Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Ständig PUP.Optional.BonanzaDeals.A (https://www.trojaner-board.de/151974-staendig-pup-optional-bonanzadeals-a.html)

rsop 03.04.2014 17:48
Ständig PUP.Optional.BonanzaDeals.A
 
Hallo Leute,

ich habe heute das Scannen mit folgenden Programmen, in folgender Reihenfolge durchgeführt.

1.) Malwarebytes Anti Malware
2.) AdwCleaner
3.) Junkware Removal Tool


Ich habe dieses Forum leider zu spät gefunden, sonst hätte ich gar nicht erst auf eigene Faust gehandelt.

Logs sind ebenfalls in dieser Reihenfolge gepostet


Zitat:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 03.04.2014
Suchlauf-Zeit: 17:58:24
Logdatei: Malwarebytes.txt
Administrator: Ja

Version: 2.00.0.1000
Malware Datenbank: v2014.04.03.04
Rootkit Datenbank: v2014.03.27.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Chameleon: Deaktiviert

Betriebssystem: Windows 8
CPU: x64
Dateisystem: NTFS
Benutzer: Ralf

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 249940
Verstrichene Zeit: 8 Min, 43 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Shuriken: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 142
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\CLASSES\APPID\{9EA8702C-EEDB-4731-BE68-E9A167DD3597}, In Quarantäne, [22ce4dd81b60181e1d44c08239c9cc34],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\CLASSES\BonanzaDealsLiveUpdate.Update3COMClassService, In Quarantäne, [22ce4dd81b60181e1d44c08239c9cc34],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\CLASSES\BonanzaDealsLiveUpdate.Update3COMClassService.1.0, In Quarantäne, [22ce4dd81b60181e1d44c08239c9cc34],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\BonanzaDealsLiveUpdate.Update3COMClassService, In Quarantäne, [22ce4dd81b60181e1d44c08239c9cc34],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\BonanzaDealsLiveUpdate.Update3COMClassService.1.0, In Quarantäne, [22ce4dd81b60181e1d44c08239c9cc34],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{9EA8702C-EEDB-4731-BE68-E9A167DD3597}, In Quarantäne, [22ce4dd81b60181e1d44c08239c9cc34],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{9EA8702C-EEDB-4731-BE68-E9A167DD3597}, In Quarantäne, [22ce4dd81b60181e1d44c08239c9cc34],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\CLASSES\APPID\{D34F391D-4CB7-467F-A543-F583857C63B0}, In Quarantäne, [b7392df80c6f1b1b11547ac8d32f0ef2],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\CLASSES\BonanzaDealsLiveUpdate.OnDemandCOMClassSvc, In Quarantäne, [b7392df80c6f1b1b11547ac8d32f0ef2],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\CLASSES\BonanzaDealsLiveUpdate.OnDemandCOMClassSvc.1.0, In Quarantäne, [b7392df80c6f1b1b11547ac8d32f0ef2],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\BonanzaDealsLiveUpdate.OnDemandCOMClassSvc, In Quarantäne, [b7392df80c6f1b1b11547ac8d32f0ef2],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\BonanzaDealsLiveUpdate.OnDemandCOMClassSvc.1.0, In Quarantäne, [b7392df80c6f1b1b11547ac8d32f0ef2],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{D34F391D-4CB7-467F-A543-F583857C63B0}, In Quarantäne, [b7392df80c6f1b1b11547ac8d32f0ef2],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{D34F391D-4CB7-467F-A543-F583857C63B0}, In Quarantäne, [b7392df80c6f1b1b11547ac8d32f0ef2],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{118E1BF6-6279-432F-A285-373A77B90C7A}, In Quarantäne, [9f51ea3badce49ed035562e0f40ee719],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\CLASSES\BonanzaDealsLiveUpdate.Update3WebSvc.1.0, In Quarantäne, [9f51ea3badce49ed035562e0f40ee719],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\CLASSES\BonanzaDealsLiveUpdate.Update3WebSvc, In Quarantäne, [9f51ea3badce49ed035562e0f40ee719],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\BonanzaDealsLiveUpdate.Update3WebSvc, In Quarantäne, [9f51ea3badce49ed035562e0f40ee719],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\BonanzaDealsLiveUpdate.Update3WebSvc.1.0, In Quarantäne, [9f51ea3badce49ed035562e0f40ee719],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{14CEEA2F-3D21-46ED-A7D2-89056C520E5E}, In Quarantäne, [da16e63fccaf8caac3968db522e09769],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\CLASSES\BonanzaDealsLiveUpdate.ProcessLauncher.1.0, In Quarantäne, [da16e63fccaf8caac3968db522e09769],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\CLASSES\BonanzaDealsLiveUpdate.ProcessLauncher, In Quarantäne, [da16e63fccaf8caac3968db522e09769],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\BonanzaDealsLiveUpdate.ProcessLauncher, In Quarantäne, [da16e63fccaf8caac3968db522e09769],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\BonanzaDealsLiveUpdate.ProcessLauncher.1.0, In Quarantäne, [da16e63fccaf8caac3968db522e09769],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{1CC8D970-F626-4F19-815F-890032BB6606}, In Quarantäne, [27c9ac790f6c8ea8a9b13e04d929d22e],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\CLASSES\BonanzaDealsLiveUpdate.Update3WebMachine.1.0, In Quarantäne, [27c9ac790f6c8ea8a9b13e04d929d22e],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\CLASSES\BonanzaDealsLiveUpdate.Update3WebMachine, In Quarantäne, [27c9ac790f6c8ea8a9b13e04d929d22e],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\BonanzaDealsLiveUpdate.Update3WebMachine, In Quarantäne, [27c9ac790f6c8ea8a9b13e04d929d22e],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\BonanzaDealsLiveUpdate.Update3WebMachine.1.0, In Quarantäne, [27c9ac790f6c8ea8a9b13e04d929d22e],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{29494049-211F-4F5C-8545-7DA8BF7A6CF8}, In Quarantäne, [89670d184d2eba7c1b401c265da56d93],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\CLASSES\BonanzaDealsLive.OneClickCtrl.9, In Quarantäne, [89670d184d2eba7c1b401c265da56d93],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\BonanzaDealsLive.OneClickCtrl.9, In Quarantäne, [89670d184d2eba7c1b401c265da56d93],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{29494049-211F-4F5C-8545-7DA8BF7A6CF8}, In Quarantäne, [89670d184d2eba7c1b401c265da56d93],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{29494049-211F-4F5C-8545-7DA8BF7A6CF8}, In Quarantäne, [89670d184d2eba7c1b401c265da56d93],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{33BAF587-9647-4281-A34F-F4830CDC1B9F}, In Quarantäne, [a848fc290873f83e13497ec450b216ea],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\CLASSES\BonanzaDealsLive.OneClickProcessLauncherMachine.1.0, In Quarantäne, [a848fc290873f83e13497ec450b216ea],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\CLASSES\BonanzaDealsLive.OneClickProcessLauncherMachine, In Quarantäne, [a848fc290873f83e13497ec450b216ea],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\BonanzaDealsLive.OneClickProcessLauncherMachine, In Quarantäne, [a848fc290873f83e13497ec450b216ea],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\BonanzaDealsLive.OneClickProcessLauncherMachine.1.0, In Quarantäne, [a848fc290873f83e13497ec450b216ea],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{33BAF587-9647-4281-A34F-F4830CDC1B9F}, In Quarantäne, [a848fc290873f83e13497ec450b216ea],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{5B5E5D0E-7C83-4A32-ADD2-E5F488DD6783}, In Quarantäne, [5f91b570f6855fd75b028bb7ac564db3],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{6802463D-636F-41FE-9924-4CAD56906590}, In Quarantäne, [da165acbaecd0135520c0b374bb7fa06],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\CLASSES\BonanzaDealsLiveUpdate.OnDemandCOMClassMachine.1.0, In Quarantäne, [da165acbaecd0135520c0b374bb7fa06],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\CLASSES\BonanzaDealsLiveUpdate.OnDemandCOMClassMachine, In Quarantäne, [da165acbaecd0135520c0b374bb7fa06],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\BonanzaDealsLiveUpdate.OnDemandCOMClassMachine, In Quarantäne, [da165acbaecd0135520c0b374bb7fa06],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\BonanzaDealsLiveUpdate.OnDemandCOMClassMachine.1.0, In Quarantäne, [da165acbaecd0135520c0b374bb7fa06],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{806785D0-375F-4C2C-92E3-B8EE65D28E83}, In Quarantäne, [2dc3a184ff7cda5c72ed85bd13ef1ce4],
PUP.Optional.SearchGolTB.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{840A13FF-B464-4782-9C96-AAF3092E55DD}, In Quarantäne, [7e7231f4cab1cc6a58ec9ca6bf43738d],
PUP.Optional.SearchGolTB.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{88AF4F6A-C6B7-4229-9275-824E98BF97F9}, In Quarantäne, [7e7231f4cab1cc6a58ec9ca6bf43738d],
PUP.Optional.SearchGolTB.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{88AF4F6A-C6B7-4229-9275-824E98BF97F9}, In Quarantäne, [7e7231f4cab1cc6a58ec9ca6bf43738d],
PUP.Optional.SearchGolTB.A, HKLM\SOFTWARE\CLASSES\esrv.searchgolESrvc.1, In Quarantäne, [7e7231f4cab1cc6a58ec9ca6bf43738d],
PUP.Optional.SearchGolTB.A, HKLM\SOFTWARE\CLASSES\esrv.searchgolESrvc, In Quarantäne, [7e7231f4cab1cc6a58ec9ca6bf43738d],
PUP.Optional.SearchGolTB.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\esrv.searchgolESrvc, In Quarantäne, [7e7231f4cab1cc6a58ec9ca6bf43738d],
PUP.Optional.SearchGolTB.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\esrv.searchgolESrvc.1, In Quarantäne, [7e7231f4cab1cc6a58ec9ca6bf43738d],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{944661E7-67B9-4DF7-BFF2-05388C166D34}, In Quarantäne, [c42cb96c6b108da9d18f281acc36f808],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\CLASSES\BonanzaDealsLiveUpdate.CoreMachineClass.1, In Quarantäne, [c42cb96c6b108da9d18f281acc36f808],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\CLASSES\BonanzaDealsLiveUpdate.CoreMachineClass, In Quarantäne, [c42cb96c6b108da9d18f281acc36f808],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\BonanzaDealsLiveUpdate.CoreMachineClass, In Quarantäne, [c42cb96c6b108da9d18f281acc36f808],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\BonanzaDealsLiveUpdate.CoreMachineClass.1, In Quarantäne, [c42cb96c6b108da9d18f281acc36f808],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{A7CF66EF-4F0D-46B1-AF71-A500378D6C34}, In Quarantäne, [539d2500b2c92a0cc49e81c153af8c74],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\CLASSES\BonanzaDealsLiveUpdate.CoreClass.1, In Quarantäne, [539d2500b2c92a0cc49e81c153af8c74],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\CLASSES\BonanzaDealsLiveUpdate.CoreClass, In Quarantäne, [539d2500b2c92a0cc49e81c153af8c74],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\BonanzaDealsLiveUpdate.CoreClass, In Quarantäne, [539d2500b2c92a0cc49e81c153af8c74],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\BonanzaDealsLiveUpdate.CoreClass.1, In Quarantäne, [539d2500b2c92a0cc49e81c153af8c74],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{B71934E5-6B93-448D-9D32-CBAA5150C5D8}, In Quarantäne, [727e3ee76516d95d5310340ea75b59a7],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\CLASSES\BonanzaDealsLiveUpdate.OnDemandCOMClassMachineFallback.1.0, In Quarantäne, [727e3ee76516d95d5310340ea75b59a7],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\CLASSES\BonanzaDealsLiveUpdate.OnDemandCOMClassMachineFallback, In Quarantäne, [727e3ee76516d95d5310340ea75b59a7],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\BonanzaDealsLiveUpdate.OnDemandCOMClassMachineFallback, In Quarantäne, [727e3ee76516d95d5310340ea75b59a7],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\BonanzaDealsLiveUpdate.OnDemandCOMClassMachineFallback.1.0, In Quarantäne, [727e3ee76516d95d5310340ea75b59a7],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{C4BEF720-313C-420A-ACF6-77DD95D8F553}, In Quarantäne, [7c74e93c6f0c3afc8fd5af93c43e6997],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\CLASSES\BonanzaDealsLive.Update3WebControl.3, In Quarantäne, [7c74e93c6f0c3afc8fd5af93c43e6997],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\BonanzaDealsLive.Update3WebControl.3, In Quarantäne, [7c74e93c6f0c3afc8fd5af93c43e6997],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C4BEF720-313C-420A-ACF6-77DD95D8F553}, In Quarantäne, [7c74e93c6f0c3afc8fd5af93c43e6997],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{C4BEF720-313C-420A-ACF6-77DD95D8F553}, In Quarantäne, [7c74e93c6f0c3afc8fd5af93c43e6997],
PUP.Optional.SearchGolTB.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{D8E43B96-EB46-4820-92B7-232AEB735685}, In Quarantäne, [13dd1d082952e155f94a063cb84af30d],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{E970727E-0508-4BEB-8B72-BBA9D0D047C7}, In Quarantäne, [8070b86dabd039fddc8aa39f2cd64fb1],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\CLASSES\BonanzaDealsLiveUpdate.CoCreateAsync.1.0, In Quarantäne, [8070b86dabd039fddc8aa39f2cd64fb1],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\CLASSES\BonanzaDealsLiveUpdate.CoCreateAsync, In Quarantäne, [8070b86dabd039fddc8aa39f2cd64fb1],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\BonanzaDealsLiveUpdate.CoCreateAsync, In Quarantäne, [8070b86dabd039fddc8aa39f2cd64fb1],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\BonanzaDealsLiveUpdate.CoCreateAsync.1.0, In Quarantäne, [8070b86dabd039fddc8aa39f2cd64fb1],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{EBF1F869-D2F0-4D31-A877-386C853A9C3D}, In Quarantäne, [09e760c58af1989e046399a9649e7090],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\CLASSES\BonanzaDealsLiveUpdate.CredentialDialogMachine.1.0, In Quarantäne, [09e760c58af1989e046399a9649e7090],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\CLASSES\BonanzaDealsLiveUpdate.CredentialDialogMachine, In Quarantäne, [09e760c58af1989e046399a9649e7090],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\BonanzaDealsLiveUpdate.CredentialDialogMachine, In Quarantäne, [09e760c58af1989e046399a9649e7090],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\BonanzaDealsLiveUpdate.CredentialDialogMachine.1.0, In Quarantäne, [09e760c58af1989e046399a9649e7090],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{F3CF4912-CF0A-451B-AF3B-C4F216C715E4}, In Quarantäne, [ec049d882556bb7be484c47e5ea42bd5],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{F904AC50-215C-42AB-A532-77E9FDBA9B19}, In Quarantäne, [d91760c5c2b956e054154df522e0f010],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\CLASSES\BonanzaDealsLiveUpdate.Update3WebMachineFallback.1.0, In Quarantäne, [d91760c5c2b956e054154df522e0f010],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\CLASSES\BonanzaDealsLiveUpdate.Update3WebMachineFallback, In Quarantäne, [d91760c5c2b956e054154df522e0f010],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\BonanzaDealsLiveUpdate.Update3WebMachineFallback, In Quarantäne, [d91760c5c2b956e054154df522e0f010],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\BonanzaDealsLiveUpdate.Update3WebMachineFallback.1.0, In Quarantäne, [d91760c5c2b956e054154df522e0f010],
PUP.Optional.SearchGolTB.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{105F25A9-C42F-48A6-998D-0494E8AE336A}, In Quarantäne, [24ccba6b2457bc7ae85a7bc742c001ff],
PUP.Optional.SearchGolTB.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{3860D897-7DCD-473C-9744-B21DB133AB20}, In Quarantäne, [24ccba6b2457bc7ae85a7bc742c001ff],
PUP.Optional.SearchGolTB.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{4B62762D-AA67-4312-A5BF-91BCB7A4720A}, In Quarantäne, [24ccba6b2457bc7ae85a7bc742c001ff],
PUP.Optional.SearchGolTB.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{506DD7C6-B05D-43CE-81FF-AA05E11DBDFD}, In Quarantäne, [24ccba6b2457bc7ae85a7bc742c001ff],
PUP.Optional.SearchGolTB.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{6D3C9858-2674-46E1-9112-107340758481}, In Quarantäne, [24ccba6b2457bc7ae85a7bc742c001ff],
PUP.Optional.SearchGolTB.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{79C9FA6C-352A-49BA-89BA-85077BC35DC3}, In Quarantäne, [24ccba6b2457bc7ae85a7bc742c001ff],
PUP.Optional.SearchGolTB.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{909112FE-C4A2-4990-A499-E58867D55B15}, In Quarantäne, [24ccba6b2457bc7ae85a7bc742c001ff],
PUP.Optional.SearchGolTB.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{9BEEB5A2-8B02-465A-904D-FE5A447F59EB}, In Quarantäne, [24ccba6b2457bc7ae85a7bc742c001ff],
PUP.Optional.SearchGolTB.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{B618C19D-A418-4586-80C6-09DBDA9C748E}, In Quarantäne, [24ccba6b2457bc7ae85a7bc742c001ff],
PUP.Optional.SearchGolTB.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{B68B00A0-95B9-4162-BA45-7A1113317DA9}, In Quarantäne, [24ccba6b2457bc7ae85a7bc742c001ff],
PUP.Optional.SearchGolTB.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{BFE45A8B-650C-4E99-A3F4-CC6A2874893B}, In Quarantäne, [24ccba6b2457bc7ae85a7bc742c001ff],
PUP.Optional.SearchGolTB.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{E413D78F-283C-45F1-9992-8EF7D55A4933}, In Quarantäne, [24ccba6b2457bc7ae85a7bc742c001ff],
PUP.Optional.SearchGolTB.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{E7C2FDF1-1635-41B4-8207-C1684B6807D7}, In Quarantäne, [24ccba6b2457bc7ae85a7bc742c001ff],
PUP.Optional.SearchGolTB.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{F9F5A267-FA5A-4CA3-8BE5-4C1EEAD01011}, In Quarantäne, [24ccba6b2457bc7ae85a7bc742c001ff],
PUP.Optional.SearchGolTB.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{3860D897-7DCD-473C-9744-B21DB133AB20}, In Quarantäne, [24ccba6b2457bc7ae85a7bc742c001ff],
PUP.Optional.SearchGolTB.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{4B62762D-AA67-4312-A5BF-91BCB7A4720A}, In Quarantäne, [24ccba6b2457bc7ae85a7bc742c001ff],
PUP.Optional.SearchGolTB.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{506DD7C6-B05D-43CE-81FF-AA05E11DBDFD}, In Quarantäne, [24ccba6b2457bc7ae85a7bc742c001ff],
PUP.Optional.SearchGolTB.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{6D3C9858-2674-46E1-9112-107340758481}, In Quarantäne, [24ccba6b2457bc7ae85a7bc742c001ff],
PUP.Optional.SearchGolTB.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{79C9FA6C-352A-49BA-89BA-85077BC35DC3}, In Quarantäne, [24ccba6b2457bc7ae85a7bc742c001ff],
PUP.Optional.SearchGolTB.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{909112FE-C4A2-4990-A499-E58867D55B15}, In Quarantäne, [24ccba6b2457bc7ae85a7bc742c001ff],
PUP.Optional.SearchGolTB.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{9BEEB5A2-8B02-465A-904D-FE5A447F59EB}, In Quarantäne, [24ccba6b2457bc7ae85a7bc742c001ff],
PUP.Optional.SearchGolTB.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{B618C19D-A418-4586-80C6-09DBDA9C748E}, In Quarantäne, [24ccba6b2457bc7ae85a7bc742c001ff],
PUP.Optional.SearchGolTB.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{B68B00A0-95B9-4162-BA45-7A1113317DA9}, In Quarantäne, [24ccba6b2457bc7ae85a7bc742c001ff],
PUP.Optional.SearchGolTB.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{BFE45A8B-650C-4E99-A3F4-CC6A2874893B}, In Quarantäne, [24ccba6b2457bc7ae85a7bc742c001ff],
PUP.Optional.SearchGolTB.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{E413D78F-283C-45F1-9992-8EF7D55A4933}, In Quarantäne, [24ccba6b2457bc7ae85a7bc742c001ff],
PUP.Optional.SearchGolTB.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{E7C2FDF1-1635-41B4-8207-C1684B6807D7}, In Quarantäne, [24ccba6b2457bc7ae85a7bc742c001ff],
PUP.Optional.SearchGolTB.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{F9F5A267-FA5A-4CA3-8BE5-4C1EEAD01011}, In Quarantäne, [24ccba6b2457bc7ae85a7bc742c001ff],
PUP.Optional.SearchGolTB.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{105F25A9-C42F-48A6-998D-0494E8AE336A}, In Quarantäne, [24ccba6b2457bc7ae85a7bc742c001ff],
PUP.Optional.SearchGolTB.A, HKLM\SOFTWARE\CLASSES\searchgol.searchgoldskBnd, In Quarantäne, [0ee23de8e89334028db3b88a3ac8a957],
PUP.Optional.SearchGolTB.A, HKLM\SOFTWARE\CLASSES\searchgol.searchgoldskBnd.1, In Quarantäne, [6f81b174f487c571e45c7ec4b84a34cc],
PUP.Optional.SearchGolTB.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\searchgol.searchgoldskBnd, In Quarantäne, [6f81b174f487c571e45c7ec4b84a34cc],
PUP.Optional.SearchGolTB.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\searchgol.searchgoldskBnd.1, In Quarantäne, [6f81b174f487c571e45c7ec4b84a34cc],
PUP.Optional.SearchGolTB.A, HKLM\SOFTWARE\CLASSES\searchgol.searchgolHlpr, In Quarantäne, [4ea28a9b0d6e9a9c55ec4af8857d916f],
PUP.Optional.SearchGolTB.A, HKLM\SOFTWARE\CLASSES\searchgol.searchgolHlpr.1, In Quarantäne, [767af035c1ba191dea57a39f34ce05fb],
PUP.Optional.SearchGolTB.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\searchgol.searchgolHlpr, In Quarantäne, [767af035c1ba191dea57a39f34ce05fb],
PUP.Optional.SearchGolTB.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\searchgol.searchgolHlpr.1, In Quarantäne, [767af035c1ba191dea57a39f34ce05fb],
PUP.Optional.SearchGolTB.A, HKLM\SOFTWARE\CLASSES\searchgol.searchgolappCore, In Quarantäne, [c729a87dc9b22e08e4395c2ed2311ee2],
PUP.Optional.SearchGolTB.A, HKLM\SOFTWARE\CLASSES\searchgol.searchgolappCore.1, In Quarantäne, [2ec29392a3d85cdaaf6e91f91fe4fb05],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\CLASSES\APPID\BonanzaDealsLive.exe, In Quarantäne, [628ec16490eb3ef8d12f08835da627d9],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\BonanzaDealsLive.exe, In Quarantäne, [609034f196e5003622e4860506fdec14],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\BonanzaDealsLive, In Quarantäne, [12de6cb974070c2a13f22d5e54af33cd],
PUP.Optional.SearchGolTB.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\searchgol.searchgolappCore, In Quarantäne, [10e0ae772a51ef47e934a1e9679c857b],
PUP.Optional.SearchGolTB.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\searchgol.searchgolappCore.1, In Quarantäne, [e40c9a8b98e340f635e833575aa9a65a],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\BonanzaDealsLive.exe, In Quarantäne, [bc349095aecd360052ae7417b053ca36],
PUP.Optional.SearchGolTB.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\aipfmkinhleccnodemkoofnnofpbbpac, In Quarantäne, [a34dbf66176410261d0282082ed54ab6],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\BonanzaDealsLive.exe, In Quarantäne, [fef222032556de58f80e94f758ab45bb],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLAPLUGINS\@tools.bdupdater.com/BonanzaDealsLive Update;version=3, In Quarantäne, [4fa10f16b3c8ad8926e1206b0cf758a8],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLAPLUGINS\@tools.bdupdater.com/BonanzaDealsLive Update;version=9, In Quarantäne, [01ef38ed5c1f90a67493f6959f6411ef],
PUP.Optional.BonanzaDeals.A, HKU\S-1-5-21-1816362267-1726252312-946737307-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\BonanzaDealsLive, In Quarantäne, [30c0fc29d9a2340229da77143ec54ab6],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-1816362267-1726252312-946737307-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, In Quarantäne, [fbf5b372097291a5820db7b5927050b0],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-1816362267-1726252312-946737307-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, In Quarantäne, [7d73da4ba1daf73fc60b186a4db6946c],

Registrierungswerte: 1
PUP.Optional.InstallCore.A, HKU\S-1-5-21-1816362267-1726252312-946737307-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0X2O1C0R2R1R, In Quarantäne, [7d73da4ba1daf73fc60b186a4db6946c]

Registrierungsdaten: 1
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Ersetzt,[1fd13fe6c0bbf046d1254ac8e32127d9]

Ordner: 0
(No malicious items detected)

Dateien: 3
PUP.Optional.PCPerformer.A, C:\Windows\System32\roboot64.exe, In Quarantäne, [7a7629fcbbc0a690f4526df92ad8ca36],
PUP.Optional.BonanzaDeals.A, C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineCore.job, In Quarantäne, [ea06cd58dba050e6b04f66244eb526da],
PUP.Optional.BonanzaDeals.A, C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineUA.job, In Quarantäne, [717f71b495e6181eb34c5832f60d29d7],

Physische Sektoren: 0
(No malicious items detected)


(end)

2.

AdwCleaner Logfile:
Code:
# AdwCleaner v3.023 - Bericht erstellt am 03/04/2014 um 18:05:28
# Aktualisiert 01/04/2014 von Xplode
# Betriebssystem : Windows 8  (64 bits)
# Benutzername : Ralf
# Gestartet von : C:\Users\Ralf\Downloads\adwcleaner3023.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\boost_interprocess
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\open it!
Ordner Gelöscht : C:\Program Files (x86)\BonanzaDeals
Ordner Gelöscht : C:\Users\Ralf\AppData\Roaming\Systweak
Datei Gelöscht : C:\Windows\Tasks\digitalsite.job
Datei Gelöscht : C:\Windows\System32\Tasks\digitalsite

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4277F7CF-0000-46CF-BA49-D624465C4BAB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{88AF4F6A-C6B7-4229-9275-824E98BF97F9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{539F74BF-7E5C-46BD-9D45-35B1A91C9CBD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{9448AC19-EB62-46D5-B7DA-B059A7DB466A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8C5CBB76-7379-4490-AA5B-B037C0A36381}
Schlüssel Gelöscht : HKCU\Software\APN PIP
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\systweak
Schlüssel Gelöscht : HKLM\Software\PIP
Schlüssel Gelöscht : HKLM\Software\systweak

***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.16843


-\\ Mozilla Firefox v27.0.1 (de)

[ Datei : C:\Users\Ralf\AppData\Roaming\Mozilla\Firefox\Profiles\viwta3ee.default\prefs.js ]


-\\ Google Chrome v

[ Datei : C:\Users\Ralf\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [12539 octets] - [02/10/2013 20:06:41]
AdwCleaner[R1].txt - [949 octets] - [02/10/2013 20:12:12]
AdwCleaner[R2].txt - [2279 octets] - [03/04/2014 18:04:00]
AdwCleaner[S0].txt - [9810 octets] - [02/10/2013 20:07:23]
AdwCleaner[S1].txt - [2056 octets] - [03/04/2014 18:05:28]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [2116 octets] ##########
--- --- ---



3.)

Zitat:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Windows 8 x64
Ran by Ralf on 03.04.2014 at 18:17:03,93
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Failed to delete: [Folder] "C:\ProgramData\boost_interprocess"



~~~ FireFox

Emptied folder: C:\Users\Ralf\AppData\Roaming\mozilla\firefox\profiles\viwta3ee.default\minidumps [2 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 03.04.2014 at 18:19:48,94
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

M-K-D-B 03.04.2014 18:07
:hallo:


Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.


Bitte beachte folgende Hinweise:
  • Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support unterbrechen bis jegliche Art von illegaler Software vom Rechner entfernt wurde.
  • Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags.
  • Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
  • Solltest du mir nicht innerhalb von 4 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo.
    Solltest du einmal länger abwesend sein, so gib mir bitte Bescheid!
  • Während der Bereinigung bitte nichts installieren oder deinstallieren, außer ich bitte dich darum!
  • Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort zu starten!
    Ich kann Dir niemals eine Garantie geben, dass auch ich alles finde. Eine Formatierung ist meist der schnellere und immer der sicherste Weg.
    Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.





Gibt es noch Probleme mit BonanzaDeals oder anderer Werbesoftware?
Wie läuft der Rechner?




Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


rsop 03.04.2014 18:31
Komischerweise steht bei der JRT Datei: Failed to delete: [Folder] "C:\ProgramData\boost_interprocess"

:pfui:


Aber hier zunächst die geforderten Dateien.



FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Ralf (administrator) on RALF on 03-04-2014 19:11:03
Running from C:\Users\Ralf\Downloads
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corp.) C:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
(Microsoft Corporation) C:\Windows\system32\dashost.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(Dritek System INC.) C:\Windows\RfBtnSvc64.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(ICQ) C:\Users\Ralf\AppData\Roaming\ICQM\icq.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(Dritek System Inc.) C:\Program Files (x86)\RadioController\RfBtnHelper.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Intel Corporation) C:\Windows\system32\igfxext.exe
(Opera Software) C:\Program Files (x86)\Opera\20.0.1387.91\opera.exe
() C:\Program Files (x86)\Opera\20.0.1387.91\opera_crashreporter.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Opera Software) C:\Program Files (x86)\Opera\20.0.1387.91\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\20.0.1387.91\opera.exe
(CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
(Opera Software) C:\Program Files (x86)\Opera\20.0.1387.91\opera.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Opera Software) C:\Program Files (x86)\Opera\20.0.1387.91\opera.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\PMMUpdate.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe
(Opera Software) C:\Program Files (x86)\Opera\20.0.1387.91\opera.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Microsoft Corporation) C:\Windows\WinStore\WSHost.exe
(Opera Software) C:\Program Files (x86)\Opera\20.0.1387.91\opera.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3008824 2012-11-29] (Synaptics Incorporated)
HKLM-x32\...\Run: [LManager] - [X]
HKLM-x32\...\Run: [RadioController] - C:\Program Files (x86)\RadioController\RfBtnHelper.exe [111216 2013-03-26] (Dritek System Inc.)
HKLM-x32\...\Run: [Norton Online Backup] - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2994880 2012-08-15] (Symantec Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3854640 2014-04-03] (AVAST Software)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\.DEFAULT\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-1816362267-1726252312-946737307-1001\...\Run: [Facebook Update] - C:\Users\Ralf\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-09-16] (Facebook Inc.)
HKU\S-1-5-21-1816362267-1726252312-946737307-1001\...\Run: [icq] - C:\Users\Ralf\AppData\Roaming\ICQM\icq.exe [33664344 2014-03-06] (ICQ)
Startup: C:\Users\Ralf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {2724C81C-93FB-46FB-B114-1BD59E48A78C} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKLM-x32 - {2724C81C-93FB-46FB-B114-1BD59E48A78C} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKCU - {2724C81C-93FB-46FB-B114-1BD59E48A78C} URL =
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: Citavi Picker - {609D670F-B735-4da7-AC6D-F3BD358E325E} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Ralf\AppData\Roaming\Mozilla\Firefox\Profiles\viwta3ee.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\3.0.40818.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Ralf\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-06-08]
FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2013-11-06]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

Chrome:
=======
CHR Extension: (Google Docs) - C:\Users\Ralf\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-10]
CHR Extension: (Google Drive) - C:\Users\Ralf\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-10]
CHR Extension: (YouTube) - C:\Users\Ralf\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-10]
CHR Extension: (Google-Suche) - C:\Users\Ralf\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-10]
CHR Extension: (avast! Online Security) - C:\Users\Ralf\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-03-19]
CHR Extension: (Google Wallet) - C:\Users\Ralf\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-10]
CHR Extension: (Google Mail) - C:\Users\Ralf\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-10]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-04-03]

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-04-03] (AVAST Software)
R2 BrcmCardReader; C:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe [176640 2012-08-20] (Broadcom Corp.)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2449552 2012-10-25] (Acer Incorporated)
S3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [469648 2012-11-17] (Acer Incorporated)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [658064 2012-10-23] (Acer Incorporated)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3943104 2012-08-15] (Symantec Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [259136 2012-11-03] (NTI Corporation)
R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [96880 2013-03-26] (Dritek System INC.)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-10-25] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-04-03] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-04-03] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-04-03] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-04-03] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-04-03] (AVAST Software)
R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [84816 2014-04-03] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208928 2014-04-03] ()
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [6835784 2013-03-26] (Broadcom Corporation)
R1 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0401000.00E\ccSetx64.sys [168608 2012-05-26] (Symantec Corporation)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-04-03] (Malwarebytes Corporation)
R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2013-03-26] (Dritek System Inc.)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31032 2012-11-29] (Synaptics Incorporated)
S3 athr; \SystemRoot\system32\DRIVERS\athrx.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-03 19:11 - 2014-04-03 19:11 - 00014157 _____ () C:\Users\Ralf\Downloads\FRST.txt
2014-04-03 19:10 - 2014-04-03 19:11 - 00000000 ____D () C:\FRST
2014-04-03 19:10 - 2014-04-03 19:10 - 02157056 _____ (Farbar) C:\Users\Ralf\Downloads\FRST64.exe
2014-04-03 18:50 - 2014-04-03 18:50 - 00024287 _____ () C:\Users\Ralf\Downloads\Malwarebytes (1).txt
2014-04-03 18:49 - 2014-04-03 18:49 - 00024287 _____ () C:\Users\Ralf\Downloads\Malwarebytes.txt
2014-04-03 18:41 - 2014-04-03 18:43 - 00024287 _____ () C:\Users\Ralf\Desktop\Malwarebytes.txt
2014-04-03 18:27 - 2014-01-19 09:33 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-04-03 18:23 - 2014-04-03 19:09 - 00123444 _____ () C:\Windows\WindowsUpdate.log
2014-04-03 18:23 - 2014-04-03 18:23 - 00084816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-04-03 18:23 - 2014-04-03 18:23 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-04-03 18:19 - 2014-04-03 18:44 - 00000807 _____ () C:\Users\Ralf\Desktop\JRT.txt
2014-04-03 18:14 - 2014-04-03 18:14 - 00000000 ____D () C:\Windows\ERUNT
2014-04-03 18:10 - 2014-04-03 18:52 - 00002184 _____ () C:\Users\Ralf\Desktop\AdwCleaner[S1].txt
2014-04-03 18:10 - 2014-03-23 22:41 - 01038974 _____ (Thisisu) C:\Users\Ralf\Desktop\JRT_NEW.exe
2014-04-03 18:09 - 2014-04-03 18:09 - 01037734 _____ (Thisisu) C:\Users\Ralf\Downloads\JRT_6.1.2.exe
2014-04-03 18:06 - 2014-04-03 18:06 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-04-03 18:03 - 2014-04-03 18:03 - 01426178 _____ () C:\Users\Ralf\Downloads\adwcleaner3023.exe
2014-04-03 17:59 - 2014-04-03 18:24 - 00069388 _____ () C:\Windows\PFRO.log
2014-04-03 17:48 - 2014-04-03 17:48 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Ralf\Downloads\mbam-setup-2.0.0.1000 (2).exe
2014-04-03 17:48 - 2014-04-03 17:48 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Ralf\Downloads\mbam-setup-2.0.0.1000 (1).exe
2014-04-03 17:47 - 2014-04-03 18:41 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-03 17:46 - 2014-04-03 17:46 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-03 17:46 - 2014-04-03 17:46 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-03 17:46 - 2014-04-03 17:46 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-03 17:46 - 2014-03-05 09:26 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 17:46 - 2014-03-05 09:26 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 17:46 - 2014-03-05 09:26 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-03 17:45 - 2014-04-03 17:46 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Ralf\Downloads\mbam-setup-2.0.0.1000.exe
2014-04-03 16:11 - 2014-04-03 16:11 - 00010054 _____ () C:\Users\Ralf\AppData\Local\recently-used.xbel
2014-04-03 16:01 - 2014-04-03 16:01 - 00000000 ____D () C:\Users\Ralf\Desktop\sweet_date_2.3.1
2014-04-03 14:51 - 2014-04-03 15:21 - 00000000 ____D () C:\Users\Ralf\AppData\Local\Temporary Projects
2014-04-03 14:18 - 2014-04-03 14:19 - 00002560 _____ () C:\Windows\_MSRSTRT.EXE
2014-04-03 14:15 - 2014-04-03 14:16 - 00000160 _____ () C:\Users\Ralf\AppData\Local\Citavi Picker Internet Explorer Protocol.txt
2014-04-03 14:05 - 2014-04-03 14:05 - 00000000 ____D () C:\ProgramData\Synaptics
2014-04-03 13:27 - 2014-04-03 13:28 - 00000000 ____D () C:\Users\Ralf\Documents\Insight Software
2014-04-03 13:27 - 2014-04-03 13:27 - 00004640 _____ () C:\Users\Ralf\Desktop\Chat.mex
2014-04-03 13:27 - 2014-04-03 13:27 - 00000000 ____D () C:\Users\Public\Documents\Insight Software
2014-04-02 20:42 - 2014-04-02 20:42 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server
2014-04-02 20:42 - 2014-04-02 20:42 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-04-02 20:41 - 2014-04-02 20:41 - 00000000 ____D () C:\Program Files\Microsoft Synchronization Services
2014-04-02 20:41 - 2014-04-02 20:41 - 00000000 ____D () C:\Program Files\Microsoft SQL Server Compact Edition
2014-04-02 20:41 - 2014-04-02 20:41 - 00000000 ____D () C:\Program Files (x86)\Microsoft Synchronization Services
2014-04-02 20:41 - 2014-04-02 20:41 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2014-04-02 20:39 - 2014-04-03 01:10 - 00000000 ____D () C:\Users\Ralf\Documents\Visual Studio 2010
2014-04-02 20:36 - 2014-04-02 20:44 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 10.0
2014-04-02 20:34 - 2014-04-02 20:34 - 00000000 ____D () C:\Windows\symbols
2014-04-02 20:34 - 2014-04-02 20:34 - 00000000 ____D () C:\Windows\PCHEALTH
2014-04-02 20:34 - 2014-04-02 20:34 - 00000000 ____D () C:\Program Files\Microsoft Visual Studio 10.0
2014-04-02 20:34 - 2014-04-02 20:34 - 00000000 ____D () C:\Program Files\Microsoft Help Viewer
2014-04-02 20:34 - 2014-04-02 20:34 - 00000000 ____D () C:\Program Files (x86)\Microsoft SDKs
2014-04-02 11:13 - 2014-04-02 11:13 - 00000090 ____H () C:\Users\Ralf\Desktop\.~lock.Unbenannt 1.odt#
2014-04-02 11:12 - 2014-04-02 11:12 - 00001071 _____ () C:\Users\Public\Desktop\Macro Recorder.lnk
2014-04-02 11:12 - 2014-04-02 11:12 - 00000000 ____D () C:\Program Files (x86)\MacroRecorder
2014-04-02 11:01 - 2014-04-02 11:01 - 00004640 _____ () C:\Users\Ralf\Documents\macex.mex
2014-04-02 11:01 - 2014-01-29 09:39 - 00102362 _____ () C:\Users\Ralf\Documents\samples.mex
2014-04-02 10:55 - 2014-04-02 11:00 - 00000000 ____D () C:\ProgramData\Insight Software Solutions
2014-04-02 10:55 - 2014-04-02 10:55 - 00002872 _____ () C:\Windows\System32\Tasks\Launch 23436
2014-03-31 04:48 - 2014-03-31 04:48 - 00011901 _____ () C:\Users\Ralf\Desktop\BestText.odt
2014-03-29 06:19 - 2014-03-31 04:09 - 00023611 _____ () C:\Users\Ralf\Desktop\Unbenannt 1.odt
2014-03-27 17:09 - 2014-04-02 20:32 - 00000000 ____D () C:\Users\Ralf\Desktop\Neuer Ordner (3)
2014-03-27 14:01 - 2014-03-27 14:01 - 00320184 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-21 06:46 - 2014-03-21 06:46 - 00000090 ____H () C:\Users\Ralf\Desktop\.~lock.zettel INFI.odt#
2014-03-19 18:42 - 2014-03-19 18:42 - 00000090 ____H () C:\Users\Ralf\Downloads\.~lock.alte_Klausuren.xlsx#
2014-03-16 23:24 - 2014-03-17 12:52 - 00022730 _____ () C:\Users\Ralf\Desktop\Zettel!.odt
2014-03-13 21:55 - 2014-04-03 17:30 - 00171008 ___SH () C:\Users\Ralf\Downloads\Thumbs.db
2014-03-12 23:43 - 2013-10-25 09:34 - 00035856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2014-03-12 23:43 - 2013-10-25 00:34 - 00248240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2014-03-12 23:42 - 2014-01-31 02:48 - 01339392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-12 23:42 - 2014-01-31 02:06 - 01628160 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-12 19:59 - 2014-02-23 10:13 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-12 19:59 - 2014-02-23 10:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-12 19:59 - 2014-02-23 10:13 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-03-12 19:59 - 2014-02-23 10:13 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-03-12 19:59 - 2014-02-23 10:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-12 19:59 - 2014-02-23 10:12 - 19273216 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-12 19:59 - 2014-02-23 10:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-12 19:59 - 2014-02-23 10:12 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-12 19:59 - 2014-02-23 10:11 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-12 19:59 - 2014-02-23 10:11 - 03960320 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-12 19:59 - 2014-02-23 10:11 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-12 19:59 - 2014-02-23 10:11 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-03-12 19:59 - 2014-02-23 10:11 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-03-12 19:59 - 2014-02-23 10:11 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-12 19:59 - 2014-02-23 10:11 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-12 19:59 - 2014-02-23 10:11 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-12 19:59 - 2014-02-23 08:54 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-12 19:59 - 2014-02-23 08:54 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-12 19:59 - 2014-02-23 08:54 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-03-12 19:59 - 2014-02-23 08:53 - 14358016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-12 19:59 - 2014-02-23 08:53 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-12 19:59 - 2014-02-23 08:53 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-12 19:59 - 2014-02-23 08:53 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-12 19:59 - 2014-02-23 08:53 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-03-12 19:59 - 2014-02-23 08:53 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-12 19:59 - 2014-02-23 08:53 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-12 19:59 - 2014-02-23 08:53 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-03-12 19:59 - 2014-02-23 08:53 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-12 19:59 - 2014-02-23 08:53 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-12 19:59 - 2014-02-23 08:53 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-12 19:59 - 2014-02-23 08:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-12 19:59 - 2014-02-23 08:31 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-12 19:59 - 2014-02-23 06:06 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2014-03-12 19:59 - 2014-02-08 06:34 - 04036608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-12 19:59 - 2013-12-07 08:36 - 19751936 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-03-12 19:59 - 2013-12-07 07:15 - 17560576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-03-12 19:58 - 2014-02-06 01:41 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-12 19:58 - 2014-02-06 01:37 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-11 18:25 - 2011-03-23 19:05 - 00132608 _____ () C:\Users\Ralf\Desktop\Unternehmensbewertung.xls
2014-03-11 18:25 - 2011-03-23 19:05 - 00024064 _____ () C:\Users\Ralf\Desktop\Restwertverteilungsfaktor_mit_Wachstumsrate.xls
2014-03-11 18:25 - 2011-03-23 19:04 - 00347136 _____ () C:\Users\Ralf\Desktop\Kopie von MarginParameterEstimationCircular.xls
2014-03-11 18:25 - 2011-03-23 19:04 - 00333298 _____ () C:\Users\Ralf\Desktop\KfWFördervolumen.bmp
2014-03-11 18:25 - 2011-03-23 19:04 - 00271872 _____ () C:\Users\Ralf\Desktop\IuFPlanung.xls
2014-03-11 18:25 - 2011-03-23 19:04 - 00080384 _____ () C:\Users\Ralf\Desktop\LösungenÜbung.xls
2014-03-11 18:25 - 2011-03-23 19:04 - 00051200 _____ () C:\Users\Ralf\Desktop\LeverageEffektTermingeschäfte.xls
2014-03-11 18:25 - 2011-03-23 19:04 - 00017408 _____ () C:\Users\Ralf\Desktop\KapitalkostenVersorger.xls
2014-03-11 18:25 - 2011-03-23 19:04 - 00014848 _____ () C:\Users\Ralf\Desktop\LösungzeitkonstanteEntnahme.xls
2014-03-11 18:25 - 2011-03-23 19:00 - 00033792 _____ () C:\Users\Ralf\Desktop\ExcelFunktionen.xls
2014-03-11 18:25 - 2011-03-23 19:00 - 00018432 _____ () C:\Users\Ralf\Desktop\FAZ16101999.xls
2014-03-11 18:25 - 2011-03-05 16:46 - 00017990 _____ () C:\Users\Ralf\Desktop\Investitionsaufgaben_aus_den_Klausuren_SS2010_II_und_WS2010.pdf.zip
2014-03-11 18:25 - 2011-03-05 16:46 - 00004321 _____ () C:\Users\Ralf\Desktop\RiskPrinciple.xls.zip
2014-03-11 15:47 - 2014-03-11 15:47 - 00001133 _____ () C:\Users\Public\Desktop\Opera 20.lnk
2014-03-11 15:47 - 2014-03-11 15:47 - 00000000 ____D () C:\Users\Ralf\AppData\Roaming\Opera Software
2014-03-11 15:47 - 2014-03-11 15:47 - 00000000 ____D () C:\Users\Ralf\AppData\Local\Opera Software
2014-03-11 15:46 - 2014-03-11 15:46 - 34759416 _____ (Opera Software ASA) C:\Users\Ralf\Desktop\Opera_20.0.1387.64_Setup.exe
2014-03-11 14:40 - 2014-03-27 02:52 - 00000000 ____D () C:\Users\Ralf\Desktop\Programme
2014-03-10 23:08 - 2014-04-03 14:16 - 00000000 ____D () C:\Program Files (x86)\Google
2014-03-10 19:18 - 2014-03-10 19:25 - 00000000 ____D () C:\Users\Ralf\Documents\My Recorded Scripts
2014-03-10 19:18 - 2014-03-10 19:21 - 00000000 ____D () C:\Users\Ralf\AppData\Local\Nemex
2014-03-10 19:18 - 2014-03-10 19:18 - 00000000 ____D () C:\Users\Ralf\AppData\Roaming\Mouse Recorder Pro
2014-03-10 19:18 - 2014-03-10 19:18 - 00000000 ____D () C:\Program Files (x86)\Nemex
2014-03-08 22:43 - 2014-03-08 22:43 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-07 00:40 - 2014-03-07 00:40 - 00000000 ____D () C:\Users\Ralf\voip
2014-03-06 23:09 - 2014-03-06 23:09 - 00001660 _____ () C:\Users\Ralf\AppData\Roaming\Microsoft\Windows\Start Menu\ICQ.lnk
2014-03-06 23:09 - 2014-03-06 23:09 - 00000000 ____D () C:\Users\Ralf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ICQ
2014-03-06 23:08 - 2014-03-27 17:10 - 00000000 ____D () C:\Users\Ralf\Desktop\Logos Seite
2014-03-06 23:08 - 2014-03-06 23:25 - 00000000 ____D () C:\Users\Ralf\AppData\Roaming\ICQ-Profile
2014-03-06 23:08 - 2014-03-06 23:09 - 00000000 ____D () C:\Users\Ralf\AppData\Roaming\ICQM
2014-03-06 17:09 - 2014-03-06 17:09 - 00000000 ____D () C:\Users\Ralf\Desktop\Tor Browser

==================== One Month Modified Files and Folders =======

2014-04-03 19:11 - 2014-04-03 19:11 - 00014157 _____ () C:\Users\Ralf\Downloads\FRST.txt
2014-04-03 19:11 - 2014-04-03 19:10 - 00000000 ____D () C:\FRST
2014-04-03 19:10 - 2014-04-03 19:10 - 02157056 _____ (Farbar) C:\Users\Ralf\Downloads\FRST64.exe
2014-04-03 19:09 - 2014-04-03 18:23 - 00123444 _____ () C:\Windows\WindowsUpdate.log
2014-04-03 19:04 - 2013-09-16 21:59 - 00000938 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1816362267-1726252312-946737307-1001UA.job
2014-04-03 19:00 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\sru
2014-04-03 18:52 - 2014-04-03 18:10 - 00002184 _____ () C:\Users\Ralf\Desktop\AdwCleaner[S1].txt
2014-04-03 18:50 - 2014-04-03 18:50 - 00024287 _____ () C:\Users\Ralf\Downloads\Malwarebytes (1).txt
2014-04-03 18:49 - 2014-04-03 18:49 - 00024287 _____ () C:\Users\Ralf\Downloads\Malwarebytes.txt
2014-04-03 18:44 - 2014-04-03 18:19 - 00000807 _____ () C:\Users\Ralf\Desktop\JRT.txt
2014-04-03 18:43 - 2014-04-03 18:41 - 00024287 _____ () C:\Users\Ralf\Desktop\Malwarebytes.txt
2014-04-03 18:41 - 2014-04-03 17:47 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-03 18:41 - 2014-01-29 19:07 - 00000000 ____D () C:\Users\Ralf\Desktop\Profile
2014-04-03 18:31 - 2013-03-26 22:40 - 00753134 _____ () C:\Windows\system32\perfh007.dat
2014-04-03 18:31 - 2013-03-26 22:40 - 00155826 _____ () C:\Windows\system32\perfc007.dat
2014-04-03 18:31 - 2012-07-26 09:28 - 01745416 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-03 18:30 - 2013-06-08 20:48 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1816362267-1726252312-946737307-1001
2014-04-03 18:28 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\NDF
2014-04-03 18:27 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-04-03 18:24 - 2014-04-03 17:59 - 00069388 _____ () C:\Windows\PFRO.log
2014-04-03 18:24 - 2012-07-26 09:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-03 18:23 - 2014-04-03 18:23 - 00084816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-04-03 18:23 - 2014-04-03 18:23 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-04-03 18:23 - 2013-06-08 21:38 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-04-03 18:23 - 2013-06-08 21:38 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-04-03 18:23 - 2013-06-08 21:38 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-04-03 18:23 - 2013-06-08 21:38 - 00208928 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-04-03 18:23 - 2013-06-08 21:38 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-04-03 18:23 - 2013-06-08 21:38 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-04-03 18:23 - 2013-06-08 21:38 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-04-03 18:23 - 2013-06-08 21:38 - 00003924 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-04-03 18:23 - 2013-06-08 21:38 - 00001970 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-04-03 18:14 - 2014-04-03 18:14 - 00000000 ____D () C:\Windows\ERUNT
2014-04-03 18:09 - 2014-04-03 18:09 - 01037734 _____ (Thisisu) C:\Users\Ralf\Downloads\JRT_6.1.2.exe
2014-04-03 18:06 - 2014-04-03 18:06 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-04-03 18:05 - 2013-10-02 20:06 - 00000000 ____D () C:\AdwCleaner
2014-04-03 18:05 - 2012-07-26 07:26 - 00524288 ___SH () C:\Windows\system32\config\BBI
2014-04-03 18:03 - 2014-04-03 18:03 - 01426178 _____ () C:\Users\Ralf\Downloads\adwcleaner3023.exe
2014-04-03 17:59 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\Registration
2014-04-03 17:48 - 2014-04-03 17:48 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Ralf\Downloads\mbam-setup-2.0.0.1000 (2).exe
2014-04-03 17:48 - 2014-04-03 17:48 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Ralf\Downloads\mbam-setup-2.0.0.1000 (1).exe
2014-04-03 17:47 - 2013-06-11 20:26 - 01001984 ___SH () C:\Users\Ralf\Desktop\Thumbs.db
2014-04-03 17:46 - 2014-04-03 17:46 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-03 17:46 - 2014-04-03 17:46 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-03 17:46 - 2014-04-03 17:46 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-03 17:46 - 2014-04-03 17:45 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Ralf\Downloads\mbam-setup-2.0.0.1000.exe
2014-04-03 17:38 - 2013-06-14 00:27 - 00000000 ____D () C:\Users\Ralf\AppData\Local\CrashDumps
2014-04-03 17:30 - 2014-03-13 21:55 - 00171008 ___SH () C:\Users\Ralf\Downloads\Thumbs.db
2014-04-03 16:11 - 2014-04-03 16:11 - 00010054 _____ () C:\Users\Ralf\AppData\Local\recently-used.xbel
2014-04-03 16:11 - 2013-10-28 14:00 - 00000000 ____D () C:\Users\Ralf\AppData\Local\gtk-2.0
2014-04-03 16:11 - 2013-10-28 13:58 - 00000000 ____D () C:\Users\Ralf\.gimp-2.8
2014-04-03 16:01 - 2014-04-03 16:01 - 00000000 ____D () C:\Users\Ralf\Desktop\sweet_date_2.3.1
2014-04-03 15:21 - 2014-04-03 14:51 - 00000000 ____D () C:\Users\Ralf\AppData\Local\Temporary Projects
2014-04-03 14:24 - 2013-06-08 17:18 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-04-03 14:19 - 2014-04-03 14:18 - 00002560 _____ () C:\Windows\_MSRSTRT.EXE
2014-04-03 14:16 - 2014-04-03 14:15 - 00000160 _____ () C:\Users\Ralf\AppData\Local\Citavi Picker Internet Explorer Protocol.txt
2014-04-03 14:16 - 2014-03-10 23:08 - 00000000 ____D () C:\Program Files (x86)\Google
2014-04-03 14:05 - 2014-04-03 14:05 - 00000000 ____D () C:\ProgramData\Synaptics
2014-04-03 13:28 - 2014-04-03 13:27 - 00000000 ____D () C:\Users\Ralf\Documents\Insight Software
2014-04-03 13:27 - 2014-04-03 13:27 - 00004640 _____ () C:\Users\Ralf\Desktop\Chat.mex
2014-04-03 13:27 - 2014-04-03 13:27 - 00000000 ____D () C:\Users\Public\Documents\Insight Software
2014-04-03 01:10 - 2014-04-02 20:39 - 00000000 ____D () C:\Users\Ralf\Documents\Visual Studio 2010
2014-04-02 22:04 - 2013-09-16 21:59 - 00000916 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1816362267-1726252312-946737307-1001Core.job
2014-04-02 20:44 - 2014-04-02 20:36 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 10.0
2014-04-02 20:42 - 2014-04-02 20:42 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server
2014-04-02 20:42 - 2014-04-02 20:42 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-04-02 20:41 - 2014-04-02 20:41 - 00000000 ____D () C:\Program Files\Microsoft Synchronization Services
2014-04-02 20:41 - 2014-04-02 20:41 - 00000000 ____D () C:\Program Files\Microsoft SQL Server Compact Edition
2014-04-02 20:41 - 2014-04-02 20:41 - 00000000 ____D () C:\Program Files (x86)\Microsoft Synchronization Services
2014-04-02 20:41 - 2014-04-02 20:41 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2014-04-02 20:34 - 2014-04-02 20:34 - 00000000 ____D () C:\Windows\symbols
2014-04-02 20:34 - 2014-04-02 20:34 - 00000000 ____D () C:\Windows\PCHEALTH
2014-04-02 20:34 - 2014-04-02 20:34 - 00000000 ____D () C:\Program Files\Microsoft Visual Studio 10.0
2014-04-02 20:34 - 2014-04-02 20:34 - 00000000 ____D () C:\Program Files\Microsoft Help Viewer
2014-04-02 20:34 - 2014-04-02 20:34 - 00000000 ____D () C:\Program Files (x86)\Microsoft SDKs
2014-04-02 20:34 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-04-02 20:32 - 2014-03-27 17:09 - 00000000 ____D () C:\Users\Ralf\Desktop\Neuer Ordner (3)
2014-04-02 20:32 - 2013-10-11 21:56 - 00000000 ____D () C:\Users\Ralf\Desktop\Yu
2014-04-02 15:37 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-04-02 11:13 - 2014-04-02 11:13 - 00000090 ____H () C:\Users\Ralf\Desktop\.~lock.Unbenannt 1.odt#
2014-04-02 11:12 - 2014-04-02 11:12 - 00001071 _____ () C:\Users\Public\Desktop\Macro Recorder.lnk
2014-04-02 11:12 - 2014-04-02 11:12 - 00000000 ____D () C:\Program Files (x86)\MacroRecorder
2014-04-02 11:01 - 2014-04-02 11:01 - 00004640 _____ () C:\Users\Ralf\Documents\macex.mex
2014-04-02 11:00 - 2014-04-02 10:55 - 00000000 ____D () C:\ProgramData\Insight Software Solutions
2014-04-02 10:55 - 2014-04-02 10:55 - 00002872 _____ () C:\Windows\System32\Tasks\Launch 23436
2014-04-02 02:19 - 2014-02-16 04:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-31 04:48 - 2014-03-31 04:48 - 00011901 _____ () C:\Users\Ralf\Desktop\BestText.odt
2014-03-31 04:09 - 2014-03-29 06:19 - 00023611 _____ () C:\Users\Ralf\Desktop\Unbenannt 1.odt
2014-03-27 17:10 - 2014-03-06 23:08 - 00000000 ____D () C:\Users\Ralf\Desktop\Logos Seite
2014-03-27 14:01 - 2014-03-27 14:01 - 00320184 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-27 02:52 - 2014-03-11 14:40 - 00000000 ____D () C:\Users\Ralf\Desktop\Programme
2014-03-23 22:41 - 2014-04-03 18:10 - 01038974 _____ (Thisisu) C:\Users\Ralf\Desktop\JRT_NEW.exe
2014-03-21 06:46 - 2014-03-21 06:46 - 00000090 ____H () C:\Users\Ralf\Desktop\.~lock.zettel INFI.odt#
2014-03-19 18:42 - 2014-03-19 18:42 - 00000090 ____H () C:\Users\Ralf\Downloads\.~lock.alte_Klausuren.xlsx#
2014-03-19 13:19 - 2013-08-15 16:42 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-19 13:16 - 2013-06-11 20:44 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-18 14:53 - 2013-11-13 14:48 - 00000000 ____D () C:\Users\Ralf\Desktop\Studium
2014-03-17 12:52 - 2014-03-16 23:24 - 00022730 _____ () C:\Users\Ralf\Desktop\Spricker!.odt
2014-03-13 13:40 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\rescache
2014-03-13 12:07 - 2013-06-08 17:15 - 00000000 ___RD () C:\Users\Ralf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-13 12:07 - 2013-06-08 17:15 - 00000000 ___RD () C:\Users\Ralf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-03-13 12:03 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-03-13 12:03 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-03-13 12:03 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files\Windows Defender
2014-03-13 12:03 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-03-13 12:02 - 2012-07-26 10:12 - 00000000 ___RD () C:\Windows\ToastData
2014-03-11 15:47 - 2014-03-11 15:47 - 00001133 _____ () C:\Users\Public\Desktop\Opera 20.lnk
2014-03-11 15:47 - 2014-03-11 15:47 - 00000000 ____D () C:\Users\Ralf\AppData\Roaming\Opera Software
2014-03-11 15:47 - 2014-03-11 15:47 - 00000000 ____D () C:\Users\Ralf\AppData\Local\Opera Software
2014-03-11 15:46 - 2014-03-11 15:46 - 34759416 _____ (Opera Software ASA) C:\Users\Ralf\Desktop\Opera_20.0.1387.64_Setup.exe
2014-03-10 23:07 - 2013-10-02 19:30 - 00000000 ____D () C:\Users\Ralf\AppData\Local\Google
2014-03-10 19:25 - 2014-03-10 19:18 - 00000000 ____D () C:\Users\Ralf\Documents\My Recorded Scripts
2014-03-10 19:21 - 2014-03-10 19:18 - 00000000 ____D () C:\Users\Ralf\AppData\Local\Nemex
2014-03-10 19:18 - 2014-03-10 19:18 - 00000000 ____D () C:\Users\Ralf\AppData\Roaming\Mouse Recorder Pro
2014-03-10 19:18 - 2014-03-10 19:18 - 00000000 ____D () C:\Program Files (x86)\Nemex
2014-03-09 00:58 - 2014-03-03 20:26 - 00000000 ____D () C:\Users\Ralf\AppData\Roaming\Skype
2014-03-08 22:43 - 2014-03-08 22:43 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-08 22:43 - 2014-03-03 20:26 - 00000000 ____D () C:\ProgramData\Skype
2014-03-07 00:40 - 2014-03-07 00:40 - 00000000 ____D () C:\Users\Ralf\voip
2014-03-07 00:40 - 2013-06-08 17:13 - 00000000 ____D () C:\Users\Ralf
2014-03-06 23:25 - 2014-03-06 23:08 - 00000000 ____D () C:\Users\Ralf\AppData\Roaming\ICQ-Profile
2014-03-06 23:09 - 2014-03-06 23:09 - 00001660 _____ () C:\Users\Ralf\AppData\Roaming\Microsoft\Windows\Start Menu\ICQ.lnk
2014-03-06 23:09 - 2014-03-06 23:09 - 00000000 ____D () C:\Users\Ralf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ICQ
2014-03-06 23:09 - 2014-03-06 23:08 - 00000000 ____D () C:\Users\Ralf\AppData\Roaming\ICQM
2014-03-06 17:09 - 2014-03-06 17:09 - 00000000 ____D () C:\Users\Ralf\Desktop\Tor Browser
2014-03-05 09:26 - 2014-04-03 17:46 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-05 09:26 - 2014-04-03 17:46 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-03-05 09:26 - 2014-04-03 17:46 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-05 00:52 - 2013-11-17 15:33 - 00694240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-05 00:52 - 2013-11-17 15:33 - 00078304 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

Some content of TEMP:
====================
C:\Users\p\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-28 13:17

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---



Addition:

Zitat:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by Ralf at 2014-04-03 19:12:09
Running from C:\Users\Ralf\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

clear.fi SDK - Video 2 (x32 Version: 2.1.2128 - CyberLink Corp.) Hidden
clear.fi SDK- Movie 2 (x32 Version: 2.1.2112 - CyberLink Corp.) Hidden
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )
Acer Backup Manager (HKLM-x32\...\InstallShield_{9DDDF20E-9FD1-4434-A43E-E7889DBC9420}) (Version: 4.0.0.0071 - NTI Corporation)
Acer Device Fast-lane (HKLM\...\{3F62D2FD-13C1-49A2-8B5D-47623D9460D7}) (Version: 1.00.3011 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3011 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3015 - Acer Incorporated)
AcerCloud (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 2.01.3125 - Acer Incorporated)
AcerCloud Docs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.00.3204 - Acer Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98 - WildTangent) Hidden
Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Auslogics DiskDefrag (HKLM-x32\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 4.5.1.0 - Auslogics Labs Pty Ltd)
avast! Free Antivirus (HKLM-x32\...\avast) (Version: 9.0.2016 - Avast Software)
Backup Manager v4 (x32 Version: 4.0.0.0071 - NTI Corporation) Hidden
Bandizip (HKCU\...\Bandizip) (Version: 3.07 - Bandisoft.com)
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 6.30.59.96 - Broadcom Corporation)
Broadcom Card Reader Driver Installer (HKLM\...\{F0A7DF2F-0BE0-470F-B137-D7A19F977189}) (Version: 15.4.7.1 - Broadcom Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 4.10 - Piriform)
Citavi 4 (HKLM-x32\...\{CC0A85B2-734A-45B3-B678-05F6A6499AC7}) (Version: 4.2.0.11 - Swiss Academic Software)
clear.fi Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.01.3112 - Acer Incorporated)
clear.fi Photo (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 2.01.3109 - Acer Incorporated)
CyberLink MediaEspresso 6.5 (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.3318_45364 - CyberLink Corp.)
CyberLink MediaEspresso 6.5 (x32 Version: 6.5.3318_45364 - CyberLink Corp.) Hidden
Delicious: Emily's True Love Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Dritek Radio Controller (HKLM-x32\...\RadioController) (Version: 2.02.2001.0803 - Dritek System Inc.)
eBay Worldwide (HKLM-x32\...\{A694AF57-9891-4D62-824C-7E55A1361A14}) (Version: 2.3.0630 - OEM)
Facebook Video Calling 2.0.0.447 (HKLM-x32\...\{8DF41A9F-FE13-43E8-A003-5F9B55A011EE}) (Version: 2.0.447 - Skype Limited)
GIMP 2.8.8 (HKLM\...\GIMP-2_is1) (Version: 2.8.8 - The GIMP Team)
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
ICQ 8.2 (build 6901) (HKCU\...\ICQ) (Version: 8.2.6901.0 - ICQ)
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3004 - Acer Incorporated)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2867 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.4.1001 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
Island Tribe (x32 Version: 2.2.0.98 - WildTangent) Hidden
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 7.0.10 - Acer Inc.)
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3006 - Acer Incorporated)
Macro Recorder 5.7.4 (HKLM-x32\...\Macro Recorder_is1) (Version: 5.7.4 - Jitbit Software)
Magic Academy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes Anti-Malware Version 2.00.0.1000 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.00.0.1000 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Application Error Reporting (x32 Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Help Viewer 1.0 (HKLM\...\Microsoft Help Viewer 1.0) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Help Viewer 1.0 (Version: 1.0.30319 - Microsoft Corporation) Hidden
Microsoft Help Viewer 1.0 Language Pack - DEU (HKLM\...\Microsoft Help Viewer 1.0 Language Pack - DEU) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Help Viewer 1.0 Language Pack - DEU (Version: 1.0.30319 - Microsoft Corporation) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 3.0.40818.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{A106D33E-6B43-42C0-9BFC-D03303261FA7}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 DEU (HKLM-x32\...\{0125D081-30D0-4A97-82A8-C28D444B6256}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 DEU (HKLM\...\{C3EAE456-7E7A-451F-80EF-F34C7A13C558}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{5A08C9D1-37AD-4A8D-90D3-33F92C578AA5}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft Visual Basic 2010 Express - DEU (HKLM-x32\...\Microsoft Visual Basic 2010 Express - DEU) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Basic 2010 Express - DEU (x32 Version: 10.0.30319 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319 (HKLM\...\{94D70749-4281-39AC-AD90-B56A0E0A402E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Office Runtime (x32 Version: 8.0.60940.0 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (HKLM-x32\...\{616C6F39-4CE1-3434-A665-2F6A04C09A7F}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 2010 Express Prerequisites x64 - DEU (HKLM\...\{3C983A67-DFB2-3D3D-AD9E-CA1A5A09FD18}) (Version: 10.0.30319 - Microsoft Corporation)
Mouse Recorder Pro 2.0.7.0 (HKLM-x32\...\{889E44CE-435C-4D37-B302-A7E43339E5FA}_is1) (Version: - Nemex Studios)
Mozilla Firefox 27.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 de)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
MyWinLocker (Version: 4.0.14.35 - Egis Technology Inc.) Hidden
MyWinLocker 4 (x32 Version: 4.0.14.35 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.24 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 4.0.14.24 - Egis Technology Inc.) Hidden
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.2.3.51r - Symantec Corporation)
Norton Online Backup ARA (x32 Version: 4.1.0.14 - Symantec Corporation) Hidden
NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.9014 - NTI Corporation)
NTI Media Maker 9 (x32 Version: 9.0.2.9014 - NTI Corporation) Hidden
Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.01.3202 - Acer)
Office Addin 2003 (HKLM-x32\...\{1FCC073B-CC01-4443-AD20-E559F66E6E83}) (Version: 2.01.3202 - Acer)
OpenOffice.org 3.4.1 (HKLM-x32\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
Opera 12.16 (HKLM-x32\...\Opera 12.16.1860) (Version: 12.16.1860 - Opera Software ASA)
Opera Stable 20.0.1387.91 (HKLM-x32\...\Opera 20.0.1387.91) (Version: 20.0.1387.91 - Opera Software ASA)
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6657 - Realtek Semiconductor Corp.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Spotify (HKLM-x32\...\Spotify) (Version: 0.8.4.99.ga249b5f1 - Spotify AB)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.3.4.0 - Synaptics Incorporated)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
Update for Zip Extractor (HKCU\...\DigitalSite) (Version: - ) <==== ATTENTION
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation)
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU (HKLM-x32\...\{CFCB8616-A5D1-4281-80E8-389F685BFAE2}) (Version: 4.0.8080.0 - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version: - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.9.3 - WildTangent) Hidden
Zip Extractor Packages (HKCU\...\Zip Extractor Packages) (Version: - ) <==== ATTENTION
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

==================== Restore Points =========================

12-03-2014 00:19:19 Geplanter Prüfpunkt
19-03-2014 11:14:23 Windows Update
27-03-2014 18:34:10 Geplanter Prüfpunkt
02-04-2014 08:54:22 Install Macro Express Pro
02-04-2014 08:54:23 Install Macro Express Pro
02-04-2014 08:54:41 Install Macro Express Pro
03-04-2014 12:16:49 Uninstall Install Macro Express 3

==================== Hosts content: ==========================

2012-07-26 07:26 - 2012-07-26 07:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0B13EB85-F75F-4BD6-A8A8-B2D26C3EFF90} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1816362267-1726252312-946737307-1001UA => C:\Users\Ralf\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-09-16] (Facebook Inc.)
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {1B0DC02C-EB59-40C6-9C13-FD825141CE7A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-01-21] (Piriform Ltd)
Task: {1DB94D3B-66F2-456E-8D9F-4C5351241064} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1816362267-1726252312-946737307-1001Core => C:\Users\Ralf\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-09-16] (Facebook Inc.)
Task: {214FE432-9C57-4BFE-9B32-9131CA66F82F} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2012-09-20] (CyberLink)
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {27C2EFCA-550D-4227-B4EE-8623204C7BC1} - System32\Tasks\Launch 23436 => C:\Program Files (x86)\Macro Express Pro\macexp.exe
Task: {4379264D-F433-46DD-A857-020CCC076024} - System32\Tasks\EgisUpdate => C:\Program Files\EgisTec IPS\EgisUpdate.exe [2012-07-12] (Egis Technology Inc.)
Task: {4CC312B7-6E38-48D7-968B-5A32EF6DE919} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2012-06-21] ()
Task: {53DB6EFC-4D30-4AAB-AEC4-D14F1332807B} - \DigitalSite No Task File
Task: {5973892A-E570-48C2-942D-80BCF9A53397} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2012-11-06] ()
Task: {66F519FF-5D68-45CE-9ADA-AA4881483EA5} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2012-10-23] (Acer Incorporated)
Task: {6BB8C8C1-9D79-4059-B978-4E307267CF72} - System32\Tasks\Recovery Management\Notification => C:\Program Files\Acer\Acer Recovery Management\Notification\Notification.exe [2012-11-19] (Acer Incorporated)
Task: {91531774-3D3D-4BFD-95E6-EDCE82B73FDD} - \EPUpdater No Task File
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {E1E23314-9829-40DB-9DC6-BE90E50B4267} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-04-03] (AVAST Software)
Task: {E68DE6BF-A61B-40BA-9006-BC6326D1B81D} - System32\Tasks\PMMUpdate => C:\Program Files\EgisTec IPS\PMMUpdate.exe [2012-07-12] (Egis Technology Inc.)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {ED1DEF1E-283C-4EBC-9E29-69FC8D30F26A} - System32\Tasks\Microsoft\Windows\Setup\Windows Upgrade Notification Task => C:\Windows\system32\NotificationUI.exe [2013-08-16] (Microsoft Corporation)
Task: {F12A4599-8AA9-4D80-BD9D-6DA8DA18E9CC} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2013-08-16] (Microsoft Corporation)
Task: {F98C91E6-4D0B-452A-8E1E-93D1B2C9C359} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1816362267-1726252312-946737307-1001Core.job => C:\Users\Ralf\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1816362267-1726252312-946737307-1001UA.job => C:\Users\Ralf\AppData\Local\Facebook\Update\FacebookUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-07-26 09:58 - 2012-07-26 09:53 - 00170864 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
2012-11-23 07:14 - 2012-10-23 20:37 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-04-03 14:24 - 2014-04-02 13:19 - 01380704 _____ () C:\Program Files (x86)\Opera\20.0.1387.91\opera_crashreporter.exe
2014-04-03 14:21 - 2014-04-03 09:47 - 02189312 _____ () C:\Program Files\AVAST Software\Avast\defs\14040300\algo.dll
2014-02-12 21:58 - 2014-02-12 21:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 21:58 - 2014-02-12 21:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-11-03 02:38 - 2012-11-03 02:38 - 00465384 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
2012-11-03 02:37 - 2012-11-03 02:37 - 00125504 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\MailConverter32.dll
2012-11-03 02:38 - 2012-11-03 02:38 - 00155712 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\VolumeSnapshot.dll
2012-11-03 02:37 - 2012-11-03 02:37 - 00118336 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\Online.dll
2012-11-03 02:37 - 2012-11-03 02:37 - 01081408 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\ACE.dll
2012-11-03 02:37 - 2012-11-03 02:37 - 00052288 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\OsSettingPort.dll
2012-11-03 02:37 - 2012-11-03 02:37 - 00727616 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\OutlookShadow.dll
2014-03-06 23:09 - 2014-03-06 23:09 - 00857944 _____ () C:\Users\Ralf\AppData\Roaming\ICQM\ICQ\dll\YLUSBTEL.dll
2012-08-10 16:51 - 2012-08-10 16:51 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
2012-08-10 16:50 - 2012-08-10 16:50 - 00170496 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxslt.dll
2013-12-16 20:59 - 2013-12-16 20:59 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-04-03 14:24 - 2014-04-02 13:19 - 00908640 _____ () C:\Program Files (x86)\Opera\20.0.1387.91\libglesv2.dll
2014-04-03 14:24 - 2014-04-02 13:19 - 00108896 _____ () C:\Program Files (x86)\Opera\20.0.1387.91\libegl.dll
2014-04-03 14:24 - 2014-04-02 13:19 - 00895328 _____ () C:\Program Files (x86)\Opera\20.0.1387.91\ffmpegsumo.dll
2013-03-26 13:56 - 2012-06-25 19:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/03/2014 02:23:37 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: WLANExt.exe, Version: 6.2.9200.16384, Zeitstempel: 0x5010891a
Name des fehlerhaften Moduls: FunDisc.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x5010879e
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000007fbd350e36d
ID des fehlerhaften Prozesses: 0x480
Startzeit der fehlerhaften Anwendung: 0xWLANExt.exe0
Pfad der fehlerhaften Anwendung: WLANExt.exe1
Pfad des fehlerhaften Moduls: WLANExt.exe2
Berichtskennung: WLANExt.exe3
Vollständiger Name des fehlerhaften Pakets: WLANExt.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: WLANExt.exe5

Error: (04/03/2014 02:01:27 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4672

Error: (04/03/2014 02:01:27 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4672

Error: (04/03/2014 02:01:27 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/03/2014 02:01:25 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3453

Error: (04/03/2014 02:01:25 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3453

Error: (04/03/2014 02:01:25 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/03/2014 01:12:46 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 21203

Error: (04/03/2014 01:12:46 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 21203

Error: (04/03/2014 01:12:46 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (04/03/2014 06:24:23 PM) (Source: Microsoft-Windows-Kernel-General) (User: NT-AUTORITÄT)
Description: 0xc000014d0

Error: (04/03/2014 06:06:11 PM) (Source: Microsoft-Windows-Kernel-General) (User: NT-AUTORITÄT)
Description: 0xc000014d0

Error: (04/03/2014 05:59:30 PM) (Source: Microsoft-Windows-Kernel-General) (User: NT-AUTORITÄT)
Description: 0xc000014d0

Error: (04/03/2014 02:23:45 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet.

Modulpfad: C:\Windows\System32\bcmihvsrv64.dll

Error: (04/03/2014 02:19:51 PM) (Source: Microsoft-Windows-Kernel-General) (User: NT-AUTORITÄT)
Description: 0xc000014d0

Error: (04/03/2014 02:19:10 PM) (Source: DCOM) (User: RALF)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}

Error: (04/03/2014 01:12:03 AM) (Source: DCOM) (User: RALF)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}

Error: (03/28/2014 11:53:58 AM) (Source: Microsoft-Windows-Kernel-General) (User: NT-AUTORITÄT)
Description: 0xc000014d0

Error: (03/28/2014 11:54:14 AM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ‎28.‎03.‎2014 um 00:58:04 unerwartet heruntergefahren.

Error: (03/27/2014 09:39:50 PM) (Source: DCOM) (User: RALF)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}


Microsoft Office Sessions:
=========================
Error: (04/03/2014 02:23:37 PM) (Source: Application Error)(User:RALF )
Description: WLANExt.exe6.2.9200.163845010891aFunDisc.dll_unloaded0.0.0.05010879ec0000005000007fbd350e36d48001cf4f3715860414C:\Windows\system32\WLANExt.exeFunDisc. dllc7a25121-bb2a-11e3-be9f-208984837e32

Error: (04/03/2014 02:01:27 PM) (Source: Bonjour Service)(User:RALF )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4672

Error: (04/03/2014 02:01:27 PM) (Source: Bonjour Service)(User:RALF )
Description: Task Scheduling Error: m->NextScheduledEvent 4672

Error: (04/03/2014 02:01:27 PM) (Source: Bonjour Service)(User:RALF )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/03/2014 02:01:25 PM) (Source: Bonjour Service)(User:RALF )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3453

Error: (04/03/2014 02:01:25 PM) (Source: Bonjour Service)(User:RALF )
Description: Task Scheduling Error: m->NextScheduledEvent 3453

Error: (04/03/2014 02:01:25 PM) (Source: Bonjour Service)(User:RALF )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/03/2014 01:12:46 AM) (Source: Bonjour Service)(User:RALF )
Description: Task Scheduling Error: m->NextScheduledSPRetry 21203

Error: (04/03/2014 01:12:46 AM) (Source: Bonjour Service)(User:RALF )
Description: Task Scheduling Error: m->NextScheduledEvent 21203

Error: (04/03/2014 01:12:46 AM) (Source: Bonjour Service)(User:RALF )
Description: Task Scheduling Error: Continuously busy for more than a second


CodeIntegrity Errors:
===================================
Date: 2014-02-28 22:28:28.907
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\Drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Percentage of memory in use: 42%
Total physical RAM: 3911.27 MB
Available physical RAM: 2231.02 MB
Total Pagefile: 12103.27 MB
Available Pagefile: 10251.77 MB
Total Virtual: 8192 MB
Available Virtual: 8191.76 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:679.19 GB) (Free:628.39 GB) NTFS
Drive e: () (Removable) (Total:1.84 GB) (Free:0.02 GB) FAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 699 GB) (Disk ID: 8869580A)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 2 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================

M-K-D-B 03.04.2014 18:50
Servus,






Schritt 1
Bitte lade dir zoek.exe von hier: http://hijackthis.nl/smeenk/
  • Bitte deaktiviere während des Scans alle Virenscanner, da sie das Ergebnis beeinflussen können.
  • Starte die zoek.exe mit einem Doppelklick.
  • Achtung: Das folgende Skript wurde nur für diesen speziellen Fall geschrieben und sollte nicht 1:1 auf andere Computer übernommen werden.
  • Kopiere den Text der folgenden Box in das Skriptfenster von zoek:
    Code:
    FFdefaults;
    CHRdefaults;
    iedefaults;
    emptyclsid;
    autoclean;
  • Nun klicke auf "Run script" und sei geduldig bis das Skript durchgelaufen ist.
  • Wenn das Tool fertig ist, wird sich eine Logdatei öffnen (ggf. erst nach einem Neustart). Das Log befindet sich aber auch noch unter c:
  • Bitte poste mir das ZOEK-Log (möglichst in CODE-Tags - #-Symbol im Antwortfenster klicken)





Schritt 2
Lade dir die passende Version von SystemLook vom folgenden Spiegel herunter und speichere das Tool auf dem Desktop:
SystemLook (32 bit) | SystemLook (64 bit)
  • Doppelklicke auf die SystemLook.exe, um das Tool zu starten.
  • Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:

    Code:
    :regfind
    BonanzaDeals
    Update for Zip Extractor
    Zip Extractor Packages
  • Klicke nun auf den Button Look, um den Scan zu starten.
  • Der Suchlauf kann einige Zeit dauern.
  • Wenn der Suchlauf beendet ist, wird sich dein Editor mit den Ergebnissen öffnen, poste diese in deinen Thread.
  • Die Ergebnisse werden auch auf dem Desktop als SystemLook.txt gespeichert.







Bitte poste mit deiner nächsten Antwort
  • die Logdatei von Zoek,
  • die Logdatei von SystemLook.

rsop 03.04.2014 23:30
Alles klar.

Hier die Zoek Datei

Code:
Zoek.exe v5.0.0.0 Updated 07-March-2014
Tool run by Ralf on 03.04.2014 at 19:57:24,90.
Microsoft Windows 8 6.2.9200  x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Ralf\Downloads\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

03.04.2014 19:59:36 Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-1816362267-1726252312-946737307-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{318A227B-5E9F-45BD-8999-7F8F10CA4CF5} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{318A227B-5E9F-45BD-8999-7F8F10CA4CF5} deleted successfully

==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\Ralf\AppData\Roaming\Mozilla\Firefox\Profiles\viwta3ee.default\prefs.js:

Added to C:\Users\Ralf\AppData\Roaming\Mozilla\Firefox\Profiles\viwta3ee.default\prefs.js:
user_pref("browser.startup.homepage", "hxxp://www.google.com");
user_pref("browser.search.defaulturl", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "hxxp://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

ProfilePath: C:\Users\Ralf\AppData\Roaming\Mozilla\Firefox\Profiles\viwta3ee.default

user.js not found
---- Lines browser.startup.page removed from prefs.js ----
user_pref("browser.startup.page", 3);
---- FireFox user.js and prefs.js backups ----

prefs__2006_.backup

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Opera\shell\open\command]
@="C:\\Program Files (x86)\\Opera\\Opera.exe"

==== Deleting Files \ Folders ======================

C:\Users\Ralf\Desktop\Programme\SoftonicDownloader_fuer_mouse-recorder.exe deleted
"C:\PROGRA~3\boost_interprocess\Nobu64AgentService" deleted
"C:\PROGRA~3\boost_interprocess\Nobu64TrayIcon" deleted
"C:\PROGRA~3\boost_interprocess" not deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{8AA36F4F-6DC7-4c06-77AF-5035170634FE}"="C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox" [06.11.2013 22:02]

==== Firefox Extensions ======================

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Ralf\AppData\Roaming\Mozilla\Firefox\Profiles\viwta3ee.default
D775FA6F1E88B3B99E69E8A0D6C3A819        - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll -        Shockwave Flash
FF0D6F82A0EC13952E83B9439100E45D        - C:\Users\Ralf\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll -        Facebook Video Calling Plugin


==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[03.04.2014 18:23]

avast Online Security - Ralf\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://www.google.com"
"Default_Page_URL"="hxxp://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="hxxp://www.google.com"
"Start Page"="hxxp://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="hxxp://www.google.com"
"Start Page"="hxxp://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="hxxp://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{2724C81C-93FB-46FB-B114-1BD59E48A78C} Unknown  Url="Not_Found"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google  Url="hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Reset Google Chrome ======================

C:\Users\Ralf\AppData\Local\Google\Chrome\User Data\Default\preferences was reset successfully
C:\Users\Ralf\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-1816362267-1726252312-946737307-1001\Software\Microsoft\Internet Explorer\SearchScopes\{2724C81C-93FB-46FB-B114-1BD59E48A78C} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Registry Keys ======================

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\DigitalSite deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Ralf\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Ralf\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

C:\Users\Ralf\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=5 folders=1 438474 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Ralf\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Ralf\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\PROGRA~3\boost_interprocess"  not deleted

==== EOF on 03.04.2014 at 20:20:58,59 ======================

Hier die SystemLook Datei:

Code:
SystemLook 30.07.11 by jpshortstuff
Log created at 00:24 on 04/04/2014 by Ralf
Administrator - Elevation successful

========== regfind ==========

Searching for "BonanzaDeals"
No data found.

Searching for "Update for Zip Extractor"
No data found.

Searching for "Zip Extractor Packages"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Zip Extractor Packages]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Zip Extractor Packages]
"DisplayIcon"="C:\Users\Ralf\AppData\Roaming\0D0S1L2Z1P1B\Zip Extractor Packages\uninstaller.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Zip Extractor Packages]
"UninstallString"="C:\Users\Ralf\AppData\Roaming\0D0S1L2Z1P1B\Zip Extractor Packages\uninstaller.exe /Uninstall /NM="Zip Extractor Packages" /AN="0D0S1L2Z1P1B" /MBN="Zip Extractor Packages""
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Zip Extractor Packages]
"DisplayName"="Zip Extractor Packages"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Zip Extractor Packages]
"UninstallerPath"="C:\Users\Ralf\AppData\Roaming\0D0S1L2Z1P1B\Zip Extractor Packages"
[HKEY_USERS\S-1-5-21-1816362267-1726252312-946737307-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\Zip Extractor Packages]
[HKEY_USERS\S-1-5-21-1816362267-1726252312-946737307-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\Zip Extractor Packages]
"DisplayIcon"="C:\Users\Ralf\AppData\Roaming\0D0S1L2Z1P1B\Zip Extractor Packages\uninstaller.exe"
[HKEY_USERS\S-1-5-21-1816362267-1726252312-946737307-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\Zip Extractor Packages]
"UninstallString"="C:\Users\Ralf\AppData\Roaming\0D0S1L2Z1P1B\Zip Extractor Packages\uninstaller.exe /Uninstall /NM="Zip Extractor Packages" /AN="0D0S1L2Z1P1B" /MBN="Zip Extractor Packages""
[HKEY_USERS\S-1-5-21-1816362267-1726252312-946737307-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\Zip Extractor Packages]
"DisplayName"="Zip Extractor Packages"
[HKEY_USERS\S-1-5-21-1816362267-1726252312-946737307-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\Zip Extractor Packages]
"UninstallerPath"="C:\Users\Ralf\AppData\Roaming\0D0S1L2Z1P1B\Zip Extractor Packages"

-= EOF =-

M-K-D-B 04.04.2014 17:46
Servus,



Wir spüren die letzten Reste auf, damit wir sie später entfernen können:



Kontrollscan mit FRST
Führe wie zuvor beschrieben einen Scan mit FRST aus.
Setze dazu einen Haken bei Addition.txt rechts unten und klicke auf Scan.
Es werden zwei Logdateien erzeugt. Poste mir diese.





Gibt es noch Probleme mit BonanzaDeals? Wenn ja, welche und in welchem Browser?
Wie läuft der Rechner derzeit?





Bitte poste mit deiner nächsten Antwort
  • die zwei Logdateien von FRST,
  • die Beantwortung der gestellten Fragen.

rsop 05.04.2014 12:12
Nein, keinerlei Probleme mehr. Der Rechner läuft auch ohne Probleme.


FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Ralf (administrator) on RALF on 05-04-2014 12:50:19
Running from C:\Users\Ralf\Downloads
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corp.) C:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
(Microsoft Corporation) C:\Windows\system32\dashost.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(Dritek System INC.) C:\Windows\RfBtnSvc64.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Intel Corporation) C:\Windows\system32\igfxext.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\RadioController\RfBtnHelper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\PMMUpdate.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Farbar) C:\Users\Ralf\Downloads\FRST64 (1).exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3008824 2012-11-29] (Synaptics Incorporated)
HKLM-x32\...\Run: [LManager] - [X]
HKLM-x32\...\Run: [RadioController] - C:\Program Files (x86)\RadioController\RfBtnHelper.exe [111216 2013-03-26] (Dritek System Inc.)
HKLM-x32\...\Run: [Norton Online Backup] - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2994880 2012-08-15] (Symantec Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3854640 2014-04-03] (AVAST Software)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\.DEFAULT\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-1816362267-1726252312-946737307-1001\...\Run: [Facebook Update] - C:\Users\Ralf\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-09-16] (Facebook Inc.)
Startup: C:\Users\Ralf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: Citavi Picker - {609D670F-B735-4da7-AC6D-F3BD358E325E} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Ralf\AppData\Roaming\Mozilla\Firefox\Profiles\viwta3ee.default
FF NewTab: hxxp://www.google.com/
FF DefaultSearchEngine: Google
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.com
FF Keyword.URL: hxxp://www.google.com/search?btnG=Google+Search&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\3.0.40818.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Ralf\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-06-08]
FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2013-11-06]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: (Google Docs) - C:\Users\Ralf\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-10]
CHR Extension: (Google Drive) - C:\Users\Ralf\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-10]
CHR Extension: (YouTube) - C:\Users\Ralf\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-10]
CHR Extension: (Google Search) - C:\Users\Ralf\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-10]
CHR Extension: (avast! Online Security) - C:\Users\Ralf\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-03-19]
CHR Extension: (Google Wallet) - C:\Users\Ralf\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-10]
CHR Extension: (Gmail) - C:\Users\Ralf\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-10]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-04-03]

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-04-03] (AVAST Software)
R2 BrcmCardReader; C:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe [176640 2012-08-20] (Broadcom Corp.)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2449552 2012-10-25] (Acer Incorporated)
S3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [469648 2012-11-17] (Acer Incorporated)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [658064 2012-10-23] (Acer Incorporated)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3943104 2012-08-15] (Symantec Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [259136 2012-11-03] (NTI Corporation)
S3 OpenVPNService; C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe [14848 2011-12-15] ()
R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [96880 2013-03-26] (Dritek System INC.)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-10-25] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-04-03] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-04-03] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-04-03] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-04-03] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-04-03] (AVAST Software)
R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [84816 2014-04-03] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208928 2014-04-03] ()
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [6835784 2013-03-26] (Broadcom Corporation)
R1 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0401000.00E\ccSetx64.sys [168608 2012-05-26] (Symantec Corporation)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2013-03-26] (Dritek System Inc.)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31032 2012-11-29] (Synaptics Incorporated)
S3 athr; \SystemRoot\system32\DRIVERS\athrx.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-05 12:46 - 2014-04-05 12:46 - 02157056 _____ (Farbar) C:\Users\Ralf\Downloads\FRST64 (1).exe
2014-04-05 12:37 - 2014-04-05 12:37 - 00000038 _____ () C:\Users\Ralf\Desktop\Nvpn.txt
2014-04-05 12:36 - 2014-04-05 12:36 - 00000000 _____ () C:\Users\Ralf\Desktop\Neues Textdokument (2).txt
2014-04-05 11:53 - 2014-04-05 12:32 - 00065417 _____ () C:\Windows\WindowsUpdate.log
2014-04-05 01:54 - 2014-04-05 02:03 - 00000000 ____D () C:\Users\Ralf\AppData\Local\Temporary Projects
2014-04-04 20:33 - 2014-04-04 20:33 - 00001129 _____ () C:\Users\Public\Desktop\OpenVPN GUI.lnk
2014-04-04 20:32 - 2014-04-04 20:33 - 00000000 ____D () C:\Program Files (x86)\OpenVPN
2014-04-04 20:30 - 2014-04-04 20:30 - 00018614 _____ () C:\Users\Ralf\Downloads\config.zip
2014-04-04 20:29 - 2014-04-04 20:29 - 01426552 _____ () C:\Users\Ralf\Downloads\openvpn-2.2.2-install.exe
2014-04-04 16:00 - 2014-04-04 16:02 - 22909659 _____ () C:\Users\Ralf\Downloads\torbrowser-install-3.5.3_en-US.exe
2014-04-04 15:57 - 2014-04-04 15:57 - 23180864 _____ () C:\Users\Ralf\Downloads\torbrowser-install-3.5.3_de.exe
2014-04-04 13:56 - 2014-04-05 01:53 - 00000000 ____D () C:\Users\Ralf\Desktop\Chat
2014-04-04 13:53 - 2014-04-04 13:53 - 00000000 ____D () C:\Users\Ralf\Desktop\Bereinigungsprogramme
2014-04-04 12:29 - 2014-04-04 12:29 - 00249218 _____ () C:\Users\Ralf\Downloads\WhatsApp Chat Maja.txt
2014-04-04 00:24 - 2014-04-04 00:24 - 00004622 _____ () C:\Users\Ralf\Downloads\SystemLook.txt
2014-04-03 20:20 - 2014-04-03 20:20 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-04-03 20:09 - 2014-04-03 19:57 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-04-03 19:59 - 2014-04-03 20:20 - 00008413 _____ () C:\zoek-results.log
2014-04-03 19:57 - 2014-04-03 20:07 - 00000000 ____D () C:\zoek_backup
2014-04-03 19:57 - 2014-04-03 19:57 - 01285120 _____ () C:\Users\Ralf\Downloads\zoek.exe
2014-04-03 19:55 - 2014-04-03 19:55 - 00165376 _____ () C:\Users\Ralf\Downloads\SystemLook_x64.exe
2014-04-03 19:12 - 2014-04-03 19:28 - 00026877 _____ () C:\Users\Ralf\Downloads\Addition.txt
2014-04-03 19:11 - 2014-04-05 12:50 - 00013067 _____ () C:\Users\Ralf\Downloads\FRST.txt
2014-04-03 19:10 - 2014-04-05 12:50 - 00000000 ____D () C:\FRST
2014-04-03 19:10 - 2014-04-03 19:10 - 02157056 _____ (Farbar) C:\Users\Ralf\Downloads\FRST64.exe
2014-04-03 18:50 - 2014-04-03 18:50 - 00024287 _____ () C:\Users\Ralf\Downloads\Malwarebytes (1).txt
2014-04-03 18:49 - 2014-04-03 18:49 - 00024287 _____ () C:\Users\Ralf\Downloads\Malwarebytes.txt
2014-04-03 18:27 - 2014-01-19 09:33 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-04-03 18:23 - 2014-04-03 18:23 - 00084816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-04-03 18:23 - 2014-04-03 18:23 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-04-03 18:14 - 2014-04-03 18:14 - 00000000 ____D () C:\Windows\ERUNT
2014-04-03 18:09 - 2014-04-03 18:09 - 01037734 _____ (Thisisu) C:\Users\Ralf\Downloads\JRT_6.1.2.exe
2014-04-03 18:03 - 2014-04-03 18:03 - 01426178 _____ () C:\Users\Ralf\Downloads\adwcleaner3023.exe
2014-04-03 17:48 - 2014-04-03 17:48 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Ralf\Downloads\mbam-setup-2.0.0.1000 (2).exe
2014-04-03 17:48 - 2014-04-03 17:48 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Ralf\Downloads\mbam-setup-2.0.0.1000 (1).exe
2014-04-03 17:47 - 2014-04-03 18:41 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-03 17:46 - 2014-04-03 17:46 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-03 17:46 - 2014-04-03 17:46 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-03 17:46 - 2014-03-05 09:26 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 17:46 - 2014-03-05 09:26 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 17:46 - 2014-03-05 09:26 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-03 17:45 - 2014-04-03 17:46 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Ralf\Downloads\mbam-setup-2.0.0.1000.exe
2014-04-03 16:11 - 2014-04-03 16:11 - 00010054 _____ () C:\Users\Ralf\AppData\Local\recently-used.xbel
2014-04-03 16:01 - 2014-04-03 16:01 - 00000000 ____D () C:\Users\Ralf\Desktop\sweet_date_2.3.1
2014-04-03 14:18 - 2014-04-03 14:19 - 00002560 _____ () C:\Windows\_MSRSTRT.EXE
2014-04-03 14:15 - 2014-04-05 12:13 - 00001770 _____ () C:\Users\Ralf\AppData\Local\Citavi Picker Internet Explorer Protocol.txt
2014-04-03 14:05 - 2014-04-03 14:05 - 00000000 ____D () C:\ProgramData\Synaptics
2014-04-03 13:27 - 2014-04-03 13:28 - 00000000 ____D () C:\Users\Ralf\Documents\Insight Software
2014-04-03 13:27 - 2014-04-03 13:27 - 00000000 ____D () C:\Users\Public\Documents\Insight Software
2014-04-02 20:42 - 2014-04-02 20:42 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server
2014-04-02 20:42 - 2014-04-02 20:42 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-04-02 20:41 - 2014-04-02 20:41 - 00000000 ____D () C:\Program Files\Microsoft Synchronization Services
2014-04-02 20:41 - 2014-04-02 20:41 - 00000000 ____D () C:\Program Files\Microsoft SQL Server Compact Edition
2014-04-02 20:41 - 2014-04-02 20:41 - 00000000 ____D () C:\Program Files (x86)\Microsoft Synchronization Services
2014-04-02 20:41 - 2014-04-02 20:41 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2014-04-02 20:39 - 2014-04-03 01:10 - 00000000 ____D () C:\Users\Ralf\Documents\Visual Studio 2010
2014-04-02 20:36 - 2014-04-02 20:44 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 10.0
2014-04-02 20:34 - 2014-04-02 20:34 - 00000000 ____D () C:\Windows\symbols
2014-04-02 20:34 - 2014-04-02 20:34 - 00000000 ____D () C:\Windows\PCHEALTH
2014-04-02 20:34 - 2014-04-02 20:34 - 00000000 ____D () C:\Program Files\Microsoft Visual Studio 10.0
2014-04-02 20:34 - 2014-04-02 20:34 - 00000000 ____D () C:\Program Files\Microsoft Help Viewer
2014-04-02 20:34 - 2014-04-02 20:34 - 00000000 ____D () C:\Program Files (x86)\Microsoft SDKs
2014-04-02 11:13 - 2014-04-02 11:13 - 00000090 ____H () C:\Users\Ralf\Desktop\.~lock.Unbenannt 1.odt#
2014-04-02 11:12 - 2014-04-02 11:12 - 00001071 _____ () C:\Users\Public\Desktop\Macro Recorder.lnk
2014-04-02 11:12 - 2014-04-02 11:12 - 00000000 ____D () C:\Program Files (x86)\MacroRecorder
2014-04-02 11:01 - 2014-04-02 11:01 - 00004640 _____ () C:\Users\Ralf\Documents\macex.mex
2014-04-02 11:01 - 2014-01-29 09:39 - 00102362 _____ () C:\Users\Ralf\Documents\samples.mex
2014-04-02 10:55 - 2014-04-02 11:00 - 00000000 ____D () C:\ProgramData\Insight Software Solutions
2014-04-02 10:55 - 2014-04-02 10:55 - 00002872 _____ () C:\Windows\System32\Tasks\Launch 23436
2014-03-27 17:09 - 2014-04-04 13:55 - 00000000 ____D () C:\Users\Ralf\Desktop\Neuer Ordner (3)
2014-03-27 14:01 - 2014-03-27 14:01 - 00320184 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-21 06:46 - 2014-03-21 06:46 - 00000090 ____H () C:\Users\Ralf\Desktop\.~lock.zettel INFI.odt#
2014-03-19 18:42 - 2014-03-19 18:42 - 00000090 ____H () C:\Users\Ralf\Downloads\.~lock.Lösungen_alte_Klausuren.xlsx#
2014-03-13 21:55 - 2014-04-04 21:14 - 00179712 ___SH () C:\Users\Ralf\Downloads\Thumbs.db
2014-03-12 23:43 - 2013-10-25 09:34 - 00035856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2014-03-12 23:43 - 2013-10-25 00:34 - 00248240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2014-03-12 23:42 - 2014-01-31 02:48 - 01339392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-12 23:42 - 2014-01-31 02:06 - 01628160 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-12 19:59 - 2014-02-23 10:13 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-12 19:59 - 2014-02-23 10:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-12 19:59 - 2014-02-23 10:13 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-03-12 19:59 - 2014-02-23 10:13 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-03-12 19:59 - 2014-02-23 10:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-12 19:59 - 2014-02-23 10:12 - 19273216 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-12 19:59 - 2014-02-23 10:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-12 19:59 - 2014-02-23 10:12 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-12 19:59 - 2014-02-23 10:11 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-12 19:59 - 2014-02-23 10:11 - 03960320 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-12 19:59 - 2014-02-23 10:11 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-12 19:59 - 2014-02-23 10:11 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-03-12 19:59 - 2014-02-23 10:11 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-03-12 19:59 - 2014-02-23 10:11 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-12 19:59 - 2014-02-23 10:11 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-12 19:59 - 2014-02-23 10:11 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-12 19:59 - 2014-02-23 08:54 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-12 19:59 - 2014-02-23 08:54 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-12 19:59 - 2014-02-23 08:54 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-03-12 19:59 - 2014-02-23 08:53 - 14358016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-12 19:59 - 2014-02-23 08:53 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-12 19:59 - 2014-02-23 08:53 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-12 19:59 - 2014-02-23 08:53 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-12 19:59 - 2014-02-23 08:53 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-03-12 19:59 - 2014-02-23 08:53 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-12 19:59 - 2014-02-23 08:53 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-12 19:59 - 2014-02-23 08:53 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-03-12 19:59 - 2014-02-23 08:53 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-12 19:59 - 2014-02-23 08:53 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-12 19:59 - 2014-02-23 08:53 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-12 19:59 - 2014-02-23 08:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-12 19:59 - 2014-02-23 08:31 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-12 19:59 - 2014-02-23 06:06 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2014-03-12 19:59 - 2014-02-08 06:34 - 04036608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-12 19:59 - 2013-12-07 08:36 - 19751936 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-03-12 19:59 - 2013-12-07 07:15 - 17560576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-03-12 19:58 - 2014-02-06 01:41 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-12 19:58 - 2014-02-06 01:37 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-11 18:25 - 2011-03-23 19:05 - 00132608 _____ () C:\Users\Ralf\Desktop\Unternehmensbewertung.xls
2014-03-11 18:25 - 2011-03-23 19:05 - 00024064 _____ () C:\Users\Ralf\Desktop\Restwertverteilungsfaktor_mit_Wachstumsrate.xls
2014-03-11 18:25 - 2011-03-23 19:04 - 00347136 _____ () C:\Users\Ralf\Desktop\Kopie von MarginParameterEstimationCircular.xls
2014-03-11 18:25 - 2011-03-23 19:04 - 00333298 _____ () C:\Users\Ralf\Desktop\KfWFördervolumen.bmp
2014-03-11 18:25 - 2011-03-23 19:04 - 00271872 _____ () C:\Users\Ralf\Desktop\IuFPlanung.xls
2014-03-11 18:25 - 2011-03-23 19:04 - 00080384 _____ () C:\Users\Ralf\Desktop\LösungenÜbung.xls
2014-03-11 18:25 - 2011-03-23 19:04 - 00051200 _____ () C:\Users\Ralf\Desktop\LeverageEffektTermingeschäfte.xls
2014-03-11 18:25 - 2011-03-23 19:04 - 00017408 _____ () C:\Users\Ralf\Desktop\KapitalkostenVersorger.xls
2014-03-11 18:25 - 2011-03-23 19:04 - 00014848 _____ () C:\Users\Ralf\Desktop\LösungzeitkonstanteEntnahme.xls
2014-03-11 18:25 - 2011-03-23 19:00 - 00033792 _____ () C:\Users\Ralf\Desktop\ExcelFunktionen.xls
2014-03-11 18:25 - 2011-03-23 19:00 - 00018432 _____ () C:\Users\Ralf\Desktop\FAZ16101999.xls
2014-03-11 18:25 - 2011-03-05 16:46 - 00017990 _____ () C:\Users\Ralf\Desktop\Investitionsaufgaben_aus_den_Klausuren_SS2010_II_und_WS2010.pdf.zip
2014-03-11 18:25 - 2011-03-05 16:46 - 00004321 _____ () C:\Users\Ralf\Desktop\RiskPrinciple.xls.zip
2014-03-11 15:47 - 2014-03-11 15:47 - 00001133 _____ () C:\Users\Public\Desktop\Opera 20.lnk
2014-03-11 15:47 - 2014-03-11 15:47 - 00000000 ____D () C:\Users\Ralf\AppData\Roaming\Opera Software
2014-03-11 15:47 - 2014-03-11 15:47 - 00000000 ____D () C:\Users\Ralf\AppData\Local\Opera Software
2014-03-11 14:40 - 2014-04-04 13:53 - 00000000 ____D () C:\Users\Ralf\Desktop\Programme
2014-03-10 23:08 - 2014-04-03 14:16 - 00000000 ____D () C:\Program Files (x86)\Google
2014-03-10 19:18 - 2014-03-10 19:25 - 00000000 ____D () C:\Users\Ralf\Documents\My Recorded Scripts
2014-03-10 19:18 - 2014-03-10 19:21 - 00000000 ____D () C:\Users\Ralf\AppData\Local\Nemex
2014-03-10 19:18 - 2014-03-10 19:18 - 00000000 ____D () C:\Users\Ralf\AppData\Roaming\Mouse Recorder Pro
2014-03-10 19:18 - 2014-03-10 19:18 - 00000000 ____D () C:\Program Files (x86)\Nemex
2014-03-08 22:43 - 2014-03-08 22:43 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-07 00:40 - 2014-03-07 00:40 - 00000000 ____D () C:\Users\Ralf\voip
2014-03-06 23:09 - 2014-03-06 23:09 - 00001660 _____ () C:\Users\Ralf\AppData\Roaming\Microsoft\Windows\Start Menu\ICQ.lnk
2014-03-06 23:09 - 2014-03-06 23:09 - 00000000 ____D () C:\Users\Ralf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ICQ
2014-03-06 23:08 - 2014-03-27 17:10 - 00000000 ____D () C:\Users\Ralf\Desktop\Logos Seite
2014-03-06 23:08 - 2014-03-06 23:25 - 00000000 ____D () C:\Users\Ralf\AppData\Roaming\ICQ-Profile
2014-03-06 23:08 - 2014-03-06 23:09 - 00000000 ____D () C:\Users\Ralf\AppData\Roaming\ICQM
2014-03-06 17:09 - 2014-03-06 17:09 - 00000000 ____D () C:\Users\Ralf\Desktop\Tor Browser

==================== One Month Modified Files and Folders =======

2014-04-05 12:50 - 2014-04-03 19:11 - 00013067 _____ () C:\Users\Ralf\Downloads\FRST.txt
2014-04-05 12:50 - 2014-04-03 19:10 - 00000000 ____D () C:\FRST
2014-04-05 12:46 - 2014-04-05 12:46 - 02157056 _____ (Farbar) C:\Users\Ralf\Downloads\FRST64 (1).exe
2014-04-05 12:37 - 2014-04-05 12:37 - 00000038 _____ () C:\Users\Ralf\Desktop\Nvpn.txt
2014-04-05 12:36 - 2014-04-05 12:36 - 00000000 _____ () C:\Users\Ralf\Desktop\Neues Textdokument (2).txt
2014-04-05 12:32 - 2014-04-05 11:53 - 00065417 _____ () C:\Windows\WindowsUpdate.log
2014-04-05 12:32 - 2013-06-11 20:26 - 01097216 ___SH () C:\Users\Ralf\Desktop\Thumbs.db
2014-04-05 12:18 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\NDF
2014-04-05 12:14 - 2013-06-08 20:48 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1816362267-1726252312-946737307-1001
2014-04-05 12:13 - 2014-04-03 14:15 - 00001770 _____ () C:\Users\Ralf\AppData\Local\Citavi Picker Internet Explorer Protocol.txt
2014-04-05 12:09 - 2012-07-26 09:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-05 12:07 - 2012-07-26 07:26 - 00524288 ___SH () C:\Windows\system32\config\BBI
2014-04-05 12:02 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\sru
2014-04-05 02:03 - 2014-04-05 01:54 - 00000000 ____D () C:\Users\Ralf\AppData\Local\Temporary Projects
2014-04-05 01:53 - 2014-04-04 13:56 - 00000000 ____D () C:\Users\Ralf\Desktop\Chat
2014-04-05 01:04 - 2013-09-16 21:59 - 00000938 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1816362267-1726252312-946737307-1001UA.job
2014-04-04 22:04 - 2013-09-16 21:59 - 00000916 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1816362267-1726252312-946737307-1001Core.job
2014-04-04 21:14 - 2014-03-13 21:55 - 00179712 ___SH () C:\Users\Ralf\Downloads\Thumbs.db
2014-04-04 20:33 - 2014-04-04 20:33 - 00001129 _____ () C:\Users\Public\Desktop\OpenVPN GUI.lnk
2014-04-04 20:33 - 2014-04-04 20:32 - 00000000 ____D () C:\Program Files (x86)\OpenVPN
2014-04-04 20:30 - 2014-04-04 20:30 - 00018614 _____ () C:\Users\Ralf\Downloads\config.zip
2014-04-04 20:29 - 2014-04-04 20:29 - 01426552 _____ () C:\Users\Ralf\Downloads\openvpn-2.2.2-install.exe
2014-04-04 16:02 - 2014-04-04 16:00 - 22909659 _____ () C:\Users\Ralf\Downloads\torbrowser-install-3.5.3_en-US.exe
2014-04-04 15:57 - 2014-04-04 15:57 - 23180864 _____ () C:\Users\Ralf\Downloads\torbrowser-install-3.5.3_de.exe
2014-04-04 13:57 - 2013-10-11 21:56 - 00000000 ____D () C:\Users\Ralf\Desktop\Yu
2014-04-04 13:56 - 2013-11-13 14:48 - 00000000 ____D () C:\Users\Ralf\Desktop\Studium
2014-04-04 13:55 - 2014-03-27 17:09 - 00000000 ____D () C:\Users\Ralf\Desktop\Neuer Ordner (3)
2014-04-04 13:53 - 2014-04-04 13:53 - 00000000 ____D () C:\Users\Ralf\Desktop\Bereinigungsprogramme
2014-04-04 13:53 - 2014-03-11 14:40 - 00000000 ____D () C:\Users\Ralf\Desktop\Programme
2014-04-04 12:29 - 2014-04-04 12:29 - 00249218 _____ () C:\Users\Ralf\Downloads\WhatsApp Chat Maja.txt
2014-04-04 00:26 - 2013-03-26 22:40 - 00753134 _____ () C:\Windows\system32\perfh007.dat
2014-04-04 00:26 - 2013-03-26 22:40 - 00155826 _____ () C:\Windows\system32\perfc007.dat
2014-04-04 00:26 - 2012-07-26 09:28 - 01745416 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-04 00:24 - 2014-04-04 00:24 - 00004622 _____ () C:\Users\Ralf\Downloads\SystemLook.txt
2014-04-03 20:20 - 2014-04-03 20:20 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-04-03 20:20 - 2014-04-03 19:59 - 00008413 _____ () C:\zoek-results.log
2014-04-03 20:07 - 2014-04-03 19:57 - 00000000 ____D () C:\zoek_backup
2014-04-03 19:57 - 2014-04-03 20:09 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-04-03 19:57 - 2014-04-03 19:57 - 01285120 _____ () C:\Users\Ralf\Downloads\zoek.exe
2014-04-03 19:55 - 2014-04-03 19:55 - 00165376 _____ () C:\Users\Ralf\Downloads\SystemLook_x64.exe
2014-04-03 19:28 - 2014-04-03 19:12 - 00026877 _____ () C:\Users\Ralf\Downloads\Addition.txt
2014-04-03 19:10 - 2014-04-03 19:10 - 02157056 _____ (Farbar) C:\Users\Ralf\Downloads\FRST64.exe
2014-04-03 18:50 - 2014-04-03 18:50 - 00024287 _____ () C:\Users\Ralf\Downloads\Malwarebytes (1).txt
2014-04-03 18:49 - 2014-04-03 18:49 - 00024287 _____ () C:\Users\Ralf\Downloads\Malwarebytes.txt
2014-04-03 18:41 - 2014-04-03 17:47 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-03 18:27 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-04-03 18:23 - 2014-04-03 18:23 - 00084816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-04-03 18:23 - 2014-04-03 18:23 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-04-03 18:23 - 2013-06-08 21:38 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-04-03 18:23 - 2013-06-08 21:38 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-04-03 18:23 - 2013-06-08 21:38 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-04-03 18:23 - 2013-06-08 21:38 - 00208928 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-04-03 18:23 - 2013-06-08 21:38 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-04-03 18:23 - 2013-06-08 21:38 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-04-03 18:23 - 2013-06-08 21:38 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-04-03 18:23 - 2013-06-08 21:38 - 00003924 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-04-03 18:23 - 2013-06-08 21:38 - 00001970 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-04-03 18:14 - 2014-04-03 18:14 - 00000000 ____D () C:\Windows\ERUNT
2014-04-03 18:09 - 2014-04-03 18:09 - 01037734 _____ (Thisisu) C:\Users\Ralf\Downloads\JRT_6.1.2.exe
2014-04-03 18:05 - 2013-10-02 20:06 - 00000000 ____D () C:\AdwCleaner
2014-04-03 18:03 - 2014-04-03 18:03 - 01426178 _____ () C:\Users\Ralf\Downloads\adwcleaner3023.exe
2014-04-03 17:59 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\Registration
2014-04-03 17:48 - 2014-04-03 17:48 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Ralf\Downloads\mbam-setup-2.0.0.1000 (2).exe
2014-04-03 17:48 - 2014-04-03 17:48 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Ralf\Downloads\mbam-setup-2.0.0.1000 (1).exe
2014-04-03 17:46 - 2014-04-03 17:46 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-03 17:46 - 2014-04-03 17:46 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-03 17:46 - 2014-04-03 17:45 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Ralf\Downloads\mbam-setup-2.0.0.1000.exe
2014-04-03 17:38 - 2013-06-14 00:27 - 00000000 ____D () C:\Users\Ralf\AppData\Local\CrashDumps
2014-04-03 16:11 - 2014-04-03 16:11 - 00010054 _____ () C:\Users\Ralf\AppData\Local\recently-used.xbel
2014-04-03 16:11 - 2013-10-28 14:00 - 00000000 ____D () C:\Users\Ralf\AppData\Local\gtk-2.0
2014-04-03 16:11 - 2013-10-28 13:58 - 00000000 ____D () C:\Users\Ralf\.gimp-2.8
2014-04-03 16:01 - 2014-04-03 16:01 - 00000000 ____D () C:\Users\Ralf\Desktop\sweet_date_2.3.1
2014-04-03 14:24 - 2013-06-08 17:18 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-04-03 14:19 - 2014-04-03 14:18 - 00002560 _____ () C:\Windows\_MSRSTRT.EXE
2014-04-03 14:16 - 2014-03-10 23:08 - 00000000 ____D () C:\Program Files (x86)\Google
2014-04-03 14:05 - 2014-04-03 14:05 - 00000000 ____D () C:\ProgramData\Synaptics
2014-04-03 13:28 - 2014-04-03 13:27 - 00000000 ____D () C:\Users\Ralf\Documents\Insight Software
2014-04-03 13:27 - 2014-04-03 13:27 - 00000000 ____D () C:\Users\Public\Documents\Insight Software
2014-04-03 01:10 - 2014-04-02 20:39 - 00000000 ____D () C:\Users\Ralf\Documents\Visual Studio 2010
2014-04-02 20:44 - 2014-04-02 20:36 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 10.0
2014-04-02 20:42 - 2014-04-02 20:42 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server
2014-04-02 20:42 - 2014-04-02 20:42 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-04-02 20:41 - 2014-04-02 20:41 - 00000000 ____D () C:\Program Files\Microsoft Synchronization Services
2014-04-02 20:41 - 2014-04-02 20:41 - 00000000 ____D () C:\Program Files\Microsoft SQL Server Compact Edition
2014-04-02 20:41 - 2014-04-02 20:41 - 00000000 ____D () C:\Program Files (x86)\Microsoft Synchronization Services
2014-04-02 20:41 - 2014-04-02 20:41 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2014-04-02 20:34 - 2014-04-02 20:34 - 00000000 ____D () C:\Windows\symbols
2014-04-02 20:34 - 2014-04-02 20:34 - 00000000 ____D () C:\Windows\PCHEALTH
2014-04-02 20:34 - 2014-04-02 20:34 - 00000000 ____D () C:\Program Files\Microsoft Visual Studio 10.0
2014-04-02 20:34 - 2014-04-02 20:34 - 00000000 ____D () C:\Program Files\Microsoft Help Viewer
2014-04-02 20:34 - 2014-04-02 20:34 - 00000000 ____D () C:\Program Files (x86)\Microsoft SDKs
2014-04-02 20:34 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-04-02 15:37 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-04-02 11:13 - 2014-04-02 11:13 - 00000090 ____H () C:\Users\Ralf\Desktop\.~lock.Unbenannt 1.odt#
2014-04-02 11:12 - 2014-04-02 11:12 - 00001071 _____ () C:\Users\Public\Desktop\Macro Recorder.lnk
2014-04-02 11:12 - 2014-04-02 11:12 - 00000000 ____D () C:\Program Files (x86)\MacroRecorder
2014-04-02 11:01 - 2014-04-02 11:01 - 00004640 _____ () C:\Users\Ralf\Documents\macex.mex
2014-04-02 11:00 - 2014-04-02 10:55 - 00000000 ____D () C:\ProgramData\Insight Software Solutions
2014-04-02 10:55 - 2014-04-02 10:55 - 00002872 _____ () C:\Windows\System32\Tasks\Launch 23436
2014-04-02 02:19 - 2014-02-16 04:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-27 17:10 - 2014-03-06 23:08 - 00000000 ____D () C:\Users\Ralf\Desktop\Logos Seite
2014-03-27 14:01 - 2014-03-27 14:01 - 00320184 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-21 06:46 - 2014-03-21 06:46 - 00000090 ____H () C:\Users\Ralf\Desktop\.~lock.zettel INFI.odt#
2014-03-19 18:42 - 2014-03-19 18:42 - 00000090 ____H () C:\Users\Ralf\Downloads\.~lock.Lösungen_alte_Klausuren.xlsx#
2014-03-19 13:19 - 2013-08-15 16:42 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-19 13:16 - 2013-06-11 20:44 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-13 13:40 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\rescache
2014-03-13 12:07 - 2013-06-08 17:15 - 00000000 ___RD () C:\Users\Ralf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-13 12:07 - 2013-06-08 17:15 - 00000000 ___RD () C:\Users\Ralf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-03-13 12:03 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-03-13 12:03 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-03-13 12:03 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files\Windows Defender
2014-03-13 12:03 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-03-13 12:02 - 2012-07-26 10:12 - 00000000 ___RD () C:\Windows\ToastData
2014-03-11 15:47 - 2014-03-11 15:47 - 00001133 _____ () C:\Users\Public\Desktop\Opera 20.lnk
2014-03-11 15:47 - 2014-03-11 15:47 - 00000000 ____D () C:\Users\Ralf\AppData\Roaming\Opera Software
2014-03-11 15:47 - 2014-03-11 15:47 - 00000000 ____D () C:\Users\Ralf\AppData\Local\Opera Software
2014-03-10 23:07 - 2013-10-02 19:30 - 00000000 ____D () C:\Users\Ralf\AppData\Local\Google
2014-03-10 19:25 - 2014-03-10 19:18 - 00000000 ____D () C:\Users\Ralf\Documents\My Recorded Scripts
2014-03-10 19:21 - 2014-03-10 19:18 - 00000000 ____D () C:\Users\Ralf\AppData\Local\Nemex
2014-03-10 19:18 - 2014-03-10 19:18 - 00000000 ____D () C:\Users\Ralf\AppData\Roaming\Mouse Recorder Pro
2014-03-10 19:18 - 2014-03-10 19:18 - 00000000 ____D () C:\Program Files (x86)\Nemex
2014-03-09 00:58 - 2014-03-03 20:26 - 00000000 ____D () C:\Users\Ralf\AppData\Roaming\Skype
2014-03-08 22:43 - 2014-03-08 22:43 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-08 22:43 - 2014-03-03 20:26 - 00000000 ____D () C:\ProgramData\Skype
2014-03-07 00:40 - 2014-03-07 00:40 - 00000000 ____D () C:\Users\Ralf\voip
2014-03-07 00:40 - 2013-06-08 17:13 - 00000000 ____D () C:\Users\Ralf
2014-03-06 23:25 - 2014-03-06 23:08 - 00000000 ____D () C:\Users\Ralf\AppData\Roaming\ICQ-Profile
2014-03-06 23:09 - 2014-03-06 23:09 - 00001660 _____ () C:\Users\Ralf\AppData\Roaming\Microsoft\Windows\Start Menu\ICQ.lnk
2014-03-06 23:09 - 2014-03-06 23:09 - 00000000 ____D () C:\Users\Ralf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ICQ
2014-03-06 23:09 - 2014-03-06 23:08 - 00000000 ____D () C:\Users\Ralf\AppData\Roaming\ICQM
2014-03-06 17:09 - 2014-03-06 17:09 - 00000000 ____D () C:\Users\Ralf\Desktop\Tor Browser

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-28 13:17

==================== End Of Log ============================
--- --- ---

--- --- ---



Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by Ralf at 2014-04-05 12:50:43
Running from C:\Users\Ralf\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

 clear.fi SDK - Video 2 (x32 Version: 2.1.2128 - CyberLink Corp.) Hidden
 clear.fi SDK- Movie 2 (x32 Version: 2.1.2112 - CyberLink Corp.) Hidden
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Acer Backup Manager (HKLM-x32\...\InstallShield_{9DDDF20E-9FD1-4434-A43E-E7889DBC9420}) (Version: 4.0.0.0071 - NTI Corporation)
Acer Device Fast-lane (HKLM\...\{3F62D2FD-13C1-49A2-8B5D-47623D9460D7}) (Version: 1.00.3011 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3011 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3015 - Acer Incorporated)
AcerCloud (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 2.01.3125 - Acer Incorporated)
AcerCloud Docs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.00.3204 - Acer Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98 - WildTangent) Hidden
Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Auslogics DiskDefrag (HKLM-x32\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 4.5.1.0 - Auslogics Labs Pty Ltd)
avast! Free Antivirus (HKLM-x32\...\avast) (Version: 9.0.2016 - Avast Software)
Backup Manager v4 (x32 Version: 4.0.0.0071 - NTI Corporation) Hidden
Bandizip (HKCU\...\Bandizip) (Version: 3.07 - Bandisoft.com)
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 6.30.59.96 - Broadcom Corporation)
Broadcom Card Reader Driver Installer (HKLM\...\{F0A7DF2F-0BE0-470F-B137-D7A19F977189}) (Version: 15.4.7.1 - Broadcom Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 4.10 - Piriform)
Citavi 4 (HKLM-x32\...\{CC0A85B2-734A-45B3-B678-05F6A6499AC7}) (Version: 4.2.0.11 - Swiss Academic Software)
clear.fi Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.01.3112 - Acer Incorporated)
clear.fi Photo (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 2.01.3109 - Acer Incorporated)
CyberLink MediaEspresso 6.5 (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.3318_45364 - CyberLink Corp.)
CyberLink MediaEspresso 6.5 (x32 Version: 6.5.3318_45364 - CyberLink Corp.) Hidden
Delicious: Emily's True Love Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Dritek Radio Controller (HKLM-x32\...\RadioController) (Version: 2.02.2001.0803 - Dritek System Inc.)
eBay Worldwide (HKLM-x32\...\{A694AF57-9891-4D62-824C-7E55A1361A14}) (Version: 2.3.0630 - OEM)
Facebook Video Calling 2.0.0.447 (HKLM-x32\...\{8DF41A9F-FE13-43E8-A003-5F9B55A011EE}) (Version: 2.0.447 - Skype Limited)
GIMP 2.8.8 (HKLM\...\GIMP-2_is1) (Version: 2.8.8 - The GIMP Team)
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
ICQ 8.2 (build 6901) (HKCU\...\ICQ) (Version: 8.2.6901.0 - ICQ)
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3004 - Acer Incorporated)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2867 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.4.1001 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
Island Tribe (x32 Version: 2.2.0.98 - WildTangent) Hidden
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 7.0.10 - Acer Inc.)
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3006 - Acer Incorporated)
Macro Recorder 5.7.4 (HKLM-x32\...\Macro Recorder_is1) (Version: 5.7.4 - Jitbit Software)
Magic Academy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes Anti-Malware Version 2.00.0.1000 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.00.0.1000 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Application Error Reporting (x32 Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Help Viewer 1.0 (HKLM\...\Microsoft Help Viewer 1.0) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Help Viewer 1.0 (Version: 1.0.30319 - Microsoft Corporation) Hidden
Microsoft Help Viewer 1.0 Language Pack - DEU (HKLM\...\Microsoft Help Viewer 1.0 Language Pack - DEU) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Help Viewer 1.0 Language Pack - DEU (Version: 1.0.30319 - Microsoft Corporation) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 3.0.40818.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{A106D33E-6B43-42C0-9BFC-D03303261FA7}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 DEU (HKLM-x32\...\{0125D081-30D0-4A97-82A8-C28D444B6256}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 DEU (HKLM\...\{C3EAE456-7E7A-451F-80EF-F34C7A13C558}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{5A08C9D1-37AD-4A8D-90D3-33F92C578AA5}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft Visual Basic 2010 Express - DEU (HKLM-x32\...\Microsoft Visual Basic 2010 Express - DEU) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Basic 2010 Express - DEU (x32 Version: 10.0.30319 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Runtime - 10.0.30319 (HKLM\...\{94D70749-4281-39AC-AD90-B56A0E0A402E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Office Runtime (x32 Version: 8.0.60940.0 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (HKLM-x32\...\{616C6F39-4CE1-3434-A665-2F6A04C09A7F}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 2010 Express Prerequisites x64 - DEU (HKLM\...\{3C983A67-DFB2-3D3D-AD9E-CA1A5A09FD18}) (Version: 10.0.30319 - Microsoft Corporation)
Mouse Recorder Pro 2.0.7.0 (HKLM-x32\...\{889E44CE-435C-4D37-B302-A7E43339E5FA}_is1) (Version:  - Nemex Studios)
Mozilla Firefox 27.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 de)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
MyWinLocker (Version: 4.0.14.35 - Egis Technology Inc.) Hidden
MyWinLocker 4 (x32 Version: 4.0.14.35 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.24 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 4.0.14.24 - Egis Technology Inc.) Hidden
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.2.3.51r - Symantec Corporation)
Norton Online Backup ARA (x32 Version: 4.1.0.14 - Symantec Corporation) Hidden
NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.9014 - NTI Corporation)
NTI Media Maker 9 (x32 Version: 9.0.2.9014 - NTI Corporation) Hidden
Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.01.3202 - Acer)
Office Addin 2003 (HKLM-x32\...\{1FCC073B-CC01-4443-AD20-E559F66E6E83}) (Version: 2.01.3202 - Acer)
OpenOffice.org 3.4.1 (HKLM-x32\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
OpenVPN 2.2.2 (HKLM-x32\...\OpenVPN) (Version: 2.2.2 - )
Opera 12.16 (HKLM-x32\...\Opera 12.16.1860) (Version: 12.16.1860 - Opera Software ASA)
Opera Stable 20.0.1387.91 (HKLM-x32\...\Opera 20.0.1387.91) (Version: 20.0.1387.91 - Opera Software ASA)
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6657 - Realtek Semiconductor Corp.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Spotify (HKLM-x32\...\Spotify) (Version: 0.8.4.99.ga249b5f1 - Spotify AB)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.3.4.0 - Synaptics Incorporated)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU (HKLM-x32\...\{CFCB8616-A5D1-4281-80E8-389F685BFAE2}) (Version: 4.0.8080.0 - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.9.3 - WildTangent) Hidden
Zip Extractor Packages (HKCU\...\Zip Extractor Packages) (Version:  - ) <==== ATTENTION
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

==================== Restore Points  =========================

19-03-2014 11:14:23 Windows Update
27-03-2014 18:34:10 Geplanter Prüfpunkt
02-04-2014 08:54:22 Install Macro Express Pro
02-04-2014 08:54:23 Install Macro Express Pro
02-04-2014 08:54:41 Install Macro Express Pro
03-04-2014 12:16:49 Uninstall Install Macro Express 3

==================== Hosts content: ==========================

2012-07-26 07:26 - 2012-07-26 07:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0B13EB85-F75F-4BD6-A8A8-B2D26C3EFF90} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1816362267-1726252312-946737307-1001UA => C:\Users\Ralf\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-09-16] (Facebook Inc.)
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {1B0DC02C-EB59-40C6-9C13-FD825141CE7A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-01-21] (Piriform Ltd)
Task: {1DB94D3B-66F2-456E-8D9F-4C5351241064} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1816362267-1726252312-946737307-1001Core => C:\Users\Ralf\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-09-16] (Facebook Inc.)
Task: {214FE432-9C57-4BFE-9B32-9131CA66F82F} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2012-09-20] (CyberLink)
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {27C2EFCA-550D-4227-B4EE-8623204C7BC1} - System32\Tasks\Launch 23436 => C:\Program Files (x86)\Macro Express Pro\macexp.exe
Task: {4379264D-F433-46DD-A857-020CCC076024} - System32\Tasks\EgisUpdate => C:\Program Files\EgisTec IPS\EgisUpdate.exe [2012-07-12] (Egis Technology Inc.)
Task: {4CC312B7-6E38-48D7-968B-5A32EF6DE919} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2012-06-21] ()
Task: {53DB6EFC-4D30-4AAB-AEC4-D14F1332807B} - \DigitalSite No Task File
Task: {5973892A-E570-48C2-942D-80BCF9A53397} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2012-11-06] ()
Task: {66F519FF-5D68-45CE-9ADA-AA4881483EA5} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2012-10-23] (Acer Incorporated)
Task: {6BB8C8C1-9D79-4059-B978-4E307267CF72} - System32\Tasks\Recovery Management\Notification => C:\Program Files\Acer\Acer Recovery Management\Notification\Notification.exe [2012-11-19] (Acer Incorporated)
Task: {91531774-3D3D-4BFD-95E6-EDCE82B73FDD} - \EPUpdater No Task File
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {E1E23314-9829-40DB-9DC6-BE90E50B4267} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-04-03] (AVAST Software)
Task: {E68DE6BF-A61B-40BA-9006-BC6326D1B81D} - System32\Tasks\PMMUpdate => C:\Program Files\EgisTec IPS\PMMUpdate.exe [2012-07-12] (Egis Technology Inc.)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {ED1DEF1E-283C-4EBC-9E29-69FC8D30F26A} - System32\Tasks\Microsoft\Windows\Setup\Windows Upgrade Notification Task => C:\Windows\system32\NotificationUI.exe [2013-08-16] (Microsoft Corporation)
Task: {F12A4599-8AA9-4D80-BD9D-6DA8DA18E9CC} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2013-08-16] (Microsoft Corporation)
Task: {F98C91E6-4D0B-452A-8E1E-93D1B2C9C359} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1816362267-1726252312-946737307-1001Core.job => C:\Users\Ralf\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1816362267-1726252312-946737307-1001UA.job => C:\Users\Ralf\AppData\Local\Facebook\Update\FacebookUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-06-22 04:12 - 2012-06-22 04:12 - 01407568 _____ () C:\Program Files (x86)\EgisTec MyWinLocker\x64\LIBEAY32.dll
2012-07-26 09:58 - 2012-07-26 09:53 - 00170864 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
2012-11-23 07:14 - 2012-10-23 20:37 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-04-04 13:52 - 2014-04-04 13:52 - 02189312 _____ () C:\Program Files\AVAST Software\Avast\defs\14040400\algo.dll
2014-02-12 21:58 - 2014-02-12 21:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 21:58 - 2014-02-12 21:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-11-03 02:38 - 2012-11-03 02:38 - 00465384 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
2012-11-03 02:37 - 2012-11-03 02:37 - 00125504 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\MailConverter32.dll
2012-11-03 02:38 - 2012-11-03 02:38 - 00155712 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\VolumeSnapshot.dll
2012-11-03 02:37 - 2012-11-03 02:37 - 00118336 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\Online.dll
2012-11-03 02:37 - 2012-11-03 02:37 - 01081408 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\ACE.dll
2012-11-03 02:37 - 2012-11-03 02:37 - 00052288 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\OsSettingPort.dll
2012-11-03 02:37 - 2012-11-03 02:37 - 00727616 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\OutlookShadow.dll
2013-12-16 20:59 - 2013-12-16 20:59 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2012-08-10 16:51 - 2012-08-10 16:51 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
2013-03-26 13:56 - 2012-06-25 19:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/05/2014 00:00:53 PM) (Source: Windows Search Service) (User: )
Description: Der Index kann nicht initialisiert werden.


Details:
        Das angegebene Objekt wurde nicht gefunden. Geben Sie den Namen eines vorhandenen Objekts an.  (HRESULT : 0x80040d06) (0x80040d06)

Error: (04/05/2014 00:00:53 PM) (Source: Windows Search Service) (User: )
Description: Die Anwendung kann nicht initialisiert werden.

Kontext: Windows Anwendung


Details:
        Das angegebene Objekt wurde nicht gefunden. Geben Sie den Namen eines vorhandenen Objekts an.  (HRESULT : 0x80040d06) (0x80040d06)

Error: (04/05/2014 00:00:53 PM) (Source: Windows Search Service) (User: )
Description: Das Gatherer-Objekt kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
        Das angegebene Objekt wurde nicht gefunden. Geben Sie den Namen eines vorhandenen Objekts an.  (HRESULT : 0x80040d06) (0x80040d06)

Error: (04/05/2014 00:00:53 PM) (Source: Windows Search Service) (User: )
Description: Plug-In in <Search.TripoliIndexer> kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
        Das angegebene Objekt wurde nicht gefunden. Geben Sie den Namen eines vorhandenen Objekts an.  (HRESULT : 0x80040d06) (0x80040d06)

Error: (04/05/2014 00:00:53 PM) (Source: Windows Search Service) (User: )
Description: Der Plug-In-Manager <Search.TripoliIndexer> kann nicht initialisiert werden.

Kontext: Windows Anwendung


Details:
        (HRESULT : 0x8e5e0210) (0x8e5e0210)

Error: (04/05/2014 00:00:52 PM) (Source: Windows Search Service) (User: )
Description: Windows Search wird aufgrund eines Problems bei der Indizierung The catalog is corrupt beendet.


Details:
        Der Inhaltsindexkatalog ist fehlerhaft.  0xc0041801 (0xc0041801)

Error: (04/05/2014 00:00:52 PM) (Source: Windows Search Service) (User: )
Description: Vom Suchdienst wurden beschädigte Datendateien im Index {id=4810 - enduser\mssearch2\search\ytrip\common\util\jetutil.cpp (167)} erkannt. Vom Dienst wird versucht, dieses Problem durch Neuerstellung des Indexes automatisch zu beheben.


Details:
        0x8e5e0210 (0x8e5e0210)

Error: (04/05/2014 00:00:52 PM) (Source: ESENT) (User: )
Description: SearchIndexer (4008) Windows: Fehler -1811 (0xfffff8ed) beim Öffnen von Protokolldatei C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edb000AE.log.

Error: (04/05/2014 02:10:23 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9954

Error: (04/05/2014 02:10:23 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9954


System errors:
=============
Error: (04/05/2014 00:08:12 PM) (Source: Microsoft-Windows-Kernel-General) (User: NT-AUTORITÄT)
Description: 0xc000014d0

Error: (04/05/2014 00:01:18 PM) (Source: DCOM) (User: RALF)
Description: 1053WSearchNicht verfügbar{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (04/05/2014 00:01:18 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (04/05/2014 00:01:18 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Search erreicht.

Error: (04/05/2014 00:00:53 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (04/05/2014 00:00:53 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Search" wurde mit dem folgenden dienstspezifischen Fehler beendet:
%%2147749126

Error: (04/05/2014 11:59:18 AM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ‎05.‎04.‎2014 um 02:07:58 unerwartet heruntergefahren.

Error: (04/05/2014 11:58:41 AM) (Source: Microsoft-Windows-Kernel-General) (User: NT-AUTORITÄT)
Description: 0xc000014d0

Error: (04/03/2014 08:20:13 PM) (Source: Microsoft-Windows-Kernel-General) (User: NT-AUTORITÄT)
Description: 0xc000014d0

Error: (04/03/2014 08:06:59 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.


Microsoft Office Sessions:
=========================
Error: (04/05/2014 00:00:53 PM) (Source: Windows Search Service)(User: )
Description:
Details:
        Das angegebene Objekt wurde nicht gefunden. Geben Sie den Namen eines vorhandenen Objekts an.  (HRESULT : 0x80040d06) (0x80040d06)

Error: (04/05/2014 00:00:53 PM) (Source: Windows Search Service)(User: )
Description: Kontext: Windows Anwendung


Details:
        Das angegebene Objekt wurde nicht gefunden. Geben Sie den Namen eines vorhandenen Objekts an.  (HRESULT : 0x80040d06) (0x80040d06)

Error: (04/05/2014 00:00:53 PM) (Source: Windows Search Service)(User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog


Details:
        Das angegebene Objekt wurde nicht gefunden. Geben Sie den Namen eines vorhandenen Objekts an.  (HRESULT : 0x80040d06) (0x80040d06)

Error: (04/05/2014 00:00:53 PM) (Source: Windows Search Service)(User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog


Details:
        Das angegebene Objekt wurde nicht gefunden. Geben Sie den Namen eines vorhandenen Objekts an.  (HRESULT : 0x80040d06) (0x80040d06)
Search.TripoliIndexer

Error: (04/05/2014 00:00:53 PM) (Source: Windows Search Service)(User: )
Description: Kontext: Windows Anwendung


Details:
        (HRESULT : 0x8e5e0210) (0x8e5e0210)
Search.TripoliIndexer

Error: (04/05/2014 00:00:52 PM) (Source: Windows Search Service)(User: )
Description:
Details:
        Der Inhaltsindexkatalog ist fehlerhaft.  0xc0041801 (0xc0041801)
The catalog is corrupt

Error: (04/05/2014 00:00:52 PM) (Source: Windows Search Service)(User: )
Description:
Details:
        0x8e5e0210 (0x8e5e0210)
4810 - enduser\mssearch2\search\ytrip\common\util\jetutil.cpp (167)

Error: (04/05/2014 00:00:52 PM) (Source: ESENT)(User: )
Description: SearchIndexer4008Windows: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edb000AE.log-1811 (0xfffff8ed)

Error: (04/05/2014 02:10:23 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9954

Error: (04/05/2014 02:10:23 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9954


CodeIntegrity Errors:
===================================
  Date: 2014-02-28 22:28:28.907
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\Drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Percentage of memory in use: 28%
Total physical RAM: 3911.27 MB
Available physical RAM: 2793.58 MB
Total Pagefile: 12103.27 MB
Available Pagefile: 10939.87 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:679.19 GB) (Free:629.21 GB) NTFS
Drive e: () (Removable) (Total:1.84 GB) (Free:0.02 GB) FAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 699 GB) (Disk ID: 8869580A)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 2 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================

M-K-D-B 05.04.2014 12:53
Servus,



Wir entfernen die letzten Reste und kontrollieren nochmal alles. ESET kann länger (> 2 h) dauern.
Im Anschluss daran räumen wir auf und ich gebe dir noch ein paar Tipps mit auf den Weg.



Schritt 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument


Code:
start
Task: {53DB6EFC-4D30-4AAB-AEC4-D14F1332807B} - \DigitalSite No Task File
Task: {91531774-3D3D-4BFD-95E6-EDCE82B73FDD} - \EPUpdater No Task File
Reg: reg delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Zip Extractor Packages" /f
end

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.






Schritt 2
Downloade dir die passende Version von HitmanPro auf deinen Desktop: HitmanPro - 32 Bit | HitmanPro - 64 Bit.
  • Starte die HitmanPro.exe
  • Klicke auf
  • Entferne den Haken bei
  • Klicke auf
    und
  • Akzeptiere die Lizenzbedingungen und klicke auf
  • Klicke auf

    und auf
  • Wenn der Scan beendet wurde, nichts löschen lassen etc. sondern wähle unten links auf der Button-Leiste
    und speichere die Logdatei auf Deinem Desktop.
  • Schließe HitmanPro und poste mir das Log.

 






Schritt 3

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset






Schritt 4
Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.






Bitte poste mit deiner nächsten Antwort
  • die Logdatei von FRST,
  • die Logdatei von HitmanPro,
  • die Logdatei von ESET,
  • die Logdatei von SecurityCheck.

rsop 05.04.2014 15:08
Alles klar.

Fixlog:

Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014
Ran by Ralf at 2014-04-05 14:07:28 Run:1
Running from C:\Users\Ralf\Desktop\NEW LOGS
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
Task: {53DB6EFC-4D30-4AAB-AEC4-D14F1332807B} - \DigitalSite No Task File
Task: {91531774-3D3D-4BFD-95E6-EDCE82B73FDD} - \EPUpdater No Task File
Reg: reg delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Zip Extractor Packages" /f
end
       
*****************

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{53DB6EFC-4D30-4AAB-AEC4-D14F1332807B} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{53DB6EFC-4D30-4AAB-AEC4-D14F1332807B} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DigitalSite => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{91531774-3D3D-4BFD-95E6-EDCE82B73FDD} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{91531774-3D3D-4BFD-95E6-EDCE82B73FDD} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EPUpdater => Key deleted successfully.

========= reg delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Zip Extractor Packages" /f =========

Der Vorgang wurde erfolgreich beendet.



========= End of Reg: =========


==== End of Fixlog ====

Hitman Pro:

Code:

       
Code:

       
HitmanPro 3.7.9.216
www.hitmanpro.com

   Computer name . . . . : RALF
   Windows . . . . . . . : 6.2.0.9200.X64/4
   User name . . . . . . : RALF\Ralf
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Trial (30 days left)

   Scan date . . . . . . : 2014-04-05 14:10:40
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 4m 52s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 1
   Traces  . . . . . . . : 1

   Objects scanned . . . : 1.552.564
   Files scanned . . . . : 42.009
   Remnants scanned  . . : 498.341 files / 1.012.214 keys

Malware _____________________________________________________________________

   C:\Users\Ralf\Desktop\Studium\Voll\GillSans.exe -> Quarantined
      Size . . . . . . . : 300.656 bytes
      Age  . . . . . . . : 234.0 days (2013-08-14 14:58:58)
      Entropy  . . . . . : 8.0
      SHA-256  . . . . . : F80D39842D5554AD96FB48FFDDA69FE63EFF201CAC118887035A4A1FEBAD2A27
      Product  . . . . . : StarApp
      Publisher  . . . . : StarApp
      Description  . . . : Installer for StarApp
      Version  . . . . . : 2013.8.13.1622
      Copyright  . . . . : Copyright © 2012 StarApp
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
    > Kaspersky  . . . . : not-a-virus:AdWare.Win32.Agent.aeph
      Fuzzy  . . . . . . : 101.0


ESET:

Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=5183cd2702e11240968f6cb49b2faa15
# engine=17766
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-04-05 01:58:39
# local_time=2014-04-05 03:58:39 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.2.9200 NT
# compatibility_mode=774 16777213 85 76 164051 164128 0 0
# compatibility_mode=5893 16776574 100 94 163871 14052248 0 0
# scanned=210081
# found=1
# cleaned=0
# scan_time=5821
sh=15F55E5D0A3D2D3D7111CF8EB125F11D1E2141F4 ft=1 fh=c71c001110b3f691 vn="a variant of Win32/Injected.F trojan" ac=I fn="C:\Users\Ralf\Desktop\Logos Seite\COMPUTER_BILD-Download-Manager_fuer_RouterReconnect_1.3.exe"

SecurityCheck:

Code:
Results of screen317's Security Check version 0.99.80 
  x64 (UAC is enabled) 
 Internet Explorer 10 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Defender 
avast! Antivirus 
 Antivirus up to date! 
`````````Anti-malware/Other Utilities Check:`````````
 Adobe Flash Player        12.0.0.70 
 Adobe Reader XI 
 Mozilla Firefox (27.0.1)
````````Process Check: objlist.exe by Laurent```````` 
 Symantec Norton Online Backup NOBuAgent.exe 
 AVAST Software Avast AvastSvc.exe 
 AVAST Software Avast AvastUI.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````

M-K-D-B 05.04.2014 15:30
Servus,




Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument


Code:
start
C:\Users\Ralf\Desktop\Logos Seite\COMPUTER_BILD-Download-Manager_fuer_RouterReconnect_1.3.exe
end

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.





Wenn du keine Probleme mehr hast, dann sind wir hier fertig. Deine Logdateien sind sauber. :daumenhoc
Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern.





Schritt 1
Prüfe bitte auch (regelmässig) ob folgende Links fehlende Updates bei deinen Plugins zeigen:




Schritt 2
Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.







Schritt 3
Abschließend habe ich noch ein paar Tipps zur Absicherung deines Systems.


Ich kann gar nicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti-Viren-Programm und zusätzlicher Schutz
  • Gehe sicher, dass du immer nur eine Anti-Viren Software installiert hast und dass diese auch up to date ist!
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion bietet zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • AdwCleaner
    Dieses Tool erkennt eine Vielzahl von Werbeprogrammen (Adware) und unerwümschten Programmen (PUPs).
    Starte das Tool einmal die Woche und lass es laufen. Sollte eine neue Version verfügbar sein, so wird dies angezeigt und du kannst dir die neueste Version direkt auf den Desktop downloaden.
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • WOT (Web of trust)
    Dieses AddOn warnt dich, bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser
Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Mozilla Firefox
  • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
  • NoScript
    Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt, wenn Du es bestätigst.
  • AdblockPlus
    Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
    Es spart außerdem Downloadkapazität.


Performance
  • Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
  • Halte dich fern von Registry Cleanern.
    Diese Schaden deinem System mehr als dass sie helfen. Hier ein englischer Link:
    Miekemoes Blogspot ( MVP )


Was du vermeiden solltest:
  • Klicke nicht auf alles, nur weil es dich dazu auffordert und schön bunt ist.
  • Verwende keine P2P oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie z.B. deinFoto.jpg.exe.
  • Lade keine Software von Softonic oder Chip herunter, da diese Installer oft mit Adware oder unerünschter Software versehen sind!



Nun bleibt mir nur noch dir viel Spaß beim sicheren Surfen zu wünschen... ... und vielleicht möchtest du ja das Trojaner-Board unterstützen?

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann.

rsop 05.04.2014 15:53
So die letzten Daten:

Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014
Ran by Ralf at 2014-04-05 16:42:51 Run:2
Running from C:\Users\Ralf\Desktop\NEW LOGS
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
C:\Users\Ralf\Desktop\Logos Seite\COMPUTER_BILD-Download-Manager_fuer_RouterReconnect_1.3.exe
end
*****************

C:\Users\Ralf\Desktop\Logos Seite\COMPUTER_BILD-Download-Manager_fuer_RouterReconnect_1.3.exe => Moved successfully.

==== End of Fixlog ====

Ich möchte mich für deine Hilfe bedanken! Super Board und super kompetente Mods! :dankeschoen:

Wenn nichts verdächtiges mehr da ist, kannst du das Abo entfernen. :dankeschoen:

M-K-D-B 05.04.2014 15:55
Ich bin froh, dass wir helfen konnten :abklatsch:

In diesem Forum kannst du eine kurze Rückmeldung zur Bereinigung abgeben, sofern du das möchtest:
Lob, Kritik und Wünsche
Klicke dazu auf den Button "NEUES THEMA" und poste ein kleines Feedback. Vielen Dank! :)

Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen, schicke mir bitte eine PM.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen.


Alle Zeitangaben in WEZ +1. Es ist jetzt 06:00 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131