefunden C:\ProgramData\BitGuard
Ordner Gefunden C:\ProgramData\DSearchLink
Ordner Gefunden C:\ProgramData\Partner
Ordner Gefunden C:\users\user\AppData\Local\Conduit
Ordner Gefunden C:\users\user\AppData\Local\PackageAware
Ordner Gefunden C:\users\user\AppData\LocalLow\BabylonToolbar
Ordner Gefunden C:\users\user\AppData\LocalLow\Conduit
Ordner Gefunden C:\users\user\AppData\LocalLow\Delta
Ordner Gefunden C:\users\user\AppData\LocalLow\PriceGong
Ordner Gefunden C:\users\user\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gefunden C:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard
Ordner Gefunden C:\users\user\AppData\Roaming\pdfforge

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Daten Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll
Schlüssel Gefunden : HKCU\Software\5d0d6d9e56aec10
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gefunden : HKCU\Software\Delta
Schlüssel Gefunden : HKCU\Software\IM
Schlüssel Gefunden : HKCU\Software\ImInstaller
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4B71-B0A3-3D82E62A6909}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D3F69D07-0AEE-47AF-87D0-1A67D4F70C68}
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKCU\Software\YahooPartnerToolbar
Schlüssel Gefunden : [x64] HKCU\Software\Delta
Schlüssel Gefunden : [x64] HKCU\Software\IM
Schlüssel Gefunden : [x64] HKCU\Software\ImInstaller
Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4B71-B0A3-3D82E62A6909}
Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Schlüssel Gefunden : [x64] HKCU\Software\Softonic
Schlüssel Gefunden : [x64] HKCU\Software\YahooPartnerToolbar
Schlüssel Gefunden : HKLM\SOFTWARE\5d0d6d9e56aec10
Schlüssel Gefunden : HKLM\Software\Babylon
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{7D86A08B-0A8F-4BE0-B693-F05E6947E780}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gefunden : HKLM\Software\Conduit
Schlüssel Gefunden : HKLM\Software\DataMngr
Schlüssel Gefunden : HKLM\Software\Delta
Schlüssel Gefunden : HKLM\Software\DeviceVM
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\BabylonToolbarsrv_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\BabylonToolbarsrv_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\DVDVideoSoftTBAutoUpdateHelper_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\DVDVideoSoftTBAutoUpdateHelper_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_installer_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_installer_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_oxygen-phone-manager-ii_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_oxygen-phone-manager-ii_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasapi32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasmancs
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\sweetimsetup_rasapi32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\sweetimsetup_rasmancs
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\sweetpacksupdatemanager_rasapi32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Schlüssel Gefunden : HKLM\Software\Uniblue
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\DeviceVM
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Wert Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.16736

Einstellung Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default] - hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=058df872-e2e9-4cec-68b3-f8486825a952&searchtype=ds&q={searchTerms}&installDate=01/10/2013
Einstellung Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default] - hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=058df872-e2e9-4cec-68b3-f8486825a952&searchtype=ds&q={searchTerms}&installDate=01/10/2013

-\\ Mozilla Firefox v15.0.1 (de)

[ Datei : C:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fq22leav.default\prefs.js ]

Zeile gefunden : user_pref("browser.search.defaultenginename", "MyStart Search");
Zeile gefunden : user_pref("browser.startup.homepage", "hxxp://www.searchgol.com/?babsrc=HP_ss_Btisdt7&mntrId=6680F0BF97152EAB&affID=123621&tsp=5022");
Zeile gefunden : user_pref("extensions.delta.admin", false);
Zeile gefunden : user_pref("extensions.delta.aflt", "babsst");
Zeile gefunden : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Zeile gefunden : user_pref("extensions.delta.autoRvrt", "false");
Zeile gefunden : user_pref("extensions.delta.dfltLng", "de");
Zeile gefunden : user_pref("extensions.delta.excTlbr", false);
Zeile gefunden : user_pref("extensions.delta.ffxUnstlRst", true);
Zeile gefunden : user_pref("extensions.delta.id", "6680af0a000000000000f0bf97152eab");
Zeile gefunden : user_pref("extensions.delta.instlDay", "15979");
Zeile gefunden : user_pref("extensions.delta.instlRef", "sst");
Zeile gefunden : user_pref("extensions.delta.newTab", false);
Zeile gefunden : user_pref("extensions.delta.prdct", "delta");
Zeile gefunden : user_pref("extensions.delta.prtnrId", "delta");
Zeile gefunden : user_pref("extensions.delta.rvrt", "false");
Zeile gefunden : user_pref("extensions.delta.smplGrp", "none");
Zeile gefunden : user_pref("extensions.delta.tlbrId", "base");
Zeile gefunden : user_pref("extensions.delta.tlbrSrchUrl", "");
Zeile gefunden : user_pref("extensions.delta.vrsn", "1.8.24.6");
Zeile gefunden : user_pref("extensions.delta.vrsnTs", "1.8.24.610:13:22");
Zeile gefunden : user_pref("extensions.delta.vrsni", "1.8.24.6");
Zeile gefunden : user_pref("extensions.delta_i.babExt", "");
Zeile gefunden : user_pref("extensions.delta_i.babTrack", "affID=123621&tsp=5022");
Zeile gefunden : user_pref("extensions.delta_i.srcExt", "ss");
Zeile gefunden : user_pref("extensions.incredibar_i.aflt", "orgnl");
Zeile gefunden : user_pref("extensions.incredibar_i.dfltLng", "");
Zeile gefunden : user_pref("extensions.incredibar_i.did", "10643");
Zeile gefunden : user_pref("extensions.incredibar_i.excTlbr", false);
Zeile gefunden : user_pref("extensions.incredibar_i.id", "6680af0a000000000000021c12ff0dd6");
Zeile gefunden : user_pref("extensions.incredibar_i.installerproductid", "26");
Zeile gefunden : user_pref("extensions.incredibar_i.instlDay", "15720");
Zeile gefunden : user_pref("extensions.incredibar_i.instlRef", "");
Zeile gefunden : user_pref("extensions.incredibar_i.ms_url_id", "");
Zeile gefunden : user_pref("extensions.incredibar_i.newTab", false);
Zeile gefunden : user_pref("extensions.incredibar_i.ppd", "1");
Zeile gefunden : user_pref("extensions.incredibar_i.prdct", "incredibar");
Zeile gefunden : user_pref("extensions.incredibar_i.productid", "26");
Zeile gefunden : user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
Zeile gefunden : user_pref("extensions.incredibar_i.smplGrp", "none");
Zeile gefunden : user_pref("extensions.incredibar_i.tlbrId", "base");
Zeile gefunden : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6PQVSbGKpO&loc=IB_TB&i=26&search=");
Zeile gefunden : user_pref("extensions.incredibar_i.upn2", "6PQVSbGKpO");
Zeile gefunden : user_pref("extensions.incredibar_i.upn2n", "92544275879262936");
Zeile gefunden : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");
Zeile gefunden : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1412:34:19");
Zeile gefunden : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");
Zeile gefunden : user_pref("keyword.URL", "hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=058df872-e2e9-4cec-68b3-f8486825a952&searchtype=ds&installDate=01/10/2013&q=");

-\\ Google Chrome v21.0.1180.89

[ Datei : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gefunden : homepage

*************************

AdwCleaner[R0].txt - [17016 octets] - [12/12/2013 12:56:49]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [17077 octets] ##########
Code:
# AdwCleaner v3.015 - Bericht erstellt am 12/12/2013 um 12:57:37
# Updated 10/12/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : user - MICHI
# Gestartet von : C:\Users\user\Downloads\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****

Dienst Gelöscht : BitGuard

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Ask
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\BitGuard
Ordner Gelöscht : C:\ProgramData\DSearchLink
Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\Program Files (x86)\Conduit
Ordner Gelöscht : C:\Program Files (x86)\Delta
Ordner Gelöscht : C:\Program Files (x86)\SweetIM
Ordner Gelöscht : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
Ordner Gelöscht : C:\users\user\AppData\Local\Conduit
Ordner Gelöscht : C:\users\user\AppData\Local\PackageAware
Ordner Gelöscht : C:\users\user\AppData\LocalLow\BabylonToolbar
Ordner Gelöscht : C:\users\user\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\users\user\AppData\LocalLow\Delta
Ordner Gelöscht : C:\users\user\AppData\LocalLow\PriceGong
Ordner Gelöscht : C:\users\user\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\users\user\AppData\Roaming\pdfforge
Ordner Gelöscht : C:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard
Ordner Gelöscht : C:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fq22leav.default\Extensions\ffxtlbr@delta.com
Ordner Gelöscht : C:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fq22leav.default\Extensions\ffxtlbr@incredibar.com
Datei Gelöscht : C:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fq22leav.default\bprotector_extensions.sqlite
Datei Gelöscht : C:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fq22leav.default\bprotector_prefs.js
Datei Gelöscht : C:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fq22leav.default\searchplugins\Askcom.xml
Datei Gelöscht : C:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fq22leav.default\searchplugins\MyStart Search.xml
Datei Gelöscht : C:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fq22leav.default\searchplugins\Web Search.xml
Datei Gelöscht : C:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fq22leav.default\user.js

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BabylonToolbarsrv_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BabylonToolbarsrv_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\DVDVideoSoftTBAutoUpdateHelper_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\DVDVideoSoftTBAutoUpdateHelper_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_installer_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_installer_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\sweetimsetup_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\sweetimsetup_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\sweetpacksupdatemanager_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Schlüssel Gelöscht : HKCU\Software\5d0d6d9e56aec10
Schlüssel Gelöscht : HKLM\SOFTWARE\5d0d6d9e56aec10
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_oxygen-phone-manager-ii_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_oxygen-phone-manager-ii_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7D86A08B-0A8F-4BE0-B693-F05E6947E780}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D3F69D07-0AEE-47AF-87D0-1A67D4F70C68}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4B71-B0A3-3D82E62A6909}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Wert Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Schlüssel Gelöscht : HKCU\Software\Delta
Schlüssel Gelöscht : HKCU\Software\IM
Schlüssel Gelöscht : HKCU\Software\ImInstaller
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\Delta
Schlüssel Gelöscht : HKLM\Software\DeviceVM
Schlüssel Gelöscht : HKLM\Software\Uniblue
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\DeviceVM
Daten Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll

***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.16736

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]

-\\ Mozilla Firefox v15.0.1 (de)

[ Datei : C:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fq22leav.default\prefs.js ]

Zeile gelöscht : user_pref("browser.search.defaultenginename", "MyStart Search");
Zeile gelöscht : user_pref("browser.startup.homepage", "hxxp://www.searchgol.com/?babsrc=HP_ss_Btisdt7&mntrId=6680F0BF97152EAB&affID=123621&tsp=5022");
Zeile gelöscht : user_pref("extensions.delta.admin", false);
Zeile gelöscht : user_pref("extensions.delta.aflt", "babsst");
Zeile gelöscht : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Zeile gelöscht : user_pref("extensions.delta.autoRvrt", "false");
Zeile gelöscht : user_pref("extensions.delta.dfltLng", "de");
Zeile gelöscht : user_pref("extensions.delta.excTlbr", false);
Zeile gelöscht : user_pref("extensions.delta.ffxUnstlRst", true);
Zeile gelöscht : user_pref("extensions.delta.id", "6680af0a000000000000f0bf97152eab");
Zeile gelöscht : user_pref("extensions.delta.instlDay", "15979");
Zeile gelöscht : user_pref("extensions.delta.instlRef", "sst");
Zeile gelöscht : user_pref("extensions.delta.newTab", false);
Zeile gelöscht : user_pref("extensions.delta.prdct", "delta");
Zeile gelöscht : user_pref("extensions.delta.prtnrId", "delta");
Zeile gelöscht : user_pref("extensions.delta.rvrt", "false");
Zeile gelöscht : user_pref("extensions.delta.smplGrp", "none");
Zeile gelöscht : user_pref("extensions.delta.tlbrId", "base");
Zeile gelöscht : user_pref("extensions.delta.tlbrSrchUrl", "");
Zeile gelöscht : user_pref("extensions.delta.vrsn", "1.8.24.6");
Zeile gelöscht : user_pref("extensions.delta.vrsnTs", "1.8.24.610:13:22");
Zeile gelöscht : user_pref("extensions.delta.vrsni", "1.8.24.6");
Zeile gelöscht : user_pref("extensions.delta_i.babExt", "");
Zeile gelöscht : user_pref("extensions.delta_i.babTrack", "affID=123621&tsp=5022");
Zeile gelöscht : user_pref("extensions.delta_i.srcExt", "ss");
Zeile gelöscht : user_pref("extensions.incredibar_i.aflt", "orgnl");
Zeile gelöscht : user_pref("extensions.incredibar_i.dfltLng", "");
Zeile gelöscht : user_pref("extensions.incredibar_i.did", "10643");
Zeile gelöscht : user_pref("extensions.incredibar_i.excTlbr", false);
Zeile gelöscht : user_pref("extensions.incredibar_i.id", "6680af0a000000000000021c12ff0dd6");
Zeile gelöscht : user_pref("extensions.incredibar_i.installerproductid", "26");
Zeile gelöscht : user_pref("extensions.incredibar_i.instlDay", "15720");
Zeile gelöscht : user_pref("extensions.incredibar_i.instlRef", "");
Zeile gelöscht : user_pref("extensions.incredibar_i.ms_url_id", "");
Zeile gelöscht : user_pref("extensions.incredibar_i.newTab", false);
Zeile gelöscht : user_pref("extensions.incredibar_i.ppd", "1");
Zeile gelöscht : user_pref("extensions.incredibar_i.prdct", "incredibar");
Zeile gelöscht : user_pref("extensions.incredibar_i.productid", "26");
Zeile gelöscht : user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
Zeile gelöscht : user_pref("extensions.incredibar_i.smplGrp", "none");
Zeile gelöscht : user_pref("extensions.incredibar_i.tlbrId", "base");
Zeile gelöscht : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6PQVSbGKpO&loc=IB_TB&i=26&search=");
Zeile gelöscht : user_pref("extensions.incredibar_i.upn2", "6PQVSbGKpO");
Zeile gelöscht : user_pref("extensions.incredibar_i.upn2n", "92544275879262936");
Zeile gelöscht : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");
Zeile gelöscht : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1412:34:19");
Zeile gelöscht : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");
Zeile gelöscht : user_pref("keyword.URL", "hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=058df872-e2e9-4cec-68b3-f8486825a952&searchtype=ds&installDate=01/10/2013&q=");

-\\ Google Chrome v21.0.1180.89

[ Datei : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gelöscht : homepage

*************************

AdwCleaner[R0].txt - [17270 octets] - [12/12/2013 12:56:49]
AdwCleaner[S0].txt - [16088 octets] - [12/12/2013 12:57:37]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [16149 octets] ##########
und JRT

Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Home Premium x64
Ran by user on 12.12.2013 at 13:04:45,56
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1197489842-2163357240-3087932191-1000\Software\sweetim
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{FFF853DF-3C6F-47DB-8D14-EC4683EADF3E}



~~~ Files

Successfully deleted: [File] C:\Windows\syswow64\sho1107.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho1669.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho29.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho2D67.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho3071.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho317.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho3D8D.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho442C.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho461C.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho5B2.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho668D.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho6F93.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho7F9E.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho82B2.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho8504.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho8730.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho9CCE.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoAC2B.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoAE8A.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoAFC1.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoB349.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoB508.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoBC3F.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoC0DA.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoC68B.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoC804.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoD2A1.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoDC4E.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoF468.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoFD66.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoFE3A.tmp



~~~ Folders



~~~ FireFox

Successfully deleted: [File] C:\user.js
Successfully deleted: [Folder] C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\fq22leav.default\extensions\staged
Emptied folder: C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\fq22leav.default\minidumps [5 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 12.12.2013 at 13:10:53,40
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
und FRST


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-12-2013
Ran by user (administrator) on MICHI on 12-12-2013 13:13:56
Running from C:\Users\user\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
(HP) C:\Windows\System32\HPSIsvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
() C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESGfxMgr.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Oracle Corporation) C:\Program Files (x86)\MySQL\MySQL Notifier 1.1.4\MySQLNotifier.exe
() C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Dropbox, Inc.) C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277992 2011-11-15] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2283816 2010-11-18] (Synaptics Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [497648 2010-07-29] (Adobe Systems Incorporated)
HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277992 2011-11-15] (Realtek Semiconductor)
HKCU\...\Run: [Facebook Update] - C:\Users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-12] (Facebook Inc.)
HKCU\...\Run: [AVMUSBFernanschluss] - C:\Users\user\AppData\Local\Apps\2.0\32WW39EP.APM\9NQMZ9EZ.4Y9\frit..tion_8488884cfbcefd60_0002.0003_f406d43803d5433d\AVMAutoStart.exe [139264 2012-12-22] (AVM Berlin)
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19875432 2013-06-21] (Skype Technologies S.A.)
HKCU\...\Run: [MySQL Notifier] - C:\Program Files (x86)\MySQL\MySQL Notifier 1.1.4\MySQLNotifier.exe [762368 2013-07-05] (Oracle Corporation)
HKCU\...\Policies\system: [DisableLockWorkstation] 0
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-09-13] (Intel Corporation)
HKLM-x32\...\Run: [Norton Online Backup] - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [PMBVolumeWatcher] - C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [648032 2010-11-27] (Sony Corporation)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-01-27] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [522744 2012-06-07] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [PDFPrint] - C:\Program Files (x86)\PDF24\pdf24.exe [163000 2012-12-12] (Geek Software GmbH)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [683576 2013-11-26] (Avira Operations GmbH & Co. KG)
AppInit_DLLs:  c:\progra~2\sophos\sophos~1\sophos_detoured_x64.dll [ ] ()
Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {21E65FE6-8C22-4527-8D3D-77E7D924299D} URL = hxxp://rover.ebay.com/rover/1/707-37276-16609-16/4?mpre=hxxp://shop.ebay.de/?_nkw={searchTerms}
SearchScopes: HKCU - {C73F90D8-128A-4161-AA44-82A1E0595562} URL = hxxp://services.zinio.com/search?s={searchTerms}&rf=sonyslices
SearchScopes: HKCU - {DD469079-DD4D-4DC2-8FB6-9AB2B562859C} URL = hxxp://de.shopping.com/?linkin_id=8056363
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 10.156.33.53 129.187.5.1
Tcpip\..\Interfaces\{B003EFE9-2051-4BF7-92A4-78938871341D}: [NameServer]10.150.128.2

FireFox:
========
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fq22leav.default
FF NewTab: about:blank
FF SelectedSearchEngine: Google
FF NetworkProxy: "no_proxies_on", "localho,t,127.0.0.1,*.local"
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll ()
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.11.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.11.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\user\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
FF Extension: anonymoX - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fq22leav.default\Extensions\client@anonymox.net
FF Extension: client - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fq22leav.default\Extensions\client@anonymox.net.xpi
FF Extension: DVDVideoSoft Menu - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fq22leav.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi

Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://golem.de/"
CHR DefaultSearchKeyword: google.de
CHR DefaultSearchProvider: Google
CHR DefaultSearchURL: {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\gcswf32.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\user\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.290.11) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U29) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\user\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Extension: (ProxTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek\1.2.6_0
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (AdBlock) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.54_0
CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-11-26] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-26] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1164360 2013-11-26] (Avira Operations GmbH & Co. KG)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MotoHelper; C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [226624 2011-01-27] ()
S3 MySQL56; C:\ProgramData\MySQL\MySQL Server 5.6\my.ini [14236 2013-10-11] ()
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.)
S3 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [887000 2011-01-20] (Sony Corporation)
R3 VUAgent; C:\Program Files\Sony\VAIO Update\VUAgent.exe [1368624 2013-08-01] (Sony Corporation)

==================== Drivers (Whitelisted) ====================

R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [107416 2013-11-26] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132600 2013-11-26] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-26] (Avira Operations GmbH & Co. KG)
R3 avmaudio; C:\Windows\System32\DRIVERS\avmaudio.sys [116480 2012-12-22] (AVM Berlin)
R3 avmaura; C:\Windows\System32\DRIVERS\avmaura.sys [116480 2012-12-22] (AVM Berlin)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [83160 2013-11-26] (Avira Operations GmbH & Co. KG)
R1 cnnctfy2; C:\Windows\System32\DRIVERS\cnnctfy2.sys [31344 2013-01-15] (Connectify)
R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-05-28] (DT Soft Ltd)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2012-12-24] (Marvell Semiconductor, Inc.)
R2 risdsnpe; C:\Windows\system32\drivers\risdsnxc64.sys [98816 2010-12-27] (REDC)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2013-07-16] (Duplex Secure Ltd.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-12 13:13 - 2013-12-12 13:13 - 00000000 ____D C:\Users\user\Downloads\FRST-OlderVersion
2013-12-12 13:10 - 2013-12-12 13:10 - 00003172 _____ C:\Users\user\Desktop\JRT.txt
2013-12-12 13:04 - 2013-12-12 13:04 - 00000000 ____D C:\Windows\ERUNT
2013-12-12 13:03 - 2013-12-12 13:03 - 01034531 _____ (Thisisu) C:\Users\user\Downloads\JRT.exe
2013-12-12 12:56 - 2013-12-12 12:57 - 00000000 ____D C:\AdwCleaner
2013-12-12 12:55 - 2013-12-12 12:56 - 01226802 _____ C:\Users\user\Downloads\adwcleaner.exe
2013-12-12 12:36 - 2013-12-12 12:36 - 00000000 ____D C:\Users\user\AppData\Roaming\Malwarebytes
2013-12-12 12:35 - 2013-12-12 12:35 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-12-12 12:35 - 2013-12-12 12:35 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-12 12:35 - 2013-12-12 12:35 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-12 12:35 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-12-12 12:32 - 2013-12-12 12:32 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\user\Downloads\mbam-setup-1.75.0.1300.exe
2013-12-11 11:56 - 2013-12-11 11:56 - 00000000 ____D C:\Users\user\AppData\Roaming\Avira
2013-12-11 11:38 - 2013-12-11 11:38 - 00000000 ____D C:\Program Files (x86)\Avira
2013-12-11 11:38 - 2013-11-26 12:19 - 00132600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-12-11 11:38 - 2013-11-26 12:19 - 00107416 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-12-11 11:38 - 2013-11-26 12:19 - 00083160 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-12-11 11:38 - 2013-11-26 12:19 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-12-11 11:34 - 2013-12-11 11:36 - 128337920 _____ C:\Users\user\Downloads\avira_free_antivirus_de.exe
2013-12-11 11:00 - 2013-12-11 11:00 - 03541544 _____ (Piriform Ltd) C:\Users\user\Downloads\ccsetup408_slim.exe
2013-12-11 10:49 - 2013-12-11 10:49 - 00034632 _____ C:\ComboFix.txt
2013-12-11 10:26 - 2013-12-11 10:50 - 00000000 ____D C:\ComboFix
2013-12-11 10:26 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2013-12-11 10:25 - 2013-12-11 10:50 - 00000000 ____D C:\Qoobox
2013-12-11 10:25 - 2013-12-11 10:47 - 00000000 ____D C:\Windows\erdnt
2013-12-11 10:25 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2013-12-11 10:25 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-12-11 10:25 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-12-11 10:25 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2013-12-11 10:25 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2013-12-11 10:25 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2013-12-11 10:22 - 2013-12-11 10:22 - 05153140 ____R (Swearware) C:\Users\user\Desktop\ComboFix.exe
2013-12-10 16:48 - 2013-12-10 16:48 - 00019355 _____ C:\Users\user\Downloads\Logs.7z
2013-12-10 16:37 - 2013-12-10 16:37 - 01110476 _____ C:\Users\user\Downloads\7z920.exe
2013-12-10 16:37 - 2013-12-10 16:37 - 00000000 ____D C:\Program Files (x86)\7-Zip
2013-12-10 16:18 - 2013-12-10 16:18 - 00084010 _____ C:\Users\user\Downloads\Gmer.log
2013-12-10 15:51 - 2013-12-10 15:51 - 00274152 _____ C:\Windows\Minidump\121013-18891-01.dmp
2013-12-10 15:11 - 2013-12-10 15:11 - 00274152 _____ C:\Windows\Minidump\121013-23337-01.dmp
2013-12-10 14:36 - 2013-12-10 14:36 - 00377856 _____ C:\Users\user\Downloads\gmer_2.1.19163.exe
2013-12-10 14:34 - 2013-12-10 14:34 - 00031525 _____ C:\Users\user\Downloads\Addition.txt
2013-12-10 14:32 - 2013-12-12 13:13 - 00020748 _____ C:\Users\user\Downloads\FRST.txt
2013-12-10 14:32 - 2013-12-12 13:13 - 00000000 ____D C:\FRST
2013-12-10 14:31 - 2013-12-12 13:13 - 01927106 _____ (Farbar) C:\Users\user\Downloads\FRST64.exe
2013-12-10 14:09 - 2013-12-10 14:30 - 00000522 _____ C:\Users\user\Downloads\defogger_disable.log
2013-12-10 14:09 - 2013-12-10 14:09 - 00050477 _____ C:\Users\user\Downloads\Defogger.exe
2013-12-10 14:09 - 2013-12-10 14:09 - 00000188 _____ C:\Users\user\defogger_reenable
2013-12-10 13:31 - 2013-12-10 15:53 - 00000871 _____ C:\Users\user\AppData\Roaming\Sample.lnk
2013-12-09 14:50 - 2013-12-09 14:50 - 00000000 ____D C:\Users\user\.argouml
2013-12-09 14:49 - 2013-12-09 14:49 - 00002213 _____ C:\Users\user\Desktop\ArgoUML.lnk
2013-12-09 14:49 - 2013-12-09 14:49 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ArgoUML
2013-12-09 14:49 - 2013-12-09 14:49 - 00000000 ____D C:\Program Files (x86)\ArgoUML
2013-12-09 14:31 - 2013-12-09 14:32 - 16530652 _____ C:\Users\user\Downloads\ArgoUML-0.34-setup.exe
2013-12-06 13:17 - 2013-12-09 11:01 - 00000151 _____ C:\Users\user\Desktop\Mitbringsel.txt
2013-12-06 12:48 - 2013-12-06 12:49 - 00000043 _____ C:\Users\user\Desktop\Pflichtenehft.txt
2013-11-30 08:01 - 2013-12-11 03:03 - 00013495 _____ C:\Windows\IE11_main.log
2013-11-29 08:50 - 2013-11-29 08:50 - 19875432 _____ (Skype Technologies S.A.) C:\Users\user\Downloads\Skype.exe
2013-11-27 23:07 - 2013-11-27 23:07 - 00001136 _____ C:\Users\user\Desktop\Dokumente - Verknüpfung.lnk
2013-11-21 17:47 - 2013-11-21 17:47 - 00000672 _____ C:\Users\user\Desktop\luna.lnk
2013-11-20 15:39 - 2013-11-20 15:39 - 00003114 _____ C:\Windows\System32\Tasks\{8E8E6C90-1937-4189-A3C5-D35B328A10CF}
2013-11-17 19:07 - 2013-11-17 19:07 - 00000000 ____D C:\Team17
2013-11-17 03:03 - 2013-11-17 03:03 - 00296728 _____ C:\Windows\Minidump\111713-21044-01.dmp
2013-11-16 21:57 - 2013-11-16 21:58 - 00000000 ____D C:\Users\user\AppData\Roaming\dvdcss
2013-11-14 23:23 - 2013-10-12 09:45 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-14 23:23 - 2013-10-12 09:45 - 01364992 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-14 23:23 - 2013-10-12 09:45 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-14 23:23 - 2013-10-12 09:43 - 19269632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-14 23:23 - 2013-10-12 09:43 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-14 23:23 - 2013-10-12 09:43 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-14 23:23 - 2013-10-12 09:43 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-14 23:23 - 2013-10-12 09:43 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-14 23:23 - 2013-10-12 09:43 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-14 23:23 - 2013-10-12 09:43 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-14 23:23 - 2013-10-12 09:43 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-14 23:23 - 2013-10-12 09:43 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-14 23:23 - 2013-10-12 09:43 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-14 23:23 - 2013-10-12 09:43 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-14 23:23 - 2013-10-12 08:03 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-14 23:23 - 2013-10-12 08:03 - 01138176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-14 23:23 - 2013-10-12 08:02 - 14355968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-14 23:23 - 2013-10-12 08:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-14 23:23 - 2013-10-12 08:02 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-14 23:23 - 2013-10-12 08:02 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-14 23:23 - 2013-10-12 08:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-14 23:23 - 2013-10-12 08:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-14 23:23 - 2013-10-12 08:02 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-14 23:23 - 2013-10-12 08:02 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-14 23:23 - 2013-10-12 08:02 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-14 23:23 - 2013-10-12 08:02 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-14 23:23 - 2013-10-12 08:02 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-14 23:23 - 2013-10-12 07:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-14 23:23 - 2013-10-12 07:08 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-14 23:23 - 2013-10-12 06:44 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-14 23:23 - 2013-10-12 06:15 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-14 09:42 - 2013-11-14 09:42 - 00000000 ____D C:\Users\user\AppData\Local\e-academy Inc
2013-11-14 08:48 - 2013-10-12 03:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-11-14 08:48 - 2013-10-12 03:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-14 08:48 - 2013-10-12 03:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-14 08:48 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-11-14 08:48 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-11-14 08:48 - 2013-10-05 21:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-14 08:48 - 2013-10-05 20:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-14 08:48 - 2013-10-04 03:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-11-14 08:48 - 2013-10-04 03:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-11-14 08:48 - 2013-10-04 03:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-14 08:48 - 2013-10-04 02:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2013-11-14 08:48 - 2013-10-04 02:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-14 08:48 - 2013-10-04 02:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2013-11-14 08:48 - 2013-10-03 03:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-14 08:48 - 2013-10-03 03:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-14 08:48 - 2013-09-28 02:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-11-14 08:48 - 2013-09-25 03:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-11-14 08:48 - 2013-09-25 03:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-11-14 08:48 - 2013-09-25 03:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-11-14 08:48 - 2013-09-25 03:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-11-14 08:48 - 2013-09-25 03:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-11-14 08:48 - 2013-09-25 03:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-14 08:48 - 2013-09-25 03:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-11-14 08:48 - 2013-09-25 03:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-11-14 08:48 - 2013-09-25 02:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-11-14 08:48 - 2013-09-25 02:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-14 08:48 - 2013-09-25 02:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-11-14 08:48 - 2013-09-25 02:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-11-14 08:48 - 2013-09-25 02:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-11-14 08:48 - 2013-07-04 13:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys

==================== One Month Modified Files and Folders =======

2013-12-12 13:15 - 2013-12-10 14:32 - 00020748 _____ C:\Users\user\Downloads\FRST.txt
2013-12-12 13:13 - 2013-12-12 13:13 - 00000000 ____D C:\Users\user\Downloads\FRST-OlderVersion
2013-12-12 13:13 - 2013-12-10 14:32 - 00000000 ____D C:\FRST
2013-12-12 13:13 - 2013-12-10 14:31 - 01927106 _____ (Farbar) C:\Users\user\Downloads\FRST64.exe
2013-12-12 13:13 - 2011-03-03 12:42 - 00669482 _____ C:\Windows\system32\perfh007.dat
2013-12-12 13:13 - 2011-03-03 12:42 - 00136570 _____ C:\Windows\system32\perfc007.dat
2013-12-12 13:13 - 2009-07-14 06:13 - 01540000 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-12 13:11 - 2011-09-05 17:42 - 00000000 ____D C:\Users\user\Documents\Outlook-Dateien
2013-12-12 13:11 - 2009-07-14 05:51 - 00170392 _____ C:\Windows\setupact.log
2013-12-12 13:10 - 2013-12-12 13:10 - 00003172 _____ C:\Users\user\Desktop\JRT.txt
2013-12-12 13:07 - 2009-07-14 05:45 - 00013664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-12 13:07 - 2009-07-14 05:45 - 00013664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-12 13:04 - 2013-12-12 13:04 - 00000000 ____D C:\Windows\ERUNT
2013-12-12 13:04 - 2011-04-01 16:39 - 01645733 _____ C:\Windows\WindowsUpdate.log
2013-12-12 13:03 - 2013-12-12 13:03 - 01034531 _____ (Thisisu) C:\Users\user\Downloads\JRT.exe
2013-12-12 13:01 - 2012-10-15 21:46 - 00000000 ___RD C:\Users\user\DropBox
2013-12-12 13:01 - 2012-10-15 21:42 - 00000000 ____D C:\Users\user\AppData\Roaming\Dropbox
2013-12-12 13:00 - 2013-01-15 12:36 - 00000433 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2013-12-12 13:00 - 2011-07-31 18:20 - 00000000 ____D C:\Users\user\AppData\Roaming\Skype
2013-12-12 12:59 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-12 12:57 - 2013-12-12 12:56 - 00000000 ____D C:\AdwCleaner
2013-12-12 12:56 - 2013-12-12 12:55 - 01226802 _____ C:\Users\user\Downloads\adwcleaner.exe
2013-12-12 12:52 - 2012-01-09 16:11 - 00000000 ____D C:\Users\user\AppData\Local\Deployment
2013-12-12 12:50 - 2011-03-03 04:48 - 00191622 _____ C:\Windows\PFRO.log
2013-12-12 12:36 - 2013-12-12 12:36 - 00000000 ____D C:\Users\user\AppData\Roaming\Malwarebytes
2013-12-12 12:35 - 2013-12-12 12:35 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-12-12 12:35 - 2013-12-12 12:35 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-12 12:35 - 2013-12-12 12:35 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-12 12:32 - 2013-12-12 12:32 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\user\Downloads\mbam-setup-1.75.0.1300.exe
2013-12-12 12:25 - 2011-09-07 20:05 - 00001134 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1197489842-2163357240-3087932191-1000UA.job
2013-12-12 03:07 - 2011-09-07 20:05 - 00001112 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1197489842-2163357240-3087932191-1000Core.job
2013-12-11 18:04 - 2013-10-31 15:39 - 00000000 ____D C:\Users\user\AppData\Local\Eclipse
2013-12-11 12:59 - 2011-04-14 15:11 - 00000000 ____D C:\Users\user\AppData\Local\Microsoft Games
2013-12-11 11:56 - 2013-12-11 11:56 - 00000000 ____D C:\Users\user\AppData\Roaming\Avira
2013-12-11 11:50 - 2012-10-15 21:43 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2013-12-11 11:50 - 2011-04-01 16:42 - 00000000 ___RD C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-12-11 11:38 - 2013-12-11 11:38 - 00000000 ____D C:\Program Files (x86)\Avira
2013-12-11 11:38 - 2011-10-13 17:26 - 00000000 ____D C:\ProgramData\Avira
2013-12-11 11:36 - 2013-12-11 11:34 - 128337920 _____ C:\Users\user\Downloads\avira_free_antivirus_de.exe
2013-12-11 11:35 - 2011-03-03 04:04 - 00000000 ____D C:\ProgramData\Sony Corporation
2013-12-11 11:34 - 2012-01-09 22:13 - 00000000 ____D C:\Windows\System32\Tasks\Sony Corporation
2013-12-11 11:34 - 2011-03-03 04:04 - 00000000 ____D C:\Program Files\Sony
2013-12-11 11:34 - 2011-03-03 03:52 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-12-11 11:31 - 2012-01-09 21:50 - 00000000 ____D C:\Update
2013-12-11 11:00 - 2013-12-11 11:00 - 03541544 _____ (Piriform Ltd) C:\Users\user\Downloads\ccsetup408_slim.exe
2013-12-11 10:54 - 2012-01-09 16:11 - 00000000 ____D C:\Users\user\AppData\Local\Apps\2.0
2013-12-11 10:51 - 2011-07-30 14:41 - 01560410 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-12-11 10:50 - 2013-12-11 10:26 - 00000000 ____D C:\ComboFix
2013-12-11 10:50 - 2013-12-11 10:25 - 00000000 ____D C:\Qoobox
2013-12-11 10:50 - 2009-07-14 04:20 - 00000000 __RHD C:\Users\Default
2013-12-11 10:49 - 2013-12-11 10:49 - 00034632 _____ C:\ComboFix.txt
2013-12-11 10:47 - 2013-12-11 10:25 - 00000000 ____D C:\Windows\erdnt
2013-12-11 10:43 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini
2013-12-11 10:41 - 2009-07-14 03:34 - 84934656 _____ C:\Windows\system32\config\SOFTWARE.bak
2013-12-11 10:41 - 2009-07-14 03:34 - 25427968 _____ C:\Windows\system32\config\SYSTEM.bak
2013-12-11 10:41 - 2009-07-14 03:34 - 01048576 _____ C:\Windows\system32\config\DEFAULT.bak
2013-12-11 10:41 - 2009-07-14 03:34 - 00262144 _____ C:\Windows\system32\config\SECURITY.bak
2013-12-11 10:41 - 2009-07-14 03:34 - 00262144 _____ C:\Windows\system32\config\SAM.bak
2013-12-11 10:22 - 2013-12-11 10:22 - 05153140 ____R (Swearware) C:\Users\user\Desktop\ComboFix.exe
2013-12-11 03:03 - 2013-11-30 08:01 - 00013495 _____ C:\Windows\IE11_main.log
2013-12-10 16:48 - 2013-12-10 16:48 - 00019355 _____ C:\Users\user\Downloads\Logs.7z
2013-12-10 16:37 - 2013-12-10 16:37 - 01110476 _____ C:\Users\user\Downloads\7z920.exe
2013-12-10 16:37 - 2013-12-10 16:37 - 00000000 ____D C:\Program Files (x86)\7-Zip
2013-12-10 16:18 - 2013-12-10 16:18 - 00084010 _____ C:\Users\user\Downloads\Gmer.log
2013-12-10 15:53 - 2013-12-10 13:31 - 00000871 _____ C:\Users\user\AppData\Roaming\Sample.lnk
2013-12-10 15:51 - 2013-12-10 15:51 - 00274152 _____ C:\Windows\Minidump\121013-18891-01.dmp
2013-12-10 15:51 - 2011-10-13 17:19 - 505453101 _____ C:\Windows\MEMORY.DMP
2013-12-10 15:51 - 2011-10-13 17:19 - 00000000 ____D C:\Windows\Minidump
2013-12-10 15:11 - 2013-12-10 15:11 - 00274152 _____ C:\Windows\Minidump\121013-23337-01.dmp
2013-12-10 14:36 - 2013-12-10 14:36 - 00377856 _____ C:\Users\user\Downloads\gmer_2.1.19163.exe
2013-12-10 14:34 - 2013-12-10 14:34 - 00031525 _____ C:\Users\user\Downloads\Addition.txt
2013-12-10 14:30 - 2013-12-10 14:09 - 00000522 _____ C:\Users\user\Downloads\defogger_disable.log
2013-12-10 14:09 - 2013-12-10 14:09 - 00050477 _____ C:\Users\user\Downloads\Defogger.exe
2013-12-10 14:09 - 2013-12-10 14:09 - 00000188 _____ C:\Users\user\defogger_reenable
2013-12-09 19:39 - 2012-01-09 16:11 - 00036232 _____ C:\Windows\avmacc.log
2013-12-09 14:50 - 2013-12-09 14:50 - 00000000 ____D C:\Users\user\.argouml
2013-12-09 14:49 - 2013-12-09 14:49 - 00002213 _____ C:\Users\user\Desktop\ArgoUML.lnk
2013-12-09 14:49 - 2013-12-09 14:49 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ArgoUML
2013-12-09 14:49 - 2013-12-09 14:49 - 00000000 ____D C:\Program Files (x86)\ArgoUML
2013-12-09 14:35 - 2011-03-03 04:02 - 00000000 ____D C:\Program Files (x86)\Java
2013-12-09 14:32 - 2013-12-09 14:31 - 16530652 _____ C:\Users\user\Downloads\ArgoUML-0.34-setup.exe
2013-12-09 11:01 - 2013-12-06 13:17 - 00000151 _____ C:\Users\user\Desktop\Mitbringsel.txt
2013-12-06 12:49 - 2013-12-06 12:48 - 00000043 _____ C:\Users\user\Desktop\Pflichtenehft.txt
2013-12-02 16:38 - 2011-08-04 14:54 - 00000000 ____D C:\Users\user\Documents\Freizeit
2013-11-30 21:45 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2013-11-30 08:17 - 2011-07-31 15:13 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-11-30 08:00 - 2009-07-14 03:34 - 00000510 _____ C:\Windows\win.ini
2013-11-29 08:50 - 2013-11-29 08:50 - 19875432 _____ (Skype Technologies S.A.) C:\Users\user\Downloads\Skype.exe
2013-11-28 13:59 - 2013-10-21 17:09 - 00000000 ____D C:\Users\user\AppData\Roaming\vlc
2013-11-27 23:07 - 2013-11-27 23:07 - 00001136 _____ C:\Users\user\Desktop\Dokumente - Verknüpfung.lnk
2013-11-26 12:19 - 2013-12-11 11:38 - 00132600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-11-26 12:19 - 2013-12-11 11:38 - 00107416 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-11-26 12:19 - 2013-12-11 11:38 - 00083160 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-11-26 12:19 - 2013-12-11 11:38 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-11-25 13:22 - 2011-07-31 15:13 - 00000000 ____D C:\Users\user\AppData\Local\Microsoft Help
2013-11-25 12:32 - 2011-11-07 12:01 - 00000000 ____D C:\JAVAWORK
2013-11-21 17:47 - 2013-11-21 17:47 - 00000672 _____ C:\Users\user\Desktop\luna.lnk
2013-11-20 16:01 - 2013-08-02 16:19 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Active@ ISO Burner
2013-11-20 15:47 - 2011-04-12 11:09 - 00000000 ____D C:\Users\user\AppData\Local\Sony Corporation
2013-11-20 15:40 - 2012-05-27 19:19 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-11-20 15:39 - 2013-11-20 15:39 - 00003114 _____ C:\Windows\System32\Tasks\{8E8E6C90-1937-4189-A3C5-D35B328A10CF}
2013-11-20 15:38 - 2011-03-03 04:04 - 00000000 ____D C:\Windows\System32\Tasks\SONY
2013-11-20 15:37 - 2011-03-03 04:04 - 00000000 ____D C:\Program Files (x86)\Sony
2013-11-20 11:06 - 2013-10-11 12:07 - 00000000 ____D C:\Users\user\AppData\Roaming\Oracle
2013-11-19 09:51 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-11-17 19:13 - 2011-03-03 04:28 - 00426708 _____ C:\Windows\DirectX.log
2013-11-17 19:09 - 2012-05-30 17:40 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2013-11-17 19:09 - 2011-04-01 16:42 - 00000000 ____D C:\Users\user\AppData\Local\VirtualStore
2013-11-17 19:07 - 2013-11-17 19:07 - 00000000 ____D C:\Team17
2013-11-17 03:03 - 2013-11-17 03:03 - 00296728 _____ C:\Windows\Minidump\111713-21044-01.dmp
2013-11-16 21:58 - 2013-11-16 21:57 - 00000000 ____D C:\Users\user\AppData\Roaming\dvdcss
2013-11-15 10:17 - 2011-07-30 16:47 - 00022237 _____ C:\test.xml
2013-11-14 23:20 - 2013-07-14 02:02 - 00000000 ____D C:\Windows\system32\MRT
2013-11-14 23:17 - 2011-12-18 14:09 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-11-14 09:42 - 2013-11-14 09:42 - 00000000 ____D C:\Users\user\AppData\Local\e-academy Inc
2013-11-12 14:23 - 2012-11-26 22:26 - 00000000 ____D C:\Eclipse

Some content of TEMP:
====================
C:\Users\user\AppData\Local\Temp\avgnt.exe
C:\Users\user\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-12-10 03:28

==================== End Of Log ============================
--- --- ---

schrauber 13.12.2013 09:09

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

Sabomnim 14.12.2013 16:17
Hier ESET (den ich aber nach über 3 Stunden mal stoppen wollte, und er hat dann gleich ganz aufgehört... bis dato aber auch null gefunden)

Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=bd6cf39a3d7b024e9947b31dbb502c63
# engine=16253
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-12-13 12:10:53
# local_time=2013-12-13 01:10:53 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 94 62307 1475485 55073 0
# compatibility_mode=5893 16776574 100 94 178576 138566503 0 0
# scanned=107952
# found=0
# cleaned=0
# scan_time=10816
Hier der Security Check Log


Code:
Results of screen317's Security Check version 0.99.77 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 10 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Avira Desktop 
 Antivirus up to date! 
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware Version 1.75.0.1300 
 Java(TM) 6 Update 29 
 Java 7 Update 11 
 Java version out of Date!
  Adobe Flash Player 11.4.402.287 Flash Player out of Date! 
 Adobe Reader 9 Adobe Reader out of Date!
 Mozilla Firefox 15.0.1 Firefox out of Date! 
 Google Chrome 21.0.1180.83 
 Google Chrome 21.0.1180.89 
````````Process Check: objlist.exe by Laurent```````` 
 Malwarebytes Anti-Malware mbamservice.exe 
 Malwarebytes Anti-Malware mbamgui.exe 
 Avira Antivir avgnt.exe
 Avira Antivir avguard.exe
 Malwarebytes' Anti-Malware mbamscheduler.exe 
 Symantec Norton Online Backup NOBuAgent.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 
````````````````````End of Log``````````````````````
und eine frische FRST


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-12-2013 01
Ran by user (administrator) on MICHI on 14-12-2013 16:07:08
Running from C:\Users\user\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(HP) C:\Windows\System32\HPSIsvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
() C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESGfxMgr.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Oracle Corporation) C:\Program Files (x86)\MySQL\MySQL Notifier 1.1.4\MySQLNotifier.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
() C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
(Dropbox, Inc.) C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
(AVM Berlin) C:\Users\user\AppData\Local\Apps\2.0\2WKNH6GK.2LB\MCKBHXHJ.PWY\frit..tion_1acae14e4778b8d2_0002.0003_7c9366a34786c7f9\fritzbox-usb-fernanschluss.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277992 2011-11-15] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2283816 2010-11-18] (Synaptics Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [497648 2010-07-29] (Adobe Systems Incorporated)
HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277992 2011-11-15] (Realtek Semiconductor)
HKCU\...\Run: [Facebook Update] - C:\Users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-12] (Facebook Inc.)
HKCU\...\Run: [AVMUSBFernanschluss] - C:\Users\user\AppData\Local\Apps\2.0\2WKNH6GK.2LB\MCKBHXHJ.PWY\frit..tion_1acae14e4778b8d2_0002.0003_7c9366a34786c7f9\AVMAutoStart.exe [139264 2013-12-14] (AVM Berlin)
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19875432 2013-06-21] (Skype Technologies S.A.)
HKCU\...\Run: [MySQL Notifier] - C:\Program Files (x86)\MySQL\MySQL Notifier 1.1.4\MySQLNotifier.exe [762368 2013-07-05] (Oracle Corporation)
HKCU\...\Policies\system: [DisableLockWorkstation] 0
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-09-13] (Intel Corporation)
HKLM-x32\...\Run: [Norton Online Backup] - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-01-27] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM-x32\...\Run: [PDFPrint] - C:\Program Files (x86)\PDF24\pdf24.exe [163000 2012-12-12] (Geek Software GmbH)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [683576 2013-11-26] (Avira Operations GmbH & Co. KG)
AppInit_DLLs:  c:\progra~2\sophos\sophos~1\sophos_detoured_x64.dll [ ] ()
Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {21E65FE6-8C22-4527-8D3D-77E7D924299D} URL = hxxp://rover.ebay.com/rover/1/707-37276-16609-16/4?mpre=hxxp://shop.ebay.de/?_nkw={searchTerms}
SearchScopes: HKCU - {C73F90D8-128A-4161-AA44-82A1E0595562} URL = hxxp://services.zinio.com/search?s={searchTerms}&rf=sonyslices
SearchScopes: HKCU - {DD469079-DD4D-4DC2-8FB6-9AB2B562859C} URL = hxxp://de.shopping.com/?linkin_id=8056363
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fq22leav.default
FF NewTab: about:blank
FF SelectedSearchEngine: Google
FF NetworkProxy: "no_proxies_on", "localho,t,127.0.0.1,*.local"
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll ()
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.11.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.11.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\user\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
FF Extension: anonymoX - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fq22leav.default\Extensions\client@anonymox.net
FF Extension: client - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fq22leav.default\Extensions\client@anonymox.net.xpi
FF Extension: DVDVideoSoft Menu - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fq22leav.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi

Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://golem.de/"
CHR DefaultSearchKeyword: google.de
CHR DefaultSearchProvider: Google
CHR DefaultSearchURL: {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\gcswf32.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\user\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.290.11) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U29) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\user\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Extension: (ProxTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek\1.2.6_0
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (AdBlock) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.54_0
CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-11-26] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-26] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1164360 2013-11-26] (Avira Operations GmbH & Co. KG)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MotoHelper; C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [226624 2011-01-27] ()
S3 MySQL56; C:\ProgramData\MySQL\MySQL Server 5.6\my.ini [14236 2013-10-11] ()
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.)
S3 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [887000 2011-01-20] (Sony Corporation)
R3 VUAgent; C:\Program Files\Sony\VAIO Update\VUAgent.exe [1368624 2013-08-01] (Sony Corporation)

==================== Drivers (Whitelisted) ====================

R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [107416 2013-11-26] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132600 2013-11-26] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-26] (Avira Operations GmbH & Co. KG)
R3 avmaudio; C:\Windows\System32\DRIVERS\avmaudio.sys [116480 2012-12-22] (AVM Berlin)
R3 avmaura; C:\Windows\System32\DRIVERS\avmaura.sys [116480 2012-12-22] (AVM Berlin)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [83160 2013-11-26] (Avira Operations GmbH & Co. KG)
R1 cnnctfy2; C:\Windows\System32\DRIVERS\cnnctfy2.sys [31344 2013-01-15] (Connectify)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-05-28] (DT Soft Ltd)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2012-12-24] (Marvell Semiconductor, Inc.)
R2 risdsnpe; C:\Windows\system32\drivers\risdsnxc64.sys [98816 2010-12-27] (REDC)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2013-07-16] (Duplex Secure Ltd.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 vpnva; system32\DRIVERS\vpnva64.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-13 13:13 - 2013-12-13 13:13 - 00891200 _____ C:\Users\user\Desktop\SecurityCheck.exe
2013-12-13 11:41 - 2013-12-13 11:41 - 00000000 ____D C:\Windows\Sun
2013-12-13 10:08 - 2013-12-13 10:08 - 02347384 _____ (ESET) C:\Users\user\Downloads\esetsmartinstaller_enu.exe
2013-12-12 14:16 - 2013-12-12 14:17 - 00001594 _____ C:\Windows\VPNUnInstall.MIF
2013-12-12 13:15 - 2013-12-12 13:15 - 00045287 _____ C:\Users\user\Downloads\FRST2.txt
2013-12-12 13:13 - 2013-12-14 16:07 - 00000000 ____D C:\Users\user\Downloads\FRST-OlderVersion
2013-12-12 13:04 - 2013-12-12 13:04 - 00000000 ____D C:\Windows\ERUNT
2013-12-12 13:03 - 2013-12-12 13:03 - 01034531 _____ (Thisisu) C:\Users\user\Downloads\JRT.exe
2013-12-12 12:56 - 2013-12-12 12:57 - 00000000 ____D C:\AdwCleaner
2013-12-12 12:55 - 2013-12-12 12:56 - 01226802 _____ C:\Users\user\Downloads\adwcleaner.exe
2013-12-12 12:36 - 2013-12-12 12:36 - 00000000 ____D C:\Users\user\AppData\Roaming\Malwarebytes
2013-12-12 12:35 - 2013-12-12 12:35 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-12-12 12:35 - 2013-12-12 12:35 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-12 12:35 - 2013-12-12 12:35 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-12 12:35 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-12-12 12:32 - 2013-12-12 12:32 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\user\Downloads\mbam-setup-1.75.0.1300.exe
2013-12-11 11:56 - 2013-12-11 11:56 - 00000000 ____D C:\Users\user\AppData\Roaming\Avira
2013-12-11 11:38 - 2013-12-11 11:38 - 00000000 ____D C:\Program Files (x86)\Avira
2013-12-11 11:38 - 2013-11-26 12:19 - 00132600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-12-11 11:38 - 2013-11-26 12:19 - 00107416 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-12-11 11:38 - 2013-11-26 12:19 - 00083160 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-12-11 11:38 - 2013-11-26 12:19 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-12-11 11:34 - 2013-12-11 11:36 - 128337920 _____ C:\Users\user\Downloads\avira_free_antivirus_de.exe
2013-12-11 11:00 - 2013-12-11 11:00 - 03541544 _____ (Piriform Ltd) C:\Users\user\Downloads\ccsetup408_slim.exe
2013-12-11 10:49 - 2013-12-11 10:49 - 00034632 _____ C:\ComboFix.txt
2013-12-11 10:26 - 2013-12-11 10:50 - 00000000 ____D C:\ComboFix
2013-12-11 10:26 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2013-12-11 10:25 - 2013-12-11 10:50 - 00000000 ____D C:\Qoobox
2013-12-11 10:25 - 2013-12-11 10:47 - 00000000 ____D C:\Windows\erdnt
2013-12-11 10:25 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2013-12-11 10:25 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-12-11 10:25 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-12-11 10:25 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2013-12-11 10:25 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2013-12-11 10:25 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2013-12-11 10:22 - 2013-12-11 10:22 - 05153140 ____R (Swearware) C:\Users\user\Desktop\ComboFix.exe
2013-12-10 16:48 - 2013-12-10 16:48 - 00019355 _____ C:\Users\user\Downloads\Logs.7z
2013-12-10 16:37 - 2013-12-10 16:37 - 01110476 _____ C:\Users\user\Downloads\7z920.exe
2013-12-10 16:37 - 2013-12-10 16:37 - 00000000 ____D C:\Program Files (x86)\7-Zip
2013-12-10 16:18 - 2013-12-10 16:18 - 00084010 _____ C:\Users\user\Downloads\Gmer.log
2013-12-10 15:51 - 2013-12-10 15:51 - 00274152 _____ C:\Windows\Minidump\121013-18891-01.dmp
2013-12-10 15:11 - 2013-12-10 15:11 - 00274152 _____ C:\Windows\Minidump\121013-23337-01.dmp
2013-12-10 14:36 - 2013-12-10 14:36 - 00377856 _____ C:\Users\user\Downloads\gmer_2.1.19163.exe
2013-12-10 14:34 - 2013-12-10 14:34 - 00031525 _____ C:\Users\user\Downloads\Addition.txt
2013-12-10 14:32 - 2013-12-14 16:07 - 00020231 _____ C:\Users\user\Downloads\FRST.txt
2013-12-10 14:32 - 2013-12-14 16:07 - 00000000 ____D C:\FRST
2013-12-10 14:31 - 2013-12-14 16:07 - 01927796 _____ (Farbar) C:\Users\user\Downloads\FRST64.exe
2013-12-10 14:09 - 2013-12-10 14:30 - 00000522 _____ C:\Users\user\Downloads\defogger_disable.log
2013-12-10 14:09 - 2013-12-10 14:09 - 00050477 _____ C:\Users\user\Downloads\Defogger.exe
2013-12-10 14:09 - 2013-12-10 14:09 - 00000188 _____ C:\Users\user\defogger_reenable
2013-12-10 13:31 - 2013-12-10 15:53 - 00000871 _____ C:\Users\user\AppData\Roaming\Sample.lnk
2013-12-09 14:50 - 2013-12-09 14:50 - 00000000 ____D C:\Users\user\.argouml
2013-12-09 14:31 - 2013-12-09 14:32 - 16530652 _____ C:\Users\user\Downloads\ArgoUML-0.34-setup.exe
2013-12-06 13:17 - 2013-12-13 12:58 - 00000200 _____ C:\Users\user\Desktop\Mitbringsel.txt
2013-11-30 08:01 - 2013-12-11 03:03 - 00013495 _____ C:\Windows\IE11_main.log
2013-11-29 08:50 - 2013-11-29 08:50 - 19875432 _____ (Skype Technologies S.A.) C:\Users\user\Downloads\Skype.exe
2013-11-27 23:07 - 2013-11-27 23:07 - 00001136 _____ C:\Users\user\Desktop\Dokumente - Verknüpfung.lnk
2013-11-21 17:47 - 2013-11-21 17:47 - 00000672 _____ C:\Users\user\Desktop\luna.lnk
2013-11-20 15:39 - 2013-11-20 15:39 - 00003114 _____ C:\Windows\System32\Tasks\{8E8E6C90-1937-4189-A3C5-D35B328A10CF}
2013-11-17 19:07 - 2013-11-17 19:07 - 00000000 ____D C:\Team17
2013-11-17 03:03 - 2013-11-17 03:03 - 00296728 _____ C:\Windows\Minidump\111713-21044-01.dmp
2013-11-16 21:57 - 2013-11-16 21:58 - 00000000 ____D C:\Users\user\AppData\Roaming\dvdcss
2013-11-14 23:23 - 2013-10-12 09:45 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-14 23:23 - 2013-10-12 09:45 - 01364992 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-14 23:23 - 2013-10-12 09:45 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-14 23:23 - 2013-10-12 09:43 - 19269632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-14 23:23 - 2013-10-12 09:43 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-14 23:23 - 2013-10-12 09:43 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-14 23:23 - 2013-10-12 09:43 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-14 23:23 - 2013-10-12 09:43 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-14 23:23 - 2013-10-12 09:43 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-14 23:23 - 2013-10-12 09:43 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-14 23:23 - 2013-10-12 09:43 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-14 23:23 - 2013-10-12 09:43 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-14 23:23 - 2013-10-12 09:43 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-14 23:23 - 2013-10-12 09:43 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-14 23:23 - 2013-10-12 08:03 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-14 23:23 - 2013-10-12 08:03 - 01138176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-14 23:23 - 2013-10-12 08:02 - 14355968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-14 23:23 - 2013-10-12 08:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-14 23:23 - 2013-10-12 08:02 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-14 23:23 - 2013-10-12 08:02 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-14 23:23 - 2013-10-12 08:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-14 23:23 - 2013-10-12 08:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-14 23:23 - 2013-10-12 08:02 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-14 23:23 - 2013-10-12 08:02 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-14 23:23 - 2013-10-12 08:02 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-14 23:23 - 2013-10-12 08:02 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-14 23:23 - 2013-10-12 08:02 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-14 23:23 - 2013-10-12 07:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-14 23:23 - 2013-10-12 07:08 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-14 23:23 - 2013-10-12 06:44 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-14 23:23 - 2013-10-12 06:15 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-14 09:42 - 2013-11-14 09:42 - 00000000 ____D C:\Users\user\AppData\Local\e-academy Inc
2013-11-14 08:48 - 2013-10-12 03:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-11-14 08:48 - 2013-10-12 03:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-14 08:48 - 2013-10-12 03:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-14 08:48 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-11-14 08:48 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-11-14 08:48 - 2013-10-05 21:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-14 08:48 - 2013-10-05 20:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-14 08:48 - 2013-10-04 03:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-11-14 08:48 - 2013-10-04 03:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-11-14 08:48 - 2013-10-04 03:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-14 08:48 - 2013-10-04 02:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2013-11-14 08:48 - 2013-10-04 02:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-14 08:48 - 2013-10-04 02:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2013-11-14 08:48 - 2013-10-03 03:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-14 08:48 - 2013-10-03 03:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-14 08:48 - 2013-09-28 02:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-11-14 08:48 - 2013-09-25 03:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-11-14 08:48 - 2013-09-25 03:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-11-14 08:48 - 2013-09-25 03:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-11-14 08:48 - 2013-09-25 03:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-11-14 08:48 - 2013-09-25 03:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-11-14 08:48 - 2013-09-25 03:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-14 08:48 - 2013-09-25 03:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-11-14 08:48 - 2013-09-25 03:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-11-14 08:48 - 2013-09-25 02:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-11-14 08:48 - 2013-09-25 02:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-14 08:48 - 2013-09-25 02:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-11-14 08:48 - 2013-09-25 02:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-11-14 08:48 - 2013-09-25 02:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-11-14 08:48 - 2013-07-04 13:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys

==================== One Month Modified Files and Folders =======

2013-12-14 16:08 - 2013-12-10 14:32 - 00020231 _____ C:\Users\user\Downloads\FRST.txt
2013-12-14 16:07 - 2013-12-12 13:13 - 00000000 ____D C:\Users\user\Downloads\FRST-OlderVersion
2013-12-14 16:07 - 2013-12-10 14:32 - 00000000 ____D C:\FRST
2013-12-14 16:07 - 2013-12-10 14:31 - 01927796 _____ (Farbar) C:\Users\user\Downloads\FRST64.exe
2013-12-14 16:02 - 2011-09-05 17:42 - 00000000 ____D C:\Users\user\Documents\Outlook-Dateien
2013-12-14 13:18 - 2009-07-14 05:45 - 00013664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-14 13:18 - 2009-07-14 05:45 - 00013664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-14 13:16 - 2011-03-03 12:42 - 00669482 _____ C:\Windows\system32\perfh007.dat
2013-12-14 13:16 - 2011-03-03 12:42 - 00136570 _____ C:\Windows\system32\perfc007.dat
2013-12-14 13:16 - 2009-07-14 06:13 - 01540000 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-14 13:15 - 2011-04-01 16:39 - 01775462 _____ C:\Windows\WindowsUpdate.log
2013-12-14 13:12 - 2011-07-31 18:20 - 00000000 ____D C:\Users\user\AppData\Roaming\Skype
2013-12-14 13:11 - 2013-01-15 12:36 - 00000433 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2013-12-14 13:11 - 2012-10-15 21:42 - 00000000 ____D C:\Users\user\AppData\Roaming\Dropbox
2013-12-14 13:11 - 2012-01-09 16:11 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FRITZ!Box
2013-12-14 13:11 - 2012-01-09 16:11 - 00000000 ____D C:\Users\user\AppData\Local\Deployment
2013-12-14 13:10 - 2012-10-15 21:46 - 00000000 ___RD C:\Users\user\DropBox
2013-12-14 13:09 - 2011-03-03 04:48 - 00192448 _____ C:\Windows\PFRO.log
2013-12-14 13:09 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-14 13:09 - 2009-07-14 05:51 - 00170448 _____ C:\Windows\setupact.log
2013-12-14 13:09 - 2009-07-14 05:45 - 00444632 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-14 13:06 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2013-12-14 03:07 - 2011-09-07 20:05 - 00001134 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1197489842-2163357240-3087932191-1000UA.job
2013-12-14 03:07 - 2011-09-07 20:05 - 00001112 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1197489842-2163357240-3087932191-1000Core.job
2013-12-13 13:13 - 2013-12-13 13:13 - 00891200 _____ C:\Users\user\Desktop\SecurityCheck.exe
2013-12-13 12:58 - 2013-12-06 13:17 - 00000200 _____ C:\Users\user\Desktop\Mitbringsel.txt
2013-12-13 12:57 - 2012-06-19 17:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-13 11:41 - 2013-12-13 11:41 - 00000000 ____D C:\Windows\Sun
2013-12-13 10:33 - 2013-10-31 15:39 - 00000000 ____D C:\Users\user\AppData\Local\Eclipse
2013-12-13 10:08 - 2013-12-13 10:08 - 02347384 _____ (ESET) C:\Users\user\Downloads\esetsmartinstaller_enu.exe
2013-12-12 21:50 - 2013-10-21 17:09 - 00000000 ____D C:\Users\user\AppData\Roaming\vlc
2013-12-12 18:56 - 2011-04-01 16:40 - 00119624 _____ C:\Users\user\AppData\Local\GDIPFONTCACHEV1.DAT
2013-12-12 14:40 - 2011-03-03 03:52 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-12-12 14:35 - 2012-01-09 22:13 - 00000000 ____D C:\Windows\System32\Tasks\Sony Corporation
2013-12-12 14:35 - 2011-03-03 04:04 - 00000000 ____D C:\Program Files\Sony
2013-12-12 14:30 - 2011-03-03 04:04 - 00000000 ____D C:\Program Files (x86)\Sony
2013-12-12 14:29 - 2011-04-01 16:40 - 00000000 ____D C:\Users\user\AppData\Roaming\Sony Corporation
2013-12-12 14:20 - 2011-03-03 04:35 - 00000000 ____D C:\Program Files (x86)\Downloaded Installations
2013-12-12 14:19 - 2012-10-05 09:21 - 00000000 ____D C:\ProgramData\Cisco
2013-12-12 14:19 - 2012-10-05 09:21 - 00000000 ____D C:\Program Files (x86)\Cisco
2013-12-12 14:17 - 2013-12-12 14:16 - 00001594 _____ C:\Windows\VPNUnInstall.MIF
2013-12-12 14:15 - 2011-07-31 10:58 - 00000000 ____D C:\Users\user\AppData\Roaming\Adobe
2013-12-12 13:15 - 2013-12-12 13:15 - 00045287 _____ C:\Users\user\Downloads\FRST2.txt
2013-12-12 13:04 - 2013-12-12 13:04 - 00000000 ____D C:\Windows\ERUNT
2013-12-12 13:03 - 2013-12-12 13:03 - 01034531 _____ (Thisisu) C:\Users\user\Downloads\JRT.exe
2013-12-12 12:57 - 2013-12-12 12:56 - 00000000 ____D C:\AdwCleaner
2013-12-12 12:56 - 2013-12-12 12:55 - 01226802 _____ C:\Users\user\Downloads\adwcleaner.exe
2013-12-12 12:36 - 2013-12-12 12:36 - 00000000 ____D C:\Users\user\AppData\Roaming\Malwarebytes
2013-12-12 12:35 - 2013-12-12 12:35 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-12-12 12:35 - 2013-12-12 12:35 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-12 12:35 - 2013-12-12 12:35 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-12 12:32 - 2013-12-12 12:32 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\user\Downloads\mbam-setup-1.75.0.1300.exe
2013-12-11 12:59 - 2011-04-14 15:11 - 00000000 ____D C:\Users\user\AppData\Local\Microsoft Games
2013-12-11 11:56 - 2013-12-11 11:56 - 00000000 ____D C:\Users\user\AppData\Roaming\Avira
2013-12-11 11:50 - 2012-10-15 21:43 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2013-12-11 11:50 - 2011-04-01 16:42 - 00000000 ___RD C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-12-11 11:38 - 2013-12-11 11:38 - 00000000 ____D C:\Program Files (x86)\Avira
2013-12-11 11:38 - 2011-10-13 17:26 - 00000000 ____D C:\ProgramData\Avira
2013-12-11 11:36 - 2013-12-11 11:34 - 128337920 _____ C:\Users\user\Downloads\avira_free_antivirus_de.exe
2013-12-11 11:35 - 2011-03-03 04:04 - 00000000 ____D C:\ProgramData\Sony Corporation
2013-12-11 11:31 - 2012-01-09 21:50 - 00000000 ____D C:\Update
2013-12-11 11:00 - 2013-12-11 11:00 - 03541544 _____ (Piriform Ltd) C:\Users\user\Downloads\ccsetup408_slim.exe
2013-12-11 10:54 - 2012-01-09 16:11 - 00000000 ____D C:\Users\user\AppData\Local\Apps\2.0
2013-12-11 10:51 - 2011-07-30 14:41 - 01560410 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-12-11 10:50 - 2013-12-11 10:26 - 00000000 ____D C:\ComboFix
2013-12-11 10:50 - 2013-12-11 10:25 - 00000000 ____D C:\Qoobox
2013-12-11 10:50 - 2009-07-14 04:20 - 00000000 __RHD C:\Users\Default
2013-12-11 10:49 - 2013-12-11 10:49 - 00034632 _____ C:\ComboFix.txt
2013-12-11 10:47 - 2013-12-11 10:25 - 00000000 ____D C:\Windows\erdnt
2013-12-11 10:43 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini
2013-12-11 10:41 - 2009-07-14 03:34 - 84934656 _____ C:\Windows\system32\config\SOFTWARE.bak
2013-12-11 10:41 - 2009-07-14 03:34 - 25427968 _____ C:\Windows\system32\config\SYSTEM.bak
2013-12-11 10:41 - 2009-07-14 03:34 - 01048576 _____ C:\Windows\system32\config\DEFAULT.bak
2013-12-11 10:41 - 2009-07-14 03:34 - 00262144 _____ C:\Windows\system32\config\SECURITY.bak
2013-12-11 10:41 - 2009-07-14 03:34 - 00262144 _____ C:\Windows\system32\config\SAM.bak
2013-12-11 10:22 - 2013-12-11 10:22 - 05153140 ____R (Swearware) C:\Users\user\Desktop\ComboFix.exe
2013-12-11 03:03 - 2013-11-30 08:01 - 00013495 _____ C:\Windows\IE11_main.log
2013-12-10 16:48 - 2013-12-10 16:48 - 00019355 _____ C:\Users\user\Downloads\Logs.7z
2013-12-10 16:37 - 2013-12-10 16:37 - 01110476 _____ C:\Users\user\Downloads\7z920.exe
2013-12-10 16:37 - 2013-12-10 16:37 - 00000000 ____D C:\Program Files (x86)\7-Zip
2013-12-10 16:18 - 2013-12-10 16:18 - 00084010 _____ C:\Users\user\Downloads\Gmer.log
2013-12-10 15:53 - 2013-12-10 13:31 - 00000871 _____ C:\Users\user\AppData\Roaming\Sample.lnk
2013-12-10 15:51 - 2013-12-10 15:51 - 00274152 _____ C:\Windows\Minidump\121013-18891-01.dmp
2013-12-10 15:51 - 2011-10-13 17:19 - 505453101 _____ C:\Windows\MEMORY.DMP
2013-12-10 15:51 - 2011-10-13 17:19 - 00000000 ____D C:\Windows\Minidump
2013-12-10 15:11 - 2013-12-10 15:11 - 00274152 _____ C:\Windows\Minidump\121013-23337-01.dmp
2013-12-10 14:36 - 2013-12-10 14:36 - 00377856 _____ C:\Users\user\Downloads\gmer_2.1.19163.exe
2013-12-10 14:34 - 2013-12-10 14:34 - 00031525 _____ C:\Users\user\Downloads\Addition.txt
2013-12-10 14:30 - 2013-12-10 14:09 - 00000522 _____ C:\Users\user\Downloads\defogger_disable.log
2013-12-10 14:09 - 2013-12-10 14:09 - 00050477 _____ C:\Users\user\Downloads\Defogger.exe
2013-12-10 14:09 - 2013-12-10 14:09 - 00000188 _____ C:\Users\user\defogger_reenable
2013-12-09 19:39 - 2012-01-09 16:11 - 00036232 _____ C:\Windows\avmacc.log
2013-12-09 14:50 - 2013-12-09 14:50 - 00000000 ____D C:\Users\user\.argouml
2013-12-09 14:35 - 2011-03-03 04:02 - 00000000 ____D C:\Program Files (x86)\Java
2013-12-09 14:32 - 2013-12-09 14:31 - 16530652 _____ C:\Users\user\Downloads\ArgoUML-0.34-setup.exe
2013-12-02 16:38 - 2011-08-04 14:54 - 00000000 ____D C:\Users\user\Documents\Freizeit
2013-11-30 08:17 - 2011-07-31 15:13 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-11-30 08:00 - 2009-07-14 03:34 - 00000510 _____ C:\Windows\win.ini
2013-11-29 08:50 - 2013-11-29 08:50 - 19875432 _____ (Skype Technologies S.A.) C:\Users\user\Downloads\Skype.exe
2013-11-27 23:07 - 2013-11-27 23:07 - 00001136 _____ C:\Users\user\Desktop\Dokumente - Verknüpfung.lnk
2013-11-26 12:19 - 2013-12-11 11:38 - 00132600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-11-26 12:19 - 2013-12-11 11:38 - 00107416 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-11-26 12:19 - 2013-12-11 11:38 - 00083160 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-11-26 12:19 - 2013-12-11 11:38 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-11-25 13:22 - 2011-07-31 15:13 - 00000000 ____D C:\Users\user\AppData\Local\Microsoft Help
2013-11-25 12:32 - 2011-11-07 12:01 - 00000000 ____D C:\JAVAWORK
2013-11-21 17:47 - 2013-11-21 17:47 - 00000672 _____ C:\Users\user\Desktop\luna.lnk
2013-11-20 16:01 - 2013-08-02 16:19 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Active@ ISO Burner
2013-11-20 15:47 - 2011-04-12 11:09 - 00000000 ____D C:\Users\user\AppData\Local\Sony Corporation
2013-11-20 15:40 - 2012-05-27 19:19 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-11-20 15:39 - 2013-11-20 15:39 - 00003114 _____ C:\Windows\System32\Tasks\{8E8E6C90-1937-4189-A3C5-D35B328A10CF}
2013-11-20 15:38 - 2011-03-03 04:04 - 00000000 ____D C:\Windows\System32\Tasks\SONY
2013-11-20 11:06 - 2013-10-11 12:07 - 00000000 ____D C:\Users\user\AppData\Roaming\Oracle
2013-11-19 09:51 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-11-17 19:13 - 2011-03-03 04:28 - 00426708 _____ C:\Windows\DirectX.log
2013-11-17 19:09 - 2012-05-30 17:40 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2013-11-17 19:09 - 2011-04-01 16:42 - 00000000 ____D C:\Users\user\AppData\Local\VirtualStore
2013-11-17 19:07 - 2013-11-17 19:07 - 00000000 ____D C:\Team17
2013-11-17 03:03 - 2013-11-17 03:03 - 00296728 _____ C:\Windows\Minidump\111713-21044-01.dmp
2013-11-16 21:58 - 2013-11-16 21:57 - 00000000 ____D C:\Users\user\AppData\Roaming\dvdcss
2013-11-15 10:17 - 2011-07-30 16:47 - 00022237 _____ C:\test.xml
2013-11-14 23:20 - 2013-07-14 02:02 - 00000000 ____D C:\Windows\system32\MRT
2013-11-14 23:17 - 2011-12-18 14:09 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-11-14 09:42 - 2013-11-14 09:42 - 00000000 ____D C:\Users\user\AppData\Local\e-academy Inc

Some content of TEMP:
====================
C:\Users\user\AppData\Local\Temp\avgnt.exe
C:\Users\user\AppData\Local\Temp\Quarantine.exe
C:\Users\user\AppData\Local\Temp\RdpUtils.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-12-10 03:28

==================== End Of Log ============================
--- --- ---



Mein Computer ist aber wieder fit, soweit ich weiß! Habe ja auch gefühlt 20 Logs erstellt :-D Vielen Dank! Oder siehst du noch was?

schrauber 15.12.2013 07:36
Java, Flash, Adobe, Firefox und WIndows updaten.

Fertig :)

Falls Du Lob oder Kritik loswerden möchtest kannst Du das hier tun :)


Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.


Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.


Alle Zeitangaben in WEZ +1. Es ist jetzt 16:28 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131