Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Win7 + Malwarebytes Anti-Malware: Trojaner oder nicht? (https://www.trojaner-board.de/153190-win7-malwarebytes-anti-malware-trojaner.html)

howxx 28.04.2014 21:01
Win7 + Malwarebytes Anti-Malware: Trojaner oder nicht?
 
Hallo Forum,

ich bin mir nicht sicher ob der PC safe ist. Meine Tochter spielt manchmal online irgenwelche Pferdebrowsergames.
Nach einem scan mit dem Programm "Malwarebytes Anti-Malware"
erhielt ich folgendes Ergebnis mit dem ich nicht viel anfangen kann.
In der Hoffnung auf eine fundierte Aussage poste ich mal die txt-Datei.

Vielen Dank
Holger


Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 28.04.2014
Suchlauf-Zeit: 21:21:22
Logdatei: malware.txt
Administrator: Ja

Version: 2.00.1.1004
Malware Datenbank: v2014.04.28.07
Rootkit Datenbank: v2014.03.27.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Chameleon: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Administrator

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 404026
Verstrichene Zeit: 32 Min, 44 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Shuriken: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 32
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\CLSID\{AD015521-2337-C899-7369-8A59D2EE7EA0}, , [a215270897e4c76f6c2fc680bb46cb35],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{AD015521-2337-C899-7369-8A59D2EE7EA0}, , [a215270897e4c76f6c2fc680bb46cb35],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{AD015521-2337-C899-7369-8A59D2EE7EA0}, , [a215270897e4c76f6c2fc680bb46cb35],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\PssdoruunNer.PssdoruunNer, , [a215270897e4c76f6c2fc680bb46cb35],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\PssdoruunNer.PssdoruunNer.5.4, , [a215270897e4c76f6c2fc680bb46cb35],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\PssdoruunNer.PssdoruunNer, , [a215270897e4c76f6c2fc680bb46cb35],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\PssdoruunNer.PssdoruunNer.5.4, , [a215270897e4c76f6c2fc680bb46cb35],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{AD015521-2337-C899-7369-8A59D2EE7EA0}, , [a215270897e4c76f6c2fc680bb46cb35],
PUP.Optional.MultiPlug.A, HKU\S-1-5-21-3091854972-2778667893-1314618606-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{AD015521-2337-C899-7369-8A59D2EE7EA0}, , [a215270897e4c76f6c2fc680bb46cb35],
PUP.Optional.MultiPlug.A, HKU\S-1-5-21-3091854972-2778667893-1314618606-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{AD015521-2337-C899-7369-8A59D2EE7EA0}, , [a215270897e4c76f6c2fc680bb46cb35],
PUP.Optional.MultiPlug.A, HKU\S-1-5-21-3091854972-2778667893-1314618606-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{AD015521-2337-C899-7369-8A59D2EE7EA0}, , [a215270897e4c76f6c2fc680bb46cb35],
PUP.Optional.MultiPlug.A, HKU\S-1-5-21-3091854972-2778667893-1314618606-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{AD015521-2337-C899-7369-8A59D2EE7EA0}, , [a215270897e4c76f6c2fc680bb46cb35],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{AD015521-2337-C899-7369-8A59D2EE7EA0}, , [a215270897e4c76f6c2fc680bb46cb35],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{AD015521-2337-C899-7369-8A59D2EE7EA0}, , [a215270897e4c76f6c2fc680bb46cb35],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\CLSID\{AD015521-2337-C899-7369-8A59D2EE7EA0}\INPROCSERVER32, , [a215270897e4c76f6c2fc680bb46cb35],
PUP.Optional.Wajam.A, HKLM\SOFTWARE\CLASSES\APPID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}, , [f4c347e85e1d9d993325aaa835cd51af],
PUP.Optional.Wajam.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}, , [f4c347e85e1d9d993325aaa835cd51af],
PUP.Optional.SoftwareUpdater, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}, , [783f86a9f08b3105d16383a10ff3cd33],
PUP.Optional.SoftwareUpdater, HKLM\SOFTWARE\CLASSES\TYPELIB\{A0EE0278-2986-4E5A-884E-A3BF0357E476}, , [783f86a9f08b3105d16383a10ff3cd33],
PUP.Optional.SoftwareUpdater, HKLM\SOFTWARE\CLASSES\INTERFACE\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}, , [783f86a9f08b3105d16383a10ff3cd33],
PUP.Optional.SoftwareUpdater, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}, , [783f86a9f08b3105d16383a10ff3cd33],
PUP.Optional.SoftwareUpdater, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{A0EE0278-2986-4E5A-884E-A3BF0357E476}, , [783f86a9f08b3105d16383a10ff3cd33],
PUP.Optional.SoftwareUpdater, HKLM\SOFTWARE\CLASSES\Updater.AmiUpd.1, , [783f86a9f08b3105d16383a10ff3cd33],
PUP.Optional.SoftwareUpdater, HKLM\SOFTWARE\CLASSES\Updater.AmiUpd, , [783f86a9f08b3105d16383a10ff3cd33],
PUP.Optional.SoftwareUpdater, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Updater.AmiUpd, , [783f86a9f08b3105d16383a10ff3cd33],
PUP.Optional.SoftwareUpdater, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Updater.AmiUpd.1, , [783f86a9f08b3105d16383a10ff3cd33],
PUP.Optional.Wajam.A, HKU\S-1-5-21-3091854972-2778667893-1314618606-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}, , [5c5b210ea4d762d432b23de13cc609f7],
PUP.Optional.Wajam.A, HKU\S-1-5-21-3091854972-2778667893-1314618606-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}, , [5c5b210ea4d762d432b23de13cc609f7],
PUP.Optional.Wajam.A, HKU\S-1-5-21-3091854972-2778667893-1314618606-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}, , [5c5b210ea4d762d432b23de13cc609f7],
PUP.Optional.Wajam.A, HKU\S-1-5-21-3091854972-2778667893-1314618606-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}, , [5c5b210ea4d762d432b23de13cc609f7],
PUP.Optional.Wajam.A, HKU\S-1-5-21-3091854972-2778667893-1314618606-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}, , [5c5b210ea4d762d432b23de13cc609f7],
PUP.Software.Updater, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}, , [d9def83786f5231312feccc3669cc13f],

Registrierungswerte: 1
PUP.Optional.LiveSupport, HKU\S-1-5-21-3091854972-2778667893-1314618606-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|LiveSupport, "C:\Program Files (x86)\LiveSupport\LiveSupport.exe" /noshow /log, , [2394d95624578fa7c7004b2ead5530d0]

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 3
PUP.Optional.MultiPlug.A, C:\ProgramData\PSSdrounnneR\fb7fuK6.x64.dll, , [a215270897e4c76f6c2fc680bb46cb35],
PUP.Optional.MultiPlug.A, C:\ProgramData\PSSdrounnneR\fb7fuK6.dll, , [a215270897e4c76f6c2fc680bb46cb35],
PUP.Software.Updater, C:\Windows\Tasks\AmiUpdXp.job, , [932466c91566e74f59b6c8c7966c748c],

Physische Sektoren: 0
(No malicious items detected)


(end)

cosinus 29.04.2014 10:56
Hallo und :hallo:

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten!
Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht!



Zudem bitte auch ein Log mit Farbars Tool machen:

Scan mit Farbar's Recovery Scan Tool (FRST)

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)



Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

howxx 29.04.2014 16:56
Hallo cosinus,

danke für den Willkommensgruß und für Deine Hilfe.
Hier die Dateien.

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-04-2014
Ran by Administrator (administrator) on xxxxx-PC on 29-04-2014 17:40:29
Running from C:\Users\Administrator.xxxxx-PC\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
() C:\ProgramData\HiSuiteOuc\HiSuiteOuc64.exe
() C:\ProgramData\HandSetService\HuaweiHiSuiteService64.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\PSUtility\PSUService.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Plugfree NETWORK\PFNetDm.EXE
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Plugfree NETWORK\PFNTray.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Sonix) C:\Windows\vsnp2uvc.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(FUJITSU LIMITED) C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Mozilla Corporation) C:\Program Files\Mozilla\firefox\firefox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1886504 2009-11-19] (Synaptics Incorporated)
HKLM\...\Run: [PfNet] => C:\Program Files\Fujitsu\Plugfree NETWORK\PfNet.exe [6311424 2010-10-08] (FUJITSU LIMITED)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11663464 2010-12-07] (Realtek Semiconductor)
HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1933584 2011-01-05] (Intel(R) Corporation)
HKLM\...\Run: [snp2uvc] => C:\Windows\vsnp2uvc.exe [662016 2009-08-13] (Sonix)
HKLM\...\Run: [LoadBtnHnd] => C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe [21616 2010-07-09] (FUJITSU LIMITED)
HKLM-x32\...\Run: [IndicatorUtility] => C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe [48752 2010-09-30] (FUJITSU LIMITED)
HKLM-x32\...\Run: [snp2uvc] => C:\Windows\vsnp2uvc.exe [662016 2009-08-13] (Sonix)
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2621440 2010-02-09] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3774312 2014-04-05] (AVAST Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3091854972-2778667893-1314618606-500\...\Run: [LiveSupport] => "C:\Program Files (x86)\LiveSupport\LiveSupport.exe" /noshow /log
HKU\S-1-5-21-3091854972-2778667893-1314618606-500\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\S-1-5-21-3091854972-2778667893-1314618606-500\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-3091854972-2778667893-1314618606-500\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-3091854972-2778667893-1314618606-500\...\MountPoints2: {19b4cb42-bd91-11e1-bd34-806e6f6e6963} - E:\Autorun.exe
Startup: C:\Users\birgit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe (No File)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchCenter.lnk
ShortcutTarget: LaunchCenter.lnk -> C:\Program Files\Fujitsu\LaunchCenter\LaunchCenter.exe (Fujitsu Technology Solutions)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\newreminderdialog.lnk
ShortcutTarget: newreminderdialog.lnk -> C:\Program Files\Fujitsu\FujitsuRecovery\NewReminderDialog.exe (Fujitsu Technology Solutions)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchCenter.lnk
ShortcutTarget: LaunchCenter.lnk -> C:\Program Files\Fujitsu\LaunchCenter\LaunchCenter.exe (Fujitsu Technology Solutions)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\newreminderdialog.lnk
ShortcutTarget: newreminderdialog.lnk -> C:\Program Files\Fujitsu\FujitsuRecovery\NewReminderDialog.exe (Fujitsu Technology Solutions)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-3091854972-2778667893-1314618606-1005\User: Group Policy restriction detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ts.fujitsu.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=FTSG&bmod=FTSG
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {5D03E31A-C579-4672-A2DD-CCBF0581E468} URL =
SearchScopes: HKCU - {5D03E31A-C579-4672-A2DD-CCBF0581E468} URL =
BHO: avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: saverooNN - {4C7A8436-0732-9F4D-86BB-72965BA638C9} - C:\ProgramData\saverooNN\8OE8V.x64.dll No File
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: PSSdrounnneR - {AD015521-2337-C899-7369-8A59D2EE7EA0} - C:\ProgramData\PSSdrounnneR\fb7fuK6.x64.dll ()
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: deealpeaki - {F65988CC-224F-0F15-E117-F51999CA4B99} - C:\ProgramData\deealpeaki\9.x64.dll No File
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: PSSdrounnneR - {AD015521-2337-C899-7369-8A59D2EE7EA0} - C:\ProgramData\PSSdrounnneR\fb7fuK6.dll ()
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} -  No File
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
Tcpip\Parameters: [DhcpNameServer] 82.212.62.62 78.42.43.62

FireFox:
========
FF ProfilePath: C:\Users\Administrator.xxxxx-pc\AppData\Roaming\Mozilla\Firefox\Profiles\xhcxbkfp.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll ()
FF Plugin: @java.com/DTPlugin,version=10.7.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.7.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Flashblock - C:\Users\Administrator.xxxxx-pc\AppData\Roaming\Mozilla\Firefox\Profiles\xhcxbkfp.default\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2013-09-07]
FF Extension: Empty Cache Button - C:\Users\Administrator.xxxxx-pc\AppData\Roaming\Mozilla\Firefox\Profiles\xhcxbkfp.default\Extensions\{4cc4a13b-94a6-7568-370d-5f9de54a9c7f} [2014-04-28]
FF Extension: Firebug - C:\Users\Administrator.xxxxx-pc\AppData\Roaming\Mozilla\Firefox\Profiles\xhcxbkfp.default\Extensions\firebug@software.joehewitt.com.xpi [2012-07-01]
FF Extension: Ghostery - C:\Users\Administrator.xxxxx-pc\AppData\Roaming\Mozilla\Firefox\Profiles\xhcxbkfp.default\Extensions\firefox@ghostery.com.xpi [2013-09-07]
FF Extension: Easy YouTube Video Downloader - C:\Users\Administrator.xxxxx-pc\AppData\Roaming\Mozilla\Firefox\Profiles\xhcxbkfp.default\Extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi [2012-07-01]
FF Extension: Adblock Plus - C:\Users\Administrator.xxxxx-pc\AppData\Roaming\Mozilla\Firefox\Profiles\xhcxbkfp.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-07-01]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-06-23]
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files\Mozilla\firefox\firefox.exe

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-02-24] (AVAST Software)
R2 HiSuiteOuc64.exe; C:\ProgramData\HiSuiteOuc\HiSuiteOuc64.exe [137024 2013-07-11] ()
R2 HuaweiHiSuiteService64.exe; C:\ProgramData\HandSetService\HuaweiHiSuiteService64.exe [197632 2013-05-02] ()
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-01-05] ()
R2 PFNService; C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe [331776 2010-10-08] (FUJITSU LIMITED)
R2 PowerSavingUtilityService; C:\Program Files\Fujitsu\PSUtility\PSUService.exe [63336 2010-06-18] (FUJITSU LIMITED)

==================== Drivers (Whitelisted) ====================

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2014-02-24] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2014-02-24] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-02-24] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1038072 2014-02-24] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [421704 2014-02-24] (AVAST Software)
R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [80184 2014-02-24] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2014-01-22] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2014-02-24] ()
R0 FBIOSDRV; C:\Windows\System32\Drivers\FBIOSDRV.sys [21104 2009-06-24] (FUJITSU LIMITED)
R3 FUJ02B1; C:\Windows\System32\DRIVERS\FUJ02B1.sys [7808 2006-11-01] (FUJITSU LIMITED)
R3 FUJ02E3; C:\Windows\system32\drivers\FUJ02E3.sys [7296 2006-11-01] (FUJITSU LIMITED)
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2011-10-24] (Huawei Technologies Co., Ltd.)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1801216 2010-10-09] ()

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-29 17:40 - 2014-04-29 17:40 - 00016157 _____ () C:\Users\Administrator.xxxxx-pc\Downloads\FRST.txt
2014-04-29 17:40 - 2014-04-29 17:40 - 00000000 ____D () C:\FRST
2014-04-29 17:39 - 2014-04-29 17:39 - 02061824 _____ (Farbar) C:\Users\Administrator.xxxxx-pc\Downloads\FRST64.exe
2014-04-29 14:32 - 2014-04-29 17:34 - 00000112 _____ () C:\Windows\setupact.log
2014-04-29 14:32 - 2014-04-29 14:32 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-28 21:21 - 2014-04-28 21:21 - 00007200 _____ () C:\Users\Administrator.xxxxx-pc\Desktop\malware.txt
2014-04-28 20:47 - 2014-04-28 20:48 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-28 20:47 - 2014-04-28 20:47 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-28 20:47 - 2014-04-28 20:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-04-28 20:47 - 2014-04-28 20:47 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-28 20:47 - 2014-04-28 20:47 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-28 20:47 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-28 20:47 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-28 20:47 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-28 20:37 - 2014-04-28 20:37 - 00000000 ____D () C:\Users\Administrator.xxxxx-pc\Documents\Electronic Arts
2014-04-28 20:04 - 2014-04-28 20:04 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-04-28 20:03 - 2014-04-28 20:03 - 00002264 _____ () C:\Users\Public\Desktop\Die Sims™ 3 Einfach tierisch.lnk
2014-04-28 19:56 - 2014-04-28 19:56 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-04-28 19:56 - 2014-04-14 04:24 - 00465408 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-04-28 19:56 - 2014-04-14 04:19 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-04-27 09:44 - 2014-04-27 09:44 - 00000000 ____D () C:\Users\birgit\AppData\Local\{45D5734C-E2CA-4C37-9ABA-131726CEB566}
2014-04-20 11:35 - 2014-04-20 11:35 - 00000000 __SHD () C:\Users\Yara\AppData\Local\EmieUserList
2014-04-20 11:35 - 2014-04-20 11:35 - 00000000 __SHD () C:\Users\Yara\AppData\Local\EmieSiteList
2014-04-20 11:23 - 2014-04-20 11:23 - 00000000 ____D () C:\Users\Yara\AppData\Local\Macromedia
2014-04-20 11:21 - 2014-04-20 11:21 - 00000000 ____D () C:\Users\Yara\AppData\Roaming\Mozilla
2014-04-20 11:21 - 2014-04-20 11:21 - 00000000 ____D () C:\Users\Yara\AppData\Local\Mozilla
2014-04-20 11:19 - 2014-04-20 11:19 - 00000000 ____D () C:\Users\Yara\Documents\Electronic Arts
2014-04-20 11:16 - 2014-04-28 20:04 - 00000000 ____D () C:\ProgramData\Electronic Arts
2014-04-20 11:07 - 2014-04-20 11:07 - 00002086 _____ () C:\Users\Public\Desktop\Die*Sims™*3.lnk
2014-04-20 11:07 - 2014-04-20 11:07 - 00000000 ____D () C:\Program Files (x86)\Microsoft WSE
2014-04-20 10:50 - 2014-04-28 19:56 - 00000000 ____D () C:\Program Files (x86)\Electronic Arts
2014-04-20 10:45 - 2014-04-20 10:45 - 00000000 ____D () C:\Users\Yara\AppData\Roaming\Macromedia
2014-04-20 10:45 - 2014-04-20 10:45 - 00000000 ____D () C:\Users\Yara\AppData\Roaming\Fujitsu Launch Center
2014-04-20 10:45 - 2014-04-20 10:45 - 00000000 ____D () C:\Users\Yara\AppData\Roaming\AVAST Software
2014-04-20 10:45 - 2014-04-20 10:45 - 00000000 ____D () C:\Users\Yara\AppData\Roaming\Adobe
2014-04-20 10:44 - 2014-04-28 20:18 - 00000000 ___RD () C:\Users\Yara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-20 10:44 - 2014-04-20 10:45 - 00111048 _____ () C:\Users\Yara\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-20 10:44 - 2014-04-20 10:45 - 00001431 _____ () C:\Users\Yara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-04-20 10:44 - 2014-04-20 10:45 - 00000000 ___RD () C:\Users\Yara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-04-20 10:44 - 2014-04-20 10:44 - 00000680 __RSH () C:\Users\Yara\ntuser.pol
2014-04-20 10:44 - 2014-04-20 10:44 - 00000000 _SHDL () C:\Users\Yara\Vorlagen
2014-04-20 10:44 - 2014-04-20 10:44 - 00000000 _SHDL () C:\Users\Yara\Startmenü
2014-04-20 10:44 - 2014-04-20 10:44 - 00000000 _SHDL () C:\Users\Yara\Netzwerkumgebung
2014-04-20 10:44 - 2014-04-20 10:44 - 00000000 _SHDL () C:\Users\Yara\Lokale Einstellungen
2014-04-20 10:44 - 2014-04-20 10:44 - 00000000 _SHDL () C:\Users\Yara\Eigene Dateien
2014-04-20 10:44 - 2014-04-20 10:44 - 00000000 _SHDL () C:\Users\Yara\Druckumgebung
2014-04-20 10:44 - 2014-04-20 10:44 - 00000000 _SHDL () C:\Users\Yara\Documents\Eigene Musik
2014-04-20 10:44 - 2014-04-20 10:44 - 00000000 _SHDL () C:\Users\Yara\Documents\Eigene Bilder
2014-04-20 10:44 - 2014-04-20 10:44 - 00000000 _SHDL () C:\Users\Yara\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-04-20 10:44 - 2014-04-20 10:44 - 00000000 _SHDL () C:\Users\Yara\AppData\Local\Verlauf
2014-04-20 10:44 - 2014-04-20 10:44 - 00000000 _SHDL () C:\Users\Yara\AppData\Local\Anwendungsdaten
2014-04-20 10:44 - 2014-04-20 10:44 - 00000000 _SHDL () C:\Users\Yara\Anwendungsdaten
2014-04-20 10:44 - 2014-04-20 10:44 - 00000000 ____D () C:\Users\Yara
2014-04-20 10:44 - 2012-11-10 21:18 - 00001999 _____ () C:\Users\Yara\Desktop\Agrar Simulator 2012.lnk
2014-04-20 10:44 - 2012-06-24 02:16 - 00000000 ____D () C:\Users\Yara\AppData\Roaming\Intel
2014-04-20 10:44 - 2012-06-23 17:36 - 00001145 _____ () C:\Users\Yara\Desktop\CyberLink YouCam.lnk
2014-04-20 10:44 - 2012-06-23 17:36 - 00000000 ____D () C:\Users\Yara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink YouCam
2014-04-20 10:44 - 2011-05-07 21:24 - 00000000 ____D () C:\Users\Yara\AppData\Roaming\Fujitsu
2014-04-20 10:44 - 2011-05-07 19:29 - 00000000 ____D () C:\Users\Yara\AppData\Local\Windows Live
2014-04-20 10:44 - 2010-11-21 04:50 - 00000020 ___SH () C:\Users\Yara\ntuser.ini
2014-04-20 10:44 - 2009-07-14 06:54 - 00000000 ___RD () C:\Users\Yara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-04-20 10:44 - 2009-07-14 06:49 - 00000000 ___RD () C:\Users\Yara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-04-20 10:38 - 2014-04-20 10:38 - 00000000 ____D () C:\Users\Administrator.xxxxx-pc\AppData\Roaming\AVAST Software
2014-04-19 15:09 - 2014-03-06 12:21 - 23549440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-19 15:09 - 2014-03-06 11:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-19 15:09 - 2014-03-06 11:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-04-19 15:09 - 2014-03-06 10:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-19 15:09 - 2014-03-06 10:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-19 15:09 - 2014-03-06 10:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-04-19 15:09 - 2014-03-06 10:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-19 15:09 - 2014-03-06 10:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-19 15:09 - 2014-03-06 10:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-19 15:09 - 2014-03-06 10:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-19 15:09 - 2014-03-06 10:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-19 15:09 - 2014-03-06 10:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-04-19 15:09 - 2014-03-06 10:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-04-19 15:09 - 2014-03-06 10:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-19 15:09 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-04-19 15:09 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-04-19 15:09 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-04-19 15:09 - 2014-03-06 09:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-04-19 15:09 - 2014-03-06 09:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-19 15:09 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-19 15:09 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-04-19 15:09 - 2014-03-06 09:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-04-19 15:09 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-04-19 15:09 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-04-19 15:09 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-04-19 15:09 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-04-19 15:09 - 2014-03-06 09:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-19 15:09 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-04-19 15:09 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-04-19 15:09 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-04-19 15:09 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-19 15:09 - 2014-03-06 07:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-04-19 15:09 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-04-19 15:08 - 2014-03-06 11:19 - 17387008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-19 15:08 - 2014-03-06 10:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-19 15:08 - 2014-03-06 10:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-04-19 15:08 - 2014-03-06 10:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-19 15:08 - 2014-03-06 10:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-19 15:08 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-19 15:08 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-19 15:08 - 2014-03-06 09:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-19 15:08 - 2014-03-06 08:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-19 15:08 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-04-19 15:08 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-19 15:08 - 2014-03-06 08:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-19 15:08 - 2014-03-06 07:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-19 15:08 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-19 15:08 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-10 11:46 - 2014-04-10 11:46 - 00000000 _____ () C:\end
2014-04-10 09:55 - 2014-04-10 09:55 - 00000000 ____D () C:\Users\birgit\AppData\Local\{B302EF7B-CF73-411B-8D3B-E0C01CF426E8}
2014-04-10 09:55 - 2014-04-10 09:55 - 00000000 ____D () C:\Users\birgit\AppData\Local\{71E48784-CA2B-405F-AA76-55A1EEE7FFE8}
2014-04-09 11:25 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-09 11:25 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-09 11:25 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-09 11:25 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-09 11:25 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-09 11:25 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-09 11:25 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-09 11:25 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-09 11:25 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-09 11:25 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-09 11:25 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-09 11:25 - 2014-02-04 04:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-09 11:25 - 2014-02-04 04:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-09 11:25 - 2014-02-04 04:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-09 11:25 - 2014-02-04 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-09 11:25 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-04-09 11:25 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys

==================== One Month Modified Files and Folders =======

2014-04-29 17:40 - 2014-04-29 17:40 - 00016157 _____ () C:\Users\Administrator.xxxxx-pc\Downloads\FRST.txt
2014-04-29 17:40 - 2014-04-29 17:40 - 00000000 ____D () C:\FRST
2014-04-29 17:39 - 2014-04-29 17:39 - 02061824 _____ (Farbar) C:\Users\Administrator.xxxxx-pc\Downloads\FRST64.exe
2014-04-29 17:38 - 2012-06-23 17:25 - 02047943 _____ () C:\Windows\WindowsUpdate.log
2014-04-29 17:36 - 2012-06-23 17:58 - 00000000 ____D () C:\Program Files\Mozilla
2014-04-29 17:35 - 2013-09-07 23:06 - 00000000 ____D () C:\Users\Administrator.xxxxx-pc\AppData\Roaming\Skype
2014-04-29 17:34 - 2014-04-29 14:32 - 00000112 _____ () C:\Windows\setupact.log
2014-04-29 17:34 - 2012-06-24 12:22 - 00000000 ____D () C:\ProgramData\VMware
2014-04-29 17:34 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-29 15:42 - 2012-09-12 20:06 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-29 15:26 - 2013-08-16 22:59 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3091854972-2778667893-1314618606-1003UA.job
2014-04-29 14:40 - 2009-07-14 06:45 - 00016752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-29 14:40 - 2009-07-14 06:45 - 00016752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-29 14:33 - 2012-10-16 20:23 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-04-29 14:32 - 2014-04-29 14:32 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-28 21:21 - 2014-04-28 21:21 - 00007200 _____ () C:\Users\Administrator.xxxxx-pc\Desktop\malware.txt
2014-04-28 20:48 - 2014-04-28 20:47 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-28 20:47 - 2014-04-28 20:47 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-28 20:47 - 2014-04-28 20:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-04-28 20:47 - 2014-04-28 20:47 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-28 20:47 - 2014-04-28 20:47 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-28 20:42 - 2012-09-12 20:06 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-04-28 20:42 - 2012-06-23 18:44 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-04-28 20:42 - 2012-06-23 18:44 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-28 20:37 - 2014-04-28 20:37 - 00000000 ____D () C:\Users\Administrator.xxxxx-pc\Documents\Electronic Arts
2014-04-28 20:18 - 2014-04-20 10:44 - 00000000 ___RD () C:\Users\Yara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-28 20:04 - 2014-04-28 20:04 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-04-28 20:04 - 2014-04-20 11:16 - 00000000 ____D () C:\ProgramData\Electronic Arts
2014-04-28 20:03 - 2014-04-28 20:03 - 00002264 _____ () C:\Users\Public\Desktop\Die Sims™ 3 Einfach tierisch.lnk
2014-04-28 20:03 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-04-28 19:58 - 2012-07-01 19:48 - 00000000 ____D () C:\Users\Administrator.xxxxx-pc\AppData\Local\Adobe
2014-04-28 19:56 - 2014-04-28 19:56 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-04-28 19:56 - 2014-04-20 10:50 - 00000000 ____D () C:\Program Files (x86)\Electronic Arts
2014-04-28 19:56 - 2011-05-07 19:04 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-04-27 09:45 - 2011-04-11 19:26 - 00702350 _____ () C:\Windows\system32\perfh007.dat
2014-04-27 09:45 - 2011-04-11 19:26 - 00150984 _____ () C:\Windows\system32\perfc007.dat
2014-04-27 09:45 - 2009-07-14 07:13 - 01628730 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-27 09:44 - 2014-04-27 09:44 - 00000000 ____D () C:\Users\birgit\AppData\Local\{45D5734C-E2CA-4C37-9ABA-131726CEB566}
2014-04-23 20:00 - 2013-11-28 22:21 - 00000000 ____D () C:\Users\Administrator.xxxxx-pc\AppData\Local\Lollipop
2014-04-23 20:00 - 2012-06-24 12:16 - 00000000 ___RD () C:\Users\Administrator.xxxxx-pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-23 17:39 - 2013-12-04 23:40 - 00000000 ____D () C:\Users\birgit\AppData\Local\SwvUpdater
2014-04-23 17:00 - 2013-12-04 23:40 - 00000360 _____ () C:\Windows\Tasks\AmiUpdXp.job
2014-04-22 08:10 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-04-20 22:26 - 2013-08-16 22:59 - 00001072 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3091854972-2778667893-1314618606-1003Core.job
2014-04-20 15:24 - 2012-06-23 17:28 - 00000000 ____D () C:\Users\birgit
2014-04-20 14:18 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-04-20 11:35 - 2014-04-20 11:35 - 00000000 __SHD () C:\Users\Yara\AppData\Local\EmieUserList
2014-04-20 11:35 - 2014-04-20 11:35 - 00000000 __SHD () C:\Users\Yara\AppData\Local\EmieSiteList
2014-04-20 11:23 - 2014-04-20 11:23 - 00000000 ____D () C:\Users\Yara\AppData\Local\Macromedia
2014-04-20 11:21 - 2014-04-20 11:21 - 00000000 ____D () C:\Users\Yara\AppData\Roaming\Mozilla
2014-04-20 11:21 - 2014-04-20 11:21 - 00000000 ____D () C:\Users\Yara\AppData\Local\Mozilla
2014-04-20 11:19 - 2014-04-20 11:19 - 00000000 ____D () C:\Users\Yara\Documents\Electronic Arts
2014-04-20 11:07 - 2014-04-20 11:07 - 00002086 _____ () C:\Users\Public\Desktop\Die*Sims™*3.lnk
2014-04-20 11:07 - 2014-04-20 11:07 - 00000000 ____D () C:\Program Files (x86)\Microsoft WSE
2014-04-20 10:45 - 2014-04-20 10:45 - 00000000 ____D () C:\Users\Yara\AppData\Roaming\Macromedia
2014-04-20 10:45 - 2014-04-20 10:45 - 00000000 ____D () C:\Users\Yara\AppData\Roaming\Fujitsu Launch Center
2014-04-20 10:45 - 2014-04-20 10:45 - 00000000 ____D () C:\Users\Yara\AppData\Roaming\AVAST Software
2014-04-20 10:45 - 2014-04-20 10:45 - 00000000 ____D () C:\Users\Yara\AppData\Roaming\Adobe
2014-04-20 10:45 - 2014-04-20 10:44 - 00111048 _____ () C:\Users\Yara\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-20 10:45 - 2014-04-20 10:44 - 00001431 _____ () C:\Users\Yara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-04-20 10:45 - 2014-04-20 10:44 - 00000000 ___RD () C:\Users\Yara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-04-20 10:44 - 2014-04-20 10:44 - 00000680 __RSH () C:\Users\Yara\ntuser.pol
2014-04-20 10:44 - 2014-04-20 10:44 - 00000000 _SHDL () C:\Users\Yara\Vorlagen
2014-04-20 10:44 - 2014-04-20 10:44 - 00000000 _SHDL () C:\Users\Yara\Startmenü
2014-04-20 10:44 - 2014-04-20 10:44 - 00000000 _SHDL () C:\Users\Yara\Netzwerkumgebung
2014-04-20 10:44 - 2014-04-20 10:44 - 00000000 _SHDL () C:\Users\Yara\Lokale Einstellungen
2014-04-20 10:44 - 2014-04-20 10:44 - 00000000 _SHDL () C:\Users\Yara\Eigene Dateien
2014-04-20 10:44 - 2014-04-20 10:44 - 00000000 _SHDL () C:\Users\Yara\Druckumgebung
2014-04-20 10:44 - 2014-04-20 10:44 - 00000000 _SHDL () C:\Users\Yara\Documents\Eigene Musik
2014-04-20 10:44 - 2014-04-20 10:44 - 00000000 _SHDL () C:\Users\Yara\Documents\Eigene Bilder
2014-04-20 10:44 - 2014-04-20 10:44 - 00000000 _SHDL () C:\Users\Yara\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-04-20 10:44 - 2014-04-20 10:44 - 00000000 _SHDL () C:\Users\Yara\AppData\Local\Verlauf
2014-04-20 10:44 - 2014-04-20 10:44 - 00000000 _SHDL () C:\Users\Yara\AppData\Local\Anwendungsdaten
2014-04-20 10:44 - 2014-04-20 10:44 - 00000000 _SHDL () C:\Users\Yara\Anwendungsdaten
2014-04-20 10:44 - 2014-04-20 10:44 - 00000000 ____D () C:\Users\Yara
2014-04-20 10:38 - 2014-04-20 10:38 - 00000000 ____D () C:\Users\Administrator.xxxxx-pc\AppData\Roaming\AVAST Software
2014-04-20 10:38 - 2009-07-14 06:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-04-20 10:37 - 2012-06-24 12:16 - 00001427 _____ () C:\Users\Administrator.xxxxx-pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-04-19 17:43 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-04-14 04:24 - 2014-04-28 19:56 - 00465408 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-04-14 04:19 - 2014-04-28 19:56 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-04-10 11:46 - 2014-04-10 11:46 - 00000000 _____ () C:\end
2014-04-10 10:28 - 2012-06-23 17:28 - 00000000 ____D () C:\Users\birgit\AppData\Local\Windows Live
2014-04-10 09:55 - 2014-04-10 09:55 - 00000000 ____D () C:\Users\birgit\AppData\Local\{B302EF7B-CF73-411B-8D3B-E0C01CF426E8}
2014-04-10 09:55 - 2014-04-10 09:55 - 00000000 ____D () C:\Users\birgit\AppData\Local\{71E48784-CA2B-405F-AA76-55A1EEE7FFE8}
2014-04-10 09:14 - 2009-07-14 04:34 - 00000499 _____ () C:\Windows\win.ini
2014-04-10 09:13 - 2013-08-02 08:51 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-10 09:11 - 2012-07-01 18:23 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-06 14:46 - 2013-09-07 23:16 - 00000000 ____D () C:\Users\birgit\AppData\Roaming\Skype
2014-04-03 09:51 - 2014-04-28 20:47 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-28 20:47 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-04-28 20:47 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-02 10:33 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-03-31 09:35 - 2010-11-21 05:27 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

Some content of TEMP:
====================
C:\Users\Administrator.xxxxx-pc\AppData\Local\Temp\EAD9B64.exe
C:\Users\Administrator.xxxxx-pc\AppData\Local\Temp\EADDBAE.exe
C:\Users\Administrator.xxxxx-pc\AppData\Local\Temp\UninstallEADM.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-20 14:06

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---



Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-04-2014
Ran by Administrator at 2014-04-29 17:41:05
Running from C:\Users\Administrator.xxxxx-pc\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.206 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.206 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Agrar Simulator 2012 (HKLM-x32\...\Agrar Simulator 2012) (Version:  - )
AIS Connect (HKLM-x32\...\AIS Connect) (Version: 1.1.1.6 - Fujitsu Technology Solutions GmbH)
AIS Connect (x32 Version: 1.1.1.6 - Fujitsu Technology Solutions GmbH) Hidden
Anytime USB Charge Utility (HKLM-x32\...\{549BF60D-FDDA-4E4C-ABE3-9E897BC09E79}) (Version: 1.00.00.001 - FUJITSU LIMITED)
avast! Free Antivirus (HKLM-x32\...\avast) (Version: 9.0.2013 - Avast Software)
Brother MFL-Pro Suite DCP-J315W (HKLM-x32\...\{FB83EAC4-E3F6-4666-B45B-44522F2344B6}) (Version: 1.0.3.0 - Brother Industries, Ltd.)
Bundled software uninstaller (HKLM-x32\...\bi_uninstaller) (Version:  - ) <==== ATTENTION
CCleaner (HKLM\...\CCleaner) (Version: 3.19 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.2.4291 - CDBurnerXP)
Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.0.1908.7636 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 3.0.1908.7636 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
deealpeaki (HKLM-x32\...\{C60D3D4E-3B20-5AB3-7F2C-9C946AD4080F}) (Version:  - deAlpeoak)
DeskUpdate 4.11 (HKLM-x32\...\DeskUpdate_is1) (Version: 4.11.0074 - Fujitsu Technology Solutions)
Die Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.26.89 - Electronic Arts)
Die Sims™ 3 Einfach tierisch (HKLM-x32\...\{C12631C6-804D-4B32-B0DD-8A496462F106}) (Version: 10.0.96 - Electronic Arts)
FJ Camera (HKLM-x32\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 5.8.52016.0 - Sonix)
Fujitsu Display Manager (HKLM-x32\...\InstallShield_{4108974B-DE87-4AD4-9167-930C62C45691}) (Version:  - )
Fujitsu Display Manager (Version: 7.01.20.212 - FUJITSU LIMITED) Hidden
Fujitsu Hotkey Utility (HKLM-x32\...\InstallShield_{C8E4B31D-337C-483D-822D-16F11441669B}) (Version: 3.70.0.0 - FUJITSU LIMITED)
Fujitsu Hotkey Utility (x32 Version: 3.70.0.0 - FUJITSU LIMITED) Hidden
Fujitsu MobilityCenter Extension Utility (HKLM-x32\...\InstallShield_{EC314CDF-3521-482B-A21C-65AC95664814}) (Version: 3.01.00.001 - FUJITSU LIMITED)
Fujitsu MobilityCenter Extension Utility (Version: 3.01.00.001 - FUJITSU LIMITED) Hidden
Fujitsu System Extension Utility (HKLM-x32\...\InstallShield_{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}) (Version: 3.3.0.0 - FUJITSU LIMITED)
Fujitsu System Extension Utility (Version: 3.3.0.0 - FUJITSU LIMITED) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Update Helper (x32 Version: 1.3.21.111 - Google Inc.) Hidden
HiSuite (HKLM-x32\...\Hi Suite) (Version: 32.610.20.00.06 - Huawei Technologies Co.,Ltd)
Intel PROSet Wireless (Version:  - ) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2372 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{7CE8BE79-ABC3-4B2C-9543-28ED2B0A9EA8}) (Version: 1.0.0.0454 - Intel Corporation)
Intel(R) PROSet/Wireless WiFi Software (HKLM\...\{1927E640-A2C6-4BA7-8F43-FFD2AE3DFCF3}) (Version: 14.0.2000 - Intel Corporation)
Intel(R) WiDi (HKLM-x32\...\{25680C01-6753-4FE9-A891-7857F26457C1}) (Version: 2.1.35.0 - Intel Corporation)
Intel(R) Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
Java 7 Update 7 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417007FF}) (Version: 7.0.70 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LibreOffice 4.1.3.2 (HKLM-x32\...\{4F3722AD-197D-4DBB-BDFB-D2F0D6776354}) (Version: 4.1.3.2 - The Document Foundation)
LifeBook Application Panel (HKLM-x32\...\InstallShield_{6226477E-444F-4DFE-BA19-9F4F7D4565BC}) (Version: 8.2.1.0 - FUJITSU LIMITED)
LifeBook Application Panel (Version: 8.2.1.0 - FUJITSU LIMITED) Hidden
Malwarebytes Anti-Malware Version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Mein CEWE FOTOBUCH (HKLM-x32\...\Mein CEWE FOTOBUCH) (Version: 5.1.3 - CEWE Stiftung u Co. KGaA)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Standard Edition 2003 (HKLM-x32\...\{90120407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM-x32\...\{90850407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Mozilla Firefox 28.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
NVIDIA PhysX (HKLM-x32\...\{1C4551A6-4743-4093-91E4-1477CD655043}) (Version: 9.09.0203 - NVIDIA Corporation)
Plugfree NETWORK (HKLM\...\{7BA64D21-EE46-4a9a-8145-52B0175C3F86}) (Version: 5.4.0.1 - FUJITSU LIMITED)
Plugfree NETWORK (Version: 5.4.001 - FUJITSU LIMITED) Hidden
Power Saving Utility (HKLM-x32\...\{49A588CF-5FD4-4774-BFBF-0764287DE82B}) (Version: 32.01.10.009 - FUJITSU LIMITED)
PSSdrounnneR (HKLM-x32\...\{4C7D64C8-5315-C07C-FF38-7BE555411213}) (Version:  - PssdoruunNer)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6263 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30120 - Realtek Semiconductor Corp.)
saverooNN (HKLM-x32\...\{66951628-3E5A-9C96-37EA-490E187974D5}) (Version:  - ssaveron)
Skiregion Simulator 2012 (HKLM-x32\...\SkiRegionSimulator2012DE_is1) (Version: 1.0 - GIANTS Software)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Software Version Updater (HKLM-x32\...\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}) (Version: 1.1.3.8 - ) <==== ATTENTION
StreamTransport version: 1.0.2.2171 (HKLM-x32\...\{FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1) (Version:  - )
SUPER © v2013.build.58+Recorder (2013/11/13) Version v2013.buil (HKLM-x32\...\{8E2A1F92-9B4F-4DF9-8459-5C06B0813C69}_is1) (Version: v2013.build.58+Recorder - eRightSoft)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.16.0 - Synaptics Incorporated)
tools-windows (x32 Version: 8.8.4.744019 - VMware, Inc.) Hidden
VLC media player 2.0.3 (HKLM-x32\...\VLC media player) (Version: 2.0.3 - VideoLAN)
VmciSockets (Version: 9.1.54.1 - VMware, Inc.) Hidden
VMware Player (HKLM-x32\...\VMware_Player) (Version: 4.0.4.30409 - VMware, Inc)
VMware Player (x32 Version: 4.0.4.30409 - VMware, Inc.) Hidden
Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (HKLM-x32\...\{C32CE55C-12BA-4951-8797-0967FDEF556F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Restore Points  =========================

25-03-2014 07:00:11 Windows Update
28-03-2014 08:10:09 Windows Update
01-04-2014 09:21:55 Windows Update
04-04-2014 12:02:27 Windows Update
09-04-2014 09:24:30 Windows Update
10-04-2014 07:10:46 Windows Update
19-04-2014 13:08:10 Windows Update
20-04-2014 08:49:50 Installiert The Sims 3
27-04-2014 07:13:08 Windows Update
28-04-2014 17:48:03 Installiert The Sims 3
28-04-2014 17:55:48 Installiert TheSims3EP5
29-04-2014 14:02:02 Windows Update

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0B1B9B44-085A-4431-8137-6E7DDAD9171B} - System32\Tasks\{9B2229BC-AE99-4E13-859E-EBF3BC7B152D} => C:\Program Files (x86)\Agrar Simulator 2012\farm2012.exe [2011-11-16] (ActaLogic)
Task: {12E4CF64-4B02-4111-B569-062DA3BD27D7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-06-23] (Google Inc.)
Task: {510EAD54-8806-4F37-AB66-A80D9F98378F} - System32\Tasks\{49D52EDF-29C0-4ACF-82B0-5F399A946E6E} => C:\Program Files (x86)\Agrar Simulator 2012\farm2012.exe [2011-11-16] (ActaLogic)
Task: {65F3ADF8-702F-4CC1-AFD2-3459806594C3} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3091854972-2778667893-1314618606-1003Core => C:\Users\holger\AppData\Local\Google\Update\GoogleUpdate.exe [2013-08-16] (Google Inc.)
Task: {A1261BCA-ED95-48B4-AE91-98291A2AC77D} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-02-24] (AVAST Software)
Task: {AA4BD98B-A78A-4C93-B47C-A44A35CAC2BA} - System32\Tasks\{DFEDF32D-D9DD-46F5-8EDA-4F8994E13C78} => C:\Users\yannick\Downloads\Regmon704\Regmon.exe
Task: {AF50FA6C-4418-4C08-881A-982D2F6E5CC5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-28] (Adobe Systems Incorporated)
Task: {C9BDD55E-66FD-4EF1-9B9C-F0FC51E75343} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3091854972-2778667893-1314618606-1003UA => C:\Users\holger\AppData\Local\Google\Update\GoogleUpdate.exe [2013-08-16] (Google Inc.)
Task: {D464E51F-3058-41BA-88CC-D3DB55F1EEC2} - System32\Tasks\{566E9C1B-A3F1-451D-A258-3F195B5DC2D1} => C:\Program Files (x86)\Agrar Simulator 2012\farm2012.exe [2011-11-16] (ActaLogic)
Task: {DA9E813F-1B27-42EF-B765-5E2E807EA76B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-06-23] (Google Inc.)
Task: {E2438B14-61FC-43B2-A2C3-3BF7E85ABC85} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AmiUpdXp.job => C:\Users\birgit\AppData\Local\SwvUpdater\Updater.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3091854972-2778667893-1314618606-1003Core.job => C:\Users\holger\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3091854972-2778667893-1314618606-1003UA.job => C:\Users\holger\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2011-01-05 21:53 - 2011-01-05 21:53 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2013-12-04 21:57 - 2013-07-11 16:50 - 00137024 _____ () C:\ProgramData\HiSuiteOuc\HiSuiteOuc64.exe
2013-12-04 21:57 - 2013-05-02 04:15 - 00197632 _____ () C:\ProgramData\HandSetService\HuaweiHiSuiteService64.exe
2012-07-01 14:26 - 2005-04-22 06:36 - 00143360 ____R () C:\Windows\system32\BrSNMP64.dll
2011-05-02 02:21 - 2011-04-15 03:16 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-01-05 21:53 - 2011-01-05 21:53 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2014-04-29 07:57 - 2014-04-28 21:12 - 02252800 _____ () C:\Program Files\AVAST Software\Avast\defs\14042801\algo.dll
2012-06-09 02:36 - 2012-06-09 02:36 - 01229464 _____ () C:\Program Files (x86)\VMware\VMware Player\libxml2.dll
2012-07-01 14:26 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2014-02-24 18:08 - 2014-02-24 18:08 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-04-28 21:45 - 2014-04-28 21:45 - 03642480 _____ () C:\Program Files\Mozilla\firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk => C:\Windows\pss\Microsoft Office.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Administrator.xxxxx-pc^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LaunchCenter.lnk => C:\Windows\pss\LaunchCenter.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: AIS_RegApp => "C:\Program Files (x86)\Fujitsu\AIS Connect\regapp\RegApp.exe"
MSCONFIG\startupreg: BTMTrayAgent => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
MSCONFIG\startupreg: EA Core => "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
MSCONFIG\startupreg: FDM7 => C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe
MSCONFIG\startupreg: LoadFUJ02E3 => C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
MSCONFIG\startupreg: LoadFujitsuQuickTouch => C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
MSCONFIG\startupreg: mobilegeni daemon => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
MSCONFIG\startupreg: PSUTility => C:\Program Files\Fujitsu\PSUtility\TrayManager.exe
MSCONFIG\startupreg: UCam_Menu => "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0"
MSCONFIG\startupreg: YouCam Mirror Tray icon => "C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe" /s

==================== Faulty Device Manager Devices =============

Name: Realtek PCIe GBE Family Controller
Description: Realtek PCIe GBE Family Controller
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: RTL8167
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/29/2014 05:34:34 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/29/2014 02:33:00 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/29/2014 00:36:19 PM) (Source: Windows Search Service) (User: )
Description: Der Index kann nicht initialisiert werden.


Details:
        Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/29/2014 00:36:19 PM) (Source: Windows Search Service) (User: )
Description: Die Anwendung kann nicht initialisiert werden.

Kontext: Windows Anwendung


Details:
        Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/29/2014 00:36:19 PM) (Source: Windows Search Service) (User: )
Description: Das Gatherer-Objekt kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
        Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/29/2014 00:36:19 PM) (Source: Windows Search Service) (User: )
Description: Plug-In in <Search.TripoliIndexer> kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
        Element nicht gefunden.  (HRESULT : 0x80070490) (0x80070490)

Error: (04/29/2014 00:36:14 PM) (Source: Windows Search Service) (User: )
Description: Plug-In in <Search.JetPropStore> kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
        Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/29/2014 00:36:14 PM) (Source: Windows Search Service) (User: )
Description: Die Eigenschaftenspeicherdaten können von Windows Search nicht geladen werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
        Die Inhaltsindexdatenbank ist fehlerhaft.  (HRESULT : 0xc0041800) (0xc0041800)

Error: (04/29/2014 00:36:14 PM) (Source: Windows Search Service) (User: )
Description: Windows Search wird aufgrund eines Problems bei der Indizierung The catalog is corrupt beendet.


Details:
        Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/29/2014 00:36:14 PM) (Source: Windows Search Service) (User: )
Description: Vom Suchdienst wurden beschädigte Datendateien im Index {id=4700} erkannt. Vom Dienst wird versucht, dieses Problem durch Neuerstellung des Indexes automatisch zu beheben.


Details:
        Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)


System errors:
=============
Error: (04/29/2014 05:36:42 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Net.Pipe Listener Adapter" ist von folgendem Dienst abhängig: was. Dieser Dienst ist eventuell nicht installiert.

Error: (04/29/2014 05:35:46 PM) (Source: WMPNetworkSvc) (User: )
Description: 0x800700b7

Error: (04/29/2014 05:35:46 PM) (Source: WMPNetworkSvc) (User: )
Description: 00x800700b7hxxp://+:10243/WMPNSSv4/2811996591/

Error: (04/29/2014 05:35:46 PM) (Source: WMPNetworkSvc) (User: )
Description: 0x800700b7

Error: (04/29/2014 05:35:46 PM) (Source: WMPNetworkSvc) (User: )
Description: 00x800700b7hxxp://+:10243/WMPNSSv4/2811996591/

Error: (04/29/2014 05:35:46 PM) (Source: WMPNetworkSvc) (User: )
Description: 0x800700b7

Error: (04/29/2014 05:35:46 PM) (Source: WMPNetworkSvc) (User: )
Description: 00x800700b7hxxp://+:10243/WMPNSSv4/2811996591/

Error: (04/29/2014 05:35:46 PM) (Source: WMPNetworkSvc) (User: )
Description: 0x800700b7

Error: (04/29/2014 05:35:46 PM) (Source: WMPNetworkSvc) (User: )
Description: 00x800700b7hxxp://+:10243/WMPNSSv4/2811996591/

Error: (04/29/2014 05:35:46 PM) (Source: WMPNetworkSvc) (User: )
Description: 0x800700b7


Microsoft Office Sessions:
=========================
Error: (04/29/2014 05:34:34 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/29/2014 02:33:00 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/29/2014 00:36:19 PM) (Source: Windows Search Service)(User: )
Description:
Details:
        Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/29/2014 00:36:19 PM) (Source: Windows Search Service)(User: )
Description: Kontext: Windows Anwendung


Details:
        Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/29/2014 00:36:19 PM) (Source: Windows Search Service)(User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog


Details:
        Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/29/2014 00:36:19 PM) (Source: Windows Search Service)(User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog


Details:
        Element nicht gefunden.  (HRESULT : 0x80070490) (0x80070490)
Search.TripoliIndexer

Error: (04/29/2014 00:36:14 PM) (Source: Windows Search Service)(User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog


Details:
        Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)
Search.JetPropStore

Error: (04/29/2014 00:36:14 PM) (Source: Windows Search Service)(User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog


Details:
        Die Inhaltsindexdatenbank ist fehlerhaft.  (HRESULT : 0xc0041800) (0xc0041800)

Error: (04/29/2014 00:36:14 PM) (Source: Windows Search Service)(User: )
Description:
Details:
        Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)
The catalog is corrupt

Error: (04/29/2014 00:36:14 PM) (Source: Windows Search Service)(User: )
Description:
Details:
        Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)
4700


==================== Memory info ===========================

Percentage of memory in use: 58%
Total physical RAM: 4008.62 MB
Available physical RAM: 1654.8 MB
Total Pagefile: 8015.42 MB
Available Pagefile: 5641.4 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (System) (Fixed) (Total:250 GB) (Free:164.72 GB) NTFS
Drive d: (Data) (Fixed) (Total:428.01 GB) (Free:391.79 GB) NTFS
Drive e: (Sims3EP05) (CDROM) (Total:5.29 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: F1E2CB29)
Partition 1: (Active) - (Size=2 GB) - (Type=27)
Partition 2: (Not Active) - (Size=697 GB) - (Type=OF Extended)

==================== End Of Log ============================

cosinus 29.04.2014 21:46
Adware/Junkware/Toolbars entfernen


1. Schritt: adwCleaner

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).




2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




3. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)



Alle Zeitangaben in WEZ +1. Es ist jetzt 11:08 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131