Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   [Win7] Sporadische Firefox Redirects zu fake "Java Update" Seiten (https://www.trojaner-board.de/152688-win7-sporadische-firefox-redirects-fake-java-update-seiten.html)

abrasat 18.04.2014 10:22
[Win7] Sporadische Firefox Redirects zu fake "Java Update" Seiten
 
Hallo,
beim Internet surfen bekomme ich manchmal eine Meldung die die Ausführung eines (angeblichen) verlangt.

Hier sind die Logdateien:

Defogger_disable
Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 10:43 on 18/04/2014 (*)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...
SPTD -> Disabled

-=E.O.F=-
FRST.txt

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-04-2014 01
Ran by * (administrator) on *-PC_UP on 18-04-2014 10:45:42
Running from C:\Users\*\Desktop
Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Advanced Micro Devices) C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WlanNetService.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
() C:\Program Files\SAMSUNG\USB Drivers\26_VIA_driver2\amd64\VIAService.exe
( ) C:\Windows\system32\dlbkcoms.exe
() C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\Status Monitor\dlp1Adb.exe
() C:\Program Files (x86)\GKC\GKCDTDNS\GKCDTDNSNT.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Spotify Ltd) C:\Users\*\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Electronic Arts) C:\Program Files (x86)\Electronic Arts\EADM\Core.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\PaperPort\PDFProFiltSrvPP.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
() C:\Users\*\AppData\LocalLow\StumbleUpon\IE\StumbleUponUpdater.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Dyn, Inc.) C:\Program Files (x86)\Dyn Updater\DynUpSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Marek Jasinski - www.FreeCommander.com) C:\Program Files (x86)\FreeCommander\FreeCommander.exe


==================== Registry (Whitelisted) ==================

HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKU\.DEFAULT\...\Winlogon: [Shell] Explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-19\...\Winlogon: [Shell] Explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-20\...\Winlogon: [Shell] Explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-21-2382729799-1600841459-1991903984-1000\...\Run: [Spotify Web Helper] => C:\Users\*\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171000 2014-04-10] (Spotify Ltd)
HKU\S-1-5-21-2382729799-1600841459-1991903984-1000\...\Run: [EA Core] => C:\Program Files (x86)\Electronic Arts\EADM\Core.exe [3325952 2009-03-28] (Electronic Arts)
HKU\S-1-5-21-2382729799-1600841459-1991903984-1000\...\Run: [Google Update] => C:\Users\*\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-12-20] (Google Inc.)
HKU\S-1-5-21-2382729799-1600841459-1991903984-1000\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File Not Found

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xCF4225269505CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = hxxp://isearch.avg.com/search?cid={0D0B6560-69DD-480F-BC5F-4EBA80AC124C}&mid=b4660589199c47d0b657d14a8f59670c-04209e2659e3b8093d900fe95518aed052886016&lang=de&ds=mt011&pr=sa&d=2012-11-05 21:14:50&v=15.2.0.5&pid=avg&sg=0&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=NIS&chn=retail&geo=DE&ver=20&locale=de_DE&gct=kwd&qsrc=2869
BHO: IDM integration (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: No Name - {DBC80044-A445-435b-BC74-9C25C1C588A9} -  No File
BHO-x32: IDM integration (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
BHO-x32: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\PDFViewer\Bin\PlusIEContextMenu.dll (Zeon Corporation)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: StumbleUpon - {DB616CFF-D989-48A8-9C85-E2A8D56AB2CA} - C:\Users\*\AppData\LocalLow\StumbleUpon\IE\StumbleUpon.dll (StumbleUpon Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - d:\Program Files (x86)\Speed Video Splitter\msdxm.ocx (Microsoft Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
Handler: vnd.ms.radio - {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: vnd.ms.radio - {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - d:\Program Files (x86)\Speed Video Splitter\msdxm.ocx (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.101
Tcpip\..\Interfaces\{8E0AA6F2-E3AF-4CE2-B748-FA8232A3B2BC}: [NameServer]192.168.1.101
Tcpip\..\Interfaces\{EF915E66-1EDD-4E49-BC96-00409DE18851}: [NameServer]192.168.1.101

FireFox:
========
FF ProfilePath: C:\Users\*\AppData\Roaming\Mozilla\Firefox\Profiles\i0nhgwf6.default
FF user.js: detected! => C:\Users\*\AppData\Roaming\Mozilla\Firefox\Profiles\i0nhgwf6.default\user.js
FF SearchEngineOrder.1: Mysearchdial
FF SelectedSearchEngine: Mysearchdial
FF NetworkProxy: "backup.ftp", "192.168.1.101"
FF NetworkProxy: "backup.ftp_port", 0
FF NetworkProxy: "backup.socks", "192.168.1.101"
FF NetworkProxy: "backup.socks_port", 0
FF NetworkProxy: "backup.ssl", "192.168.1.101"
FF NetworkProxy: "backup.ssl_port", 0
FF NetworkProxy: "ftp", "192.168.1.101"
FF NetworkProxy: "http", "192.168.1.101"
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "192.168.1.101"
FF NetworkProxy: "ssl", "192.168.1.101"
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\*\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\*\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Users\*\AppData\Roaming\Mozilla\Firefox\Profiles\i0nhgwf6.default\searchplugins\safesearch.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Flash Video Downloader - Full HD Download - C:\Users\*\AppData\Roaming\Mozilla\Firefox\Profiles\i0nhgwf6.default\Extensions\artur.dubovoy@gmail.com [2014-03-14]
FF Extension: StumbleUpon - C:\Users\*\AppData\Roaming\Mozilla\Firefox\Profiles\i0nhgwf6.default\Extensions\toolbar@stumbleupon.com [2013-07-16]
FF Extension: EPUBReader - C:\Users\*\AppData\Roaming\Mozilla\Firefox\Profiles\i0nhgwf6.default\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [2014-04-09]
FF Extension: DownloadHelper - C:\Users\*\AppData\Roaming\Mozilla\Firefox\Profiles\i0nhgwf6.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-03-27]
FF Extension: Facemoods - C:\Users\*\AppData\Roaming\Mozilla\Firefox\Profiles\i0nhgwf6.default\Extensions\ffxtlbr@Facemoods.com.xpi [2011-08-17]
FF Extension: Firebug - C:\Users\*\AppData\Roaming\Mozilla\Firefox\Profiles\i0nhgwf6.default\Extensions\firebug@software.joehewitt.com.xpi [2011-07-30]
FF Extension: YouTube mp3 - C:\Users\*\AppData\Roaming\Mozilla\Firefox\Profiles\i0nhgwf6.default\Extensions\info@youtube-mp3.org.xpi [2012-11-09]
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\*\AppData\Roaming\Mozilla\Firefox\Profiles\i0nhgwf6.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2012-11-20]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\coFFPlgn\ []
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\IPSFF [2013-10-10]
FF HKCU\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\*\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\*\AppData\Roaming\IDM\idmmzcc5 [2014-03-15]
FF HKCU\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\*\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\*\AppData\Roaming\IDM\idmmzcc5 [2014-03-15]

Chrome:
=======
CHR HomePage:
CHR Extension: (Google Docs) - C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-15]
CHR Extension: (Google Drive) - C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-15]
CHR Extension: (YouTube) - C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-20]
CHR Extension: (Google-Suche) - C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-20]
CHR Extension: (IDM Integration) - C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmolcgpienlcieaajfkkdamlngancncm [2014-03-16]
CHR Extension: (Norton Identity Protection) - C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2012-01-01]
CHR Extension: (Google Wallet) - C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24]
CHR Extension: (StumbleUpon) - C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgifblbjgdjhcelbanblbhkhmbnnmhfg [2013-07-16]
CHR Extension: (Google Mail) - C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-20]
CHR HKLM-x32\...\Chrome\Extension: [jmolcgpienlcieaajfkkdamlngancncm] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2013-06-14]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\Exts\Chrome.crx [2014-04-04]
CHR HKLM-x32\...\Chrome\Extension: [pgifblbjgdjhcelbanblbhkhmbnnmhfg] - C:\Users\*\AppData\LocalLow\StumbleUpon\CHROME\StumbleUpon.crx [2011-11-22]

==================== Services (Whitelisted) =================

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [365568 2011-03-09] (Advanced Micro Devices, Inc.)
R2 AMD Reservation Manager; C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [194496 2010-06-17] (Advanced Micro Devices)
R2 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [376832 2010-10-22] (AVM Berlin)
R2 CDMA Device Service; C:\Program Files\SAMSUNG\USB Drivers\26_VIA_driver2\amd64\VIAService.exe [159232 2011-08-02] ()
R2 dlbk_device; C:\Windows\system32\dlbkcoms.exe [567024 2007-06-25] ( )
R2 DLNADB; C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\Status Monitor\dlp1Adb.exe [90432 2011-01-28] ()
R2 Dyn Updater; C:\Program Files (x86)\Dyn Updater\DynUpSvc.exe [95608 2011-11-15] (Dyn, Inc.)
R2 GKCDTDNS; C:\Program Files (x86)\GKC\GKCDTDNS\GKCDTDNSNT.exe [213504 2002-11-19] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
R2 MSSQL$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [57617752 2009-03-30] (Microsoft Corporation)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [87040 2012-03-23] ()
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\PaperPort\PDFProFiltSrvPP.exe [144672 2010-06-15] (Nuance Communications, Inc.)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2009-10-20] (CACE Technologies, Inc.)
S4 SQLAgent$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [427880 2009-03-30] (Microsoft Corporation)
R2 StumbleUponUpdater; C:\Users\*\AppData\LocalLow\StumbleUpon\IE\StumbleUponUpdater.exe [18432 2011-11-22] ()

==================== Drivers (Whitelisted) ====================

S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2010-10-25] (AVM Berlin)
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\BASHDefs\20140409.001\BHDrvx64.sys [1525976 2014-03-19] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1404000.028\ccSetx64.sys [169048 2013-04-16] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-11-21] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-11-21] (Symantec Corporation)
S3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [460800 2009-03-20] (AVM GmbH)
S3 fwlanusb4; C:\Windows\System32\DRIVERS\fwlanusb4.sys [1293824 2010-10-04] (AVM GmbH)
R3 fwlanusbn; C:\Windows\System32\DRIVERS\fwlanusbn.sys [714368 2010-10-25] (AVM GmbH)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\IPSDefs\20140417.001\IDSvia64.sys [525016 2014-03-26] (Symantec Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [119512 2014-04-18] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20140417.025\ENG64.SYS [126040 2013-11-30] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20140417.025\EX64.SYS [2099288 2013-11-30] (Symantec Corporation)
S3 NPF; C:\Windows\System32\drivers\npf.sys [47632 2009-10-20] (CACE Technologies, Inc.)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19032 2012-08-20] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12384 2012-08-20] ()
S3 RRNetCap; C:\Windows\System32\DRIVERS\rrnetcap.sys [37480 2012-12-12] (RapidSolution Software AG)
R3 RRNetCapMP; C:\Windows\System32\DRIVERS\rrnetcap.sys [37480 2012-12-12] (RapidSolution Software AG)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [867064 2011-07-20] (Duplex Secure Ltd.)
R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1404000.028\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1404000.028\SRTSPX64.SYS [36952 2013-03-05] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1404000.028\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1404000.028\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-06-19] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1404000.028\Ironx64.SYS [224416 2013-03-05] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1404000.028\SYMNETS.SYS [433752 2013-04-25] (Symantec Corporation)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation)
S3 AODDriver4.0; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-18 10:45 - 2014-04-18 10:45 - 00022759 _____ () C:\Users\*\Desktop\FRST.txt
2014-04-18 10:45 - 2014-04-18 10:45 - 00000000 ____D () C:\FRST
2014-04-18 10:43 - 2014-04-18 10:43 - 00000504 _____ () C:\Users\*\Desktop\defogger_disable.log
2014-04-18 10:43 - 2014-04-18 10:43 - 00000020 _____ () C:\Users\*\defogger_reenable
2014-04-18 10:04 - 2014-04-18 10:04 - 00380416 _____ () C:\Users\*\Desktop\wu42zs2f.exe
2014-04-18 10:03 - 2014-04-18 10:03 - 02158592 _____ (Farbar) C:\Users\*\Desktop\FRST64.exe
2014-04-18 10:03 - 2014-04-18 10:03 - 00050477 _____ () C:\Users\*\Desktop\Defogger.exe
2014-04-18 10:00 - 2014-04-18 10:00 - 01016261 _____ (Thisisu) C:\Users\*\Desktop\JRT.exe
2014-04-18 09:42 - 2014-04-18 09:42 - 01426178 _____ () C:\Users\*\Desktop\adwcleaner.exe
2014-04-18 09:37 - 2014-04-18 10:08 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-18 09:36 - 2014-04-18 09:36 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-18 09:36 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-18 09:36 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-13 15:03 - 2014-04-13 15:03 - 00000000 ____D () C:\ProgramData\Oracle
2014-04-13 14:45 - 2014-04-13 14:45 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-04-13 14:45 - 2014-04-13 14:45 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-04-13 14:45 - 2014-04-13 14:45 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-04-13 14:45 - 2014-04-13 14:45 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-04-13 03:01 - 2014-03-06 12:21 - 23549440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-13 03:01 - 2014-03-06 11:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-13 03:01 - 2014-03-06 11:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-04-13 03:01 - 2014-03-06 10:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-13 03:01 - 2014-03-06 10:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-13 03:01 - 2014-03-06 10:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-04-13 03:01 - 2014-03-06 10:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-13 03:01 - 2014-03-06 10:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-13 03:01 - 2014-03-06 10:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-13 03:01 - 2014-03-06 10:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-13 03:01 - 2014-03-06 10:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-13 03:01 - 2014-03-06 10:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-13 03:01 - 2014-03-06 10:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-04-13 03:01 - 2014-03-06 10:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-04-13 03:01 - 2014-03-06 10:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-13 03:01 - 2014-03-06 10:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-04-13 03:01 - 2014-03-06 10:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-13 03:01 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-04-13 03:01 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-04-13 03:01 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-04-13 03:01 - 2014-03-06 09:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-04-13 03:01 - 2014-03-06 09:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-13 03:01 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-13 03:01 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-13 03:01 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-04-13 03:01 - 2014-03-06 09:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-04-13 03:01 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-04-13 03:01 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-04-13 03:01 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-04-13 03:01 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-04-13 03:01 - 2014-03-06 09:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-13 03:01 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-04-13 03:01 - 2014-03-06 09:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-13 03:01 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-04-13 03:01 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-04-13 03:01 - 2014-03-06 08:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-13 03:01 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-13 03:01 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-04-13 03:01 - 2014-03-06 08:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-13 03:01 - 2014-03-06 07:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-13 03:01 - 2014-03-06 07:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-04-13 03:01 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-04-13 03:01 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-13 03:01 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-13 03:00 - 2014-03-06 11:19 - 17387008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-13 03:00 - 2014-03-06 10:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-13 03:00 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-13 03:00 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-12 15:24 - 2014-04-12 15:24 - 00000000 ____D () C:\Users\*\AppData\Local\calibre-cache
2014-04-12 15:14 - 2014-04-12 15:30 - 00000930 _____ () C:\Users\Public\Desktop\calibre 64bit - E-book management.lnk
2014-04-12 15:14 - 2014-04-12 15:30 - 00000000 ____D () C:\Program Files\Calibre2
2014-04-12 15:14 - 2014-04-12 15:24 - 00000000 ____D () C:\Users\*\AppData\Roaming\calibre
2014-04-12 15:14 - 2014-04-12 15:14 - 00000000 ____D () C:\Users\*\Documents\Calibre-Bibliothek
2014-04-12 09:31 - 2014-04-12 09:31 - 00262144 ____N () C:\Windows\Minidump\041214-68390-01.dmp
2014-04-09 19:56 - 2014-04-09 19:56 - 00000000 ____D () C:\Users\*\Documents\My Kindle Content
2014-04-09 19:55 - 2014-04-09 19:55 - 00002234 _____ () C:\Users\*\Desktop\Kindle.lnk
2014-04-09 19:55 - 2014-04-09 19:55 - 00000000 ____D () C:\Users\*\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
2014-04-09 19:55 - 2014-04-09 19:55 - 00000000 ____D () C:\Users\*\AppData\Local\Amazon
2014-04-09 19:36 - 2014-04-09 19:36 - 00001097 _____ () C:\Users\Public\Desktop\Mobi File Reader.lnk
2014-04-09 19:36 - 2014-04-09 19:36 - 00000000 ____D () C:\Program Files (x86)\Mobi File Reader
2014-04-09 01:16 - 2014-04-09 01:21 - 00000000 ____D () C:\Users\*\.cr3
2014-04-08 22:26 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-08 22:26 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-08 22:26 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-08 22:26 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-08 22:26 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-08 22:26 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-08 22:26 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-08 22:26 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-08 22:26 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-08 22:26 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-08 22:26 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-08 22:26 - 2014-02-04 04:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-08 22:26 - 2014-02-04 04:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-08 22:26 - 2014-02-04 04:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-08 22:26 - 2014-02-04 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-08 22:26 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-04-08 22:26 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-08 20:51 - 2014-04-08 20:51 - 00000000 ____D () C:\Users\*\AppData\Local\SearchProtect
2014-04-08 20:50 - 2014-04-08 20:50 - 00001104 _____ () C:\Users\Public\Desktop\Google Books Downloader.lnk
2014-04-08 20:50 - 2014-04-08 20:50 - 00000000 ____D () C:\Program Files (x86)\Google Books Downloader
2014-04-07 20:57 - 2014-04-07 21:00 - 106381584 _____ (Microsoft Corporation) C:\Users\*\Downloads\msert.exe
2014-03-30 15:19 - 2014-03-30 15:19 - 00001203 _____ () C:\Users\*\Desktop\Any Video Converter.lnk
2014-03-30 15:19 - 2014-03-30 15:19 - 00000000 ____D () C:\Users\*\Documents\Any Video Converter
2014-03-30 15:19 - 2014-03-30 15:19 - 00000000 ____D () C:\Users\*\AppData\Roaming\AnvSoft
2014-03-30 15:19 - 2014-03-30 15:19 - 00000000 ____D () C:\Program Files (x86)\AnvSoft
2014-03-30 14:06 - 2014-03-30 14:06 - 00000000 ____D () C:\Users\*\Documents\topsevenreviews
2014-03-30 14:05 - 2014-03-30 14:05 - 00000000 ____D () C:\Users\*\AppData\Local\4Videosoft Studio
2014-03-30 14:05 - 2014-03-30 14:05 - 00000000 ____D () C:\ProgramData\topsevenreviews
2014-03-30 14:05 - 2014-03-30 14:05 - 00000000 ____D () C:\Program Files (x86)\topsevenreviews
2014-03-23 20:49 - 2014-03-23 20:49 - 00002422 _____ () C:\Users\Public\Desktop\Aiseesoft AVCHD Video Converter.lnk
2014-03-23 20:49 - 2014-03-23 20:49 - 00000000 ____D () C:\ProgramData\Aiseesoft Studio
2014-03-23 20:49 - 2014-03-23 20:49 - 00000000 ____D () C:\Program Files (x86)\Aiseesoft Studio

==================== One Month Modified Files and Folders =======

2014-04-18 10:45 - 2014-04-18 10:45 - 00022759 _____ () C:\Users\*\Desktop\FRST.txt
2014-04-18 10:45 - 2014-04-18 10:45 - 00000000 ____D () C:\FRST
2014-04-18 10:43 - 2014-04-18 10:43 - 00000504 _____ () C:\Users\*\Desktop\defogger_disable.log
2014-04-18 10:43 - 2014-04-18 10:43 - 00000020 _____ () C:\Users\*\defogger_reenable
2014-04-18 10:43 - 2011-04-09 14:57 - 00000000 ____D () C:\Users\*
2014-04-18 10:39 - 2011-12-20 01:06 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2382729799-1600841459-1991903984-1000UA.job
2014-04-18 10:33 - 2011-04-09 14:35 - 01871705 _____ () C:\Windows\WindowsUpdate.log
2014-04-18 10:24 - 2012-08-20 15:10 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-18 10:15 - 2009-07-14 06:45 - 00014224 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-18 10:15 - 2009-07-14 06:45 - 00014224 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-18 10:08 - 2014-04-18 09:37 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-18 10:08 - 2011-09-03 17:53 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-18 10:07 - 2013-06-09 10:56 - 00000350 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job
2014-04-18 10:07 - 2013-06-04 20:00 - 00000350 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2014-04-18 10:07 - 2012-10-27 10:04 - 00041506 _____ () C:\Windows\setupact.log
2014-04-18 10:07 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-18 10:06 - 2012-10-27 10:04 - 00392376 _____ () C:\Windows\PFRO.log
2014-04-18 10:04 - 2014-04-18 10:04 - 00380416 _____ () C:\Users\*\Desktop\wu42zs2f.exe
2014-04-18 10:03 - 2014-04-18 10:03 - 02158592 _____ (Farbar) C:\Users\*\Desktop\FRST64.exe
2014-04-18 10:03 - 2014-04-18 10:03 - 00050477 _____ () C:\Users\*\Desktop\Defogger.exe
2014-04-18 10:00 - 2014-04-18 10:00 - 01016261 _____ (Thisisu) C:\Users\*\Desktop\JRT.exe
2014-04-18 10:00 - 2011-09-03 17:53 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-18 09:42 - 2014-04-18 09:42 - 01426178 _____ () C:\Users\*\Desktop\adwcleaner.exe
2014-04-18 09:36 - 2014-04-18 09:36 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-18 09:36 - 2012-10-16 00:05 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-18 09:36 - 2012-10-16 00:05 - 00000000 ____D () C:\Users\*\AppData\Roaming\Malwarebytes
2014-04-18 09:36 - 2012-10-16 00:05 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-17 01:18 - 2011-05-02 15:52 - 00000000 ____D () C:\Users\*\AppData\Roaming\FileZilla
2014-04-16 18:21 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-04-15 23:20 - 2011-08-07 13:55 - 00000000 ____D () C:\Users\*\AppData\Roaming\Skype
2014-04-13 15:03 - 2014-04-13 15:03 - 00000000 ____D () C:\ProgramData\Oracle
2014-04-13 14:45 - 2014-04-13 14:45 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-04-13 14:45 - 2014-04-13 14:45 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-04-13 14:45 - 2014-04-13 14:45 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-04-13 14:45 - 2014-04-13 14:45 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-04-13 14:45 - 2011-04-10 16:36 - 00000000 ____D () C:\Program Files (x86)\Java
2014-04-13 11:39 - 2011-12-20 01:06 - 00001068 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2382729799-1600841459-1991903984-1000Core.job
2014-04-13 04:47 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-04-13 03:19 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-04-12 15:30 - 2014-04-12 15:14 - 00000930 _____ () C:\Users\Public\Desktop\calibre 64bit - E-book management.lnk
2014-04-12 15:30 - 2014-04-12 15:14 - 00000000 ____D () C:\Program Files\Calibre2
2014-04-12 15:24 - 2014-04-12 15:24 - 00000000 ____D () C:\Users\*\AppData\Local\calibre-cache
2014-04-12 15:24 - 2014-04-12 15:14 - 00000000 ____D () C:\Users\*\AppData\Roaming\calibre
2014-04-12 15:14 - 2014-04-12 15:14 - 00000000 ____D () C:\Users\*\Documents\Calibre-Bibliothek
2014-04-12 15:08 - 2009-07-14 19:58 - 00768508 _____ () C:\Windows\system32\perfh007.dat
2014-04-12 15:08 - 2009-07-14 19:58 - 00175238 _____ () C:\Windows\system32\perfc007.dat
2014-04-12 15:08 - 2009-07-14 07:13 - 01813582 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-12 09:31 - 2014-04-12 09:31 - 00262144 ____N () C:\Windows\Minidump\041214-68390-01.dmp
2014-04-12 09:31 - 2011-05-07 00:18 - 00000000 ____D () C:\Windows\Minidump
2014-04-11 10:27 - 2012-08-18 07:30 - 00000000 ____D () C:\Users\*\AppData\Roaming\Spotify
2014-04-11 09:28 - 2012-01-21 16:54 - 00000000 _____ () C:\sparkraw.log
2014-04-11 09:16 - 2009-07-14 07:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-04-10 14:43 - 2011-09-12 16:03 - 00007384 _____ () C:\Users\*\Desktop\SharePodSettings.xml
2014-04-10 14:38 - 2011-09-12 16:03 - 00000773 _____ () C:\Users\*\Desktop\SharePod.log
2014-04-10 14:00 - 2012-08-18 07:31 - 00000000 ____D () C:\Users\*\AppData\Local\Spotify
2014-04-10 08:43 - 2011-12-20 01:07 - 00002363 _____ () C:\Users\*\Desktop\Google Chrome.lnk
2014-04-09 19:56 - 2014-04-09 19:56 - 00000000 ____D () C:\Users\*\Documents\My Kindle Content
2014-04-09 19:55 - 2014-04-09 19:55 - 00002234 _____ () C:\Users\*\Desktop\Kindle.lnk
2014-04-09 19:55 - 2014-04-09 19:55 - 00000000 ____D () C:\Users\*\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
2014-04-09 19:55 - 2014-04-09 19:55 - 00000000 ____D () C:\Users\*\AppData\Local\Amazon
2014-04-09 19:36 - 2014-04-09 19:36 - 00001097 _____ () C:\Users\Public\Desktop\Mobi File Reader.lnk
2014-04-09 19:36 - 2014-04-09 19:36 - 00000000 ____D () C:\Program Files (x86)\Mobi File Reader
2014-04-09 03:10 - 2011-04-09 18:18 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-09 03:07 - 2013-08-14 23:07 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-09 03:05 - 2011-07-12 16:26 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-09 01:21 - 2014-04-09 01:16 - 00000000 ____D () C:\Users\*\.cr3
2014-04-09 01:20 - 2011-04-16 10:42 - 00000000 ____D () C:\Users\*\AppData\Local\CrashDumps
2014-04-08 20:51 - 2014-04-08 20:51 - 00000000 ____D () C:\Users\*\AppData\Local\SearchProtect
2014-04-08 20:50 - 2014-04-08 20:50 - 00001104 _____ () C:\Users\Public\Desktop\Google Books Downloader.lnk
2014-04-08 20:50 - 2014-04-08 20:50 - 00000000 ____D () C:\Program Files (x86)\Google Books Downloader
2014-04-07 21:00 - 2014-04-07 20:57 - 106381584 _____ (Microsoft Corporation) C:\Users\*\Downloads\msert.exe
2014-04-03 09:51 - 2014-04-18 09:36 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-18 09:36 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2012-10-16 00:05 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-02 21:06 - 2014-01-02 19:30 - 00000000 ____D () C:\Program Files (x86)\JDownloader
2014-03-30 15:19 - 2014-03-30 15:19 - 00001203 _____ () C:\Users\*\Desktop\Any Video Converter.lnk
2014-03-30 15:19 - 2014-03-30 15:19 - 00000000 ____D () C:\Users\*\Documents\Any Video Converter
2014-03-30 15:19 - 2014-03-30 15:19 - 00000000 ____D () C:\Users\*\AppData\Roaming\AnvSoft
2014-03-30 15:19 - 2014-03-30 15:19 - 00000000 ____D () C:\Program Files (x86)\AnvSoft
2014-03-30 14:15 - 2011-04-15 23:31 - 00000000 ____D () C:\Users\*\Desktop\Zvezdan
2014-03-30 14:06 - 2014-03-30 14:06 - 00000000 ____D () C:\Users\*\Documents\topsevenreviews
2014-03-30 14:05 - 2014-03-30 14:05 - 00000000 ____D () C:\Users\*\AppData\Local\4Videosoft Studio
2014-03-30 14:05 - 2014-03-30 14:05 - 00000000 ____D () C:\ProgramData\topsevenreviews
2014-03-30 14:05 - 2014-03-30 14:05 - 00000000 ____D () C:\Program Files (x86)\topsevenreviews
2014-03-30 11:34 - 2011-12-20 01:06 - 00004090 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2382729799-1600841459-1991903984-1000UA
2014-03-30 11:34 - 2011-12-20 01:06 - 00003694 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2382729799-1600841459-1991903984-1000Core
2014-03-30 10:49 - 2013-12-12 09:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-30 10:49 - 2012-04-25 18:36 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-27 23:55 - 2011-09-03 17:53 - 00004104 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-27 23:55 - 2011-09-03 17:53 - 00003852 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-23 20:49 - 2014-03-23 20:49 - 00002422 _____ () C:\Users\Public\Desktop\Aiseesoft AVCHD Video Converter.lnk
2014-03-23 20:49 - 2014-03-23 20:49 - 00000000 ____D () C:\ProgramData\Aiseesoft Studio
2014-03-23 20:49 - 2014-03-23 20:49 - 00000000 ____D () C:\Program Files (x86)\Aiseesoft Studio

Some content of TEMP:
====================
C:\Users\*\AppData\Local\Temp\67375uninstall.exe
C:\Users\*\AppData\Local\Temp\avguidx.dll
C:\Users\*\AppData\Local\Temp\bassmod.dll
C:\Users\*\AppData\Local\Temp\burnsetup.exe
C:\Users\*\AppData\Local\Temp\EAD12A5.exe
C:\Users\*\AppData\Local\Temp\EAD141C.exe
C:\Users\*\AppData\Local\Temp\EAD194A.exe
C:\Users\*\AppData\Local\Temp\EAD1E97.exe
C:\Users\*\AppData\Local\Temp\EAD2E02.exe
C:\Users\*\AppData\Local\Temp\EAD3706.exe
C:\Users\*\AppData\Local\Temp\EAD3CD0.exe
C:\Users\*\AppData\Local\Temp\EAD4A19.exe
C:\Users\*\AppData\Local\Temp\EAD4C0C.exe
C:\Users\*\AppData\Local\Temp\EAD60C2.exe
C:\Users\*\AppData\Local\Temp\EAD6E2.exe
C:\Users\*\AppData\Local\Temp\EAD6EA9.exe
C:\Users\*\AppData\Local\Temp\EAD7647.exe
C:\Users\*\AppData\Local\Temp\EAD76D4.exe
C:\Users\*\AppData\Local\Temp\EAD8065.exe
C:\Users\*\AppData\Local\Temp\EAD865E.exe
C:\Users\*\AppData\Local\Temp\EAD8861.exe
C:\Users\*\AppData\Local\Temp\EAD933.exe
C:\Users\*\AppData\Local\Temp\EADB24D.exe
C:\Users\*\AppData\Local\Temp\EADBD84.exe
C:\Users\*\AppData\Local\Temp\EADBE9D.exe
C:\Users\*\AppData\Local\Temp\EADCA01.exe
C:\Users\*\AppData\Local\Temp\EADD509.exe
C:\Users\*\AppData\Local\Temp\EADD641.exe
C:\Users\*\AppData\Local\Temp\EADE8A9.exe
C:\Users\*\AppData\Local\Temp\EADEF7C.exe
C:\Users\*\AppData\Local\Temp\EADF3A1.exe
C:\Users\*\AppData\Local\Temp\EADF575.exe
C:\Users\*\AppData\Local\Temp\EADF8FE.exe
C:\Users\*\AppData\Local\Temp\MachineIdCreator.exe
C:\Users\*\AppData\Local\Temp\NISDownloader.exe
C:\Users\*\AppData\Local\Temp\oi_{F6BFDDC1-1839-4187-9428-FE8D837F3BD2}.exe
C:\Users\*\AppData\Local\Temp\SkypeSetup.exe
C:\Users\*\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll
C:\Users\*\AppData\Local\Temp\Sqlite3.dll
C:\Users\*\AppData\Local\Temp\UNINSTALL.EXE


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-09 16:28

==================== End Of Log ============================
--- --- ---


FRST addition.txt
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-04-2014 01
Ran by * at 2014-04-18 10:46:05
Running from C:\Users\*\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Norton Internet Security (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

==================== Installed Programs ======================

 Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
A New Beginning (HKLM-x32\...\{4D40F840-30CA-4747-B988-E86C4C5F3B12}) (Version: 0238 - Deep Silver)
Ableton Live 8 (HKLM-x32\...\{4941E15C-3C68-4FB7-B5A4-5061B92E9166}) (Version: 8.0.0.0 - Ableton)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.2.0.2070 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.2.0.2070 - Adobe Systems Incorporated) Hidden
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.0.3 - Adobe Systems Incorporated)
Adobe Download Assistant (x32 Version: 1.0.3 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 9.0.124.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Aiseesoft AVCHD Video Converter 6.3.36 (HKLM-x32\...\{160B528D-725A-45d3-B98B-53ADA7E118AF}_is1) (Version: 6.3.36 - Aiseesoft Studio)
Alcatel Android Manager (HKLM-x32\...\{8F30E386-149E-0200-0000-000000000000}) (Version: 12.09.2563 - Mobile Action)
Amazon Kindle (HKCU\...\Amazon Kindle) (Version:  - Amazon)
AMD APP SDK Runtime (Version: 2.4.595.9 - Advanced Micro Devices Inc.) Hidden
AMD Drag and Drop Transcoding (Version: 2.00.0000 - ATI Technologies Inc.) Hidden
AMD Fuel (Version: 2011.0308.2325.42017 - Ihr Firmenname) Hidden
Android SDK Tools (HKLM-x32\...\Android SDK Tools) (Version: 1.16 - Google Inc.)
Angry Birds Rio (HKLM-x32\...\{A409B55C-DD9B-4157-86D7-FD6F4F0F2C1A}) (Version: 1.4.2 - Rovio)
Angry Birds Seasons (HKLM-x32\...\{9240D97C-D575-465E-A681-21C0979EE5DF}) (Version: 2.2.0 - Rovio)
Any DVD Cloner Platinum 1.1.7 (HKLM-x32\...\Any DVD Cloner Platinum_is1) (Version:  - dvdsmith.com)
Any Video Converter 5.5.8 (HKLM-x32\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS RT-N56U Wireless Router Utilities (HKLM-x32\...\{BB5FCB34-F3DE-4FA1-A92F-F66563D280B0}) (Version: 4.1.8.0 - ASUS)
At the Cutting Edge (HKLM-x32\...\At the Cutting Edge_is1) (Version:  - )
ATI Catalyst Install Manager (HKLM\...\{47B188E2-2447-5C40-15B6-9D49DC90BF5B}) (Version: 3.0.816.0 - ATI Technologies, Inc.)
Audials (HKLM-x32\...\{A142A311-5A9F-4C40-996D-6201FFE932A2}) (Version: 10.1.509.900 - Audials AG)
AVI/MPEG/RM/WMV Splitter 4.28 (HKLM-x32\...\AVI MPEG RM WMV Splitter_is1) (Version:  - boilsoft, Inc.)
AVIcodec (remove only) (HKLM-x32\...\AVIcodec) (Version:  - )
AVM FRITZ!WLAN (HKLM-x32\...\AVMWLANCLI) (Version:  - AVM Berlin)
Beyond Compare Version 3.3.5 (HKLM-x32\...\BeyondCompare3_is1) (Version:  - Scooter Software)
Broken Age (HKLM-x32\...\QnJva2VuQWdl_is1) (Version: 1 - )
Bytescout PPT To Video Scout (HKLM-x32\...\Bytescout PPT To Video Scout_is1) (Version: 1.50 - ByteScout)
calibre 64bit (HKLM\...\{2C5BEB65-2CCC-4A28-99EA-12667FD185BA}) (Version: 1.32.0 - Kovid Goyal)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center (x32 Version: 2011.0308.2325.42017 - Ihr Firmenname) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2011.0308.2325.42017 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2011.0308.2325.42017 - ATI Technologies, Inc.) Hidden
CCC Help English (x32 Version: 2011.0308.2324.42017 - ATI) Hidden
CCcaminfo V.1.2 (HKLM-x32\...\CCcaminfo V.1.2) (Version:  - )
ccc-utility64 (Version: 2011.0308.2325.42017 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.24 - Piriform)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.3.8.2631 - CDBurnerXP)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.4.0.2838 - CDBurnerXP)
CDex - Open Source Digital Audio CD Extractor (HKLM-x32\...\CDex) (Version: 1.70.4.2009 - Georgy Berdyshev)
Crystal Reports for Visual Studio (x32 Version: 12.51.0.240 - SAP) Hidden
CS Studio (HKLM-x32\...\CS Studio) (Version: 4.2.3 - Soft-Dream)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell 1355cn/1355cnw Color MFP (HKLM-x32\...\InstallShield_{B03E4421-002D-46E0-80DE-89E7D0877AC4}) (Version: 1.021.0 - Dell Inc.)
Dell 1355cn/1355cnw Color MFP (x32 Version: 1.021.0 - Dell Inc.) Hidden
Dell Driver Download Manager (HKCU\...\f031ef6ac137efc5) (Version: 2.1.0.0 - Dell Inc.)
Die*Sims™*3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.0.631 - Electronic Arts)
Dotfuscator Software Services - Community Edition - DEU (HKLM-x32\...\{CE9BAD6E-60FC-46CC-82A2-5B0F2B1A0E36}) (Version: 5.0.2300.0 - PreEmptive Solutions)
Dotfuscator Software Services - Community Edition (HKLM-x32\...\{1AA5BD63-6614-44B2-88A7-605191EDB835}) (Version: 5.0.2500.0 - PreEmptive Solutions)
DreamBoxEdit -- The one and only settings editor for your Dreambox (HKLM-x32\...\DreamBoxEdit) (Version:  - )
DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version:  - DVD Shrink)
DVDFab (remove only) (HKLM-x32\...\DVDFab) (Version:  - )
Dyn Updater (HKLM-x32\...\DynUpdater) (Version: 4.1.10 - Dyn, Inc.)
E.M. PowerPoint Video Converter 3.20 (HKLM-x32\...\E.M. PowerPoint Video Converter_is1) (Version:  - EffectMatrix, Inc.)
EA Download Manager (HKLM-x32\...\EADM) (Version: 5.0.0.255 - Electronic Arts, Inc.)
Easy Video Splitter 1.28 (HKLM-x32\...\Easy Video Splitter_is1) (Version:  - DoEasier Tech Inc)
Express Burn (HKLM-x32\...\ExpressBurn) (Version: 4.68 - NCH Software)
FastStone Image Viewer 4.5 (HKLM-x32\...\FastStone Image Viewer) (Version: 4.5 - FastStone Soft)
FileZilla Client 3.7.3 (HKLM-x32\...\FileZilla Client) (Version: 3.7.3 - Tim Kosse)
FormatFactory 2.95 (HKLM-x32\...\FormatFactory) (Version: 2.95 - Free Time)
Free MTS Converter 1.0.8 (HKLM-x32\...\{AE1049D2-8255-4ffd-9857-96609689A253}_is1) (Version: 1.0.8 - topsevenreviews)
Free YouTube to MP3 Converter version 3.10.8.815 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version:  - DVDVideoSoft Ltd.)
FreeCommander 2009.02b (HKLM-x32\...\FreeCommander_is1) (Version: 2009.02 - Marek Jasinski)
Geheimakte 3 (HKLM-x32\...\{765BF404-2FEE-492B-9E7F-A55143796EF1}) (Version: 1.00 - Deep Silver)
GeoGebra 4.2 (HKLM-x32\...\GeoGebra 4.2) (Version: 4.2.60.0 - International GeoGebra Institute)
GIMP 2.8.4 (HKLM\...\GIMP-2_is1) (Version: 2.8.4 - The GIMP Team)
GKC Dynamic DNS Updater v2.0 (HKLM-x32\...\GKC Dynamic DNS Updater v2.0) (Version: 1.0 - GK Consulting Ltd)
Google Books Downloader version 2.3 (HKLM-x32\...\{216729B6-014A-F413-814F-F17F74FBA113}_is1) (Version: 2.3 - GBOOKSDOWNLOADER.COM)
Google Chrome (HKCU\...\Google Chrome) (Version: 34.0.1847.116 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
Gray Matter (HKLM-x32\...\Gray Matter_is1) (Version:  - dtp)
Harry Potter und der Gefangene von Askaban(TM) (HKLM-x32\...\{A4CBCF09-0C7E-40AA-0080-34B8A5CFE7FA}) (Version:  - )
Hotfix für Microsoft Visual Studio 2010 Professional - DEU (KB2565057) (HKLM-x32\...\{CAD6AA29-9CA1-384D-8034-566261CFCC9B}.KB2565057) (Version: 1 - Microsoft Corporation)
HTC BMP USB Driver (HKLM-x32\...\{31A559C1-9E4D-423B-9DD3-34A6C5398752}) (Version: 1.0.5375 - HTC)
HTC Driver Installer (HKLM-x32\...\{6D6664A9-3342-4948-9B7E-034EFE366F0F}) (Version: 3.0.0.021 - HTC Corporation)
HTC Sync (HKLM-x32\...\{AB77DFDE-9949-4AEF-B180-BE322C3E65D0}) (Version: 3.2.20 - HTC Corporation)
inSSIDer 2.0 (HKLM\...\{57019733-78E6-43DE-8E6D-55349F0FDE6F}) (Version: 2.0.7 - MetaGeek)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version:  - Tonec Inc.)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.32 - Irfan Skiljan)
IsoBuster 1.9 (HKLM-x32\...\IsoBuster_is1) (Version: 1.9 - Smart Projects)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java(TM) SE Development Kit 6 Update 20 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0160200}) (Version: 1.6.0.200 - Sun Microsystems, Inc.)
Java(TM) SE Development Kit 6 Update 25 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0160250}) (Version: 1.6.0.250 - Oracle)
JDownloader 0.9 (HKLM-x32\...\1489-3350-5074-6281) (Version: 0.9 - AppWork GmbH)
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
Malwarebytes Anti-Malware Version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
MapInfo Professional 12.0 (HKLM-x32\...\{F330A1C2-F497-409A-9AE8-A7A001024D2B}) (Version: 12.0.2 - Pitney Bowes Software)
Microsoft .NET Compact Framework 2.0 SP1 (HKLM-x32\...\{625386A4-B6B6-4911-A6E8-23189C3F2D15}) (Version: 2.0.6129 - Microsoft Corporation)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Access database engine 2010 (English) (HKLM-x32\...\{90140000-00D1-0409-0000-0000000FF1CE}) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (x32 Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft ASP.NET MVC 2 - DEU (HKLM-x32\...\{E4E9CBC9-1CF5-48E3-AF6F-1AB44A856346}) (Version: 2.0.50331.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools - DEU (HKLM-x32\...\{31C3C6EA-E991-405F-A3AA-2C070CCCC47C}) (Version: 2.0.50331.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools (HKLM-x32\...\{40416836-56CC-4C0E-A6AF-5C34BADCE483}) (Version: 2.0.50217.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 2 (HKLM-x32\...\{1803A630-3C38-4D2B-9B9A-0CB37243539C}) (Version: 2.0.50217.0 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (Version: 1.1.40219 - Microsoft Corporation) Hidden
Microsoft Help Viewer 1.1 Language Pack - DEU (HKLM\...\Microsoft Help Viewer 1.1 Language Pack - DEU) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Help Viewer 1.1 Language Pack - DEU (Version: 1.1.40219 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6425.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Silverlight 3 SDK - Deutsch (HKLM-x32\...\{91F54E1D-804A-46D8-A56C-53EA9C4B3177}) (Version: 3.0.40818.0 - Microsoft Corporation)
Microsoft Silverlight 4 SDK - Deutsch (HKLM-x32\...\{803910CC-3A39-45E3-A594-0D5512A60A86}) (Version: 4.0.50826.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 (64-bit) (HKLM\...\Microsoft SQL Server 10 Release) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2008 (64-bit) (Version:  - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Browser (HKLM-x32\...\{4AF2248C-B3DF-46FB-9596-87F5DB193689}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Common Files (Version: 10.0.1600.22 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Common Files (Version: 10.1.2531.0 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Database Engine Services (Version: 10.1.2531.0 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Database Engine Shared (Version: 10.1.2531.0 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Native Client (HKLM\...\{8325FD0C-2FDB-46C3-921A-3A78385EA972}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{E9089B6A-1FDE-47F3-8D29-175F5B7A0722}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (x64) (HKLM\...\{5ADA62BD-2FC0-4ECE-93AA-C933E69B2AB5}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Transact-SQL-Sprachdienst (HKLM-x32\...\{BB1E119E-CF4B-4183-910E-A8C2B379F2C6}) (Version: 10.50.1752.9 - Microsoft Corporation)
Microsoft SQL Server 2008 R2-Datenebenenanwendungs-Framework (HKLM-x32\...\{919E5477-D20B-4F64-AE8B-8199469F7817}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server 2008 R2-Datenebenenanwendungs-Projekt (HKLM-x32\...\{103A5E44-DD5B-46D5-AD1E-9DF2260CA023}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server 2008 RsFx Driver (Version: 10.1.2531.0 - Microsoft Corporation) Hidden
Microsoft SQL Server Compact 3.5 SP2 DEU (HKLM-x32\...\{0125D081-30D0-4A97-82A8-C28D444B6256}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 DEU (HKLM\...\{C3EAE456-7E7A-451F-80EF-F34C7A13C558}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Database Publishing Wizard 1.4 (HKLM-x32\...\{ACE28263-76A4-4BF5-B6F4-8BD719595969}) (Version: 10.1.2512.8 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{C668416A-9213-4058-B7F2-01A42D85559D}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (x64) (HKLM\...\{0D432429-C79C-462D-ABD8-4D82B83A954B}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{28D06854-572C-4A65-83E5-F8CAF26B9FDC}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft Sync Framework Runtime v1.0 SP1 (x64) de (HKLM\...\{7AC5FFA7-6815-4AED-B16D-8E0D7CC4B221}) (Version: 1.0.3010.0 - Microsoft Corporation)
Microsoft Sync Framework SDK v1.0 SP1 de (HKLM-x32\...\{08DA8E46-ED67-451A-9246-50E0FF6959C9}) (Version: 1.0.3010.0 - Microsoft Corporation)
Microsoft Sync Framework Services v1.0 SP1 (x64) de (HKLM\...\{EF9A1373-9238-4E11-8FF8-7B83996F5BE5}) (Version: 1.0.3010.0 - Microsoft Corporation)
Microsoft Sync Services for ADO.NET v2.0 SP1 (x64) de (HKLM\...\{11EB3D68-A5BE-43EA-8D31-43B08ADB0DA4}) (Version: 2.0.3010.0 - Microsoft Corporation)
Microsoft Team Foundation Server 2010 Object Model - DEU (Version: 10.0.40219 - Microsoft Corporation) Hidden
Microsoft Team Foundation Server 2010-Objektmodell - DEU (HKLM\...\Microsoft Team Foundation Server 2010 Object Model - DEU) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++  Compilers 2010 Standard - enu - x64 (Version: 10.0.40219 - Microsoft Corporation) Hidden
Microsoft Visual C++  Compilers 2010 Standard - enu - x86 (x32 Version: 10.0.40219 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (HKLM-x32\...\{B7E38540-E355-3503-AFD7-635B2F2F76E1}) (Version: 9.0.30729.4974 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Designtime - 10.0.30319 (HKLM\...\{95A2AD24-BD44-3E39-A31F-CE928276577E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Runtime - 10.0.40219 (HKLM\...\{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual F# 2.0 Runtime (HKLM-x32\...\{85467CBC-7A39-33C9-8940-D72D9269B84F}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual F# 2.0 Runtime Language Pack - DEU (HKLM-x32\...\{681F4E9F-34E0-36BD-BF2C-100554E403A5}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (HKLM-x32\...\{616C6F39-4CE1-3434-A665-2F6A04C09A7F}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Office Developer Tools (x64) (Version: 10.0.40219 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Office Developer Tools (x64) Language Pack - DEU (Version: 10.0.40219 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Professional - DEU (HKLM-x32\...\Microsoft Visual Studio 2010 Professional - DEU) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 2010 Professional - DEU (x32 Version: 10.0.40219 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Service Pack 1 (HKLM-x32\...\Microsoft Visual Studio 2010 Service Pack 1) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Service Pack 1 (x32 Version: 10.0.40219 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 SharePoint Developer Tools (x32 Version: 10.0.40219 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU (Version: 10.0.31007 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.31007 - Microsoft Corporation)
Microsoft Visual Studio Macro Tools - DEU Language Pack (HKLM-x32\...\Microsoft Visual Studio Macro Tools - DEU Language Pack) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Macro Tools - DEU Language Pack (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden
Microsoft Visual Studio Macro Tools (HKLM-x32\...\Microsoft Visual Studio Macro Tools) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Macro Tools (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
MiniTool Partition Wizard Home Edition 8.1.1 (HKLM-x32\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version:  - MiniTool Solution Ltd.)
Mobi File Reader (HKLM-x32\...\{FFA8548C-9BC2-427F-9F81-E64F620A30CB}_is1) (Version:  - mobifilereader.com)
Modiac Video Converter (HKLM-x32\...\Modiac Video Converter) (Version: 2.5.0.4100 - Modiac Inc.)
Mozilla Firefox 28.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.2 - F.J. Wechselberger)
NAVIGON Fresh 3.4.1 (HKLM-x32\...\NAVIGON Fresh) (Version: 3.4.1 - NAVIGON)
NEC Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}) (Version: 1.0.19.0 - NEC Electronics Corporation)
NEC Electronics USB 3.0 Host Controller Driver (x32 Version: 1.0.19.0 - NEC Electronics Corporation) Hidden
Nero 7.2.7.0 (HKLM-x32\...\Nero7Lite_is1) (Version:  - Nero AG)
Nero BurnLite 10 (HKLM-x32\...\{842BEE12-CCCB-43F4-ABAF-CBA6DFE2583D}) (Version: 10.0.10600 - Nero AG)
Nero BurnLite 10 (HKLM-x32\...\{AB627AF2-9C7E-4DBD-816B-3B2646B81E89}) (Version: 10.0.10500.5.100 - Nero AG)
Nero Control Center 10 (x32 Version: 10.0.13100.3.1 - Nero AG) Hidden
Nero ControlCenter 10 Help (CHM) (x32 Version: 1.0.10700 - Nero AG) Hidden
Nero Core Components 10 (x32 Version: 2.0.15100.0.1 - Nero AG) Hidden
Nero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.0018 - Nero AG)
Norton Internet Security (HKLM-x32\...\NIS) (Version: 20.4.0.40 - Symantec Corporation)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 5.9.6.2 - )
Nuance PaperPort 12 (HKLM-x32\...\{332AC836-8F44-4943-95D8-EC9BB6590E89}) (Version: 12.1.0000 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM-x32\...\{EC00862A-C16F-4ED0-BC06-34538512E730}) (Version: 5.30.3296 - Nuance Communications, Inc)
Opera 12.16 (HKLM-x32\...\Opera 12.16.1860) (Version: 12.16.1860 - Opera Software ASA)
PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 1.00.0001 - Nuance Communications, Inc.)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.5.1 - Frank Heindörfer, Philip Chinery)
PDF-XChange Viewer (HKLM\...\{9ED333F8-3E6C-4A38-BAFA-728454121CDA}) (Version: 2.5.197.0 - Tracker Software Products Ltd.)
PhotoScape (HKLM-x32\...\PhotoScape) (Version:  - )
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.8 - Google, Inc.)
Pinnacle VideoSpin (HKLM-x32\...\{FEB15887-0932-4D2D-BB85-6AC03FBF1AA8}) (Version: 2.0.0.669 - Pinnacle Systems)
Presentation To Video Converter (HKLM-x32\...\Presentation To Video Converter_is1) (Version:  - GeoVid)
ProtectDisc Driver, Version 11 (HKLM-x32\...\ProtectDisc Driver 11) (Version: 11.0.0.14 - ProtectDisc Software GmbH)
Quick AVI Splitter v2.0 (HKLM-x32\...\Quick AVI Splitter v2.0_is1) (Version: 2.0 - Goldzsoft Inc.)
Realtek Ethernet Controller Driver For Windows Vista and Later (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0009 - Realtek)
Safari (HKLM-x32\...\{A08BAD08-9AA3-410F-98F3-C92C8EE37218}) (Version: 5.34.54.16 - Apple Inc.)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.4.3.9001 - SAMSUNG Electronics Co., Ltd.)
Scansoft PDF Professional (x32 Version:  - ) Hidden
Service Pack 1 für SQL Server 2008 (KB 968369) (64-bit) (HKLM\...\KB968369) (Version: 10.1.2531.0 - Microsoft Corporation)
SIM Manager (HKLM-x32\...\{A5E4575E-1213-42F5-A91E-7953D4B6B716}) (Version: 3.2.0 - Dekart)
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
SlickEdit 10.0.1 (HKLM-x32\...\SlickEdit 10.0.1) (Version:  - )
SMAC 2.0 (HKLM-x32\...\SMAC 2.0) (Version:  - )
SolveigMM Video Splitter (HKLM-x32\...\SolveigMM Video Splitter 3.0.1201.19) (Version: 3.0.1201.19 - Solveig Multimedia)
Sony RAW Driver (HKLM-x32\...\{166FCF01-AC98-4288-A01C-90BEB808C059}) (Version: 2.0.00.08130 - Sony Corporation)
SopCast 3.2.9 (HKLM-x32\...\SopCast) (Version: 3.2.9 - www.sopcast.com)
Speed Video Splitter 4.3.42 (HKLM-x32\...\Speed Video Splitter_is1) (Version:  - Flyers software, Inc.)
Spotify (HKCU\...\Spotify) (Version: 0.9.8.296.g91f68827 - Spotify AB)
Sql Server Customer Experience Improvement Program (Version: 10.1.2531.0 - Microsoft Corporation) Hidden
Streaming Video Recorder V4.5.1 (HKLM-x32\...\{2CD65167-671F-49A3-B6C7-3B919DF028E2}_is1) (Version: 4.5.1 - Apowersoft)
Subtitle Edit v3.1 (HKLM-x32\...\SubtitleEdit_is1) (Version: 3.1 - Nikse)
SubtitleCreator (HKLM-x32\...\SubtitleCreator) (Version: V2.2 - Erik Vullings)
Time Adjuster STANDARD 3.1 (HKCU\...\TimeAdjuster) (Version:  - IrekSoftware.com)
TimeSubSetup (HKLM-x32\...\{D34E5554-E453-4B4C-BAF9-E7E4662DFD21}) (Version: 1.0.0 - Vasco D.C. Softwares)
Total Commander (Remove or Repair) (HKLM-x32\...\Totalcmd) (Version: 7.56a - Ghisler Software GmbH)
Ultra Video Joiner 6.2.0411 (HKLM-x32\...\Ultra Video Joiner_is1) (Version:  - Aone Software)
Ultra Video Splitter 6.2.0411 (HKLM-x32\...\Ultra Video Splitter_is1) (Version:  - Aone Software)
Unterstützungsdateien für Microsoft SQL Server 2008-Setup  (HKLM\...\{6AF73222-EE90-434C-AE7E-B96F70A68D89}) (Version: 10.1.2731.0 - Microsoft Corporation)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{EA54F104-79D2-48CC-9ABC-91A63C43D353}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2878297) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{9B1DEEA3-B4ED-49F0-9EF7-4A820EEEA7F1}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
V-bates 2.0.0.438 (HKLM\...\{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}_is1) (Version: 2.0.0.438 - Wajamu) <==== ATTENTION
Video Download Capture V4.8.0 (HKLM-x32\...\{3C9D008D-3716-4C3F-90CD-38ED57568FAB}_is1) (Version: 4.8.0 - Apowersoft)
VideoPad Video Editor (HKLM-x32\...\VideoPad) (Version:  - NCH Software)
VidSplitter (HKLM-x32\...\VidSplitter_is1) (Version:  - GeoVid)
Visual Studio 2010 Prerequisites - English (HKLM\...\{53952792-BF16-300E-ADF2-E7E4367E00CF}) (Version: 10.0.40219 - Microsoft Corporation)
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU (HKLM-x32\...\{CFCB8616-A5D1-4281-80E8-389F685BFAE2}) (Version: 4.0.8080.0 - Microsoft Corporation)
VLC media player 1.1.11 (HKLM-x32\...\VLC media player) (Version: 1.1.11 - VideoLAN)
WBFS Manager 2.5 (HKLM\...\{9DADBA45-2B06-4F7F-970B-E854ABC8917A}) (Version: 2.5 - WBFS)
WCF RIA Services V1.0 SP1 (HKLM-x32\...\{D9E6001A-5DC3-4620-AF7A-80B6CD48645D}) (Version: 4.1.60114.0 - Microsoft Corporation)
Web Deployment Tool (HKLM\...\{0F37D969-1260-419E-B308-EF7D29ABDE20}) (Version: 1.1.0618 - Microsoft Corporation)
WIDCOMM Bluetooth Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.0.9700 - Broadcom Corporation)
Winamp (HKLM-x32\...\Winamp) (Version: 5.621  - Nullsoft, Inc)
Windows Driver Package - Dekart (DEKART38) SmartCardReader  (08/08/2011 1.1.6.1) (HKLM\...\8D434570B215F4E7650A004193A770DC9BD6DB58) (Version: 08/08/2011 1.1.6.1 - Dekart)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
WinPcap 4.1.1 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.1753 - CACE Technologies)
WinX Video Converter 4.5.18 (HKLM-x32\...\WinX Video Converter_is1) (Version:  - Digiarty Software,Inc.)
WM Recorder 14 (HKLM-x32\...\WM Recorder 14) (Version:  - )
WMV9/VC-1 Video Playback (Version: 1.00.0000 - ATI Technologies Inc.) Hidden
Wondershare MobileGo for Android ( Version 3.0.3 ) (HKLM-x32\...\{1E04C795-7359-4E05-8A0E-5644F777AA08}_is1) (Version: 3.0.3 - Wondershare)
XAMPP 1.7.4 (HKLM-x32\...\xampp) (Version:  - )
Xilisoft PowerPoint to Video Converter Business (HKLM-x32\...\Xilisoft PowerPoint to Video Converter Business) (Version: 1.0.4.0419 - Xilisoft)
Xilisoft Video Converter Ultimate 6 (HKLM-x32\...\Xilisoft Video Converter Ultimate 6) (Version: 6.5.2.0216 - Xilisoft)
Xirrus Wi-Fi Inspector (HKLM-x32\...\{14F84065-1316-42C6-B619-1FE1880050E0}) (Version: 1.2.0000 - Xirrus)
XMedia Recode Version 3.1.6.9 (HKLM-x32\...\{DDA3C325-47B2-4730-9672-BF3771C08799}_is1) (Version: 3.1.6.9 - XMedia Recode)

==================== Restore Points  =========================

13-04-2014 01:00:16 Windows Update
13-04-2014 12:44:36 Installed Java 7 Update 51
13-04-2014 23:29:08 Windows Update
14-04-2014 21:06:37 Windows Update
15-04-2014 21:26:40 Windows Update
16-04-2014 16:22:57 Windows Update
16-04-2014 16:34:05 Windows Update
16-04-2014 23:18:57 Windows Update
17-04-2014 17:15:44 Windows Update
18-04-2014 01:00:13 Windows Update

==================== Hosts content: ==========================

2009-07-14 04:34 - 2014-03-15 10:35 - 00600233 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1  localhost
127.0.0.1 registeraudials.com
127.0.0.1 registeraudials.com
127.0.0.1 audials.com
127.0.0.1 188.40.53.196
127.0.0.1 lists.rs-audials.com
127.0.0.1 securestore.audials.com
127.0.0.1 secure.element5.com
127.0.0.1 shop.audials.com
127.0.0.1 userstats.audials.com
127.0.0.1 applian.securesites.com
127.0.0.1  fr.a2dfp.net
127.0.0.1  m.fr.a2dfp.net
127.0.0.1  ad.a8.net
127.0.0.1  asy.a8ww.net
127.0.0.1  abcstats.com
127.0.0.1  a.abv.bg
127.0.0.1  adserver.abv.bg
127.0.0.1  adv.abv.bg
127.0.0.1  bimg.abv.bg
127.0.0.1  ca.abv.bg
127.0.0.1  www2.a-counter.kiev.ua
127.0.0.1  track.acclaimnetwork.com
127.0.0.1  accuserveadsystem.com
127.0.0.1  www.accuserveadsystem.com
127.0.0.1  achmedia.com
127.0.0.1  aconti.net
127.0.0.1  secure.aconti.net
127.0.0.1  www.aconti.net #[Dialer.Aconti]

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

Task: {063D6E48-D959-4B9D-9C3D-82BB698258E5} - System32\Tasks\{014627F1-1F64-4B73-B9BF-E0BAA9B560CE} => Chrome.exe
Task: {076D4DC0-50ED-468E-A60B-96C646F9768B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-09-03] (Google Inc.)
Task: {0E83B55E-0B54-4175-B33A-D9544317BE9B} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\SymErr.exe [2013-06-04] (Symantec Corporation)
Task: {3699AD73-1CAB-4E23-A26A-479EACA78231} - System32\Tasks\{A420106B-43D7-4579-B0E0-D7A29DE1B95E} => Chrome.exe
Task: {3D58FF30-1F1C-4867-86C5-359F9A15224E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-09-03] (Google Inc.)
Task: {678D5026-B2D3-415C-9C86-99F53F9E703C} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv => C:\Windows\TEMP\{E6D222B5-3884-48EE-9F41-EC697DE33BD7}.exe
Task: {877416DD-09F0-417E-9AE6-9CF724BFB920} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2382729799-1600841459-1991903984-1000UA => C:\Users\*\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-20] (Google Inc.)
Task: {8F764516-AAEB-4F83-B06A-442208AA516D} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\WSCStub.exe [2013-06-04] (Symantec Corporation)
Task: {A35063D7-0C7B-4CDE-B585-02B666B61CBF} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2382729799-1600841459-1991903984-1000Core => C:\Users\*\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-20] (Google Inc.)
Task: {A4DE8035-7F41-441B-8294-8A47886D155C} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{A5CECA0B-5BC3-4C99-A02D-B9954E9F1BE0}.exe
Task: {D066F238-B2A4-4E01-AE42-95ECAD19C03B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-12] (Adobe Systems Incorporated)
Task: {DB308D05-F91A-4D71-8F16-5115E3BB2D8B} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\SymErr.exe [2013-06-04] (Symantec Corporation)
Task: {E112FEE2-527F-4808-A1F2-495086D63E19} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe [2012-04-17] ()
Task: {E6AB5065-EEAE-41F7-9898-6F46F67E68D1} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-10-24] (Piriform Ltd)
Task: {EE89C0FD-0398-4966-9D57-D63FE06B36EC} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job => C:\Windows\TEMP\{E6D222B5-3884-48EE-9F41-EC697DE33BD7}.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{A5CECA0B-5BC3-4C99-A02D-B9954E9F1BE0}.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2382729799-1600841459-1991903984-1000Core.job => C:\Users\*\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2382729799-1600841459-1991903984-1000UA.job => C:\Users\*\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-02-18 12:11 - 2006-02-23 12:35 - 00020480 _____ () C:\Windows\System32\FritzColorPort64.dll
2012-02-18 12:11 - 2006-02-22 11:39 - 00020480 _____ () C:\Windows\System32\FritzPort64.dll
2011-09-19 16:30 - 2007-02-28 08:53 - 00116224 _____ () C:\Windows\system32\spool\PRTPROCS\x64\dlbkpp6c.dll
2012-02-24 19:07 - 2011-08-02 12:47 - 00159232 _____ () C:\Program Files\SAMSUNG\USB Drivers\26_VIA_driver2\amd64\VIAService.exe
2011-01-28 11:32 - 2011-01-28 11:32 - 00090432 _____ () C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\Status Monitor\dlp1Adb.exe
2010-12-14 17:46 - 2010-12-14 17:46 - 00266752 _____ () C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\Status Monitor\dlp1Ausb.dll
2012-04-08 20:17 - 2002-11-19 11:28 - 00213504 _____ () C:\Program Files (x86)\GKC\GKCDTDNS\GKCDTDNSNT.exe
2010-01-02 16:42 - 2010-01-02 16:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2011-07-18 23:04 - 2011-07-18 23:04 - 00301568 _____ () C:\Program Files (x86)\Notepad++\NppShell_04.dll
2012-03-23 14:25 - 2012-03-23 14:25 - 00087040 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2011-11-22 10:59 - 2011-11-22 10:59 - 00018432 _____ () C:\Users\*\AppData\LocalLow\StumbleUpon\IE\StumbleUponUpdater.exe
2011-03-09 01:06 - 2011-03-09 01:06 - 00079872 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Services.dll
2011-03-09 01:06 - 2011-03-09 01:06 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2013-08-07 21:25 - 2013-08-07 21:25 - 00093696 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2013-06-09 03:46 - 2012-05-30 08:51 - 00699280 ____R () C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\20.4.0.40\wincfi39.dll
2013-12-12 09:47 - 2014-03-29 11:45 - 03642480 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:B946D9EE

==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^MobileGo Service.lnk => C:\Windows\pss\MobileGo Service.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AVMWlanClient => C:\Program Files (x86)\avmwlanstick\wlangui.exe
MSCONFIG\startupreg: daueujfffgoclmh => C:\ProgramData\daueujff.exe
MSCONFIG\startupreg: Dell 1355 MFP Launcher => "C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\Launcher\dlq1Alauncher.exe" /Run
MSCONFIG\startupreg: Dell 1355 MFP RUN => "C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\Status Monitor\dlp1ARun.exe"
MSCONFIG\startupreg: Google Update => "C:\Users\*\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: HTC Sync Loader => "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
MSCONFIG\startupreg: IndexSearch => "C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\PaperPort\IndexSearch.exe"
MSCONFIG\startupreg: ISUSPM => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
MSCONFIG\startupreg: NUSB3MON => "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
MSCONFIG\startupreg: PaperPort PTD => "C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\PaperPort\pptd40nt.exe"
MSCONFIG\startupreg: PDF5 Registry Controller => C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\PDFViewer\RegistryController.exe
MSCONFIG\startupreg: PDFHook => C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\PDFViewer\pdfpro5hook.exe
MSCONFIG\startupreg: RUNUPDATER => C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\Updater\dlu1Aupr.exe
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Spotify => "C:\Users\*\AppData\Roaming\Spotify\spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\*\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
MSCONFIG\startupreg: StatusAutoRun => "C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\Status Monitor\dlp1Apl.exe" RUNSTART
MSCONFIG\startupreg: vProt => "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
MSCONFIG\startupreg: WinampAgent => "C:\Program Files (x86)\Winamp\winampa.exe"
MSCONFIG\startupreg: Wondershare Helper Compact => "C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe"

==================== Faulty Device Manager Devices =============

Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/18/2014 03:02:53 AM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Internal MSI error. Installer terminated prematurely.

Error: (04/17/2014 07:19:22 PM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Internal MSI error. Installer terminated prematurely.

Error: (04/17/2014 01:20:46 AM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Internal MSI error. Installer terminated prematurely.

Error: (04/16/2014 06:36:26 PM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Internal MSI error. Installer terminated prematurely.

Error: (04/16/2014 06:25:30 PM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Internal MSI error. Installer terminated prematurely.

Error: (04/15/2014 11:30:17 PM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Internal MSI error. Installer terminated prematurely.

Error: (04/14/2014 11:08:50 PM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Internal MSI error. Installer terminated prematurely.

Error: (04/14/2014 01:31:05 AM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Internal MSI error. Installer terminated prematurely.

Error: (04/13/2014 09:21:57 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: ccSvcHst.exe, Version: 12.3.3.2, Zeitstempel: 0x519ab0d3
Name des fehlerhaften Moduls: ccScanw.dll, Version: 12.3.3.2, Zeitstempel: 0x519abdae
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0010cc20
ID des fehlerhaften Prozesses: 0x1694
Startzeit der fehlerhaften Anwendung: 0xccSvcHst.exe0
Pfad der fehlerhaften Anwendung: ccSvcHst.exe1
Pfad des fehlerhaften Moduls: ccSvcHst.exe2
Berichtskennung: ccSvcHst.exe3

Error: (04/13/2014 08:14:55 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: ccSvcHst.exe, Version: 12.3.3.2, Zeitstempel: 0x519ab0d3
Name des fehlerhaften Moduls: ccScanw.dll, Version: 12.3.3.2, Zeitstempel: 0x519abdae
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0010cc20
ID des fehlerhaften Prozesses: 0x7e8
Startzeit der fehlerhaften Anwendung: 0xccSvcHst.exe0
Pfad der fehlerhaften Anwendung: ccSvcHst.exe1
Pfad des fehlerhaften Moduls: ccSvcHst.exe2
Berichtskennung: ccSvcHst.exe3


System errors:
=============
Error: (04/18/2014 10:08:28 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "AODDriver4.0" wurde aufgrund folgenden Fehlers nicht gestartet:
%%3

Error: (04/18/2014 10:08:28 AM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
sptd

Error: (04/18/2014 10:06:26 AM) (Source: sptd) (User: )
Description: Der Treiber hat einen internen Fehler in seinen Datenstrukturen für  festgestellt.

Error: (04/18/2014 03:03:58 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Update für Microsoft Visual Studio 2010 Service Pack 1 Web Platform Tools (KB2548139)

Error: (04/18/2014 03:03:38 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Update für Microsoft Visual Studio 2010 Service Pack 1 Report Viewer (KB2549864)

Error: (04/18/2014 03:03:33 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Update für Microsoft Visual Studio 2010 Service Pack 1 (KB2890573)

Error: (04/18/2014 03:01:35 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Update für Microsoft Visual Studio 2010 Service Pack 1 TFS Build Explorer (KB2522890)

Error: (04/18/2014 03:01:07 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Update für Microsoft Visual Studio 2010 Service Pack 1 (KB2635973)

Error: (04/18/2014 03:00:50 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Update für Microsoft Visual Studio 2010 Service Pack 1 (KB2529927)

Error: (04/18/2014 03:00:44 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Sicherheitsupdate für Microsoft Visual Studio 2010 Service Pack 1 (KB2645410)


Microsoft Office Sessions:
=========================
Error: (01/26/2013 09:59:56 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 29 seconds with 0 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2012-10-25 18:51:01.540
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2012-10-25 18:51:01.446
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2012-10-16 02:42:24.114
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.1.7600.16385_none_34b0fc0c53728e43\fveapibase.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-10-16 02:42:23.928
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.1.7600.16385_none_34b0fc0c53728e43\fveapibase.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-10-16 02:42:23.738
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.1.7600.16385_none_34b0fc0c53728e43\fveapibase.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-10-16 02:42:19.334
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-s..trics-sensoradapter_31bf3856ad364e35_6.1.7600.16385_none_13881e44d6ccca6b\winbiosensoradapter.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-10-16 02:42:19.152
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-s..trics-sensoradapter_31bf3856ad364e35_6.1.7600.16385_none_13881e44d6ccca6b\winbiosensoradapter.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-10-16 02:42:18.967
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-s..trics-sensoradapter_31bf3856ad364e35_6.1.7600.16385_none_13881e44d6ccca6b\winbiosensoradapter.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-10-16 02:42:17.112
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-s..rics-storageadapter_31bf3856ad364e35_6.1.7600.16385_none_d67ca3c3b6af653e\winbiostorageadapter.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-10-16 02:42:16.925
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-s..rics-storageadapter_31bf3856ad364e35_6.1.7600.16385_none_d67ca3c3b6af653e\winbiostorageadapter.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info ===========================

Percentage of memory in use: 26%
Total physical RAM: 8191.18 MB
Available physical RAM: 6050.12 MB
Total Pagefile: 16380.53 MB
Available Pagefile: 13985.82 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:175.78 GB) (Free:33.83 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:468.75 GB) (Free:10.12 GB) NTFS
Drive e: (Volume) (Fixed) (Total:465.76 GB) (Free:55.9 GB) NTFS
Drive f: () (Fixed) (Total:50.78 GB) (Free:30.26 GB) NTFS
Drive g: () (Fixed) (Total:239.2 GB) (Free:234.92 GB) NTFS
Drive h: () (Fixed) (Total:462.76 GB) (Free:320.13 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 000B3D24)
Partition 1: (Active) - (Size=176 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=51 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=239 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 932 GB) (Disk ID: 0485F90B)
Partition 1: (Not Active) - (Size=469 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=463 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 466 GB) (Disk ID: 8FCC3AEC)
Partition 1: (Not Active) - (Size=466 GB) - (Type=07 NTFS)

==================== End Of Log ============================
Gmer.txt
Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-04-18 11:08:30
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 WDC_WD5001AALS-00L3B2 rev.01.03B01 465,76GB
Running: wu42zs2f.exe; Driver: C:\Users\*\AppData\Local\Temp\pgloaaow.sys


---- User code sections - GMER 2.1 ----

.text    C:\PROGRA~2\GKC\GKCDTDNS\GKCDTDNSNT.exe[1760] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                          0000000075641465 2 bytes [64, 75]
.text    C:\PROGRA~2\GKC\GKCDTDNS\GKCDTDNSNT.exe[1760] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                          00000000756414bb 2 bytes [64, 75]
.text    ...                                                                                                                                                                                            * 2
.text    C:\Program Files (x86)\Electronic Arts\EADM\Core.exe[2444] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                              0000000075641465 2 bytes [64, 75]
.text    C:\Program Files (x86)\Electronic Arts\EADM\Core.exe[2444] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                            00000000756414bb 2 bytes [64, 75]
.text    ...                                                                                                                                                                                            * 2
.text    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2560] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                  0000000075641465 2 bytes [64, 75]
.text    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2560] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                00000000756414bb 2 bytes [64, 75]
.text    ...                                                                                                                                                                                            * 2
.text    C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[2476] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                  0000000075641465 2 bytes [64, 75]
.text    C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[2476] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                00000000756414bb 2 bytes [64, 75]
.text    ...                                                                                                                                                                                            * 2
.text    C:\Users\*\Desktop\wu42zs2f.exe[3468] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                                                                                      000000007791fcb0 5 bytes JMP 000000010032091c
.text    C:\Users\*\Desktop\wu42zs2f.exe[3468] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory                                                                                                    000000007791fe14 5 bytes JMP 0000000100320048
.text    C:\Users\*\Desktop\wu42zs2f.exe[3468] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent                                                                                                            000000007791fea8 5 bytes JMP 00000001003202ee
.text    C:\Users\*\Desktop\wu42zs2f.exe[3468] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                                                                                          0000000077920004 5 bytes JMP 00000001003204b2
.text    C:\Users\*\Desktop\wu42zs2f.exe[3468] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                                                                                  0000000077920038 5 bytes JMP 00000001003209fe
.text    C:\Users\*\Desktop\wu42zs2f.exe[3468] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread                                                                                                          0000000077920068 5 bytes JMP 0000000100320ae0
.text    C:\Users\*\Desktop\wu42zs2f.exe[3468] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                                                                                                      0000000077920084 5 bytes JMP 0000000100020050
.text    C:\Users\*\Desktop\wu42zs2f.exe[3468] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant                                                                                                          000000007792079c 5 bytes JMP 000000010032012a
.text    C:\Users\*\Desktop\wu42zs2f.exe[3468] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                                                                                              000000007792088c 5 bytes JMP 0000000100320758
.text    C:\Users\*\Desktop\wu42zs2f.exe[3468] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                                                                                        00000000779208a4 5 bytes JMP 0000000100320676
.text    C:\Users\*\Desktop\wu42zs2f.exe[3468] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                                                                                            0000000077920df4 5 bytes JMP 00000001003203d0
.text    C:\Users\*\Desktop\wu42zs2f.exe[3468] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                                                                                      0000000077921920 5 bytes JMP 0000000100320594
.text    C:\Users\*\Desktop\wu42zs2f.exe[3468] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                                                                                  0000000077921be4 5 bytes JMP 000000010032083a
.text    C:\Users\*\Desktop\wu42zs2f.exe[3468] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread                                                                                                        0000000077921d70 5 bytes JMP 000000010032020c
.text    C:\Users\*\Desktop\wu42zs2f.exe[3468] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206                                                                                        000000007562524f 7 bytes JMP 0000000100320f52
.text    C:\Users\*\Desktop\wu42zs2f.exe[3468] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380                                                                                            00000000756253d0 7 bytes JMP 0000000100330210
.text    C:\Users\*\Desktop\wu42zs2f.exe[3468] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149                                                                                          0000000075625677 1 byte JMP 0000000100330048
.text    C:\Users\*\Desktop\wu42zs2f.exe[3468] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151                                                                                          0000000075625679 5 bytes {JMP 0xffffffff8ad0a9d1}
.text    C:\Users\*\Desktop\wu42zs2f.exe[3468] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542                                                                                                  000000007562589a 7 bytes JMP 0000000100320ca6
.text    C:\Users\*\Desktop\wu42zs2f.exe[3468] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382                                                                                                  0000000075625a1d 7 bytes JMP 00000001003303d8
.text    C:\Users\*\Desktop\wu42zs2f.exe[3468] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370                                                                                            0000000075625c9b 7 bytes JMP 000000010033012c
.text    C:\Users\*\Desktop\wu42zs2f.exe[3468] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231                                                                                              0000000075625d87 7 bytes JMP 00000001003302f4
.text    C:\Users\*\Desktop\wu42zs2f.exe[3468] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123                                                                              0000000075627240 7 bytes JMP 0000000100320e6e
.text    C:\Users\*\Desktop\wu42zs2f.exe[3468] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882                                                                                            0000000075751492 7 bytes JMP 00000001003304bc
---- Processes - GMER 2.1 ----

Process  C:\Users\*\AppData\LocalLow\StumbleUpon\IE\StumbleUponUpdater.exe (*** suspicious ***) @ C:\Users\*\AppData\LocalLow\StumbleUpon\IE\StumbleUponUpdater.exe [2184](2011-11-22 08:59:30)  0000000001050000

---- Registry - GMER 2.1 ----

Reg      HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0003c9bd8eff                                                                                                                   
Reg      HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0003c9bd8eff@cc051b99eefc                                                                                                        0xCD 0xC5 0x30 0x27 ...
Reg      HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0003c9bd8eff@0026ccf43f13                                                                                                        0x01 0x4C 0xEF 0x8B ...
Reg      HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0003c9bd8eff@a826d94bdf2a                                                                                                        0x68 0x78 0x3E 0x8F ...
Reg      HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0003c9bd8eff@4c0b3a1b5bd7                                                                                                        0x4B 0xE8 0x33 0x0E ...
Reg      HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0003c9bd8eff (not active ControlSet)                                                                                               
Reg      HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0003c9bd8eff@cc051b99eefc                                                                                                            0xCD 0xC5 0x30 0x27 ...
Reg      HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0003c9bd8eff@0026ccf43f13                                                                                                            0x01 0x4C 0xEF 0x8B ...
Reg      HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0003c9bd8eff@a826d94bdf2a                                                                                                            0x68 0x78 0x3E 0x8F ...
Reg      HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0003c9bd8eff@4c0b3a1b5bd7                                                                                                            0x4B 0xE8 0x33 0x0E ...

---- EOF - GMER 2.1 ----

Danke im Voraus für Eure Hilfe.

abrasat 18.04.2014 10:23
Und noch eine MBAM Logdatei:

Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 18.04.2014
Suchlauf-Zeit: 10:01:59
Logdatei: log_18_04_14.txt
Administrator: Ja

Version: 2.00.1.1004
Malware Datenbank: v2014.04.18.03
Rootkit Datenbank: v2014.03.27.01
Lizenz: Premium
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Chameleon: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: *

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 293799
Verstrichene Zeit: 22 Min, 39 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Shuriken: Aktiviert
PUP: Warnen
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 4
PUP.Optional.VBates, HKLM\SOFTWARE\CLASSES\CLSID\{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}, , [df2112ee8779c13fdbf7a275cd356f91],
PUP.Optional.VBates, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{21EAF666-26B3-4A3C-ABD0-CA2F5A326744}, , [df2112ee8779c13fdbf7a275cd356f91],
PUP.Optional.VbatesHelper.A, HKLM\SOFTWARE\V-bates, , [51af38c8bb4524dcd5f18af544be59a7],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\pflphaooapbgpeakohlggbpidpppgdff, , [2ed2fd03d52bed13b8e8592721e15ba5],

Registrierungswerte: 2
PUP.Optional.VBates, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|{21EAF666-26B3-4A3C-ABD0-CA2F5A326744}, C:\Program Files\V-bates\Firefox, , [df2112ee8779c13fdbf7a275cd356f91]
PUP.Optional.VBates, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS\{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}, , [17e954ac9d6360a06d6542d58b779868],

Registrierungsdaten: 1
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://start.mysearchdial.com/?f=1&a=irmsd0101&cd=2XzuyEtN2Y1L1Qzu0B0CtDyDyEtAtD0CzztC0A0FtCtA0BtBtN0D0Tzu0SyBtAtAtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=569416829&ir=, Gut: (hxxp://www.google.com), Schlecht: (hxxp://start.mysearchdial.com/?f=1&a=irmsd0101&cd=2XzuyEtN2Y1L1Qzu0B0CtDyDyEtAtD0CzztC0A0FtCtA0BtBtN0D0Tzu0SyBtAtAtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=569416829&ir=),,[1de3629e77898e72e04c988f8a7a659b]

Ordner: 0
(No malicious items detected)

Dateien: 39
PUP.Optional.Conduit.A, C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Preferences, Gut: (), Schlecht: (      "startup_urls": [ "hxxp://search.conduit.com/?gd=&ctid=CT3315513&octid=EB_ORIGINAL_CTID&ISID=M58DACA1F-A36F-4F42-B361-B3D91F592EEB&SearchSource=55&CUI=&UM=5&UP=SP8C454C9B-835E-4AA4-9145-0315B5AEA3E0&SSPV=" ],), ,[b64aa759b64ad9276c11044fb45017e9]
PUP.Optional.MySearchDial.A, C:\Users\*\AppData\Roaming\Mozilla\Firefox\Profiles\i0nhgwf6.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.aflt", "irmsd0101");), ,[35cb0ff15da34bb5ccf4282a986cde22]
PUP.Optional.MySearchDial.A, C:\Users\*\AppData\Roaming\Mozilla\Firefox\Profiles\i0nhgwf6.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}");), ,[ad53867aa35d649c942cff5319ebea16]
PUP.Optional.MySearchDial.A, C:\Users\*\AppData\Roaming\Mozilla\Firefox\Profiles\i0nhgwf6.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1Qzu0B0CtDyDyEtAtD0CzztC0A0FtCtA0BtBtN0D0Tzu0SyBtAtAtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R");), ,[3ac63dc3b44caa563b85341e59abc63a]
PUP.Optional.MySearchDial.A, C:\Users\*\AppData\Roaming\Mozilla\Firefox\Profiles\i0nhgwf6.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.cr", "569416829");), ,[15ebdb2529d7d42c714f5df5030117e9]
PUP.Optional.MySearchDial.A, C:\Users\*\AppData\Roaming\Mozilla\Firefox\Profiles\i0nhgwf6.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.dfltLng", "");), ,[d12f8a76e818f01007b98bc757adcd33]
PUP.Optional.MySearchDial.A, C:\Users\*\AppData\Roaming\Mozilla\Firefox\Profiles\i0nhgwf6.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.dfltSrch", true);), ,[7b8557a953adcd339b25da784aba857b]
PUP.Optional.MySearchDial.A, C:\Users\*\AppData\Roaming\Mozilla\Firefox\Profiles\i0nhgwf6.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.dnsErr", true);), ,[b94734cc0ff17f81932d3a1806fe8b75]
PUP.Optional.MySearchDial.A, C:\Users\*\AppData\Roaming\Mozilla\Firefox\Profiles\i0nhgwf6.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.excTlbr", false);), ,[9d63dc24f30d7987239d4d05f90bfb05]
PUP.Optional.MySearchDial.A, C:\Users\*\AppData\Roaming\Mozilla\Firefox\Profiles\i0nhgwf6.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.hmpg", true);), ,[bd4345bb3bc5936d3c84e2703ec6966a]
PUP.Optional.MySearchDial.A, C:\Users\*\AppData\Roaming\Mozilla\Firefox\Profiles\i0nhgwf6.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.hmpgUrl", "hxxp://start.mysearchdial.com/?f=1&a=irmsd0101&cd=2XzuyEtN2Y1L1Qzu0B0CtDyDyEtAtD0CzztC0A0FtCtA0BtBtN0D0Tzu0SyBtAtAtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=569416829&ir=");), ,[0df3669a0df304fccff13919e51fdd23]
PUP.Optional.MySearchDial.A, C:\Users\*\AppData\Roaming\Mozilla\Firefox\Profiles\i0nhgwf6.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.id", "BC05430C81AF13B2");), ,[f60aa759f709c23e4e72500233d1758b]
PUP.Optional.MySearchDial.A, C:\Users\*\AppData\Roaming\Mozilla\Firefox\Profiles\i0nhgwf6.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.instlDay", "16072");), ,[2cd4bb458f71df216a5684ced23251af]
PUP.Optional.MySearchDial.A, C:\Users\*\AppData\Roaming\Mozilla\Firefox\Profiles\i0nhgwf6.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.instlRef", "");), ,[3cc46f917f81d22e239daca6df257b85]
PUP.Optional.MySearchDial.A, C:\Users\*\AppData\Roaming\Mozilla\Firefox\Profiles\i0nhgwf6.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.lastB", "hxxp://start.mysearchdial.com/?f=1&a=irmsd0101&cd=2XzuyEtN2Y1L1Qzu0B0CtDyDyEtAtD0CzztC0A0FtCtA0BtBtN0D0Tzu0SyBtAtAtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=569416829&ir=");), ,[7c8430d007f9768a8a362929c143669a]
PUP.Optional.MySearchDial.A, C:\Users\*\AppData\Roaming\Mozilla\Firefox\Profiles\i0nhgwf6.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.lastVrsnTs", "");), ,[08f8e61a46ba40c0d8e8cd8530d46799]
PUP.Optional.MySearchDial.A, C:\Users\*\AppData\Roaming\Mozilla\Firefox\Profiles\i0nhgwf6.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.newTabUrl", "hxxp://start.mysearchdial.com/?f=2&a=irmsd0101&cd=2XzuyEtN2Y1L1Qzu0B0CtDyDyEtAtD0CzztC0A0FtCtA0BtBtN0D0Tzu0SyBtAtAtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=569416829&ir=");), ,[5fa197695ba54ab6239d7fd34bb99868]
PUP.Optional.MySearchDial.A, C:\Users\*\AppData\Roaming\Mozilla\Firefox\Profiles\i0nhgwf6.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.prdct", "mysearchdial");), ,[7b8503fdc33d16eaa61a66ecde2646ba]
PUP.Optional.MySearchDial.A, C:\Users\*\AppData\Roaming\Mozilla\Firefox\Profiles\i0nhgwf6.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.prtnrId", "mysearchdial");), ,[758b29d7d927e41c16aa96bca75d768a]
PUP.Optional.MySearchDial.A, C:\Users\*\AppData\Roaming\Mozilla\Firefox\Profiles\i0nhgwf6.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial");), ,[e21eef11847c1be5932d124004003ac6]
PUP.Optional.MySearchDial.A, C:\Users\*\AppData\Roaming\Mozilla\Firefox\Profiles\i0nhgwf6.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.tlbrId", "base");), ,[1ce437c93fc1c33d3a86044e06fe41bf]
PUP.Optional.MySearchDial.A, C:\Users\*\AppData\Roaming\Mozilla\Firefox\Profiles\i0nhgwf6.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.tlbrSrchUrl", "hxxp://start.mysearchdial.com/?f=3&a=irmsd0101&cd=2XzuyEtN2Y1L1Qzu0B0CtDyDyEtAtD0CzztC0A0FtCtA0BtBtN0D0Tzu0SyBtAtAtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=569416829&ir=&q=");), ,[3cc4758b3cc4ee12566af45ec53f14ec]
PUP.Optional.MySearchDial.A, C:\Users\*\AppData\Roaming\Mozilla\Firefox\Profiles\i0nhgwf6.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.vrsn", "1.8.21.0");), ,[7b85847cb9479868586860f21aeacb35]
PUP.Optional.MySearchDial.A, C:\Users\*\AppData\Roaming\Mozilla\Firefox\Profiles\i0nhgwf6.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.vrsni", "1.8.21.0");), ,[718f04fca15f1ce46a5690c2bf45d62a]
PUP.Optional.MySearchDial.A, C:\Users\*\AppData\Roaming\Mozilla\Firefox\Profiles\i0nhgwf6.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial_i.hmpg", true);), ,[b64a4cb4e0205ea2f3cd88ca9c684cb4]
PUP.Optional.MySearchDial.A, C:\Users\*\AppData\Roaming\Mozilla\Firefox\Profiles\i0nhgwf6.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial_i.newTab", false);), ,[35cb39c72dd340c0d7e94a0837cd0bf5]
PUP.Optional.MySearchDial.A, C:\Users\*\AppData\Roaming\Mozilla\Firefox\Profiles\i0nhgwf6.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial_i.smplGrp", "none");), ,[d22e649c6b959070efd1074b8b79fc04]
PUP.Optional.MySearchDial.A, C:\Users\*\AppData\Roaming\Mozilla\Firefox\Profiles\i0nhgwf6.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial_i.vrsnTs", "1.8.21.018:29:9");), ,[0cf4be42669a7d83b10ff75b0ef6768a]
PUP.Optional.FaceMoods.A, C:\Users\*\AppData\Roaming\Mozilla\Firefox\Profiles\i0nhgwf6.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.facemoods._xpiupdate", true);), ,[8977857bf40c946c15ba0a486f956d93]
PUP.Optional.FaceMoods.A, C:\Users\*\AppData\Roaming\Mozilla\Firefox\Profiles\i0nhgwf6.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.facemoods.aflt", "_#wbst");), ,[619ff50b5ca4857b6768da78e3219070]
PUP.Optional.FaceMoods.A, C:\Users\*\AppData\Roaming\Mozilla\Firefox\Profiles\i0nhgwf6.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.facemoods.fcmdVrsn", "1.2.7.5.4");), ,[9a669e627d834eb24f80e76b4aba38c8]
PUP.Optional.FaceMoods.A, C:\Users\*\AppData\Roaming\Mozilla\Firefox\Profiles\i0nhgwf6.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.facemoods.firstRun", false);), ,[45bb6f91f9079c64e8e7aca6b0544cb4]
PUP.Optional.FaceMoods.A, C:\Users\*\AppData\Roaming\Mozilla\Firefox\Profiles\i0nhgwf6.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.facemoods.first_time", false);), ,[aa5644bcf60ae51bcb044e049b69b947]
PUP.Optional.FaceMoods.A, C:\Users\*\AppData\Roaming\Mozilla\Firefox\Profiles\i0nhgwf6.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.facemoods.id", "_#e368de382e0f48a787a378e2410c6b11");), ,[3ac607f9fd03817f676878dacb393bc5]
PUP.Optional.FaceMoods.A, C:\Users\*\AppData\Roaming\Mozilla\Firefox\Profiles\i0nhgwf6.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.facemoods.instlDay", "_#15633");), ,[639dc8380000ff01af202c26c83c40c0]
PUP.Optional.FaceMoods.A, C:\Users\*\AppData\Roaming\Mozilla\Firefox\Profiles\i0nhgwf6.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.facemoods.prtnrId", "_#facemoods.com");), ,[58a81ae615eb01ff418eaba7996b867a]
PUP.Optional.FaceMoods.A, C:\Users\*\AppData\Roaming\Mozilla\Firefox\Profiles\i0nhgwf6.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.facemoods.sid", "_#e368de382e0f48a787a378e2410c6b11");), ,[26da867a18e8936d11be4f031ee6ea16]
PUP.Optional.FaceMoods.A, C:\Users\*\AppData\Roaming\Mozilla\Firefox\Profiles\i0nhgwf6.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.facemoods.update", "_#v1.4.0");), ,[e31d57a9b44cf30d517ebd95000459a7]
PUP.Optional.FaceMoods.A, C:\Users\*\AppData\Roaming\Mozilla\Firefox\Profiles\i0nhgwf6.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.facemoods.vrsn", "_#1.4.17.5");), ,[6f917f81df2160a0c60993bfe71d9868]

Physische Sektoren: 0
(No malicious items detected)


(end)

schrauber 18.04.2014 14:23
hi,

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

abrasat 18.04.2014 18:29
Hi,
danke für die Hilfe !

ComboFix.Txt

Code:
ComboFix 14-04-17.01 - * 18.04.2014  19:16:14.2.4 - x64
Microsoft Windows 7 Ultimate  6.1.7601.1.1252.49.1031.18.8191.5870 [GMT 2:00]
ausgeführt von:: c:\users\*\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\END
c:\users\*\AppData\Local\Microsoft\Windows\Temporary Internet Files\Drag0313201356.mobilego
d:\favoritevideo\InvisibleFolder
F:\Autorun.inf
.
.
(((((((((((((((((((((((  Dateien erstellt von 2014-03-18 bis 2014-04-18  ))))))))))))))))))))))))))))))
.
.
2014-04-18 08:45 . 2014-04-18 08:46        --------        d-----w-        C:\FRST
2014-04-18 07:37 . 2014-04-18 08:08        119512        ----a-w-        c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-04-18 07:36 . 2014-04-18 07:36        --------        d-----w-        c:\program files (x86)\Malwarebytes Anti-Malware
2014-04-18 07:36 . 2014-04-03 07:51        63192        ----a-w-        c:\windows\system32\drivers\mwac.sys
2014-04-18 07:36 . 2014-04-03 07:51        88280        ----a-w-        c:\windows\system32\drivers\mbamchameleon.sys
2014-04-13 13:03 . 2014-04-13 13:03        --------        d-----w-        c:\programdata\Oracle
2014-04-13 12:46 . 2014-04-13 12:46        --------        d-----w-        c:\program files (x86)\Common Files\Java
2014-04-13 12:45 . 2014-04-13 12:45        96168        ----a-w-        c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-04-13 01:00 . 2014-03-06 08:11        5784064        ----a-w-        c:\windows\system32\jscript9.dll
2014-04-13 01:00 . 2014-03-06 07:46        4254720        ----a-w-        c:\windows\SysWow64\jscript9.dll
2014-04-12 13:24 . 2014-04-12 13:24        --------        d-----w-        c:\users\*\AppData\Local\calibre-cache
2014-04-12 13:14 . 2014-04-12 13:24        --------        d-----w-        c:\users\*\AppData\Roaming\calibre
2014-04-12 13:14 . 2014-04-12 13:30        --------        d-----w-        c:\program files\Calibre2
2014-04-09 17:55 . 2014-04-09 17:55        --------        d-----w-        c:\users\*\AppData\Local\Amazon
2014-04-09 17:36 . 2014-04-09 17:36        --------        d-----w-        c:\program files (x86)\Mobi File Reader
2014-04-08 23:16 . 2014-04-18 17:08        --------        d-----w-        c:\users\*\.cr3
2014-04-08 18:51 . 2014-04-08 18:51        --------        d-----w-        c:\users\*\AppData\Local\SearchProtect
2014-04-08 18:50 . 2014-04-08 18:50        --------        d-----w-        c:\program files (x86)\Google Books Downloader
2014-03-30 13:19 . 2014-03-30 13:19        --------        d-----w-        c:\users\*\AppData\Roaming\AnvSoft
2014-03-30 13:19 . 2014-03-30 13:19        --------        d-----w-        c:\program files (x86)\AnvSoft
2014-03-30 12:05 . 2014-03-30 12:05        --------        d-----w-        c:\users\*\AppData\Local\4Videosoft Studio
2014-03-30 12:05 . 2014-03-30 12:05        --------        d-----w-        c:\programdata\topsevenreviews
2014-03-30 12:05 . 2014-03-30 12:05        --------        d-----w-        c:\program files (x86)\topsevenreviews
2014-03-23 18:49 . 2014-03-23 18:49        --------        d-----w-        c:\programdata\Aiseesoft Studio
2014-03-23 18:49 . 2014-03-23 18:49        --------        d-----w-        c:\program files (x86)\Aiseesoft Studio
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-04-09 01:05 . 2011-07-12 14:26        90655440        ----a-w-        c:\windows\system32\MRT.exe
2014-04-03 07:50 . 2012-10-15 22:05        25816        ----a-w-        c:\windows\system32\drivers\mbam.sys
2014-03-12 18:24 . 2012-05-13 20:12        692616        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2014-03-12 18:24 . 2012-01-06 09:33        71048        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-04 09:17 . 2014-04-08 20:26        44032        ----a-w-        c:\windows\apppatch\acwow64.dll
2014-02-07 01:23 . 2014-03-14 16:25        3156480        ----a-w-        c:\windows\system32\win32k.sys
2014-02-04 02:32 . 2014-03-14 16:24        1424384        ----a-w-        c:\windows\system32\WindowsCodecs.dll
2014-02-04 02:32 . 2014-03-14 16:24        624128        ----a-w-        c:\windows\system32\qedit.dll
2014-02-04 02:04 . 2014-03-14 16:24        1230336        ----a-w-        c:\windows\SysWow64\WindowsCodecs.dll
2014-02-04 02:04 . 2014-03-14 16:24        509440        ----a-w-        c:\windows\SysWow64\qedit.dll
2014-01-29 02:32 . 2014-03-14 16:25        484864        ----a-w-        c:\windows\system32\wer.dll
2014-01-29 02:06 . 2014-03-14 16:25        381440        ----a-w-        c:\windows\SysWow64\wer.dll
2014-01-28 02:32 . 2014-03-14 16:25        228864        ----a-w-        c:\windows\system32\wwansvc.dll
2014-01-26 02:57 . 2014-01-26 02:57        389120        ----a-w-        c:\windows\SysWow64\RegistryHelperLM.ocx
2014-01-22 07:52 . 2014-01-22 07:52        206080        ----a-w-        c:\windows\system32\drivers\ssudmdm.sys
2014-01-22 07:52 . 2014-01-22 07:52        108800        ----a-w-        c:\windows\system32\drivers\ssudbus.sys
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{DB616CFF-D989-48A8-9C85-E2A8D56AB2CA}]
2011-11-22 08:59        269824        ----a-w-        c:\users\*\AppData\LocalLow\StumbleUpon\IE\StumbleUpon.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"="c:\users\*\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2014-04-10 1171000]
"EA Core"="c:\program files (x86)\Electronic Arts\EADM\Core.exe" [2009-03-28 3325952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 GKCDTDNS;GKC Dynamic DNS Updater;c:\progra~2\GKC\GKCDTDNS\GKCDTDNSNT.exe;c:\progra~2\GKC\GKCDTDNS\GKCDTDNSNT.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 StumbleUponUpdater;StumbleUpon Updater;c:\users\*\AppData\LocalLow\StumbleUpon\IE\StumbleUponUpdater.exe;c:\users\*\AppData\LocalLow\StumbleUpon\IE\StumbleUponUpdater.exe [x]
R3 AODDriver4.0;AODDriver4.0;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
R3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys;c:\windows\SYSNATIVE\drivers\avmeject.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\DRIVERS\fwlanusb.sys;c:\windows\SYSNATIVE\DRIVERS\fwlanusb.sys [x]
R3 fwlanusb4;FRITZ!WLAN N/G;c:\windows\system32\DRIVERS\fwlanusb4.sys;c:\windows\SYSNATIVE\DRIVERS\fwlanusb4.sys [x]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys;c:\windows\SYSNATIVE\Drivers\ANDROIDUSB.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys;c:\windows\SYSNATIVE\DRIVERS\htcnprot.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys;c:\windows\SYSNATIVE\drivers\npf.sys [x]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys;c:\windows\SYSNATIVE\pwdrvio.sys [x]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys;c:\windows\SYSNATIVE\pwdspio.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RRNetCap;RRNetCap Service;c:\windows\system32\DRIVERS\rrnetcap.sys;c:\windows\SYSNATIVE\DRIVERS\rrnetcap.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 MSSQLServerADHelper100;SQL Server Hilfsdienst für Active Directory;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys;c:\windows\SYSNATIVE\DRIVERS\RsFx0103.sys [x]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server-Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE;c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1404000.028\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1404000.028\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1404000.028\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1404000.028\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\BASHDefs\20140409.001\BHDrvx64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\BASHDefs\20140409.001\BHDrvx64.sys [x]
S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1404000.028\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NISx64\1404000.028\ccSetx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\IPSDefs\20140417.001\IDSvia64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\IPSDefs\20140417.001\IDSvia64.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1404000.028\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1404000.028\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1404000.028\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\NISx64\1404000.028\SYMNETS.SYS [x]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys;c:\windows\SYSNATIVE\drivers\acedrv11.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [x]
S2 CDMA Device Service;CDMA Device Service;c:\program files\SAMSUNG\USB Drivers\26_VIA_driver2\amd64\VIAService.exe;c:\program files\SAMSUNG\USB Drivers\26_VIA_driver2\amd64\VIAService.exe [x]
S2 dlbk_device;dlbk_device;c:\windows\system32\dlbkcoms.exe;c:\windows\SYSNATIVE\dlbkcoms.exe [x]
S2 DLNADB;Dell 1355cn Status Database;c:\program files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\Status Monitor\dlp1Adb.exe;c:\program files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\Status Monitor\dlp1Adb.exe [x]
S2 Dyn Updater;Dyn Updater;c:\program files (x86)\Dyn Updater\DynUpSvc.exe;c:\program files (x86)\Dyn Updater\DynUpSvc.exe [x]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys;c:\windows\SYSNATIVE\DRIVERS\idmwfp.sys [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe;c:\program files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe [x]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [x]
S2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\PaperPort\PDFProFiltSrvPP.exe;c:\program files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\PaperPort\PDFProFiltSrvPP.exe [x]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 fwlanusbn;FRITZ!WLAN N;c:\windows\system32\DRIVERS\fwlanusbn.sys;c:\windows\SYSNATIVE\DRIVERS\fwlanusbn.sys [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
S3 LVUVC64;Logitech HD Webcam C270(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 RRNetCapMP;RRNetCapMP;c:\windows\system32\DRIVERS\rrnetcap.sys;c:\windows\SYSNATIVE\DRIVERS\rrnetcap.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - PGLOAAOW
*Deregistered* - pgloaaow
.
Inhalt des "geplante Tasks" Ordners
.
2014-04-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-13 18:24]
.
2014-04-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-03 15:53]
.
2014-04-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-03 15:53]
.
2014-04-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2382729799-1600841459-1991903984-1000Core.job
- c:\users\*\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-19 23:06]
.
2014-04-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2382729799-1600841459-1991903984-1000UA.job
- c:\users\*\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-19 23:06]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-11-15 23:07        23496        ----a-w-        c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearchAssistant = hxxp://www.google.com
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Download All by ASUS Download - c:\program files (x86)\ASUS\RT-N56U Wireless Router Utilities\ASDownloadAll.htm
IE: Download aller Links mit IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download mit IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
IE: Download using ASUS Download - c:\program files (x86)\ASUS\RT-N56U Wireless Router Utilities\ASDownload.htm
IE: Free YouTube to MP3 Converter - c:\users\*\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Mit PDF Viewer Plus öffnen - c:\program files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\PDFViewer\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.101
TCP: Interfaces\{8E0AA6F2-E3AF-4CE2-B748-FA8232A3B2BC}: NameServer = 192.168.1.101
TCP: Interfaces\{EF915E66-1EDD-4E49-BC96-00409DE18851}: NameServer = 192.168.1.101
FF - ProfilePath - c:\users\*\AppData\Roaming\Mozilla\Firefox\Profiles\i0nhgwf6.default\
FF - prefs.js: browser.search.selectedEngine - Mysearchdial
FF - prefs.js: network.proxy.ftp - 192.168.1.101
FF - prefs.js: network.proxy.http - 192.168.1.101
FF - prefs.js: network.proxy.socks - 192.168.1.101
FF - prefs.js: network.proxy.ssl - 192.168.1.101
FF - prefs.js: network.proxy.type - 4
FF - user.js: extensions.autoDisableScopes - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-IDMan - c:\program files (x86)\Internet Download Manager\IDMan.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-SMAC 2.0 - n:\klc\SMAC\UNWISE.EXE
AddRemove-WinX Video Converter_is1 - f:\tamina\videomaker\WinX_Video_Converter\unins000.exe
AddRemove-{DDA3C325-47B2-4730-9672-BF3771C08799}_is1 - f:\tamina\videomaker\XMedia Recode\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\20.4.0.40\diMaster.dll\" /prefetch:1"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2382729799-1600841459-1991903984-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.**ˆ]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-2382729799-1600841459-1991903984-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.**ˆ\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.9"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil9f.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil9f.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
@Denied: (A 2) (Everyone)
@="IFlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-04-18  19:25:25
ComboFix-quarantined-files.txt  2014-04-18 17:25
.
Vor Suchlauf: 21 Verzeichnis(se), 35.458.277.376 Bytes frei
Nach Suchlauf: 22 Verzeichnis(se), 38.627.778.560 Bytes frei
.
- - End Of File - - 27D93F75BE6E59AA2006FE2EEAC8D2E9
A36C5E4F47E84449FF07ED3517B43A31

schrauber 19.04.2014 12:09
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

abrasat 19.04.2014 15:58
Danke für die Hilfe, hier sind die Dateien.

mbam.txt
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 19.04.2014
Suchlauf-Zeit: 16:27:20
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.1.1004
Malware Datenbank: v2014.04.19.06
Rootkit Datenbank: v2014.03.27.01
Lizenz: Premium
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Chameleon: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: *

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 285328
Verstrichene Zeit: 27 Min, 36 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Shuriken: Aktiviert
PUP: Warnen
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 0
(No malicious items detected)

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 38
PUP.Optional.MySearchDial.A, C:\Users\*\AppData\Roaming\Mozilla\Firefox\Profiles\i0nhgwf6.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.aflt", "irmsd0101");), Ersetzt,[1ee20ef2f10ff30d3ba17ad98b796799]
PUP.Optional.MySearchDial.A, C:\Users\*\AppData\Roaming\Mozilla\Firefox\Profiles\i0nhgwf6.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}");), Ersetzt,[1fe1c23eee1278889646de75679ddc24]
PUP.Optional.MySearchDial.A, C:\Users\*\AppData\Roaming\Mozilla\Firefox\Profiles\i0nhgwf6.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1Qzu0B0CtDyDyEtAtD0CzztC0A0FtCtA0BtBtN0D0Tzu0SyBtAtAtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R");), Ersetzt,[0df3cc34f010ab554e8e9db62ada1ee2]
PUP.Optional.MySearchDial.A, C:\Users\*\AppData\Roaming\Mozilla\Firefox\Profiles\i0nhgwf6.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.cr", "569416829");), Ersetzt,[f80803fdbc44f10f9c40ee6529db1de3]
PUP.Optional.MySearchDial.A, C:\Users\*\AppData\Roaming\Mozilla\Firefox\Profiles\i0nhgwf6.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.dfltLng", "");), Ersetzt,[d927c739dc246c94508c470cd62e649c]
PUP.Optional.MySearchDial.A, C:\Users\*\AppData\Roaming\Mozilla\Firefox\Profiles\i0nhgwf6.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.dfltSrch", true);), Ersetzt,[43bdee129c649d636f6db0a3a1638c74]
PUP.Optional.MySearchDial.A, C:\Users\*\AppData\Roaming\Mozilla\Firefox\Profiles\i0nhgwf6.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.dnsErr", true);), Ersetzt,[916fe9178779dd23e8f4e46ff50f2bd5]
PUP.Optional.MySearchDial.A, C:\Users\*\AppData\Roaming\Mozilla\Firefox\Profiles\i0nhgwf6.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.excTlbr", false);), Ersetzt,[39c7e0202fd1db25e9f3ada626dea858]
PUP.Optional.MySearchDial.A, C:\Users\*\AppData\Roaming\Mozilla\Firefox\Profiles\i0nhgwf6.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.hmpg", true);), Ersetzt,[50b047b9857be21ee7f5213253b1926e]
PUP.Optional.MySearchDial.A, C:\Users\*\AppData\Roaming\Mozilla\Firefox\Profiles\i0nhgwf6.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.hmpgUrl", "hxxp://start.mysearchdial.com/?f=1&a=irmsd0101&cd=2XzuyEtN2Y1L1Qzu0B0CtDyDyEtAtD0CzztC0A0FtCtA0BtBtN0D0Tzu0SyBtAtAtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=569416829&ir=");), Ersetzt,[c43c45bba35dec140dcf381b0ff5f30d]
PUP.Optional.MySearchDial.A, C:\Users\*\AppData\Roaming\Mozilla\Firefox\Profiles\i0nhgwf6.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.id", "BC05430C81AF13B2");), Ersetzt,[e21ece328080db254a9258fbed17d729]
PUP.Optional.MySearchDial.A, C:\Users\*\AppData\Roaming\Mozilla\Firefox\Profiles\i0nhgwf6.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.instlDay", "16072");), Ersetzt,[a858d22e7d83aa56568682d17c886a96]
PUP.Optional.MySearchDial.A, C:\Users\*\AppData\Roaming\Mozilla\Firefox\Profiles\i0nhgwf6.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.instlRef", "");), Ersetzt,[30d06997d42c966ab428fb5806fe07f9]
PUP.Optional.MySearchDial.A, C:\Users\*\AppData\Roaming\Mozilla\Firefox\Profiles\i0nhgwf6.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.lastB", "hxxp://start.mysearchdial.com/?f=1&a=irmsd0101&cd=2XzuyEtN2Y1L1Qzu0B0CtDyDyEtAtD0CzztC0A0FtCtA0BtBtN0D0Tzu0SyBtAtAtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=569416829&ir=");), Ersetzt,[ed13758bbd43c937ad2f2231b74d1be5]
PUP.Optional.MySearchDial.A, C:\Users\*\AppData\Roaming\Mozilla\Firefox\Profiles\i0nhgwf6.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.lastVrsnTs", "");), Ersetzt,[4bb54db347b945bb44982e25788c7090]
PUP.Optional.MySearchDial.A, C:\Users\*\AppData\Roaming\Mozilla\Firefox\Profiles\i0nhgwf6.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.newTabUrl", "hxxp://start.mysearchdial.com/?f=2&a=irmsd0101&cd=2XzuyEtN2Y1L1Qzu0B0CtDyDyEtAtD0CzztC0A0FtCtA0BtBtN0D0Tzu0SyBtAtAtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=569416829&ir=");), Ersetzt,[31cfbb45956bc33de7f5f45f0afac838]
PUP.Optional.MySearchDial.A, C:\Users\*\AppData\Roaming\Mozilla\Firefox\Profiles\i0nhgwf6.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.prdct", "mysearchdial");), Ersetzt,[13ede51ba65a649c8c5081d24cb8e719]
PUP.Optional.MySearchDial.A, C:\Users\*\AppData\Roaming\Mozilla\Firefox\Profiles\i0nhgwf6.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.prtnrId", "mysearchdial");), Ersetzt,[857b669a19e71be518c45ff45ca8ab55]
PUP.Optional.MySearchDial.A, C:\Users\*\AppData\Roaming\Mozilla\Firefox\Profiles\i0nhgwf6.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial");), Ersetzt,[05fbb44ce11f52ae22ba193a47bd5aa6]
PUP.Optional.MySearchDial.A, C:\Users\*\AppData\Roaming\Mozilla\Firefox\Profiles\i0nhgwf6.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.tlbrId", "base");), Ersetzt,[629e28d81fe1fa067468d87bee165da3]
PUP.Optional.MySearchDial.A, C:\Users\*\AppData\Roaming\Mozilla\Firefox\Profiles\i0nhgwf6.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.tlbrSrchUrl", "hxxp://start.mysearchdial.com/?f=3&a=irmsd0101&cd=2XzuyEtN2Y1L1Qzu0B0CtDyDyEtAtD0CzztC0A0FtCtA0BtBtN0D0Tzu0SyBtAtAtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=569416829&ir=&q=");), Ersetzt,[19e71ce48878b34d7e5eec67887c7888]
PUP.Optional.MySearchDial.A, C:\Users\*\AppData\Roaming\Mozilla\Firefox\Profiles\i0nhgwf6.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.vrsn", "1.8.21.0");), Ersetzt,[15eb53ad1de339c7c21acb8817ede51b]
PUP.Optional.MySearchDial.A, C:\Users\*\AppData\Roaming\Mozilla\Firefox\Profiles\i0nhgwf6.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.vrsni", "1.8.21.0");), Ersetzt,[b64a9c64b9478e72914bf1626e965fa1]
PUP.Optional.MySearchDial.A, C:\Users\*\AppData\Roaming\Mozilla\Firefox\Profiles\i0nhgwf6.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial_i.hmpg", true);), Ersetzt,[8878f10f639dff0120bc63f08d777090]
PUP.Optional.MySearchDial.A, C:\Users\*\AppData\Roaming\Mozilla\Firefox\Profiles\i0nhgwf6.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial_i.newTab", false);), Ersetzt,[d62aaf51e8182bd506d687ccd92b28d8]
PUP.Optional.MySearchDial.A, C:\Users\*\AppData\Roaming\Mozilla\Firefox\Profiles\i0nhgwf6.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial_i.smplGrp", "none");), Ersetzt,[51af23dd738d25dbb329f261f21258a8]
PUP.Optional.MySearchDial.A, C:\Users\*\AppData\Roaming\Mozilla\Firefox\Profiles\i0nhgwf6.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial_i.vrsnTs", "1.8.21.018:29:9");), Ersetzt,[9c6454acef116c948a5293c0b84c3bc5]
PUP.Optional.FaceMoods.A, C:\Users\*\AppData\Roaming\Mozilla\Firefox\Profiles\i0nhgwf6.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.facemoods._xpiupdate", true);), Ersetzt,[4cb4d9272cd434cc5497094a17ed9769]
PUP.Optional.FaceMoods.A, C:\Users\*\AppData\Roaming\Mozilla\Firefox\Profiles\i0nhgwf6.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.facemoods.aflt", "_#wbst");), Ersetzt,[ac54857b77897c8428c35ef550b455ab]
PUP.Optional.FaceMoods.A, C:\Users\*\AppData\Roaming\Mozilla\Firefox\Profiles\i0nhgwf6.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.facemoods.fcmdVrsn", "1.2.7.5.4");), Ersetzt,[bd431ee2649c4eb25794b69df31123dd]
PUP.Optional.FaceMoods.A, C:\Users\*\AppData\Roaming\Mozilla\Firefox\Profiles\i0nhgwf6.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.facemoods.firstRun", false);), Ersetzt,[887897699868c33da8432c279a6adc24]
PUP.Optional.FaceMoods.A, C:\Users\*\AppData\Roaming\Mozilla\Firefox\Profiles\i0nhgwf6.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.facemoods.first_time", false);), Ersetzt,[f40ca35dba46db253dae7fd438cc2cd4]
PUP.Optional.FaceMoods.A, C:\Users\*\AppData\Roaming\Mozilla\Firefox\Profiles\i0nhgwf6.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.facemoods.id", "_#e368de382e0f48a787a378e2410c6b11");), Ersetzt,[48b8ca3625dbe719d615afa47f850ff1]
PUP.Optional.FaceMoods.A, C:\Users\*\AppData\Roaming\Mozilla\Firefox\Profiles\i0nhgwf6.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.facemoods.instlDay", "_#15633");), Ersetzt,[05fb2cd4728eb54b1ad185ce0df7926e]
PUP.Optional.FaceMoods.A, C:\Users\*\AppData\Roaming\Mozilla\Firefox\Profiles\i0nhgwf6.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.facemoods.prtnrId", "_#facemoods.com");), Ersetzt,[c53b09f7f50b05fb46a53f14cc386a96]
PUP.Optional.FaceMoods.A, C:\Users\*\AppData\Roaming\Mozilla\Firefox\Profiles\i0nhgwf6.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.facemoods.sid", "_#e368de382e0f48a787a378e2410c6b11");), Ersetzt,[05fb0cf42ed2c53bf2f976dd54b0a35d]
PUP.Optional.FaceMoods.A, C:\Users\*\AppData\Roaming\Mozilla\Firefox\Profiles\i0nhgwf6.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.facemoods.update", "_#v1.4.0");), Ersetzt,[db2545bbfb059769e90259fa0301b64a]
PUP.Optional.FaceMoods.A, C:\Users\*\AppData\Roaming\Mozilla\Firefox\Profiles\i0nhgwf6.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.facemoods.vrsn", "_#1.4.17.5");), Ersetzt,[a95721df09f723dd8c5fd47f48bc12ee]

Physische Sektoren: 0
(No malicious items detected)


(end)
AdwCleaner.txt
Code:
# AdwCleaner v3.024 - Bericht erstellt am 19/04/2014 um 16:37:48
# Aktualisiert 18/04/2014 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzername : * - *-PC
# Gestartet von : C:\Users\*\Desktop\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****

Dienst Gelöscht : StumbleUponUpdater

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
Ordner Gelöscht : C:\Windows\SysWOW64\AI_RecycleBin
Ordner Gelöscht : C:\Users\*\AppData\Local\CrashRpt
Ordner Gelöscht : C:\Users\*\AppData\Local\SearchProtect
Ordner Gelöscht : C:\Users\*\AppData\LocalLow\StumbleUpon
Ordner Gelöscht : C:\Users\*\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\*\AppData\Roaming\pdfforge
Ordner Gelöscht : C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgifblbjgdjhcelbanblbhkhmbnnmhfg
Datei Gelöscht : C:\Users\*\AppData\Roaming\Mozilla\Firefox\Profiles\i0nhgwf6.default\Extensions\ffxtlbr@Facemoods.com.xpi
Datei Gelöscht : C:\Users\*\AppData\Roaming\Mozilla\Firefox\Profiles\i0nhgwf6.default\searchplugins\safesearch.xml
Datei Gelöscht : C:\Users\*\AppData\Roaming\Mozilla\Firefox\Profiles\i0nhgwf6.default\user.js
Datei Gelöscht : C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\pgifblbjgdjhcelbanblbhkhmbnnmhfg
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\NCTAudioCompress3.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\NCTAudioFormatSettings3.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\StumbleUpon.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\StumbleUpon.QTimeCpio
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\StumbleUpon.QTimeCpio.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_sopcast[1]_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_sopcast[1]_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_crazy-machines-ii_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_crazy-machines-ii_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{50F7F0BE-31BA-4145-BD8B-6B0DECFED804}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{F54A0D21-6A53-460C-8301-C694EC9E1033}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{F7BCCFD4-2FA6-477D-A1B0-EF7500B3C49E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{03F14321-8FED-4CBC-B01A-4B57FC199062}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{2C6F7E96-73BC-47A5-9F51-B67F0BAFE24D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4C58EB04-7B72-4D3D-A36E-66167A99BC31}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4EE0B011-604C-47F3-8F2B-39F79640B85E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A43DE495-3D00-47D4-9D2C-303115707939}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DB616CFF-D989-48A8-9C85-E2A8D56AB2CA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{6C9945B7-1D19-46CB-88C0-45A24DF6CD6E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{84B9B044-17C0-48FB-A300-C9747D5DF29C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DB616CFF-D989-48A8-9C85-E2A8D56AB2CA}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB616CFF-D989-48A8-9C85-E2A8D56AB2CA}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{929801A8-4AEF-4D12-BE31-D85BF666452B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DB616CFF-D989-48A8-9C85-E2A8D56AB2CA}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\IGearSettings
Schlüssel Gelöscht : HKCU\Software\StumbleUpon
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\StumbleUpon
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\SearchProtect

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17041


-\\ Mozilla Firefox v28.0 (de)

[ Datei : C:\Users\*\AppData\Roaming\Mozilla\Firefox\Profiles\i0nhgwf6.default\prefs.js ]

Zeile gelöscht : user_pref("browser.search.order.1", "Mysearchdial");
Zeile gelöscht : user_pref("browser.search.selectedEngine", "Mysearchdial");
Zeile gelöscht : user_pref("extensions.facemoods._xpiupdate", true);
Zeile gelöscht : user_pref("extensions.facemoods.aflt", "_#wbst");
Zeile gelöscht : user_pref("extensions.facemoods.fcmdVrsn", "1.2.7.5.4");
Zeile gelöscht : user_pref("extensions.facemoods.firstRun", false);
Zeile gelöscht : user_pref("extensions.facemoods.first_time", false);
Zeile gelöscht : user_pref("extensions.facemoods.id", "_#e368de382e0f48a787a378e2410c6b11");
Zeile gelöscht : user_pref("extensions.facemoods.instlDay", "_#15633");
Zeile gelöscht : user_pref("extensions.facemoods.prtnrId", "_#facemoods.com");
Zeile gelöscht : user_pref("extensions.facemoods.sid", "_#e368de382e0f48a787a378e2410c6b11");
Zeile gelöscht : user_pref("extensions.facemoods.update", "_#v1.4.0");
Zeile gelöscht : user_pref("extensions.facemoods.vrsn", "_#1.4.17.5");
Zeile gelöscht : user_pref("extensions.fvd_single.surfcanyon.ramp.start_time", "1394139601936");
Zeile gelöscht : user_pref("extensions.mysearchdial.aflt", "irmsd0101");
Zeile gelöscht : user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}");
Zeile gelöscht : user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1Qzu0B0CtDyDyEtAtD0CzztC0A0FtCtA0BtBtN0D0Tzu0SyBtAtAtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R");
Zeile gelöscht : user_pref("extensions.mysearchdial.cr", "569416829");
Zeile gelöscht : user_pref("extensions.mysearchdial.dfltLng", "");
Zeile gelöscht : user_pref("extensions.mysearchdial.dfltSrch", true);
Zeile gelöscht : user_pref("extensions.mysearchdial.dnsErr", true);
Zeile gelöscht : user_pref("extensions.mysearchdial.excTlbr", false);
Zeile gelöscht : user_pref("extensions.mysearchdial.hmpg", true);
Zeile gelöscht : user_pref("extensions.mysearchdial.hmpgUrl", "hxxp://start.mysearchdial.com/?f=1&a=irmsd0101&cd=2XzuyEtN2Y1L1Qzu0B0CtDyDyEtAtD0CzztC0A0FtCtA0BtBtN0D0Tzu0SyBtAtAtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutC[...]
Zeile gelöscht : user_pref("extensions.mysearchdial.id", "BC05430C81AF13B2");
Zeile gelöscht : user_pref("extensions.mysearchdial.instlDay", "16072");
Zeile gelöscht : user_pref("extensions.mysearchdial.instlRef", "");
Zeile gelöscht : user_pref("extensions.mysearchdial.lastB", "hxxp://start.mysearchdial.com/?f=1&a=irmsd0101&cd=2XzuyEtN2Y1L1Qzu0B0CtDyDyEtAtD0CzztC0A0FtCtA0BtBtN0D0Tzu0SyBtAtAtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD[...]
Zeile gelöscht : user_pref("extensions.mysearchdial.lastVrsnTs", "");
Zeile gelöscht : user_pref("extensions.mysearchdial.newTabUrl", "hxxp://start.mysearchdial.com/?f=2&a=irmsd0101&cd=2XzuyEtN2Y1L1Qzu0B0CtDyDyEtAtD0CzztC0A0FtCtA0BtBtN0D0Tzu0SyBtAtAtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1Czu[...]
Zeile gelöscht : user_pref("extensions.mysearchdial.prdct", "mysearchdial");
Zeile gelöscht : user_pref("extensions.mysearchdial.prtnrId", "mysearchdial");
Zeile gelöscht : user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial");
Zeile gelöscht : user_pref("extensions.mysearchdial.tlbrId", "base");
Zeile gelöscht : user_pref("extensions.mysearchdial.tlbrSrchUrl", "hxxp://start.mysearchdial.com/?f=3&a=irmsd0101&cd=2XzuyEtN2Y1L1Qzu0B0CtDyDyEtAtD0CzztC0A0FtCtA0BtBtN0D0Tzu0SyBtAtAtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1C[...]
Zeile gelöscht : user_pref("extensions.mysearchdial.vrsn", "1.8.21.0");
Zeile gelöscht : user_pref("extensions.mysearchdial.vrsni", "1.8.21.0");
Zeile gelöscht : user_pref("extensions.mysearchdial_i.hmpg", true);
Zeile gelöscht : user_pref("extensions.mysearchdial_i.newTab", false);
Zeile gelöscht : user_pref("extensions.mysearchdial_i.smplGrp", "none");
Zeile gelöscht : user_pref("extensions.mysearchdial_i.vrsnTs", "1.8.21.018:29:9");

-\\ Google Chrome v

[ Datei : C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [12358 octets] - [19/04/2014 16:36:55]
AdwCleaner[S0].txt - [11810 octets] - [19/04/2014 16:37:48]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [11871 octets] ##########
JRT.txt
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Ultimate x64
Ran by * on 19.04.2014 at 16:40:58,45
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9



~~~ Files



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\*\appdata\local\{0B2AFE40-2C3F-415A-9BA2-FA5CDA764AAC}
Successfully deleted: [Empty Folder] C:\Users\*\appdata\local\{0EADC2A9-CAFE-4226-BD1D-F0C69B6301AB}
Successfully deleted: [Empty Folder] C:\Users\*\appdata\local\{13156CE4-AE22-4E66-B011-E5C310A5C65B}
Successfully deleted: [Empty Folder] C:\Users\*\appdata\local\{14FC6A5D-CB10-4474-A62A-0C04598AB0C1}
Successfully deleted: [Empty Folder] C:\Users\*\appdata\local\{17262CB9-B4D6-4D4C-834A-45C6796D350A}
Successfully deleted: [Empty Folder] C:\Users\*\appdata\local\{294E4DA6-2C6B-4ECA-9A1C-2AAEBCAA6124}
Successfully deleted: [Empty Folder] C:\Users\*\appdata\local\{3108FEC6-39F5-4706-8319-83DE609B9F44}
Successfully deleted: [Empty Folder] C:\Users\*\appdata\local\{3515FC3B-0445-42D2-A333-8412DD9E127D}
Successfully deleted: [Empty Folder] C:\Users\*\appdata\local\{4000E484-C09C-4498-9AFF-1674890CBB62}
Successfully deleted: [Empty Folder] C:\Users\*\appdata\local\{40FC6BDF-B6B2-4F40-9458-9412C601DDB0}
Successfully deleted: [Empty Folder] C:\Users\*\appdata\local\{484A5A4D-4216-4BA8-8D03-26B1110210A5}
Successfully deleted: [Empty Folder] C:\Users\*\appdata\local\{59E930FF-3A62-4529-A809-CD9AAD761990}
Successfully deleted: [Empty Folder] C:\Users\*\appdata\local\{6FF79EC4-88B2-45D6-B74C-C8540AAB419C}
Successfully deleted: [Empty Folder] C:\Users\*\appdata\local\{847594C1-1E86-4E32-A057-F2331C2CDFE8}
Successfully deleted: [Empty Folder] C:\Users\*\appdata\local\{8CE1A577-EF00-4E29-909A-EADE04071F9E}
Successfully deleted: [Empty Folder] C:\Users\*\appdata\local\{9CD360F6-E513-415A-9743-6565B85283AC}
Successfully deleted: [Empty Folder] C:\Users\*\appdata\local\{9E0E9C04-16C1-41F8-AFCB-00BCAB774F5F}
Successfully deleted: [Empty Folder] C:\Users\*\appdata\local\{AFD87CEB-7A22-459D-BB7F-D05CEF0A9D55}
Successfully deleted: [Empty Folder] C:\Users\*\appdata\local\{B349AC4C-909C-45A2-80A9-93FB66DA8A33}
Successfully deleted: [Empty Folder] C:\Users\*\appdata\local\{E14BEE45-2CCF-4408-8A8A-40A5FFCA8B32}
Successfully deleted: [Empty Folder] C:\Users\*\appdata\local\{F15DDE6C-F175-4638-B628-6FF944176A84}



~~~ FireFox

Successfully deleted the following from C:\Users\*\AppData\Roaming\mozilla\firefox\profiles\i0nhgwf6.default\prefs.js

user_pref("extensions.fvd_single.surfcanyon.ramp.start_time", "1397918672810");
Emptied folder: C:\Users\*\AppData\Roaming\mozilla\firefox\profiles\i0nhgwf6.default\minidumps [131 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 19.04.2014 at 16:47:58,25
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST.txt

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-04-2014
Ran by * (administrator) on *-PC_UP on 19-04-2014 16:49:46
Running from C:\Users\*\Desktop
Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Advanced Micro Devices) C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WlanNetService.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
() C:\Program Files\SAMSUNG\USB Drivers\26_VIA_driver2\amd64\VIAService.exe
( ) C:\Windows\system32\dlbkcoms.exe
() C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\Status Monitor\dlp1Adb.exe
() C:\Program Files (x86)\GKC\GKCDTDNS\GKCDTDNSNT.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Spotify Ltd) C:\Users\*\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Electronic Arts) C:\Program Files (x86)\Electronic Arts\EADM\Core.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\PaperPort\PDFProFiltSrvPP.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Dyn, Inc.) C:\Program Files (x86)\Dyn Updater\DynUpSvc.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe


==================== Registry (Whitelisted) ==================

HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKU\.DEFAULT\...\Winlogon: [Shell] Explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-19\...\Winlogon: [Shell] Explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-20\...\Winlogon: [Shell] Explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-21-2382729799-1600841459-1991903984-1000\...\Run: [Spotify Web Helper] => C:\Users\*\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171000 2014-04-10] (Spotify Ltd)
HKU\S-1-5-21-2382729799-1600841459-1991903984-1000\...\Run: [EA Core] => C:\Program Files (x86)\Electronic Arts\EADM\Core.exe [3325952 2009-03-28] (Electronic Arts)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xCF4225269505CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: IDM integration (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: No Name - {DBC80044-A445-435b-BC74-9C25C1C588A9} -  No File
BHO-x32: IDM integration (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
BHO-x32: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\PDFViewer\Bin\PlusIEContextMenu.dll (Zeon Corporation)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - d:\Program Files (x86)\Speed Video Splitter\msdxm.ocx (Microsoft Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
Handler: vnd.ms.radio - {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: vnd.ms.radio - {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - d:\Program Files (x86)\Speed Video Splitter\msdxm.ocx (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.101
Tcpip\..\Interfaces\{8E0AA6F2-E3AF-4CE2-B748-FA8232A3B2BC}: [NameServer]192.168.1.101
Tcpip\..\Interfaces\{EF915E66-1EDD-4E49-BC96-00409DE18851}: [NameServer]192.168.1.101

FireFox:
========
FF ProfilePath: C:\Users\*\AppData\Roaming\Mozilla\Firefox\Profiles\i0nhgwf6.default
FF NetworkProxy: "backup.ftp", "192.168.1.101"
FF NetworkProxy: "backup.ftp_port", 0
FF NetworkProxy: "backup.socks", "192.168.1.101"
FF NetworkProxy: "backup.socks_port", 0
FF NetworkProxy: "backup.ssl", "192.168.1.101"
FF NetworkProxy: "backup.ssl_port", 0
FF NetworkProxy: "ftp", "192.168.1.101"
FF NetworkProxy: "http", "192.168.1.101"
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "192.168.1.101"
FF NetworkProxy: "ssl", "192.168.1.101"
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\*\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\*\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Flash Video Downloader - Full HD Download - C:\Users\*\AppData\Roaming\Mozilla\Firefox\Profiles\i0nhgwf6.default\Extensions\artur.dubovoy@gmail.com [2014-03-14]
FF Extension: StumbleUpon - C:\Users\*\AppData\Roaming\Mozilla\Firefox\Profiles\i0nhgwf6.default\Extensions\toolbar@stumbleupon.com [2013-07-16]
FF Extension: EPUBReader - C:\Users\*\AppData\Roaming\Mozilla\Firefox\Profiles\i0nhgwf6.default\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [2014-04-09]
FF Extension: DownloadHelper - C:\Users\*\AppData\Roaming\Mozilla\Firefox\Profiles\i0nhgwf6.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-03-27]
FF Extension: Firebug - C:\Users\*\AppData\Roaming\Mozilla\Firefox\Profiles\i0nhgwf6.default\Extensions\firebug@software.joehewitt.com.xpi [2011-07-30]
FF Extension: YouTube mp3 - C:\Users\*\AppData\Roaming\Mozilla\Firefox\Profiles\i0nhgwf6.default\Extensions\info@youtube-mp3.org.xpi [2012-11-09]
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\*\AppData\Roaming\Mozilla\Firefox\Profiles\i0nhgwf6.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2012-11-20]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\coFFPlgn\ []
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\IPSFF [2013-10-10]
FF HKCU\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\*\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\*\AppData\Roaming\IDM\idmmzcc5 [2014-03-15]
FF HKCU\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\*\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\*\AppData\Roaming\IDM\idmmzcc5 [2014-03-15]

Chrome:
=======
CHR HomePage:
CHR Extension: (Google Docs) - C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-15]
CHR Extension: (Google Drive) - C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-15]
CHR Extension: (YouTube) - C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-20]
CHR Extension: (Google-Suche) - C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-20]
CHR Extension: (IDM Integration) - C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmolcgpienlcieaajfkkdamlngancncm [2014-03-16]
CHR Extension: (Norton Identity Protection) - C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2012-01-01]
CHR Extension: (Google Wallet) - C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24]
CHR Extension: (StumbleUpon) - C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgifblbjgdjhcelbanblbhkhmbnnmhfg [2013-07-16]
CHR Extension: (Google Mail) - C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-20]
CHR HKLM-x32\...\Chrome\Extension: [jmolcgpienlcieaajfkkdamlngancncm] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2013-06-14]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\Exts\Chrome.crx [2014-04-04]

==================== Services (Whitelisted) =================

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [365568 2011-03-09] (Advanced Micro Devices, Inc.)
R2 AMD Reservation Manager; C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [194496 2010-06-17] (Advanced Micro Devices)
R2 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [376832 2010-10-22] (AVM Berlin)
R2 CDMA Device Service; C:\Program Files\SAMSUNG\USB Drivers\26_VIA_driver2\amd64\VIAService.exe [159232 2011-08-02] ()
R2 dlbk_device; C:\Windows\system32\dlbkcoms.exe [567024 2007-06-25] ( )
R2 DLNADB; C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\Status Monitor\dlp1Adb.exe [90432 2011-01-28] ()
R2 Dyn Updater; C:\Program Files (x86)\Dyn Updater\DynUpSvc.exe [95608 2011-11-15] (Dyn, Inc.)
R2 GKCDTDNS; C:\Program Files (x86)\GKC\GKCDTDNS\GKCDTDNSNT.exe [213504 2002-11-19] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
R2 MSSQL$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [57617752 2009-03-30] (Microsoft Corporation)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [87040 2012-03-23] ()
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\PaperPort\PDFProFiltSrvPP.exe [144672 2010-06-15] (Nuance Communications, Inc.)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2009-10-20] (CACE Technologies, Inc.)
S4 SQLAgent$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [427880 2009-03-30] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2010-10-25] (AVM Berlin)
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\BASHDefs\20140409.001\BHDrvx64.sys [1525976 2014-03-19] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1404000.028\ccSetx64.sys [169048 2013-04-16] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-11-21] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-11-21] (Symantec Corporation)
S3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [460800 2009-03-20] (AVM GmbH)
S3 fwlanusb4; C:\Windows\System32\DRIVERS\fwlanusb4.sys [1293824 2010-10-04] (AVM GmbH)
R3 fwlanusbn; C:\Windows\System32\DRIVERS\fwlanusbn.sys [714368 2010-10-25] (AVM GmbH)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\IPSDefs\20140417.001\IDSvia64.sys [525016 2014-03-26] (Symantec Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-04-19] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20140418.016\ENG64.SYS [126040 2013-11-30] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20140418.016\EX64.SYS [2099288 2013-11-30] (Symantec Corporation)
S3 NPF; C:\Windows\System32\drivers\npf.sys [47632 2009-10-20] (CACE Technologies, Inc.)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19032 2012-08-20] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12384 2012-08-20] ()
S3 RRNetCap; C:\Windows\System32\DRIVERS\rrnetcap.sys [37480 2012-12-12] (RapidSolution Software AG)
R3 RRNetCapMP; C:\Windows\System32\DRIVERS\rrnetcap.sys [37480 2012-12-12] (RapidSolution Software AG)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [867064 2011-07-20] (Duplex Secure Ltd.)
R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1404000.028\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1404000.028\SRTSPX64.SYS [36952 2013-03-05] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1404000.028\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1404000.028\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-06-19] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1404000.028\Ironx64.SYS [224416 2013-03-05] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1404000.028\SYMNETS.SYS [433752 2013-04-25] (Symantec Corporation)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation)
S3 AODDriver4.0; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-19 16:48 - 2014-04-19 16:48 - 00000000 ____D () C:\Users\*\Desktop\FRST-OlderVersion
2014-04-19 16:47 - 2014-04-19 16:47 - 00003320 _____ () C:\Users\*\Desktop\JRT.txt
2014-04-19 16:40 - 2014-04-19 16:40 - 00000000 ____D () C:\Windows\ERUNT
2014-04-19 16:36 - 2014-04-19 16:37 - 00000000 ____D () C:\AdwCleaner
2014-04-19 16:34 - 2014-04-19 16:35 - 01258805 _____ () C:\Users\*\Desktop\adwcleaner.exe
2014-04-18 19:25 - 2014-04-18 19:25 - 00025520 _____ () C:\ComboFix.txt
2014-04-18 19:15 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-04-18 19:15 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-04-18 19:15 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-04-18 19:15 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-04-18 19:15 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-04-18 19:15 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-04-18 19:15 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-04-18 19:15 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-04-18 19:13 - 2014-04-18 19:25 - 00000000 ____D () C:\Qoobox
2014-04-18 18:38 - 2014-04-18 18:38 - 05195154 ____R (Swearware) C:\Users\*\Desktop\ComboFix.exe
2014-04-18 10:46 - 2014-04-18 10:46 - 00059484 _____ () C:\Users\*\Desktop\Addition.txt
2014-04-18 10:45 - 2014-04-19 16:49 - 00020397 _____ () C:\Users\*\Desktop\FRST.txt
2014-04-18 10:45 - 2014-04-19 16:49 - 00000000 ____D () C:\FRST
2014-04-18 10:43 - 2014-04-18 10:43 - 00000504 _____ () C:\Users\*\Desktop\defogger_disable.log
2014-04-18 10:43 - 2014-04-18 10:43 - 00000020 _____ () C:\Users\*\defogger_reenable
2014-04-18 10:04 - 2014-04-18 10:04 - 00380416 _____ () C:\Users\*\Desktop\wu42zs2f.exe
2014-04-18 10:03 - 2014-04-19 16:48 - 02055680 _____ (Farbar) C:\Users\*\Desktop\FRST64.exe
2014-04-18 10:03 - 2014-04-18 10:03 - 00050477 _____ () C:\Users\*\Desktop\Defogger.exe
2014-04-18 10:00 - 2014-04-19 16:33 - 01016261 _____ (Thisisu) C:\Users\*\Desktop\JRT.exe
2014-04-18 09:37 - 2014-04-19 16:40 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-18 09:36 - 2014-04-18 09:36 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-18 09:36 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-18 09:36 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-13 15:03 - 2014-04-13 15:03 - 00000000 ____D () C:\ProgramData\Oracle
2014-04-13 14:45 - 2014-04-13 14:45 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-04-13 14:45 - 2014-04-13 14:45 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-04-13 14:45 - 2014-04-13 14:45 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-04-13 14:45 - 2014-04-13 14:45 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-04-13 03:01 - 2014-03-06 12:21 - 23549440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-13 03:01 - 2014-03-06 11:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-13 03:01 - 2014-03-06 11:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-04-13 03:01 - 2014-03-06 10:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-13 03:01 - 2014-03-06 10:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-13 03:01 - 2014-03-06 10:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-04-13 03:01 - 2014-03-06 10:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-13 03:01 - 2014-03-06 10:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-13 03:01 - 2014-03-06 10:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-13 03:01 - 2014-03-06 10:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-13 03:01 - 2014-03-06 10:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-13 03:01 - 2014-03-06 10:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-13 03:01 - 2014-03-06 10:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-04-13 03:01 - 2014-03-06 10:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-04-13 03:01 - 2014-03-06 10:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-13 03:01 - 2014-03-06 10:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-04-13 03:01 - 2014-03-06 10:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-13 03:01 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-04-13 03:01 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-04-13 03:01 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-04-13 03:01 - 2014-03-06 09:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-04-13 03:01 - 2014-03-06 09:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-13 03:01 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-13 03:01 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-13 03:01 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-04-13 03:01 - 2014-03-06 09:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-04-13 03:01 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-04-13 03:01 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-04-13 03:01 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-04-13 03:01 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-04-13 03:01 - 2014-03-06 09:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-13 03:01 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-04-13 03:01 - 2014-03-06 09:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-13 03:01 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-04-13 03:01 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-04-13 03:01 - 2014-03-06 08:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-13 03:01 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-13 03:01 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-04-13 03:01 - 2014-03-06 08:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-13 03:01 - 2014-03-06 07:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-13 03:01 - 2014-03-06 07:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-04-13 03:01 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-04-13 03:01 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-13 03:01 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-13 03:00 - 2014-03-06 11:19 - 17387008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-13 03:00 - 2014-03-06 10:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-13 03:00 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-13 03:00 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-12 15:24 - 2014-04-12 15:24 - 00000000 ____D () C:\Users\*\AppData\Local\calibre-cache
2014-04-12 15:14 - 2014-04-12 15:30 - 00000930 _____ () C:\Users\Public\Desktop\calibre 64bit - E-book management.lnk
2014-04-12 15:14 - 2014-04-12 15:30 - 00000000 ____D () C:\Program Files\Calibre2
2014-04-12 15:14 - 2014-04-12 15:24 - 00000000 ____D () C:\Users\*\AppData\Roaming\calibre
2014-04-12 15:14 - 2014-04-12 15:14 - 00000000 ____D () C:\Users\*\Documents\Calibre-Bibliothek
2014-04-12 09:31 - 2014-04-12 09:31 - 00262144 ____N () C:\Windows\Minidump\041214-68390-01.dmp
2014-04-09 19:56 - 2014-04-09 19:56 - 00000000 ____D () C:\Users\*\Documents\My Kindle Content
2014-04-09 19:55 - 2014-04-09 19:55 - 00002234 _____ () C:\Users\*\Desktop\Kindle.lnk
2014-04-09 19:55 - 2014-04-09 19:55 - 00000000 ____D () C:\Users\*\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
2014-04-09 19:55 - 2014-04-09 19:55 - 00000000 ____D () C:\Users\*\AppData\Local\Amazon
2014-04-09 19:36 - 2014-04-09 19:36 - 00001097 _____ () C:\Users\Public\Desktop\Mobi File Reader.lnk
2014-04-09 19:36 - 2014-04-09 19:36 - 00000000 ____D () C:\Program Files (x86)\Mobi File Reader
2014-04-09 01:16 - 2014-04-18 23:43 - 00000000 ____D () C:\Users\*\.cr3
2014-04-08 22:26 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-08 22:26 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-08 22:26 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-08 22:26 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-08 22:26 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-08 22:26 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-08 22:26 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-08 22:26 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-08 22:26 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-08 22:26 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-08 22:26 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-08 22:26 - 2014-02-04 04:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-08 22:26 - 2014-02-04 04:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-08 22:26 - 2014-02-04 04:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-08 22:26 - 2014-02-04 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-08 22:26 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-04-08 22:26 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-08 20:50 - 2014-04-08 20:50 - 00001104 _____ () C:\Users\Public\Desktop\Google Books Downloader.lnk
2014-04-08 20:50 - 2014-04-08 20:50 - 00000000 ____D () C:\Program Files (x86)\Google Books Downloader
2014-04-07 20:57 - 2014-04-07 21:00 - 106381584 _____ (Microsoft Corporation) C:\Users\*\Downloads\msert.exe
2014-03-30 15:19 - 2014-03-30 15:19 - 00001203 _____ () C:\Users\*\Desktop\Any Video Converter.lnk
2014-03-30 15:19 - 2014-03-30 15:19 - 00000000 ____D () C:\Users\*\Documents\Any Video Converter
2014-03-30 15:19 - 2014-03-30 15:19 - 00000000 ____D () C:\Users\*\AppData\Roaming\AnvSoft
2014-03-30 15:19 - 2014-03-30 15:19 - 00000000 ____D () C:\Program Files (x86)\AnvSoft
2014-03-30 14:06 - 2014-03-30 14:06 - 00000000 ____D () C:\Users\*\Documents\topsevenreviews
2014-03-30 14:05 - 2014-03-30 14:05 - 00000000 ____D () C:\Users\*\AppData\Local\4Videosoft Studio
2014-03-30 14:05 - 2014-03-30 14:05 - 00000000 ____D () C:\ProgramData\topsevenreviews
2014-03-30 14:05 - 2014-03-30 14:05 - 00000000 ____D () C:\Program Files (x86)\topsevenreviews
2014-03-23 20:49 - 2014-03-23 20:49 - 00002422 _____ () C:\Users\Public\Desktop\Aiseesoft AVCHD Video Converter.lnk
2014-03-23 20:49 - 2014-03-23 20:49 - 00000000 ____D () C:\ProgramData\Aiseesoft Studio
2014-03-23 20:49 - 2014-03-23 20:49 - 00000000 ____D () C:\Program Files (x86)\Aiseesoft Studio

==================== One Month Modified Files and Folders =======

2014-04-19 16:50 - 2014-04-18 10:45 - 00020397 _____ () C:\Users\*\Desktop\FRST.txt
2014-04-19 16:49 - 2014-04-18 10:45 - 00000000 ____D () C:\FRST
2014-04-19 16:48 - 2014-04-19 16:48 - 00000000 ____D () C:\Users\*\Desktop\FRST-OlderVersion
2014-04-19 16:48 - 2014-04-18 10:03 - 02055680 _____ (Farbar) C:\Users\*\Desktop\FRST64.exe
2014-04-19 16:47 - 2014-04-19 16:47 - 00003320 _____ () C:\Users\*\Desktop\JRT.txt
2014-04-19 16:47 - 2009-07-14 06:45 - 00014224 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-19 16:47 - 2009-07-14 06:45 - 00014224 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-19 16:40 - 2014-04-19 16:40 - 00000000 ____D () C:\Windows\ERUNT
2014-04-19 16:40 - 2014-04-18 09:37 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-19 16:39 - 2012-10-27 10:04 - 00041618 _____ () C:\Windows\setupact.log
2014-04-19 16:39 - 2011-09-03 17:53 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-19 16:39 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-19 16:38 - 2011-04-09 14:35 - 01990215 _____ () C:\Windows\WindowsUpdate.log
2014-04-19 16:37 - 2014-04-19 16:36 - 00000000 ____D () C:\AdwCleaner
2014-04-19 16:35 - 2014-04-19 16:34 - 01258805 _____ () C:\Users\*\Desktop\adwcleaner.exe
2014-04-19 16:33 - 2014-04-18 10:00 - 01016261 _____ (Thisisu) C:\Users\*\Desktop\JRT.exe
2014-04-19 16:24 - 2012-08-20 15:10 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-19 16:00 - 2011-09-03 17:53 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-19 15:39 - 2011-12-20 01:06 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2382729799-1600841459-1991903984-1000UA.job
2014-04-19 11:39 - 2011-12-20 01:06 - 00001068 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2382729799-1600841459-1991903984-1000Core.job
2014-04-19 07:51 - 2012-10-27 10:04 - 00392916 _____ () C:\Windows\PFRO.log
2014-04-18 23:43 - 2014-04-09 01:16 - 00000000 ____D () C:\Users\*\.cr3
2014-04-18 19:25 - 2014-04-18 19:25 - 00025520 _____ () C:\ComboFix.txt
2014-04-18 19:25 - 2014-04-18 19:13 - 00000000 ____D () C:\Qoobox
2014-04-18 19:22 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-04-18 18:55 - 2011-08-07 13:55 - 00000000 ____D () C:\Users\*\AppData\Roaming\Skype
2014-04-18 18:38 - 2014-04-18 18:38 - 05195154 ____R (Swearware) C:\Users\*\Desktop\ComboFix.exe
2014-04-18 18:13 - 2011-05-02 15:52 - 00000000 ____D () C:\Users\*\AppData\Roaming\FileZilla
2014-04-18 10:46 - 2014-04-18 10:46 - 00059484 _____ () C:\Users\*\Desktop\Addition.txt
2014-04-18 10:43 - 2014-04-18 10:43 - 00000504 _____ () C:\Users\*\Desktop\defogger_disable.log
2014-04-18 10:43 - 2014-04-18 10:43 - 00000020 _____ () C:\Users\*\defogger_reenable
2014-04-18 10:43 - 2011-04-09 14:57 - 00000000 ____D () C:\Users\*
2014-04-18 10:04 - 2014-04-18 10:04 - 00380416 _____ () C:\Users\*\Desktop\wu42zs2f.exe
2014-04-18 10:03 - 2014-04-18 10:03 - 00050477 _____ () C:\Users\*\Desktop\Defogger.exe
2014-04-18 09:36 - 2014-04-18 09:36 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-18 09:36 - 2012-10-16 00:05 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-18 09:36 - 2012-10-16 00:05 - 00000000 ____D () C:\Users\*\AppData\Roaming\Malwarebytes
2014-04-18 09:36 - 2012-10-16 00:05 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-16 18:21 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-04-13 15:03 - 2014-04-13 15:03 - 00000000 ____D () C:\ProgramData\Oracle
2014-04-13 14:45 - 2014-04-13 14:45 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-04-13 14:45 - 2014-04-13 14:45 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-04-13 14:45 - 2014-04-13 14:45 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-04-13 14:45 - 2014-04-13 14:45 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-04-13 14:45 - 2011-04-10 16:36 - 00000000 ____D () C:\Program Files (x86)\Java
2014-04-13 04:47 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-04-13 03:19 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-04-12 15:30 - 2014-04-12 15:14 - 00000930 _____ () C:\Users\Public\Desktop\calibre 64bit - E-book management.lnk
2014-04-12 15:30 - 2014-04-12 15:14 - 00000000 ____D () C:\Program Files\Calibre2
2014-04-12 15:24 - 2014-04-12 15:24 - 00000000 ____D () C:\Users\*\AppData\Local\calibre-cache
2014-04-12 15:24 - 2014-04-12 15:14 - 00000000 ____D () C:\Users\*\AppData\Roaming\calibre
2014-04-12 15:14 - 2014-04-12 15:14 - 00000000 ____D () C:\Users\*\Documents\Calibre-Bibliothek
2014-04-12 15:08 - 2009-07-14 19:58 - 00768508 _____ () C:\Windows\system32\perfh007.dat
2014-04-12 15:08 - 2009-07-14 19:58 - 00175238 _____ () C:\Windows\system32\perfc007.dat
2014-04-12 15:08 - 2009-07-14 07:13 - 01813582 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-12 09:31 - 2014-04-12 09:31 - 00262144 ____N () C:\Windows\Minidump\041214-68390-01.dmp
2014-04-12 09:31 - 2011-05-07 00:18 - 00000000 ____D () C:\Windows\Minidump
2014-04-11 10:27 - 2012-08-18 07:30 - 00000000 ____D () C:\Users\*\AppData\Roaming\Spotify
2014-04-11 09:28 - 2012-01-21 16:54 - 00000000 _____ () C:\sparkraw.log
2014-04-11 09:16 - 2009-07-14 07:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-04-10 14:43 - 2011-09-12 16:03 - 00007384 _____ () C:\Users\*\Desktop\SharePodSettings.xml
2014-04-10 14:38 - 2011-09-12 16:03 - 00000773 _____ () C:\Users\*\Desktop\SharePod.log
2014-04-10 14:00 - 2012-08-18 07:31 - 00000000 ____D () C:\Users\*\AppData\Local\Spotify
2014-04-10 08:43 - 2011-12-20 01:07 - 00002363 _____ () C:\Users\*\Desktop\Google Chrome.lnk
2014-04-09 19:56 - 2014-04-09 19:56 - 00000000 ____D () C:\Users\*\Documents\My Kindle Content
2014-04-09 19:55 - 2014-04-09 19:55 - 00002234 _____ () C:\Users\*\Desktop\Kindle.lnk
2014-04-09 19:55 - 2014-04-09 19:55 - 00000000 ____D () C:\Users\*\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
2014-04-09 19:55 - 2014-04-09 19:55 - 00000000 ____D () C:\Users\*\AppData\Local\Amazon
2014-04-09 19:36 - 2014-04-09 19:36 - 00001097 _____ () C:\Users\Public\Desktop\Mobi File Reader.lnk
2014-04-09 19:36 - 2014-04-09 19:36 - 00000000 ____D () C:\Program Files (x86)\Mobi File Reader
2014-04-09 03:10 - 2011-04-09 18:18 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-09 03:07 - 2013-08-14 23:07 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-09 03:05 - 2011-07-12 16:26 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-09 01:20 - 2011-04-16 10:42 - 00000000 ____D () C:\Users\*\AppData\Local\CrashDumps
2014-04-08 20:50 - 2014-04-08 20:50 - 00001104 _____ () C:\Users\Public\Desktop\Google Books Downloader.lnk
2014-04-08 20:50 - 2014-04-08 20:50 - 00000000 ____D () C:\Program Files (x86)\Google Books Downloader
2014-04-07 21:00 - 2014-04-07 20:57 - 106381584 _____ (Microsoft Corporation) C:\Users\*\Downloads\msert.exe
2014-04-03 09:51 - 2014-04-18 09:36 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-18 09:36 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2012-10-16 00:05 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-02 21:06 - 2014-01-02 19:30 - 00000000 ____D () C:\Program Files (x86)\JDownloader
2014-03-30 15:19 - 2014-03-30 15:19 - 00001203 _____ () C:\Users\*\Desktop\Any Video Converter.lnk
2014-03-30 15:19 - 2014-03-30 15:19 - 00000000 ____D () C:\Users\*\Documents\Any Video Converter
2014-03-30 15:19 - 2014-03-30 15:19 - 00000000 ____D () C:\Users\*\AppData\Roaming\AnvSoft
2014-03-30 15:19 - 2014-03-30 15:19 - 00000000 ____D () C:\Program Files (x86)\AnvSoft
2014-03-30 14:15 - 2011-04-15 23:31 - 00000000 ____D () C:\Users\*\Desktop\*
2014-03-30 14:06 - 2014-03-30 14:06 - 00000000 ____D () C:\Users\*\Documents\topsevenreviews
2014-03-30 14:05 - 2014-03-30 14:05 - 00000000 ____D () C:\Users\*\AppData\Local\4Videosoft Studio
2014-03-30 14:05 - 2014-03-30 14:05 - 00000000 ____D () C:\ProgramData\topsevenreviews
2014-03-30 14:05 - 2014-03-30 14:05 - 00000000 ____D () C:\Program Files (x86)\topsevenreviews
2014-03-30 11:34 - 2011-12-20 01:06 - 00004090 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2382729799-1600841459-1991903984-1000UA
2014-03-30 11:34 - 2011-12-20 01:06 - 00003694 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2382729799-1600841459-1991903984-1000Core
2014-03-30 10:49 - 2013-12-12 09:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-30 10:49 - 2012-04-25 18:36 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-27 23:55 - 2011-09-03 17:53 - 00004104 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-27 23:55 - 2011-09-03 17:53 - 00003852 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-23 20:49 - 2014-03-23 20:49 - 00002422 _____ () C:\Users\Public\Desktop\Aiseesoft AVCHD Video Converter.lnk
2014-03-23 20:49 - 2014-03-23 20:49 - 00000000 ____D () C:\ProgramData\Aiseesoft Studio
2014-03-23 20:49 - 2014-03-23 20:49 - 00000000 ____D () C:\Program Files (x86)\Aiseesoft Studio

Some content of TEMP:
====================
C:\Users\*\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-19 10:09

==================== End Of Log ============================
--- --- ---

--- --- ---

schrauber 20.04.2014 17:57

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

abrasat 21.04.2014 06:33
Danke nochmals, sieht gut aus.
Die Dateien:

Eset Log.txt

Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=281ab1943e4a3d45916af91b7209a342
# engine=17961
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-04-20 11:52:37
# local_time=2014-04-21 01:52:37 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=3591 16777213 100 91 1342178 160634542 0 0
# compatibility_mode=5893 16776574 100 94 23610168 149667807 0 0
# scanned=922691
# found=2
# cleaned=0
# scan_time=23217
sh=F118A90F1C8127310353F663267BE6D2BC791621 ft=0 fh=0000000000000000 vn="Android/Exploit.Lotoor.AK trojan" ac=I fn="E:\Utils\Alcatel\SuperOneClickv2.3.3-ShortFuse.zip"
sh=CA5FBAEFE7F0923A65CA47B86013D7ED9AEBBF2F ft=0 fh=0000000000000000 vn="Android/Exploit.Lotoor.AK trojan" ac=I fn="E:\Utils\Alcatel\SuperOneClickv2.3.3\Exploits\psneuter"
checkup.txt
Code:
Results of screen317's Security Check version 0.99.81 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
Norton Internet Security 
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Java 7 Update 51 
 Java(TM) SE Development Kit 6 Update 20
 Adobe Flash Player 12.0.0.77 
 Adobe Reader XI 
 Mozilla Firefox (28.0)
 Google Chrome 33.0.1750.154 
 Google Chrome 34.0.1847.116 
````````Process Check: objlist.exe by Laurent```````` 
 Norton ccSvcHst.exe
 Malwarebytes Anti-Malware mbamservice.exe 
 Malwarebytes Anti-Malware mbam.exe 
 Malwarebytes Anti-Malware mbamscheduler.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 
````````````````````End of Log``````````````````````
FRST.txt

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-04-2014 02
Ran by * (administrator) on *-PC_UP on 21-04-2014 07:24:46
Running from C:\Users\*\Desktop
Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Advanced Micro Devices) C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WlanNetService.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
() C:\Program Files\SAMSUNG\USB Drivers\26_VIA_driver2\amd64\VIAService.exe
( ) C:\Windows\system32\dlbkcoms.exe
() C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\Status Monitor\dlp1Adb.exe
() C:\Program Files (x86)\GKC\GKCDTDNS\GKCDTDNSNT.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(Spotify Ltd) C:\Users\*\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Electronic Arts) C:\Program Files (x86)\Electronic Arts\EADM\Core.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\PaperPort\PDFProFiltSrvPP.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Dyn, Inc.) C:\Program Files (x86)\Dyn Updater\DynUpSvc.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Marek Jasinski - www.FreeCommander.com) C:\Program Files (x86)\FreeCommander\FreeCommander.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
() C:\Program Files (x86)\SlickEdit\win\vs.exe


==================== Registry (Whitelisted) ==================

HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKU\.DEFAULT\...\Winlogon: [Shell] Explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-19\...\Winlogon: [Shell] Explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-20\...\Winlogon: [Shell] Explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-21-2382729799-1600841459-1991903984-1000\...\Run: [Spotify Web Helper] => C:\Users\*\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171000 2014-04-10] (Spotify Ltd)
HKU\S-1-5-21-2382729799-1600841459-1991903984-1000\...\Run: [EA Core] => C:\Program Files (x86)\Electronic Arts\EADM\Core.exe [3325952 2009-03-28] (Electronic Arts)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xCF4225269505CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: IDM integration (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: No Name - {DBC80044-A445-435b-BC74-9C25C1C588A9} -  No File
BHO-x32: IDM integration (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
BHO-x32: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\PDFViewer\Bin\PlusIEContextMenu.dll (Zeon Corporation)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - d:\Program Files (x86)\Speed Video Splitter\msdxm.ocx (Microsoft Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
Handler: vnd.ms.radio - {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: vnd.ms.radio - {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - d:\Program Files (x86)\Speed Video Splitter\msdxm.ocx (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.101
Tcpip\..\Interfaces\{8E0AA6F2-E3AF-4CE2-B748-FA8232A3B2BC}: [NameServer]192.168.1.101
Tcpip\..\Interfaces\{EF915E66-1EDD-4E49-BC96-00409DE18851}: [NameServer]192.168.1.101

FireFox:
========
FF ProfilePath: C:\Users\*\AppData\Roaming\Mozilla\Firefox\Profiles\i0nhgwf6.default
FF NetworkProxy: "backup.ftp", "192.168.1.101"
FF NetworkProxy: "backup.ftp_port", 0
FF NetworkProxy: "backup.socks", "192.168.1.101"
FF NetworkProxy: "backup.socks_port", 0
FF NetworkProxy: "backup.ssl", "192.168.1.101"
FF NetworkProxy: "backup.ssl_port", 0
FF NetworkProxy: "ftp", "192.168.1.101"
FF NetworkProxy: "http", "192.168.1.101"
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "192.168.1.101"
FF NetworkProxy: "ssl", "192.168.1.101"
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\*\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\*\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Flash Video Downloader - Full HD Download - C:\Users\*\AppData\Roaming\Mozilla\Firefox\Profiles\i0nhgwf6.default\Extensions\artur.dubovoy@gmail.com [2014-03-14]
FF Extension: StumbleUpon - C:\Users\*\AppData\Roaming\Mozilla\Firefox\Profiles\i0nhgwf6.default\Extensions\toolbar@stumbleupon.com [2013-07-16]
FF Extension: EPUBReader - C:\Users\*\AppData\Roaming\Mozilla\Firefox\Profiles\i0nhgwf6.default\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [2014-04-09]
FF Extension: DownloadHelper - C:\Users\*\AppData\Roaming\Mozilla\Firefox\Profiles\i0nhgwf6.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-03-27]
FF Extension: Firebug - C:\Users\*\AppData\Roaming\Mozilla\Firefox\Profiles\i0nhgwf6.default\Extensions\firebug@software.joehewitt.com.xpi [2011-07-30]
FF Extension: YouTube mp3 - C:\Users\*\AppData\Roaming\Mozilla\Firefox\Profiles\i0nhgwf6.default\Extensions\info@youtube-mp3.org.xpi [2012-11-09]
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\*\AppData\Roaming\Mozilla\Firefox\Profiles\i0nhgwf6.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2012-11-20]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\coFFPlgn\ []
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\IPSFF [2013-10-10]
FF HKCU\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\*\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\*\AppData\Roaming\IDM\idmmzcc5 [2014-03-15]
FF HKCU\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\*\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\*\AppData\Roaming\IDM\idmmzcc5 [2014-03-15]

Chrome:
=======
CHR HomePage:
CHR Extension: (Google Docs) - C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-15]
CHR Extension: (Google Drive) - C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-15]
CHR Extension: (YouTube) - C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-20]
CHR Extension: (Google-Suche) - C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-20]
CHR Extension: (IDM Integration) - C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmolcgpienlcieaajfkkdamlngancncm [2014-03-16]
CHR Extension: (Norton Identity Protection) - C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2012-01-01]
CHR Extension: (Google Wallet) - C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24]
CHR Extension: (Google Mail) - C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-20]
CHR HKLM-x32\...\Chrome\Extension: [jmolcgpienlcieaajfkkdamlngancncm] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2013-06-14]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\Exts\Chrome.crx [2014-04-04]

==================== Services (Whitelisted) =================

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [365568 2011-03-09] (Advanced Micro Devices, Inc.)
R2 AMD Reservation Manager; C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [194496 2010-06-17] (Advanced Micro Devices)
R2 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [376832 2010-10-22] (AVM Berlin)
R2 CDMA Device Service; C:\Program Files\SAMSUNG\USB Drivers\26_VIA_driver2\amd64\VIAService.exe [159232 2011-08-02] ()
R2 dlbk_device; C:\Windows\system32\dlbkcoms.exe [567024 2007-06-25] ( )
R2 DLNADB; C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\Status Monitor\dlp1Adb.exe [90432 2011-01-28] ()
R2 Dyn Updater; C:\Program Files (x86)\Dyn Updater\DynUpSvc.exe [95608 2011-11-15] (Dyn, Inc.)
R2 GKCDTDNS; C:\Program Files (x86)\GKC\GKCDTDNS\GKCDTDNSNT.exe [213504 2002-11-19] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
R2 MSSQL$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [57617752 2009-03-30] (Microsoft Corporation)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [87040 2012-03-23] ()
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\PaperPort\PDFProFiltSrvPP.exe [144672 2010-06-15] (Nuance Communications, Inc.)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2009-10-20] (CACE Technologies, Inc.)
S4 SQLAgent$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [427880 2009-03-30] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2010-10-25] (AVM Berlin)
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\BASHDefs\20140409.001\BHDrvx64.sys [1525976 2014-03-19] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1404000.028\ccSetx64.sys [169048 2013-04-16] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-11-21] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-11-21] (Symantec Corporation)
S3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [460800 2009-03-20] (AVM GmbH)
S3 fwlanusb4; C:\Windows\System32\DRIVERS\fwlanusb4.sys [1293824 2010-10-04] (AVM GmbH)
R3 fwlanusbn; C:\Windows\System32\DRIVERS\fwlanusbn.sys [714368 2010-10-25] (AVM GmbH)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\IPSDefs\20140417.001\IDSvia64.sys [525016 2014-03-26] (Symantec Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-04-21] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20140420.008\ENG64.SYS [126040 2013-11-30] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20140420.008\EX64.SYS [2099288 2013-11-30] (Symantec Corporation)
S3 NPF; C:\Windows\System32\drivers\npf.sys [47632 2009-10-20] (CACE Technologies, Inc.)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19032 2012-08-20] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12384 2012-08-20] ()
S3 RRNetCap; C:\Windows\System32\DRIVERS\rrnetcap.sys [37480 2012-12-12] (RapidSolution Software AG)
R3 RRNetCapMP; C:\Windows\System32\DRIVERS\rrnetcap.sys [37480 2012-12-12] (RapidSolution Software AG)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [867064 2011-07-20] (Duplex Secure Ltd.)
R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1404000.028\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1404000.028\SRTSPX64.SYS [36952 2013-03-05] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1404000.028\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1404000.028\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-06-19] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1404000.028\Ironx64.SYS [224416 2013-03-05] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1404000.028\SYMNETS.SYS [433752 2013-04-25] (Symantec Corporation)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation)
S3 AODDriver4.0; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-21 07:24 - 2014-04-21 07:24 - 00020857 _____ () C:\Users\*\Desktop\FRST.txt
2014-04-21 07:24 - 2014-04-21 07:24 - 00000000 ____D () C:\Users\*\Desktop\FRST-OlderVersion
2014-04-21 07:19 - 2014-04-21 07:19 - 00987448 _____ () C:\Users\*\Desktop\SecurityCheck.exe
2014-04-21 07:17 - 2014-04-21 07:17 - 00000031 _____ () C:\Users\*\Downloads\default.htm
2014-04-20 19:19 - 2014-04-20 19:19 - 02347384 _____ (ESET) C:\Users\*\Desktop\esetsmartinstaller_enu.exe
2014-04-19 16:40 - 2014-04-19 16:40 - 00000000 ____D () C:\Windows\ERUNT
2014-04-19 16:36 - 2014-04-19 16:37 - 00000000 ____D () C:\AdwCleaner
2014-04-19 16:34 - 2014-04-19 16:35 - 01258805 _____ () C:\Users\*\Desktop\adwcleaner.exe
2014-04-18 19:25 - 2014-04-18 19:25 - 00025520 _____ () C:\ComboFix.txt
2014-04-18 19:15 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-04-18 19:15 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-04-18 19:15 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-04-18 19:15 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-04-18 19:15 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-04-18 19:15 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-04-18 19:15 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-04-18 19:15 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-04-18 19:13 - 2014-04-18 19:25 - 00000000 ____D () C:\Qoobox
2014-04-18 18:38 - 2014-04-18 18:38 - 05195154 ____R (Swearware) C:\Users\*\Desktop\ComboFix.exe
2014-04-18 10:45 - 2014-04-21 07:24 - 00000000 ____D () C:\FRST
2014-04-18 10:43 - 2014-04-18 10:43 - 00000020 _____ () C:\Users\*\defogger_reenable
2014-04-18 10:04 - 2014-04-18 10:04 - 00380416 _____ () C:\Users\*\Desktop\wu42zs2f.exe
2014-04-18 10:03 - 2014-04-21 07:24 - 02056704 _____ (Farbar) C:\Users\*\Desktop\FRST64.exe
2014-04-18 10:03 - 2014-04-18 10:03 - 00050477 _____ () C:\Users\*\Desktop\Defogger.exe
2014-04-18 10:00 - 2014-04-19 16:33 - 01016261 _____ (Thisisu) C:\Users\*\Desktop\JRT.exe
2014-04-18 09:37 - 2014-04-21 05:37 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-18 09:36 - 2014-04-18 09:36 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-18 09:36 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-18 09:36 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-13 15:03 - 2014-04-13 15:03 - 00000000 ____D () C:\ProgramData\Oracle
2014-04-13 14:45 - 2014-04-13 14:45 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-04-13 14:45 - 2014-04-13 14:45 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-04-13 14:45 - 2014-04-13 14:45 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-04-13 14:45 - 2014-04-13 14:45 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-04-13 03:01 - 2014-03-06 12:21 - 23549440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-13 03:01 - 2014-03-06 11:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-13 03:01 - 2014-03-06 11:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-04-13 03:01 - 2014-03-06 10:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-13 03:01 - 2014-03-06 10:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-13 03:01 - 2014-03-06 10:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-04-13 03:01 - 2014-03-06 10:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-13 03:01 - 2014-03-06 10:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-13 03:01 - 2014-03-06 10:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-13 03:01 - 2014-03-06 10:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-13 03:01 - 2014-03-06 10:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-13 03:01 - 2014-03-06 10:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-13 03:01 - 2014-03-06 10:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-04-13 03:01 - 2014-03-06 10:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-04-13 03:01 - 2014-03-06 10:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-13 03:01 - 2014-03-06 10:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-04-13 03:01 - 2014-03-06 10:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-13 03:01 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-04-13 03:01 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-04-13 03:01 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-04-13 03:01 - 2014-03-06 09:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-04-13 03:01 - 2014-03-06 09:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-13 03:01 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-13 03:01 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-13 03:01 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-04-13 03:01 - 2014-03-06 09:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-04-13 03:01 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-04-13 03:01 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-04-13 03:01 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-04-13 03:01 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-04-13 03:01 - 2014-03-06 09:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-13 03:01 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-04-13 03:01 - 2014-03-06 09:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-13 03:01 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-04-13 03:01 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-04-13 03:01 - 2014-03-06 08:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-13 03:01 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-13 03:01 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-04-13 03:01 - 2014-03-06 08:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-13 03:01 - 2014-03-06 07:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-13 03:01 - 2014-03-06 07:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-04-13 03:01 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-04-13 03:01 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-13 03:01 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-13 03:00 - 2014-03-06 11:19 - 17387008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-13 03:00 - 2014-03-06 10:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-13 03:00 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-13 03:00 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-12 15:24 - 2014-04-12 15:24 - 00000000 ____D () C:\Users\*\AppData\Local\calibre-cache
2014-04-12 15:14 - 2014-04-19 18:18 - 00000930 _____ () C:\Users\Public\Desktop\calibre 64bit - E-book management.lnk
2014-04-12 15:14 - 2014-04-19 18:18 - 00000000 ____D () C:\Program Files\Calibre2
2014-04-12 15:14 - 2014-04-12 15:24 - 00000000 ____D () C:\Users\*\AppData\Roaming\calibre
2014-04-12 15:14 - 2014-04-12 15:14 - 00000000 ____D () C:\Users\*\Documents\Calibre-Bibliothek
2014-04-12 09:31 - 2014-04-12 09:31 - 00262144 ____N () C:\Windows\Minidump\041214-68390-01.dmp
2014-04-09 19:56 - 2014-04-09 19:56 - 00000000 ____D () C:\Users\*\Documents\My Kindle Content
2014-04-09 19:55 - 2014-04-09 19:55 - 00002234 _____ () C:\Users\*\Desktop\Kindle.lnk
2014-04-09 19:55 - 2014-04-09 19:55 - 00000000 ____D () C:\Users\*\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
2014-04-09 19:55 - 2014-04-09 19:55 - 00000000 ____D () C:\Users\*\AppData\Local\Amazon
2014-04-09 19:36 - 2014-04-09 19:36 - 00001097 _____ () C:\Users\Public\Desktop\Mobi File Reader.lnk
2014-04-09 19:36 - 2014-04-09 19:36 - 00000000 ____D () C:\Program Files (x86)\Mobi File Reader
2014-04-09 01:16 - 2014-04-18 23:43 - 00000000 ____D () C:\Users\*\.cr3
2014-04-08 22:26 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-08 22:26 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-08 22:26 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-08 22:26 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-08 22:26 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-08 22:26 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-08 22:26 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-08 22:26 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-08 22:26 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-08 22:26 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-08 22:26 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-08 22:26 - 2014-02-04 04:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-08 22:26 - 2014-02-04 04:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-08 22:26 - 2014-02-04 04:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-08 22:26 - 2014-02-04 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-08 22:26 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-04-08 22:26 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-08 20:50 - 2014-04-08 20:50 - 00001104 _____ () C:\Users\Public\Desktop\Google Books Downloader.lnk
2014-04-08 20:50 - 2014-04-08 20:50 - 00000000 ____D () C:\Program Files (x86)\Google Books Downloader
2014-04-07 20:57 - 2014-04-07 21:00 - 106381584 _____ (Microsoft Corporation) C:\Users\*\Downloads\msert.exe
2014-03-30 15:19 - 2014-03-30 15:19 - 00001203 _____ () C:\Users\*\Desktop\Any Video Converter.lnk
2014-03-30 15:19 - 2014-03-30 15:19 - 00000000 ____D () C:\Users\*\Documents\Any Video Converter
2014-03-30 15:19 - 2014-03-30 15:19 - 00000000 ____D () C:\Users\*\AppData\Roaming\AnvSoft
2014-03-30 15:19 - 2014-03-30 15:19 - 00000000 ____D () C:\Program Files (x86)\AnvSoft
2014-03-30 14:06 - 2014-03-30 14:06 - 00000000 ____D () C:\Users\*\Documents\topsevenreviews
2014-03-30 14:05 - 2014-03-30 14:05 - 00000000 ____D () C:\Users\*\AppData\Local\4Videosoft Studio
2014-03-30 14:05 - 2014-03-30 14:05 - 00000000 ____D () C:\ProgramData\topsevenreviews
2014-03-30 14:05 - 2014-03-30 14:05 - 00000000 ____D () C:\Program Files (x86)\topsevenreviews
2014-03-23 20:49 - 2014-03-23 20:49 - 00002422 _____ () C:\Users\Public\Desktop\Aiseesoft AVCHD Video Converter.lnk
2014-03-23 20:49 - 2014-03-23 20:49 - 00000000 ____D () C:\ProgramData\Aiseesoft Studio
2014-03-23 20:49 - 2014-03-23 20:49 - 00000000 ____D () C:\Program Files (x86)\Aiseesoft Studio

==================== One Month Modified Files and Folders =======

2014-04-21 07:24 - 2014-04-21 07:24 - 00020857 _____ () C:\Users\*\Desktop\FRST.txt
2014-04-21 07:24 - 2014-04-21 07:24 - 00000000 ____D () C:\Users\*\Desktop\FRST-OlderVersion
2014-04-21 07:24 - 2014-04-18 10:45 - 00000000 ____D () C:\FRST
2014-04-21 07:24 - 2014-04-18 10:03 - 02056704 _____ (Farbar) C:\Users\*\Desktop\FRST64.exe
2014-04-21 07:24 - 2012-08-20 15:10 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-21 07:19 - 2014-04-21 07:19 - 00987448 _____ () C:\Users\*\Desktop\SecurityCheck.exe
2014-04-21 07:17 - 2014-04-21 07:17 - 00000031 _____ () C:\Users\*\Downloads\default.htm
2014-04-21 07:00 - 2011-09-03 17:53 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-21 06:39 - 2011-12-20 01:06 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2382729799-1600841459-1991903984-1000UA.job
2014-04-21 05:37 - 2014-04-18 09:37 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-21 05:27 - 2011-08-07 13:55 - 00000000 ____D () C:\Users\*\AppData\Roaming\Skype
2014-04-21 05:27 - 2011-04-09 14:35 - 01652665 _____ () C:\Windows\WindowsUpdate.log
2014-04-20 23:00 - 2011-09-03 17:53 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-20 19:19 - 2014-04-20 19:19 - 02347384 _____ (ESET) C:\Users\*\Desktop\esetsmartinstaller_enu.exe
2014-04-20 12:21 - 2012-01-21 16:54 - 00000000 _____ () C:\sparkraw.log
2014-04-20 11:39 - 2011-12-20 01:06 - 00001068 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2382729799-1600841459-1991903984-1000Core.job
2014-04-20 07:50 - 2009-07-14 06:45 - 00014224 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-20 07:50 - 2009-07-14 06:45 - 00014224 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-20 07:40 - 2012-10-27 10:04 - 00041674 _____ () C:\Windows\setupact.log
2014-04-20 07:40 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-19 20:39 - 2009-07-14 19:58 - 00768508 _____ () C:\Windows\system32\perfh007.dat
2014-04-19 20:39 - 2009-07-14 19:58 - 00175238 _____ () C:\Windows\system32\perfc007.dat
2014-04-19 20:39 - 2009-07-14 07:13 - 01813582 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-19 18:18 - 2014-04-12 15:14 - 00000930 _____ () C:\Users\Public\Desktop\calibre 64bit - E-book management.lnk
2014-04-19 18:18 - 2014-04-12 15:14 - 00000000 ____D () C:\Program Files\Calibre2
2014-04-19 16:40 - 2014-04-19 16:40 - 00000000 ____D () C:\Windows\ERUNT
2014-04-19 16:37 - 2014-04-19 16:36 - 00000000 ____D () C:\AdwCleaner
2014-04-19 16:35 - 2014-04-19 16:34 - 01258805 _____ () C:\Users\*\Desktop\adwcleaner.exe
2014-04-19 16:33 - 2014-04-18 10:00 - 01016261 _____ (Thisisu) C:\Users\*\Desktop\JRT.exe
2014-04-19 07:51 - 2012-10-27 10:04 - 00392916 _____ () C:\Windows\PFRO.log
2014-04-18 23:43 - 2014-04-09 01:16 - 00000000 ____D () C:\Users\*\.cr3
2014-04-18 19:25 - 2014-04-18 19:25 - 00025520 _____ () C:\ComboFix.txt
2014-04-18 19:25 - 2014-04-18 19:13 - 00000000 ____D () C:\Qoobox
2014-04-18 19:22 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-04-18 18:38 - 2014-04-18 18:38 - 05195154 ____R (Swearware) C:\Users\*\Desktop\ComboFix.exe
2014-04-18 18:13 - 2011-05-02 15:52 - 00000000 ____D () C:\Users\*\AppData\Roaming\FileZilla
2014-04-18 10:43 - 2014-04-18 10:43 - 00000020 _____ () C:\Users\*\defogger_reenable
2014-04-18 10:43 - 2011-04-09 14:57 - 00000000 ____D () C:\Users\*
2014-04-18 10:04 - 2014-04-18 10:04 - 00380416 _____ () C:\Users\*\Desktop\wu42zs2f.exe
2014-04-18 10:03 - 2014-04-18 10:03 - 00050477 _____ () C:\Users\*\Desktop\Defogger.exe
2014-04-18 09:36 - 2014-04-18 09:36 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-18 09:36 - 2012-10-16 00:05 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-18 09:36 - 2012-10-16 00:05 - 00000000 ____D () C:\Users\*\AppData\Roaming\Malwarebytes
2014-04-18 09:36 - 2012-10-16 00:05 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-16 18:21 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-04-13 15:03 - 2014-04-13 15:03 - 00000000 ____D () C:\ProgramData\Oracle
2014-04-13 14:45 - 2014-04-13 14:45 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-04-13 14:45 - 2014-04-13 14:45 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-04-13 14:45 - 2014-04-13 14:45 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-04-13 14:45 - 2014-04-13 14:45 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-04-13 14:45 - 2011-04-10 16:36 - 00000000 ____D () C:\Program Files (x86)\Java
2014-04-13 04:47 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-04-13 03:19 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-04-12 15:24 - 2014-04-12 15:24 - 00000000 ____D () C:\Users\*\AppData\Local\calibre-cache
2014-04-12 15:24 - 2014-04-12 15:14 - 00000000 ____D () C:\Users\*\AppData\Roaming\calibre
2014-04-12 15:14 - 2014-04-12 15:14 - 00000000 ____D () C:\Users\*\Documents\Calibre-Bibliothek
2014-04-12 09:31 - 2014-04-12 09:31 - 00262144 ____N () C:\Windows\Minidump\041214-68390-01.dmp
2014-04-12 09:31 - 2011-05-07 00:18 - 00000000 ____D () C:\Windows\Minidump
2014-04-11 10:27 - 2012-08-18 07:30 - 00000000 ____D () C:\Users\*\AppData\Roaming\Spotify
2014-04-11 09:16 - 2009-07-14 07:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-04-10 14:43 - 2011-09-12 16:03 - 00007384 _____ () C:\Users\*\Desktop\SharePodSettings.xml
2014-04-10 14:38 - 2011-09-12 16:03 - 00000773 _____ () C:\Users\*\Desktop\SharePod.log
2014-04-10 14:00 - 2012-08-18 07:31 - 00000000 ____D () C:\Users\*\AppData\Local\Spotify
2014-04-10 08:43 - 2011-12-20 01:07 - 00002363 _____ () C:\Users\*\Desktop\Google Chrome.lnk
2014-04-09 19:56 - 2014-04-09 19:56 - 00000000 ____D () C:\Users\*\Documents\My Kindle Content
2014-04-09 19:55 - 2014-04-09 19:55 - 00002234 _____ () C:\Users\*\Desktop\Kindle.lnk
2014-04-09 19:55 - 2014-04-09 19:55 - 00000000 ____D () C:\Users\*\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
2014-04-09 19:55 - 2014-04-09 19:55 - 00000000 ____D () C:\Users\*\AppData\Local\Amazon
2014-04-09 19:36 - 2014-04-09 19:36 - 00001097 _____ () C:\Users\Public\Desktop\Mobi File Reader.lnk
2014-04-09 19:36 - 2014-04-09 19:36 - 00000000 ____D () C:\Program Files (x86)\Mobi File Reader
2014-04-09 03:10 - 2011-04-09 18:18 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-09 03:07 - 2013-08-14 23:07 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-09 03:05 - 2011-07-12 16:26 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-09 01:20 - 2011-04-16 10:42 - 00000000 ____D () C:\Users\*\AppData\Local\CrashDumps
2014-04-08 20:50 - 2014-04-08 20:50 - 00001104 _____ () C:\Users\Public\Desktop\Google Books Downloader.lnk
2014-04-08 20:50 - 2014-04-08 20:50 - 00000000 ____D () C:\Program Files (x86)\Google Books Downloader
2014-04-07 21:00 - 2014-04-07 20:57 - 106381584 _____ (Microsoft Corporation) C:\Users\*\Downloads\msert.exe
2014-04-03 09:51 - 2014-04-18 09:36 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-18 09:36 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2012-10-16 00:05 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-02 21:06 - 2014-01-02 19:30 - 00000000 ____D () C:\Program Files (x86)\JDownloader
2014-03-30 15:19 - 2014-03-30 15:19 - 00001203 _____ () C:\Users\*\Desktop\Any Video Converter.lnk
2014-03-30 15:19 - 2014-03-30 15:19 - 00000000 ____D () C:\Users\*\Documents\Any Video Converter
2014-03-30 15:19 - 2014-03-30 15:19 - 00000000 ____D () C:\Users\*\AppData\Roaming\AnvSoft
2014-03-30 15:19 - 2014-03-30 15:19 - 00000000 ____D () C:\Program Files (x86)\AnvSoft
2014-03-30 14:15 - 2011-04-15 23:31 - 00000000 ____D () C:\Users\*\Desktop\*
2014-03-30 14:06 - 2014-03-30 14:06 - 00000000 ____D () C:\Users\*\Documents\topsevenreviews
2014-03-30 14:05 - 2014-03-30 14:05 - 00000000 ____D () C:\Users\*\AppData\Local\4Videosoft Studio
2014-03-30 14:05 - 2014-03-30 14:05 - 00000000 ____D () C:\ProgramData\topsevenreviews
2014-03-30 14:05 - 2014-03-30 14:05 - 00000000 ____D () C:\Program Files (x86)\topsevenreviews
2014-03-30 11:34 - 2011-12-20 01:06 - 00004090 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2382729799-1600841459-1991903984-1000UA
2014-03-30 11:34 - 2011-12-20 01:06 - 00003694 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2382729799-1600841459-1991903984-1000Core
2014-03-30 10:49 - 2013-12-12 09:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-30 10:49 - 2012-04-25 18:36 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-27 23:55 - 2011-09-03 17:53 - 00004104 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-27 23:55 - 2011-09-03 17:53 - 00003852 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-23 20:49 - 2014-03-23 20:49 - 00002422 _____ () C:\Users\Public\Desktop\Aiseesoft AVCHD Video Converter.lnk
2014-03-23 20:49 - 2014-03-23 20:49 - 00000000 ____D () C:\ProgramData\Aiseesoft Studio
2014-03-23 20:49 - 2014-03-23 20:49 - 00000000 ____D () C:\Program Files (x86)\Aiseesoft Studio

Some content of TEMP:
====================
C:\Users\*\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-19 10:09

==================== End Of Log ============================
--- --- ---

schrauber 21.04.2014 20:50
Die beiden Sachen die ESET anmeckert löschen.


Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
HKU\.DEFAULT\...\Winlogon: [Shell] Explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-19\...\Winlogon: [Shell] Explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-20\...\Winlogon: [Shell] Explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.





Fertig :)

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun :)

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

abrasat 21.04.2014 22:55
Hab alle Schritte erledigt, ich hoffe die Fake Java Update Seite taucht jetzt nicht mehr auf (heute morgen kam die einmal vor)!
Danke nochmals !

Die Fixlog.txt Datei:

Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 21-04-2014 02
Ran by * at 2014-04-21 23:10:27 Run:1
Running from C:\Users\*\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKU\.DEFAULT\...\Winlogon: [Shell] Explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-19\...\Winlogon: [Shell] Explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-20\...\Winlogon: [Shell] Explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION
*****************

HKU\.DEFAULT\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
HKU\S-1-5-19\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
HKU\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.

==== End of Fixlog ====

schrauber 22.04.2014 14:17
Revo Uninstaller - Download - Filepony
damit Firefox deinstallieren, keine Daten behalten, Reste entfernen lassen, neu installieren.

Dann:
https://support.mozilla.org/de/kb/fi...einfach-loesen


Alle Zeitangaben in WEZ +1. Es ist jetzt 11:54 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131