Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Langsames Öffnen von Internetseiten / Bluescreen beim Versuch infizierte Dateien zu entfernen (https://www.trojaner-board.de/154401-langsames-offnen-internetseiten-bluescreen-beim-versuch-infizierte-dateien-entfernen.html)

Dirknash 26.05.2014 23:54
Langsames Öffnen von Internetseiten / Bluescreen beim Versuch infizierte Dateien zu entfernen
 
Guten Abend liebes Trojaner-Board-Team,

ich bin durch Google auf eure Seite gestoßen. Andere User hatten ähnliche Probleme und denen konntet ihr helfen. Dennoch erstelle ich einen neuen Thread, damit ich nichts falsch mache.

Mein Browser und das Öffnen von Internetseiten ist sehr langsam geworden.
Cache ist geleert und Addons sind überprüft.
Mit dem Windows-Defener habe ich einen Scan durchgeführt, der sagte mir alles sauber.
Internet-Speedtest zeigt mir 32k Download und 1k Upload an.

Mit Malewarebytes Anti-Maleware habe ich einen vollständigen Scan durchgeführt, relativ schnell wird er fündigt und hat infizierte Dateien entdeckt, leider endet der Scan dann in einem Bluescreen und mein Laptop schaltet sich aus und startet neu.


Ich poste hier mal direkt die Bluescreen-Information, bin mir nicht sicher ob die schon was aussagen.

Code:
Problemsignatur:
  Problemereignisname:        BlueScreen
  Betriebsystemversion:        6.0.6002.2.2.0.768.3
  Gebietsschema-ID:        1031

Zusatzinformationen zum Problem:
  BCCode:        7a
  BCP1:        C045B498
  BCP2:        C0000185
  BCP3:        2BBC4860
  BCP4:        8B693A9A
  OS Version:        6_0_6002
  Service Pack:        2_0
  Product:        768_1

Dateien, die bei der Beschreibung des Problems hilfreich sind:
  C:\Windows\Minidump\Mini052614-02.dmp
  C:\Users\MeinName\AppData\Local\Temp\WER-59701-0.sysdata.xml
  C:\Users\MeinName\AppData\Local\Temp\WERECE.tmp.version.txt
Ich hatte mir eure Seite 'Für alle Hilfesuchenden!' durchgelesen, wusste jetzt aber nicht weiter. Die Logs von Antimaleware kann ich nicht posten, da ich beim Scan ja immer einen Bluescreen bekomme, d.h. die neuen Logs sind nicht hinterlegt. Hoffe das ist okay und ich kann eure Schritte nacheinander abarbeiten.

Schritt1: Defogger Log
Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 00:02 on 27/05/2014 (jules)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...
Unable to read sptd.sys
SPTD -> Disabled (Service running -> reboot required)


-=E.O.F=-
Schritt2: FRST-LOG


FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:25-05-2014 02
Ran by jules (administrator) on JULES-PC on 27-05-2014 00:12:18
Running from C:\Users\jules\Desktop
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 7
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(NewTech Infosystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
() C:\Program Files\ICQ6Toolbar\ICQ Service.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(McAfee, Inc.) C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
() C:\Acer\Mobility Center\MobilityService.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
() C:\Windows\PLFSetI.exe
(NewTech InfoSystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
() C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
() C:\Windows\System32\PnkBstrA.exe
() C:\Program Files\Cyberlink\Shared files\RichVideo.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Dritek System Inc.) C:\Program Files\Launch Manager\LManager.exe
(Google) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Geek Software GmbH) C:\Program Files\PDF24\pdf24.exe
(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
(OLYMPUS IMAGING CORP.) C:\Program Files\Olympus\ib\olycamdetect.exe
(Akamai Technologies, Inc.) C:\Users\jules\AppData\Local\Akamai\netsession_win.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Dropbox, Inc.) C:\Users\jules\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin
(Realtek Semiconductor Corp.) C:\Users\jules\AppData\Local\Temp\RtkBtMnt.exe
(Akamai Technologies, Inc.) C:\Users\jules\AppData\Local\Akamai\netsession_win.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1049896 2008-04-25] (Synaptics, Inc.)
HKLM\...\Run: [BkupTray] => C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe [28672 2008-04-25] ()
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [6294048 2008-09-19] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1833504 2008-09-19] (Realtek Semiconductor Corp.)
HKLM\...\Run: [PLFSetI] => C:\Windows\PLFSetI.exe [200704 2007-10-23] ()
HKLM\...\Run: [LManager] => C:\Program Files\Launch Manager\LManager.exe [858632 2008-12-17] (Dritek System Inc.)
HKLM\...\Run: [Google Desktop Search] => C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-08-13] (Google)
HKLM\...\Run: [NeroFilterCheck] => C:\Windows\system32\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
HKLM\...\Run: [Launch LCDMon] => C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe [1687824 2007-07-18] (Logitech Inc.)
HKLM\...\Run: [Launch LGDCore] => C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe [2094352 2007-07-18] (Logitech Inc.)
HKLM\...\Run: [MDS_Menu] => C:\Program Files\Olympus\ib\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM\...\Run: [DivXUpdate] => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1230704 2011-03-21] ()
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [248552 2010-05-14] (Sun Microsystems, Inc.)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [PDFPrint] => C:\Program Files\PDF24\pdf24.exe [186408 2013-12-12] (Geek Software GmbH)
HKLM\...\Run: [Aeria Ignite] => C:\Program Files\Aeria Games\Ignite\aeriaignite.exe [1925656 2013-06-06] (Aeria Games & Entertainment)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-1746654511-3761473265-4038029783-1000\...\Run: [ProductReg] => C:\Program Files\Acer\WR_PopUp\ProductReg.exe [135168 2008-11-17] (Acer)
HKU\S-1-5-21-1746654511-3761473265-4038029783-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [68856 2009-06-16] (Google Inc.)
HKU\S-1-5-21-1746654511-3761473265-4038029783-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-1746654511-3761473265-4038029783-1000\...\Run: [Steam] => C:\Program Files\Steam\steam.exe [1775808 2014-05-21] (Valve Corporation)
HKU\S-1-5-21-1746654511-3761473265-4038029783-1000\...\Run: [msnmsgr] => C:\Program Files\Windows Live\Messenger\msnmsgr.exe [3883840 2009-07-26] (Microsoft Corporation)
HKU\S-1-5-21-1746654511-3761473265-4038029783-1000\...\Run: [Olympus ib] => C:\Program Files\Olympus\ib\olycamdetect.exe [93376 2009-12-10] (OLYMPUS IMAGING CORP.)
HKU\S-1-5-21-1746654511-3761473265-4038029783-1000\...\Run: [ICQ] => "C:\Program Files\ICQ7.2\ICQ.exe" silent loginmode=4
HKU\S-1-5-21-1746654511-3761473265-4038029783-1000\...\Run: [GameXN GO] => "C:\ProgramData\GameXN\GameXNGO.exe" /startup
HKU\S-1-5-21-1746654511-3761473265-4038029783-1000\...\Run: [Akamai NetSession Interface] => C:\Users\jules\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-1746654511-3761473265-4038029783-1000\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [22415552 2014-04-25] (Google)
HKU\S-1-5-21-1746654511-3761473265-4038029783-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-1746654511-3761473265-4038029783-1000\...\Run: [Google Update] => C:\Users\jules\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-04-02] (Google Inc.)
HKU\S-1-5-21-1746654511-3761473265-4038029783-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-1746654511-3761473265-4038029783-1000\...\MountPoints2: {3502397d-5ade-11e0-9ab2-001d72ee86ae} - F:\autorun.exe
HKU\S-1-5-21-1746654511-3761473265-4038029783-1001\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-1746654511-3761473265-4038029783-1001\...\Run: [ProductReg] => C:\Program Files\Acer\WR_PopUp\ProductReg.exe [135168 2008-11-17] (Acer)
HKU\S-1-5-21-1746654511-3761473265-4038029783-1001\...\RunOnce: [AcerScrSav] - C:\Windows\Acer\run_NB.exe [24576 2007-08-21] ()
AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL => C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll [123392 2010-08-13] (Google)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk
ShortcutTarget: VPN Client.lnk -> C:\Windows\Installer\{1CE60928-8325-49A8-8B06-633E48DD2B67}\Icon3E5562ED7.ico ()
Startup: C:\Users\jules\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\jules\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\jules\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
ShortcutTarget: OpenOffice.org 3.2.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0109&m=aspire_8730
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://global.acer.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com
HKCU\Software\Microsoft\Internet Explorer\Main,ICQ Search = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0109&m=aspire_8730
URLSearchHook: HKLM - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
URLSearchHook: HKLM - ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
URLSearchHook: HKLM - XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfi1.dll No File
URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.
URLSearchHook: HKCU - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
URLSearchHook: HKCU - ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
URLSearchHook: HKCU - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
URLSearchHook: HKCU - XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfi1.dll No File
SearchScopes: HKLM - DefaultScope {3055BE9B-C574-4C23-9D32-16D177511334} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKLM - {3055BE9B-C574-4C23-9D32-16D177511334} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKLM - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://startsear.ch/?aff=1&src=sp&cf=645eb223-f9c2-11e0-b59a-001d72ee86ae&q={searchTerms}
SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
SearchScopes: HKCU - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE332
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?}
SearchScopes: HKCU - {3055BE9B-C574-4C23-9D32-16D177511334} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE332
SearchScopes: HKCU - {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE332
SearchScopes: HKCU - {70D46D94-BF1E-45ED-B567-48701376298E} URL = hxxp://127.0.0.1:4664/search&s=Zo8kYP6N_Nj5Y85osi9_679D0eg?q={searchTerms}
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
SearchScopes: HKCU - {CF739809-1C6C-47C0-85B9-569DBB141420} URL = hxxp://toolbar.ask.com/toolbarv/askRedirect?gct=&gc=1&q={searchTerms}&crm=1&toolbar=DVS
BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
BHO: DivX HiQ - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfi1.dll No File
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: No Name - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} -  No File
BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM - Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
Toolbar: HKLM - XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfi1.dll No File
Toolbar: HKLM - ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - XfireXO Toolbar - {5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - C:\Program Files\XfireXO\tbXfi1.dll No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 80.69.103.78 80.69.102.158

FireFox:
========
FF ProfilePath: C:\Users\jules\AppData\Roaming\Mozilla\Firefox\Profiles\l92ad71y.default
FF SearchEngineOrder.1: Web Search
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @mcafee.com/SAFFPlugin - C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\jules\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\jules\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\jules\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\jules\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF user.js: detected! => C:\Users\jules\AppData\Roaming\Mozilla\Firefox\Profiles\l92ad71y.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npvsharetvplg.dll (vShare.tv )
FF Plugin ProgramFiles/Appdata: C:\Users\jules\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\jules\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Users\jules\AppData\Roaming\Mozilla\Firefox\Profiles\l92ad71y.default\searchplugins\11-suche.xml
FF SearchPlugin: C:\Users\jules\AppData\Roaming\Mozilla\Firefox\Profiles\l92ad71y.default\searchplugins\ask.xml
FF SearchPlugin: C:\Users\jules\AppData\Roaming\Mozilla\Firefox\Profiles\l92ad71y.default\searchplugins\conduit.xml
FF SearchPlugin: C:\Users\jules\AppData\Roaming\Mozilla\Firefox\Profiles\l92ad71y.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\jules\AppData\Roaming\Mozilla\Firefox\Profiles\l92ad71y.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\jules\AppData\Roaming\Mozilla\Firefox\Profiles\l92ad71y.default\searchplugins\icqplugin-1.xml
FF SearchPlugin: C:\Users\jules\AppData\Roaming\Mozilla\Firefox\Profiles\l92ad71y.default\searchplugins\icqplugin-10.xml
FF SearchPlugin: C:\Users\jules\AppData\Roaming\Mozilla\Firefox\Profiles\l92ad71y.default\searchplugins\icqplugin-11.xml
FF SearchPlugin: C:\Users\jules\AppData\Roaming\Mozilla\Firefox\Profiles\l92ad71y.default\searchplugins\icqplugin-2.xml
FF SearchPlugin: C:\Users\jules\AppData\Roaming\Mozilla\Firefox\Profiles\l92ad71y.default\searchplugins\icqplugin-3.xml
FF SearchPlugin: C:\Users\jules\AppData\Roaming\Mozilla\Firefox\Profiles\l92ad71y.default\searchplugins\icqplugin-4.xml
FF SearchPlugin: C:\Users\jules\AppData\Roaming\Mozilla\Firefox\Profiles\l92ad71y.default\searchplugins\icqplugin-5.xml
FF SearchPlugin: C:\Users\jules\AppData\Roaming\Mozilla\Firefox\Profiles\l92ad71y.default\searchplugins\icqplugin-6.xml
FF SearchPlugin: C:\Users\jules\AppData\Roaming\Mozilla\Firefox\Profiles\l92ad71y.default\searchplugins\icqplugin-7.xml
FF SearchPlugin: C:\Users\jules\AppData\Roaming\Mozilla\Firefox\Profiles\l92ad71y.default\searchplugins\icqplugin-8.xml
FF SearchPlugin: C:\Users\jules\AppData\Roaming\Mozilla\Firefox\Profiles\l92ad71y.default\searchplugins\icqplugin-9.xml
FF SearchPlugin: C:\Users\jules\AppData\Roaming\Mozilla\Firefox\Profiles\l92ad71y.default\searchplugins\icqplugin.xml
FF SearchPlugin: C:\Users\jules\AppData\Roaming\Mozilla\Firefox\Profiles\l92ad71y.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\jules\AppData\Roaming\Mozilla\Firefox\Profiles\l92ad71y.default\searchplugins\searchplugins-backup
FF SearchPlugin: C:\Users\jules\AppData\Roaming\Mozilla\Firefox\Profiles\l92ad71y.default\searchplugins\startsear.xml
FF SearchPlugin: C:\Users\jules\AppData\Roaming\Mozilla\Firefox\Profiles\l92ad71y.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Adblock Plus - C:\Users\jules\AppData\Roaming\Mozilla\Firefox\Profiles\l92ad71y.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-05-03]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-05-11]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011-05-16]
FF HKLM\...\Firefox\Extensions: [{6904342A-8307-11DF-A508-4AE2DFD72085}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa
FF Extension: DivX HiQ - C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011-05-16]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files\McAfee\SiteAdvisor [2009-06-17]

Chrome:
=======
CHR HomePage: hxxp://www.google.de/
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\33.0.1750.117\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.220.4) - C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (DivX Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\33.0.1750.117\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\33.0.1750.117\pdf.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Users\jules\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.1_0\McChPlg.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
CHR Plugin: (Skype Toolbars) - C:\Users\jules\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8312_0\npSkypeChromePlugin.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (Google Drive) - C:\Users\jules\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-01]
CHR Extension: (SiteAdvisor) - C:\Users\jules\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2011-05-16]
CHR Extension: (DivX HiQ) - C:\Users\jules\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae [2011-05-16]
CHR Extension: (vshare plugin) - C:\Users\jules\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj [2011-11-30]
CHR Extension: (Skype Click to Call) - C:\Users\jules\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2011-10-13]
CHR Extension: (Google Wallet) - C:\Users\jules\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-14]
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\jules\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2011-05-16]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files\McAfee\SiteAdvisor\McChPlg.crx [2010-06-22]
CHR HKLM\...\Chrome\Extension: [fnjbmmemklcjgepojigaapkoodmkgbae] - C:\Program Files\DivX\DivX Plus Web Player\google_chrome\wpa\wpa.crx [2011-02-08]
CHR HKLM\...\Chrome\Extension: [kpionmjnkbpcdpcflammlgllecmejgjj] - C:\Program Files\vShare.tv plugin\vshareplg.crx [2011-08-31]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-01-17]
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\google_chrome\html5video\html5video.crx [2011-02-08]
CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\jules\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-01-29]

========================== Services (Whitelisted) =================

S3 BEService; C:\Program Files\Common Files\BattlEye\BEService.exe [49152 2013-05-26] ()
R2 CVPND; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1528616 2010-09-27] (Cisco Systems, Inc.)
S3 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-08-13] (Google)
R2 ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [247608 2010-11-21] ()
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [95200 2012-01-13] (McAfee, Inc.)
R2 MobilityService; C:\Acer\Mobility Center\MobilityService.exe [110592 2007-12-06] ()
S3 npggsvc; C:\Windows\system32\GameMon.des [3953632 2012-03-05] (INCA Internet Co., Ltd.)
R2 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [131072 2008-04-25] ()
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [75136 2011-03-30] ()
R2 RichVideo; c:\Program Files\Cyberlink\Shared files\RichVideo.exe [272024 2007-01-09] ()

==================== Drivers (Whitelisted) ====================

R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [281760 2010-01-16] ()
S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
R2 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [308859 2010-09-27] (Cisco Systems, Inc.)
R3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [131984 2008-11-16] (Deterministic Networks, Inc.)
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
R3 hidshim; C:\Windows\System32\DRIVERS\hidshim.sys [5632 2008-10-08] (Windows (R) Codename Longhorn DDK provider)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25888 2010-01-16] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R3 nuvotonhidgeneric; C:\Windows\System32\DRIVERS\nuvotonhidgeneric.sys [22528 2008-10-08] (Nuvoton Technology Corporation)
S3 OlyCamComm; C:\Windows\System32\DRIVERS\OlyCamComm.sys [21648 2009-09-14] (OLYMPUS IMAGING CORP.)
S3 spc999; C:\Windows\System32\drivers\spc999.sys [487936 2009-12-14] (                                                            )
S3 spc999m; C:\Windows\System32\drivers\spc999m.sys [7680 2009-12-14] (                                                            )
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2010-05-23] (Duplex Secure Ltd.)
S3 FairplayKD; \??\C:\ProgramData\MTA San Andreas All\Common\temp\FairplayKD.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 vtany; \??\C:\Windows\vtany.sys [X]
S3 WisINT15; \??\C:\Elements\1stboot\WisINT15.SYS [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-27 00:12 - 2014-05-27 00:12 - 00034506 _____ () C:\Users\jules\Desktop\FRST.txt
2014-05-27 00:12 - 2014-05-27 00:12 - 00000000 ___DC () C:\FRST
2014-05-27 00:10 - 2014-05-27 00:10 - 01056256 _____ (Farbar) C:\Users\jules\Desktop\FRST.exe
2014-05-27 00:02 - 2014-05-27 00:02 - 00000632 _____ () C:\Users\jules\Desktop\defogger_disable.log
2014-05-27 00:02 - 2014-05-27 00:02 - 00000020 _____ () C:\Users\jules\defogger_reenable
2014-05-27 00:01 - 2014-05-27 00:01 - 00050477 _____ () C:\Users\jules\Desktop\Defogger.exe
2014-05-26 23:22 - 2014-05-26 23:22 - 00166520 _____ () C:\Windows\Minidump\Mini052614-02.dmp
2014-05-26 22:44 - 2014-05-26 22:44 - 00166520 _____ () C:\Windows\Minidump\Mini052614-01.dmp
2014-05-26 16:43 - 2014-05-26 16:46 - 00000000 ____D () C:\Users\jules\Documents\BIS Core Engine
2014-05-21 20:19 - 2014-05-21 20:19 - 00000285 _____ () C:\Users\jules\Desktop\makrofaebookkack.txt
2014-05-15 14:01 - 2014-05-15 14:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\bwin Poker
2014-05-15 01:36 - 2014-05-15 01:36 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-05-14 22:54 - 2014-05-07 02:26 - 03627520 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-14 22:54 - 2014-05-07 02:26 - 00480256 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-14 22:54 - 2014-05-07 00:58 - 01383424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-14 22:54 - 2014-03-25 15:26 - 11587584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-11 22:01 - 2014-05-11 22:02 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-05-07 21:37 - 2014-05-07 21:37 - 00001006 _____ () C:\Users\Public\Desktop\R i386 3.1.0.lnk
2014-05-07 11:12 - 2014-05-08 10:17 - 00001246 _____ () C:\Users\jules\Desktop\KurseWarschaumadness.txt
2014-05-07 09:03 - 2014-05-27 00:08 - 00000000 ____D () C:\Users\jules\AppData\Roaming\DropboxMaster
2014-05-06 15:52 - 2014-05-07 22:18 - 00000000 ____D () C:\Users\jules\Desktop\KurseInWarsaw
2014-04-29 20:37 - 2014-05-26 23:54 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1746654511-3761473265-4038029783-1000UA.job
2014-04-29 20:37 - 2014-05-26 16:08 - 00001068 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1746654511-3761473265-4038029783-1000Core.job

==================== One Month Modified Files and Folders =======

2014-05-27 00:12 - 2014-05-27 00:12 - 00034506 _____ () C:\Users\jules\Desktop\FRST.txt
2014-05-27 00:12 - 2014-05-27 00:12 - 00000000 ___DC () C:\FRST
2014-05-27 00:10 - 2014-05-27 00:10 - 01056256 _____ (Farbar) C:\Users\jules\Desktop\FRST.exe
2014-05-27 00:10 - 2006-11-02 14:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-27 00:10 - 2006-11-02 14:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-27 00:09 - 2009-01-19 22:35 - 01273820 _____ () C:\Windows\WindowsUpdate.log
2014-05-27 00:08 - 2014-05-07 09:03 - 00000000 ____D () C:\Users\jules\AppData\Roaming\DropboxMaster
2014-05-27 00:08 - 2013-06-23 21:57 - 00000000 ___RD () C:\Users\jules\Dropbox
2014-05-27 00:08 - 2013-06-23 21:52 - 00000000 ____D () C:\Users\jules\AppData\Roaming\Dropbox
2014-05-27 00:08 - 2012-09-02 11:54 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-27 00:08 - 2009-12-14 21:56 - 00000000 ____D () C:\Program Files\Steam
2014-05-27 00:07 - 2009-12-05 17:31 - 00000000 ____D () C:\Users\jules\AppData\Roaming\Skype
2014-05-27 00:06 - 2014-01-29 12:28 - 00000000 ___RD () C:\Users\jules\Google Drive
2014-05-27 00:06 - 2010-04-05 17:25 - 00000000 ____D () C:\Users\jules\Tracing
2014-05-27 00:05 - 2012-10-17 10:16 - 00296081 _____ () C:\Windows\AutoKMS.log
2014-05-27 00:04 - 2010-04-01 11:41 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-27 00:04 - 2008-11-20 05:53 - 00000147 _____ () C:\Windows\system32\agent.log
2014-05-27 00:04 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-27 00:03 - 2006-11-02 15:01 - 00032530 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-27 00:02 - 2014-05-27 00:02 - 00000632 _____ () C:\Users\jules\Desktop\defogger_disable.log
2014-05-27 00:02 - 2014-05-27 00:02 - 00000020 _____ () C:\Users\jules\defogger_reenable
2014-05-27 00:02 - 2009-06-16 17:03 - 00000000 ____D () C:\Users\jules
2014-05-27 00:01 - 2014-05-27 00:01 - 00050477 _____ () C:\Users\jules\Desktop\Defogger.exe
2014-05-26 23:54 - 2014-04-29 20:37 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1746654511-3761473265-4038029783-1000UA.job
2014-05-26 23:53 - 2010-04-01 11:41 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-26 23:26 - 2009-12-14 21:56 - 00000000 ____D () C:\Program Files\Common Files\Steam
2014-05-26 23:22 - 2014-05-26 23:22 - 00166520 _____ () C:\Windows\Minidump\Mini052614-02.dmp
2014-05-26 23:22 - 2012-04-27 21:45 - 318719702 _____ () C:\Windows\MEMORY.DMP
2014-05-26 23:22 - 2012-04-27 21:45 - 00000000 ____D () C:\Windows\Minidump
2014-05-26 22:44 - 2014-05-26 22:44 - 00166520 _____ () C:\Windows\Minidump\Mini052614-01.dmp
2014-05-26 20:54 - 2009-06-16 17:04 - 00000000 ____D () C:\Users\jules\AppData\Local\Google
2014-05-26 20:07 - 2011-05-17 13:26 - 00000474 ____H () C:\Windows\Tasks\Norton Security Scan for jules.job
2014-05-26 17:26 - 2012-08-14 14:48 - 00000000 ____D () C:\Users\jules\AppData\Local\ArmA 2 OA
2014-05-26 16:46 - 2014-05-26 16:43 - 00000000 ____D () C:\Users\jules\Documents\BIS Core Engine
2014-05-26 16:08 - 2014-04-29 20:37 - 00001068 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1746654511-3761473265-4038029783-1000Core.job
2014-05-23 09:03 - 2013-06-23 21:57 - 00000923 _____ () C:\Users\jules\Desktop\Dropbox.lnk
2014-05-23 09:03 - 2013-06-23 21:55 - 00000000 ____D () C:\Users\jules\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-05-22 00:10 - 2013-11-03 22:57 - 00000000 ____D () C:\Users\jules\Desktop\Makro
2014-05-21 20:54 - 2009-06-16 18:23 - 00000000 ____D () C:\Users\jules\AppData\Roaming\Mozilla
2014-05-21 20:19 - 2014-05-21 20:19 - 00000285 _____ () C:\Users\jules\Desktop\makrofaebookkack.txt
2014-05-21 15:54 - 2010-04-01 16:53 - 00001967 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-05-15 14:01 - 2014-05-15 14:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\bwin Poker
2014-05-15 14:01 - 2014-02-13 20:38 - 00001431 _____ () C:\Users\jules\Desktop\bwin Poker.lnk
2014-05-15 14:01 - 2013-03-18 02:57 - 00001437 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\bwin Poker.lnk
2014-05-15 14:01 - 2006-11-02 14:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-05-15 09:39 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-05-15 09:38 - 2012-10-11 19:06 - 00002425 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-05-15 01:39 - 2008-11-20 05:57 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-15 01:36 - 2014-05-15 01:36 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-05-15 01:35 - 2013-08-16 19:09 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-15 01:32 - 2006-11-02 12:24 - 90547776 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-05-13 22:09 - 2012-09-02 11:54 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-05-13 22:09 - 2011-07-10 20:28 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-05-12 14:41 - 2006-11-02 12:33 - 01567488 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-12 09:02 - 2012-05-03 15:09 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-05-11 22:35 - 2014-01-06 02:12 - 00000139 _____ () C:\Users\jules\Desktop\xxxxxxxxxxxx.txt
2014-05-11 22:02 - 2014-05-11 22:01 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-05-08 15:54 - 2014-01-29 12:20 - 00001911 _____ () C:\Users\Public\Desktop\Google Slides.lnk
2014-05-08 15:54 - 2014-01-29 12:20 - 00001909 _____ () C:\Users\Public\Desktop\Google Sheets.lnk
2014-05-08 15:54 - 2014-01-29 12:20 - 00001899 _____ () C:\Users\Public\Desktop\Google Docs.lnk
2014-05-08 15:54 - 2014-01-29 12:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-05-08 10:17 - 2014-05-07 11:12 - 00001246 _____ () C:\Users\jules\Desktop\KurseWarschaumadness.txt
2014-05-07 22:18 - 2014-05-06 15:52 - 00000000 ____D () C:\Users\jules\Desktop\KurseInWarsaw
2014-05-07 22:14 - 2013-10-21 16:22 - 00000000 ____D () C:\Users\jules\Desktop\Semester3
2014-05-07 21:37 - 2014-05-07 21:37 - 00001006 _____ () C:\Users\Public\Desktop\R i386 3.1.0.lnk
2014-05-07 21:37 - 2012-10-11 18:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R
2014-05-07 21:36 - 2012-10-11 18:14 - 00000000 ____D () C:\Program Files\R
2014-05-07 10:40 - 2014-01-08 23:41 - 00000000 ____D () C:\Users\jules\Desktop\Ausland
2014-05-07 02:26 - 2014-05-14 22:54 - 03627520 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-07 02:26 - 2014-05-14 22:54 - 00480256 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-07 00:58 - 2014-05-14 22:54 - 01383424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-05 00:47 - 2012-10-22 17:45 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2014-04-27 19:07 - 2012-10-17 16:38 - 00000000 ____D () C:\Users\jules\AppData\Local\Akamai

Some content of TEMP:
====================
C:\Users\jules\AppData\Local\Temp\0a50e25a83046228c11dcaa7eeed09bb.exe
C:\Users\jules\AppData\Local\Temp\abd2bca3e572e998a09f73c81b93454a.exe
C:\Users\jules\AppData\Local\Temp\b5bd9f1da3f9d9694496df2ae6437ffc.dll
C:\Users\jules\AppData\Local\Temp\bwincomPokerSetup.exe
C:\Users\jules\AppData\Local\Temp\chutil.dll
C:\Users\jules\AppData\Local\Temp\DelayInst.exe
C:\Users\jules\AppData\Local\Temp\DivXSetup.exe
C:\Users\jules\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpttprd5.dll
C:\Users\jules\AppData\Local\Temp\ezGameXN.dll
C:\Users\jules\AppData\Local\Temp\FlashPlayerUpdate.exe
C:\Users\jules\AppData\Local\Temp\FlashPlayerUpdate01.exe
C:\Users\jules\AppData\Local\Temp\FlashPlayerUpdate02.exe
C:\Users\jules\AppData\Local\Temp\GameXNGO.exe
C:\Users\jules\AppData\Local\Temp\installservice.exe
C:\Users\jules\AppData\Local\Temp\MSETUP4.EXE
C:\Users\jules\AppData\Local\Temp\pPokerSetup.exe
C:\Users\jules\AppData\Local\Temp\Refresh.exe
C:\Users\jules\AppData\Local\Temp\RtkBtMnt.exe
C:\Users\jules\AppData\Local\Temp\SearchWithGoogleUpdate.exe
C:\Users\jules\AppData\Local\Temp\SIInvoker.exe
C:\Users\jules\AppData\Local\Temp\SkypeSetup.exe
C:\Users\jules\AppData\Local\Temp\sqlite3.dll
C:\Users\jules\AppData\Local\Temp\vpnclient_setup.exe
C:\Users\jules\AppData\Local\Temp\W6DJP7.exe
C:\Users\jules\AppData\Local\Temp\ytb.exe
C:\Users\jules\AppData\Local\Temp\_is4C50.exe
C:\Users\jules\AppData\Local\Temp\_isCB3F.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-27 00:10

==================== End Of Log ============================
--- --- ---

--- --- ---


ADDITION-LOG
Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version:25-05-2014 02
Ran by jules at 2014-05-27 00:13:01
Running from C:\Users\jules\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

µTorrent (HKLM\...\uTorrent) (Version: 3.1.0 - )
ABBYY FineReader 6.0 Sprint (HKLM\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.1395.4512 - ABBYY Software House)
Acer Crystal Eye webcam Ver:1.1.57.409 (HKLM\...\{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}) (Version: 1.1.57.409 - Chicony Electronics Co.,Ltd.)
Acer GridVista (HKLM\...\GridVista) (Version: 2.72.317 - )
Acer Mobility Center Plug-In (HKLM\...\{11316260-6666-467B-AC34-183FCB5D4335}) (Version: 3.0.3000 - Acer Inc.)
Acer Product Registration (HKLM\...\{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}) (Version: 3.0.0.10 - Acer Incorporated)
Acer ScreenSaver (HKLM\...\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}) (Version: 1.02.1111 - Acer Incorporated)
Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
Aeria Ignite (HKLM\...\Aeria Ignite 1.13.3296) (Version: 1.13.3296 - Aeria Games & Entertainment)
Aeria Ignite (HKLM\...\Aeria Ignite) (Version: 1.13.3296 - Aeria Games & Entertainment)
Aeria Ignite (Version: 1.13.3296 - Aeria Games & Entertainment) Hidden
Akamai NetSession Interface (HKCU\...\Akamai) (Version:  - Akamai Technologies, Inc)
Alliance of Valiant Arms (HKLM\...\Alliance of Valiant Arms) (Version:  - )
Apple Mobile Device Support (HKLM\...\{B5C3B892-0849-476C-9F46-B12F84819D57}) (Version: 3.0.0.102 - Apple Inc.)
Apple Software Update (HKLM\...\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}) (Version: 2.1.1.116 - Apple Inc.)
ARMA 2 (HKLM\...\Steam App 33910) (Version:  - Bohemia Interactive)
ARMA 2: Operation Arrowhead (HKLM\...\Steam App 33930) (Version:  - Bohemia Interactive)
Ask Toolbar (HKLM\...\Ask Toolbar_is1) (Version: 4.1.0.2 - Ask.com) <==== ATTENTION
BattlEye for OA Uninstall (HKLM\...\BattlEye for OA) (Version:  - )
BattlEye Uninstall (HKLM\...\BattlEye for A2) (Version:  - )
Broadcom Gigabit Integrated Controller (HKLM\...\{F870B987-18BC-45FC-9BE8-35C02DCDA10F}) (Version: 11.32.03 - Broadcom Corporation)
bwin Poker (HKLM\...\bwincomPoker) (Version:  - bwincom)
bwin Poker 1.0.0 (HKLM\...\bwin Poker_is1) (Version: 1.0.0 - bwin)
Call of Duty(R) 4 - Modern Warfare(TM) (HKLM\...\InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}) (Version: 1.7 - Activision)
Call of Duty(R) 4 - Modern Warfare(TM) (Version: 1.6 - Activision) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch (Version:  - ) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch (Version: 1.7 - Activision) Hidden
Call of Duty: Modern Warfare 2 (HKLM\...\Steam App 10180) (Version:  - Infinity Ward)
Camera RAW Plug-In for EPSON Creativity Suite (HKLM\...\{42EDF895-158C-484E-A7F2-42B90759F281}) (Version: 2.3.0.0 - SEIKO EPSON CORPORATION)
Canon MG5200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5200_series) (Version:  - )
Cisco Systems VPN Client 5.0.07.0410 (HKLM\...\{1CE60928-8325-49A8-8B06-633E48DD2B67}) (Version: 5.0.7 - Cisco Systems, Inc.)
Company of Heroes 2 (HKLM\...\Steam App 231430) (Version:  - Relic Entertainment)
Counter-Strike: Source (HKLM\...\Steam App 240) (Version:  - Valve)
CyberLink PowerDirector (HKLM\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 6.5.3023d - CyberLink Corp.)
CyberLink PowerDirector (Version: 6.5.3023d - CyberLink Corp.) Hidden
DayZ Commander (HKLM\...\{05B1529B-C423-42AA-B981-4ECA247E9FC0}) (Version: 1.09.73 - Dotjosh Studios)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{349F73CA-653A-43A6-AE77-970B07D6EDA0}) (Version:  - Microsoft)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM\...\{91140000-0015-0000-0000-0000000FF1CE}_Office14.AccessR_{349F73CA-653A-43A6-AE77-970B07D6EDA0}) (Version:  - Microsoft)
DivX-Setup (HKLM\...\DivX Setup.divx.com) (Version: 2.5.0.8 - DivX, LLC)
Dropbox (HKCU\...\Dropbox) (Version: 2.8.2 - Dropbox, Inc.)
EPSON Stylus SX200 Series Printer Uninstall (HKLM\...\EPSON Stylus SX200 Series) (Version:  - SEIKO EPSON Corporation)
Free Audio CD Burner version 1.4 (HKLM\...\Free Audio CD Burner_is1) (Version:  - DVDVideoSoft Limited.)
Free Audio Converter version 1.1 (HKLM\...\Free Audio Converter_is1) (Version:  - DVDVideoSoft Limited.)
Free YouTube Download 2.4 (HKLM\...\Free YouTube Download_is1) (Version:  - DVDVideoSoft Limited.)
Free YouTube to MP3 Converter version 3.8 (HKLM\...\Free YouTube to MP3 Converter_is1) (Version:  - DVDVideoSoft Limited.)
FreeMind (HKLM\...\B991B020-2968-11D8-AF23-444553540000_is1) (Version: 0.9.0_RC_10 - )
GIMP 2.6.8 (HKLM\...\WinGimp-2.0_is1) (Version:  - )
Google Chrome (HKLM\...\Google Chrome) (Version: 35.0.1916.114 - Google Inc.)
Google Desktop (HKLM\...\Google Desktop) (Version: 5.9.1005.12335 - Google)
Google Drive (HKLM\...\{418BAAD1-754D-48B4-B078-46EF4F25AF42}) (Version: 1.15.6556.8063 - Google, Inc.)
Google Talk Plugin (HKLM\...\{217CEB43-6D22-3E1F-A311-DC0D7BFEE0A2}) (Version: 5.4.1.18709 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.24.7 - Google Inc.) Hidden
Grand Theft Auto IV (HKLM\...\{579BA58C-F33D-4970-9953-B94B43768AC3}) (Version: 1.00.0000 - Rockstar Games)
GTA San Andreas (HKLM\...\{E0303B6A-C675-4102-95DA-C013625BFA99}) (Version: 1.00.00001 - Rockstar Games)
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118) (Version:  - )
ICQ Toolbar (HKLM\...\ICQToolbar) (Version: 3.0.0 - ICQ)
ICQ7.5 (HKLM\...\{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}) (Version: 7.5 - ICQ)
Java Auto Updater (Version: 2.0.2.4 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 22 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216022FF}) (Version: 6.0.220 - Oracle)
Launch Manager (HKLM\...\LManager) (Version:  - )
LightScribe  1.4.142.1 (Version: 1.4.142.1 - hxxp://www.lightscribe.com) Hidden
Logitech GamePanel Software 2.00 (HKLM\...\{948BE614-F37B-4A73-AD43-0245F23C110D}) (Version: 2.00.171 - Logitech)
Mafia 2 (HKLM\...\{A716BE0A-331D-4603-9E70-319153D1943F}_is1) (Version:  - By Hasbihal)
Malwarebytes Anti-Malware Version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Access 2010 (HKLM\...\Office14.AccessR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE Redistributable (HKLM\...\{59E4543A-D49D-4489-B445-473D763C79AF}) (Version: 2.0.672.0 - Microsoft Corporation)
Microsoft Office Access 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Language Pack 2010 - German/Deutsch (HKLM\...\Office14.OMUI.de-de) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office O MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office SharePoint Designer MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Suite Activation Assistant (HKLM\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office X MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM\...\{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}) (Version: 08.05.0822 - Microsoft Corporation)
Mozilla Firefox 29.0.1 (x86 de) (HKLM\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MTA:SA v1.3.2 (HKLM\...\MTA:SA 1.3) (Version: v1.3.2 - Multi Theft Auto)
MySQL Connector/ODBC 5.2(w) (HKLM\...\{410BB59D-840E-4408-8D85-D74A0F7E113B}) (Version: 5.2.2 - Oracle Corporation)
Norton Security Scan (HKLM\...\NSS) (Version: 2.7.6.13 - Symantec Corporation)
NTI Backup Now 5 (HKLM\...\InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}) (Version: 5.1.2.606 - NewTech Infosystems)
NTI Backup Now Standard (Version: 5.1.2.606 - NewTech Infosystems) Hidden
NTI Media Maker 8 (HKLM\...\InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}) (Version: 8.0.2.6329 - NewTech Infosystems)
NTI Media Maker 8 (Version: 8.0.2.6329 - NewTech Infosystems) Hidden
Nuvoton EC Generic HID Driver (HKLM\...\{302E9B7B-2B6A-4C29-9A02-9F2110649779}) (Version: 7.80.5000 - Nuvoton Technology Corporation)
NVIDIA Grafiktreiber 307.83 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 307.83 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.109.706 - NVIDIA Corporation) Hidden
NVIDIA PhysX (Version: 9.12.0604 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.12.0604 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0604 - NVIDIA Corporation)
NVIDIA Systemsteuerung 307.83 (Version: 307.83 - NVIDIA Corporation) Hidden
NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.10.8 - NVIDIA Corporation) Hidden
Octoshape add-in for Adobe Flash Player (HKCU\...\Octoshape add-in for Adobe Flash Player) (Version:  - )
OLYMPUS ib (HKLM\...\InstallShield_{89A43E80-AC6C-4DA8-9800-F4B30ED577C0}) (Version: 1.1.1210c - OLYMPUS IMAGING CORP.)
OLYMPUS ib (Version: 1.1.1210c - OLYMPUS IMAGING CORP.) Hidden
OpenOffice.org 3.2 (HKLM\...\{8D1E61D1-1395-4E97-997F-D002DB3A5074}) (Version: 3.2.9502 - OpenOffice.org)
PDF24 Creator 6.2.0 (HKLM\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
PhotoNow! (HKLM\...\{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.4619 - CyberLink Corp.)
Play withSIX (HKLM\...\{61873A7A-38DD-4973-90A9-69E4560A1DC6}) (Version: 1.00.0068 - SIX Networks)
PokerTH (HKLM\...\PokerTH 0.9.5) (Version: 0.9.5 - www.pokerth.net)
Portal (HKLM\...\Steam App 400) (Version:  - Valve)
PunkBuster Services (HKLM\...\PunkBusterSvc) (Version: 0.990 - Even Balance, Inc.)
R for Windows 2.15.1 (HKLM\...\R for Windows 2.15.1_is1) (Version: 2.15.1 - R Core Team)
R for Windows 3.1.0 (HKLM\...\R for Windows 3.1.0_is1) (Version: 3.1.0 - R Core Team)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5704 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM\...\{DC24971E-1946-445D-8A82-CE685433FA7D}) (Version: 3.0.1.3 - Realtek Semiconductor Corp.)
Rockstar Games Social Club (HKLM\...\{08B3869E-D282-424C-9AFC-870E04A4BA14}) (Version: 1.00.0000 - Rockstar Games)
RStudio (HKLM\...\RStudio) (Version: 0.96.331 - RStudio)
Scan2PDF 1.6 (HKLM\...\Scan2PDF_is1) (Version:  - Koma-Code)
Secure Download Manager (HKLM\...\{9268B41D-6045-4F5F-A14E-3F8E51CD2666}) (Version: 3.0.5 - e-academy Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{91140000-0015-0000-0000-0000000FF1CE}_Office14.AccessR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 Language Pack (KB2687449) 32-Bit Edition (HKLM\...\{90140000-0100-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{F3E80B62-3C51-4940-A434-A1F517AB8D6A}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 Language Pack (KB2687449) 32-Bit Edition (Version:  - Microsoft) Hidden
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.9.9216 - Skype Technologies S.A.)
Skype™ 6.14 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
SopCast 3.3.2 (HKLM\...\SopCast) (Version: 3.3.2 - www.sopcast.com)
Spelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
StarCraft II (HKLM\...\StarCraft II) (Version: 2.0.9.26147 - Blizzard Entertainment)
Steam (HKLM\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 11.1.4.0 - Synaptics)
Team Fortress 2 (HKLM\...\Steam App 440) (Version:  - Valve)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
TeamViewer 8 (HKLM\...\TeamViewer 8) (Version: 8.0.20202 - TeamViewer)
Uninstall 1.0.0.1 (HKLM\...\Uninstall_is1) (Version:  - )
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM\...\{91140000-0015-0000-0000-0000000FF1CE}_Office14.AccessR_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (HKLM\...\{91140000-0015-0000-0000-0000000FF1CE}_Office14.AccessR_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM\...\{91140000-0015-0000-0000-0000000FF1CE}_Office14.AccessR_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM\...\{91140000-0015-0000-0000-0000000FF1CE}_Office14.AccessR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM\...\{91140000-0015-0000-0000-0000000FF1CE}_Office14.AccessR_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM\...\{91140000-0015-0000-0000-0000000FF1CE}_Office14.AccessR_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM\...\{91140000-0015-0000-0000-0000000FF1CE}_Office14.AccessR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM\...\{91140000-0015-0000-0000-0000000FF1CE}_Office14.AccessR_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM\...\{90140000-0100-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM\...\{91140000-0015-0000-0000-0000000FF1CE}_Office14.AccessR_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.AccessR_{C70D2038-A2C4-4A99-87DE-5272BB44F0CE}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{C70D2038-A2C4-4A99-87DE-5272BB44F0CE}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.AccessR_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.OMUI.de-de_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{5E8EB600-8B94-429E-873E-98369C6DC1BC}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM\...\{91140000-0015-0000-0000-0000000FF1CE}_Office14.AccessR_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{40EC8FB1-5202-469D-9232-C28FB1C6FC64}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
USB MP3 Player WIN98 Drivers (HKLM\...\USB MP3 Player WIN98 Drivers) (Version:  - )
VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0 - DivX, Inc) Hidden
Ventrilo Client (HKLM\...\{789289CA-F73A-4A16-A331-54D498CE069F}) (Version: 3.0.5 - Flagship Industries, Inc.)
vShare.tv plugin 1.3 (HKLM\...\vShare.tv plugin) (Version: 1.3 - vShare.tv, Inc.) <==== ATTENTION
Windows Live Anmelde-Assistent (HKLM\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Call (Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
Windows Live Communications Platform (Version: 14.0.8098.930 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Essentials (Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live-Uploadtool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows-Treiberpaket - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009 1.0.0.0) (HKLM\...\E77704EF5E71F4F18CADFBFA68595AFE036D5D97) (Version: 09/09/2009 1.0.0.0 - OLYMPUS IMAGING CORP.)
WinRAR (HKLM\...\WinRAR archiver) (Version:  - )
World of Warcraft (HKLM\...\World of Warcraft) (Version:  - Blizzard Entertainment)
Xfire (remove only) (HKLM\...\Xfire) (Version:  - )
XfireXO Toolbar (HKLM\...\XfireXO Toolbar) (Version:  - )
XP-Games JRE (HKLM\...\XP-Games JRE) (Version:  - )

==================== Restore Points  =========================

09-05-2014 04:48:35 Windows Update
12-05-2014 21:39:49 Geplanter Prüfpunkt
13-05-2014 10:49:21 Windows Update
14-05-2014 23:27:32 Windows Update
18-05-2014 17:01:38 Windows Update
19-05-2014 15:32:46 Geplanter Prüfpunkt
23-05-2014 07:07:21 Windows Update

==================== Hosts content: ==========================

2006-11-02 12:23 - 2006-09-18 23:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost
::1            localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {1222D404-87FD-4E23-B51C-5636FE9DDB87} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {42B55020-E593-4710-881E-E36B0FFE7D5D} - System32\Tasks\{23EF95EB-77C0-43F5-9288-F408955B2D31} => C:\Program Files\Skype\Phone\Skype.exe [2014-02-10] (Skype Technologies S.A.)
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {4B69729F-4A53-417A-949B-CCA909BA187F} - System32\Tasks\Norton Security Scan for jules => C:\Program Files\Norton Security Scan\Engine\2.7.6.13\Nss.exe [2011-05-17] (Symantec Corporation)
Task: {4F368E01-46D7-491A-A60B-0597FA5BBC5E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-13] (Adobe Systems Incorporated)
Task: {5559BF42-53DB-4104-9AE2-ECF529964DEA} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30] (Apple Inc.)
Task: {6D40101D-0A39-4A92-ADCA-5A61C00AB411} - System32\Tasks\{70F3F7B7-F755-4831-BEBE-3A34F629A904} => Firefox.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=4.1.0.166.217&amp;LastError=206
Task: {7B668A7C-F6B6-4ABE-A174-C203D9F4426A} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - jules => C:\Program Files\Windows Calendar\WinCal.exe [2009-04-11] (Microsoft Corporation)
Task: {A728AE6B-5AB8-4223-AD3E-E6341441A01C} - System32\Tasks\Microsoft\Windows\PLA\System\ConvertLogEntries => Rundll32.exe %windir%\system32\pla.dll,PlaConvertLogEntries
Task: {A9D99EE3-B89E-40FB-A0CA-97A856949A3B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-04-01] (Google Inc.)
Task: {BDA4A639-588E-4111-BC6C-0888177FA87B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1746654511-3761473265-4038029783-1000UA => C:\Users\jules\AppData\Local\Google\Update\GoogleUpdate.exe [2014-04-02] (Google Inc.)
Task: {D9EF614E-519B-41DE-B9B2-9558C87F27D0} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS.exe [2012-10-17] (Microsoft)
Task: {DEF6DB21-60B7-43ED-AEAE-EA6438708FFF} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1746654511-3761473265-4038029783-1000Core => C:\Users\jules\AppData\Local\Google\Update\GoogleUpdate.exe [2014-04-02] (Google Inc.)
Task: {E4C5552A-23FE-4720-A239-7F12469FF02F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-04-01] (Google Inc.)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1746654511-3761473265-4038029783-1000Core.job => C:\Users\jules\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1746654511-3761473265-4038029783-1000UA.job => C:\Users\jules\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Norton Security Scan for jules.job => C:\Program Files\Norton Security Scan\Engine\2.7.6.13\Nss.exe

==================== Loaded Modules (whitelisted) =============

2007-06-24 20:09 - 2007-06-24 20:09 - 01024000 _____ () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\ACE.dll
2007-06-24 20:09 - 2007-06-24 20:09 - 00098304 _____ () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\ACEXML.dll
2007-06-24 20:09 - 2007-06-24 20:09 - 00061440 _____ () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\ACEXML_Parser.dll
2010-09-27 12:03 - 2010-09-27 12:03 - 00201512 _____ () C:\Windows\system32\vpnapi.dll
2010-10-28 20:17 - 2010-11-21 11:49 - 00247608 _____ () C:\Program Files\ICQ6Toolbar\ICQ Service.exe
2008-11-20 06:09 - 2007-12-06 17:15 - 00110592 _____ () C:\Acer\Mobility Center\MobilityService.exe
2008-11-20 06:09 - 2007-11-27 16:08 - 00032768 _____ () C:\Acer\Mobility Center\MobilityInterface.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-05-23 20:08 - 2010-03-15 11:28 - 00141824 _____ () C:\Program Files\WinRAR\rarext.dll
2008-04-25 22:36 - 2008-04-25 22:36 - 00028672 _____ () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
2008-04-28 10:49 - 2008-04-28 10:49 - 00003072 _____ () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTrayLOC.dll
2009-01-19 22:42 - 2007-10-23 11:56 - 00200704 _____ () C:\Windows\PLFSetI.exe
2008-04-25 22:36 - 2008-04-25 22:36 - 00131072 _____ () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
2009-06-16 20:29 - 2011-03-30 17:51 - 00075136 _____ () C:\Windows\system32\PnkBstrA.exe
2008-11-20 05:55 - 2007-01-09 20:25 - 00272024 _____ () c:\Program Files\Cyberlink\Shared files\RichVideo.exe
2009-01-20 07:24 - 2003-06-07 23:30 - 00057344 _____ () C:\Program Files\Launch Manager\PowerUtl.dll
2011-03-21 20:56 - 2011-03-21 20:56 - 01230704 _____ () C:\Program Files\DivX\DivX Update\DivXUpdate.exe
2011-03-21 20:57 - 2011-03-21 20:57 - 00096112 _____ () C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
2014-05-27 00:06 - 2014-05-27 00:06 - 00043008 _____ () c:\users\jules\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpttprd5.dll
2013-08-23 21:01 - 2013-08-23 21:01 - 25100288 _____ () C:\Users\jules\AppData\Roaming\Dropbox\bin\libcef.dll
2010-05-04 15:36 - 2010-05-04 15:36 - 00970752 _____ () C:\Program Files\OpenOffice.org 3\program\libxml2.dll
2014-05-27 00:05 - 2014-05-27 00:05 - 00098816 _____ () C:\Users\jules\AppData\Local\Temp\_MEI33842\win32api.pyd
2014-05-27 00:05 - 2014-05-27 00:05 - 00110080 _____ () C:\Users\jules\AppData\Local\Temp\_MEI33842\pywintypes27.dll
2014-05-27 00:05 - 2014-05-27 00:05 - 00364544 _____ () C:\Users\jules\AppData\Local\Temp\_MEI33842\pythoncom27.dll
2014-05-27 00:05 - 2014-05-27 00:05 - 00045568 _____ () C:\Users\jules\AppData\Local\Temp\_MEI33842\_socket.pyd
2014-05-27 00:05 - 2014-05-27 00:05 - 01159680 _____ () C:\Users\jules\AppData\Local\Temp\_MEI33842\_ssl.pyd
2014-05-27 00:05 - 2014-05-27 00:05 - 00320512 _____ () C:\Users\jules\AppData\Local\Temp\_MEI33842\win32com.shell.shell.pyd
2014-05-27 00:05 - 2014-05-27 00:05 - 00713216 _____ () C:\Users\jules\AppData\Local\Temp\_MEI33842\_hashlib.pyd
2014-05-27 00:05 - 2014-05-27 00:05 - 01175040 _____ () C:\Users\jules\AppData\Local\Temp\_MEI33842\wx._core_.pyd
2014-05-27 00:05 - 2014-05-27 00:05 - 00805888 _____ () C:\Users\jules\AppData\Local\Temp\_MEI33842\wx._gdi_.pyd
2014-05-27 00:05 - 2014-05-27 00:05 - 00811008 _____ () C:\Users\jules\AppData\Local\Temp\_MEI33842\wx._windows_.pyd
2014-05-27 00:05 - 2014-05-27 00:05 - 01062400 _____ () C:\Users\jules\AppData\Local\Temp\_MEI33842\wx._controls_.pyd
2014-05-27 00:05 - 2014-05-27 00:05 - 00735232 _____ () C:\Users\jules\AppData\Local\Temp\_MEI33842\wx._misc_.pyd
2014-05-27 00:05 - 2014-05-27 00:05 - 00128512 _____ () C:\Users\jules\AppData\Local\Temp\_MEI33842\_elementtree.pyd
2014-05-27 00:05 - 2014-05-27 00:05 - 00127488 _____ () C:\Users\jules\AppData\Local\Temp\_MEI33842\pyexpat.pyd
2014-05-27 00:05 - 2014-05-27 00:05 - 00557056 _____ () C:\Users\jules\AppData\Local\Temp\_MEI33842\pysqlite2._sqlite.pyd
2014-05-27 00:05 - 2014-05-27 00:05 - 00087552 _____ () C:\Users\jules\AppData\Local\Temp\_MEI33842\_ctypes.pyd
2014-05-27 00:05 - 2014-05-27 00:05 - 00119808 _____ () C:\Users\jules\AppData\Local\Temp\_MEI33842\win32file.pyd
2014-05-27 00:05 - 2014-05-27 00:05 - 00108544 _____ () C:\Users\jules\AppData\Local\Temp\_MEI33842\win32security.pyd
2014-05-27 00:05 - 2014-05-27 00:05 - 00018432 _____ () C:\Users\jules\AppData\Local\Temp\_MEI33842\win32event.pyd
2014-05-27 00:05 - 2014-05-27 00:05 - 00038912 _____ () C:\Users\jules\AppData\Local\Temp\_MEI33842\win32inet.pyd
2014-05-27 00:05 - 2014-05-27 00:05 - 00070656 _____ () C:\Users\jules\AppData\Local\Temp\_MEI33842\wx._html2.pyd
2014-05-27 00:05 - 2014-05-27 00:05 - 00167936 _____ () C:\Users\jules\AppData\Local\Temp\_MEI33842\win32gui.pyd
2014-05-27 00:05 - 2014-05-27 00:05 - 00011264 _____ () C:\Users\jules\AppData\Local\Temp\_MEI33842\win32crypt.pyd
2014-05-27 00:05 - 2014-05-27 00:05 - 00027136 _____ () C:\Users\jules\AppData\Local\Temp\_MEI33842\_multiprocessing.pyd
2014-05-27 00:05 - 2014-05-27 00:05 - 00122368 _____ () C:\Users\jules\AppData\Local\Temp\_MEI33842\wx._wizard.pyd
2014-05-27 00:05 - 2014-05-27 00:05 - 00010240 _____ () C:\Users\jules\AppData\Local\Temp\_MEI33842\select.pyd
2014-05-27 00:05 - 2014-05-27 00:05 - 00024064 _____ () C:\Users\jules\AppData\Local\Temp\_MEI33842\win32pipe.pyd
2014-05-27 00:05 - 2014-05-27 00:05 - 00686080 _____ () C:\Users\jules\AppData\Local\Temp\_MEI33842\unicodedata.pyd
2014-05-27 00:05 - 2014-05-27 00:05 - 00025600 _____ () C:\Users\jules\AppData\Local\Temp\_MEI33842\win32pdh.pyd
2014-05-27 00:05 - 2014-05-27 00:05 - 00525640 _____ () C:\Users\jules\AppData\Local\Temp\_MEI33842\windows._lib_cacheinvalidation.pyd
2014-05-27 00:05 - 2014-05-27 00:05 - 00035840 _____ () C:\Users\jules\AppData\Local\Temp\_MEI33842\win32process.pyd
2014-05-27 00:05 - 2014-05-27 00:05 - 00017408 _____ () C:\Users\jules\AppData\Local\Temp\_MEI33842\win32profile.pyd
2014-05-27 00:05 - 2014-05-27 00:05 - 00022528 _____ () C:\Users\jules\AppData\Local\Temp\_MEI33842\win32ts.pyd
2014-05-27 00:05 - 2014-05-27 00:05 - 00078336 _____ () C:\Users\jules\AppData\Local\Temp\_MEI33842\wx._animate.pyd
2014-05-11 22:01 - 2014-05-11 22:02 - 03839088 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\Temp:4D066AD2
AlternateDataStreams: C:\ProgramData\Temp:DAFD38AE
AlternateDataStreams: C:\ProgramData\Temp:F3176E45
AlternateDataStreams: C:\Users\jules\Anwendungsdaten:NT
AlternateDataStreams: C:\Users\jules\AppData\Roaming:NT
AlternateDataStreams: C:\Users\jules\Documents\dvr irc test.mp4:TOC.WMV

==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============

Name: Cisco Systems VPN Adapter
Description: Cisco Systems VPN Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/27/2014 00:05:58 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/26/2014 11:24:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/26/2014 10:48:55 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\JULES\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\MACROMEDIA.COM\SUPPORT\FLASHPLAYER\SYS\#S.YTIMG.COM> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
        Ein an das System angeschlossenes Gerät funktioniert nicht.  (0x8007001f)

Error: (05/26/2014 10:48:55 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\JULES\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\MACROMEDIA.COM\SUPPORT\FLASHPLAYER\SYS\#S.YTIMG.COM> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
        Ein an das System angeschlossenes Gerät funktioniert nicht.  (0x8007001f)

Error: (05/26/2014 10:48:37 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\JULES\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\MACROMEDIA.COM\SUPPORT\FLASHPLAYER\SYS\#WWW.NOWVIDEO.SX> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
        Ein an das System angeschlossenes Gerät funktioniert nicht.  (0x8007001f)

Error: (05/26/2014 10:48:37 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\JULES\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\MACROMEDIA.COM\SUPPORT\FLASHPLAYER\SYS\#WWW.NOWVIDEO.SX> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
        Ein an das System angeschlossenes Gerät funktioniert nicht.  (0x8007001f)

Error: (05/26/2014 10:48:32 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\JULES\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\MACROMEDIA.COM\SUPPORT\FLASHPLAYER\SYS\#S.YTIMG.COM> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
        Ein an das System angeschlossenes Gerät funktioniert nicht.  (0x8007001f)

Error: (05/26/2014 10:48:32 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\JULES\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\MACROMEDIA.COM\SUPPORT\FLASHPLAYER\SYS\#S.YTIMG.COM> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
        Ein an das System angeschlossenes Gerät funktioniert nicht.  (0x8007001f)

Error: (05/26/2014 10:48:11 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\JULES\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\MACROMEDIA.COM\SUPPORT\FLASHPLAYER\SYS\#WWW-CDN.JTVNW.NET> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
        Ein an das System angeschlossenes Gerät funktioniert nicht.  (0x8007001f)

Error: (05/26/2014 10:48:11 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\JULES\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\MACROMEDIA.COM\SUPPORT\FLASHPLAYER\SYS\#WWW-CDN.JTVNW.NET> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
        Ein an das System angeschlossenes Gerät funktioniert nicht.  (0x8007001f)


System errors:
=============
Error: (05/27/2014 00:05:58 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058

Error: (05/27/2014 00:05:51 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (05/27/2014 00:05:51 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC)

Error: (05/26/2014 11:24:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058

Error: (05/26/2014 11:23:55 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC)

Error: (05/26/2014 11:23:50 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (05/26/2014 11:22:37 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 26.05.2014 um 23:20:41 unerwartet heruntergefahren.

Error: (05/26/2014 10:46:27 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (05/26/2014 10:46:15 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC)

Error: (05/26/2014 10:46:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058


Microsoft Office Sessions:
=========================
Error: (05/27/2014 00:05:58 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/26/2014 11:24:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/26/2014 10:48:55 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
        Ein an das System angeschlossenes Gerät funktioniert nicht.  (0x8007001f)
C:\USERS\JULES\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\MACROMEDIA.COM\SUPPORT\FLASHPLAYER\SYS\#S.YTIMG.COM

Error: (05/26/2014 10:48:55 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
        Ein an das System angeschlossenes Gerät funktioniert nicht.  (0x8007001f)
C:\USERS\JULES\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\MACROMEDIA.COM\SUPPORT\FLASHPLAYER\SYS\#S.YTIMG.COM

Error: (05/26/2014 10:48:37 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
        Ein an das System angeschlossenes Gerät funktioniert nicht.  (0x8007001f)
C:\USERS\JULES\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\MACROMEDIA.COM\SUPPORT\FLASHPLAYER\SYS\#WWW.NOWVIDEO.SX

Error: (05/26/2014 10:48:37 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
        Ein an das System angeschlossenes Gerät funktioniert nicht.  (0x8007001f)
C:\USERS\JULES\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\MACROMEDIA.COM\SUPPORT\FLASHPLAYER\SYS\#WWW.NOWVIDEO.SX

Error: (05/26/2014 10:48:32 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
        Ein an das System angeschlossenes Gerät funktioniert nicht.  (0x8007001f)
C:\USERS\JULES\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\MACROMEDIA.COM\SUPPORT\FLASHPLAYER\SYS\#S.YTIMG.COM

Error: (05/26/2014 10:48:32 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
        Ein an das System angeschlossenes Gerät funktioniert nicht.  (0x8007001f)
C:\USERS\JULES\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\MACROMEDIA.COM\SUPPORT\FLASHPLAYER\SYS\#S.YTIMG.COM

Error: (05/26/2014 10:48:11 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
        Ein an das System angeschlossenes Gerät funktioniert nicht.  (0x8007001f)
C:\USERS\JULES\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\MACROMEDIA.COM\SUPPORT\FLASHPLAYER\SYS\#WWW-CDN.JTVNW.NET

Error: (05/26/2014 10:48:11 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
        Ein an das System angeschlossenes Gerät funktioniert nicht.  (0x8007001f)
C:\USERS\JULES\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\MACROMEDIA.COM\SUPPORT\FLASHPLAYER\SYS\#WWW-CDN.JTVNW.NET


CodeIntegrity Errors:
===================================
  Date: 2014-01-23 11:54:38.291
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-01-23 11:54:37.910
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-01-23 11:54:37.549
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-01-23 11:54:37.189
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-01-23 11:54:36.786
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-01-23 11:54:36.414
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-01-23 11:54:35.957
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-01-23 11:54:35.581
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-01-23 11:54:35.184
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-01-23 11:54:34.789
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info ===========================

Percentage of memory in use: 49%
Total physical RAM: 3065.93 MB
Available physical RAM: 1536.95 MB
Total Pagefile: 6338.11 MB
Available Pagefile: 4486.55 MB
Total Virtual: 2047.88 MB
Available Virtual: 1893.89 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:142.65 GB) (Free:24.56 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:142.67 GB) (Free:4.32 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298 GB) (Disk ID: 841F2730)
Partition 1: (Not Active) - (Size=10 GB) - (Type=27)
Partition 2: (Active) - (Size=143 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=143 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=3 GB) - (Type=12)

==================== End Of Log ============================
Schritt 3: GMER



Über eure Hilfe und die Beratung würde ich mich sehr freuen.
Beste Grüße

GMER-LOG
Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-05-27 00:48:36
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD3200BEVT-22ZCT0 rev.11.01A11 298,09GB
Running: Gmer-19357.exe; Driver: C:\Users\jules\AppData\Local\Temp\fwdoypow.sys


---- Kernel code sections - GMER 2.1 ----

.text          C:\Windows\system32\DRIVERS\atksgt.sys                                                                section is writeable [0xA3871300, 0x3B6D8, 0xE8000020]
.text          C:\Windows\system32\DRIVERS\lirsgt.sys                                                                section is writeable [0xA3944300, 0x1BEE, 0xE8000020]

---- Devices - GMER 2.1 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                              Wdf01000.sys
AttachedDevice  \FileSystem\fastfat \Fat                                                                              fltmgr.sys

---- Registry - GMER 2.1 ----

Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                     
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) 

---- Disk sectors - GMER 2.1 ----

Disk            \Device\Harddisk0\DR0                                                                                unknown MBR code

---- EOF - GMER 2.1 ----

schrauber 27.05.2014 06:56
hi,

Adware & Co. deinstallieren

Solltest Du ein Programm nicht finden oder nicht deinstallieren können, mache bitte mit dem nächsten Schritt weiter:




Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Dirknash 27.05.2014 12:08
Hallo, vielen Dank für deine Antwort. Zu Schritt 1: habe die zwei mit Attention bezeichneten Programme gelöscht. "Reste löschen" und die Buttons habe ich nicht gefunden und nicht durchgeführt.

Hier der Combofix-Log
Code:
ComboFix 14-05-27.02 - jules 27.05.2014  9:53.1.2 - x86
Microsoft® Windows Vista™ Home Premium  6.0.6002.2.1252.49.1031.18.3066.1593 [GMT 2:00]
ausgeführt von:: c:\users\jules\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\jules\AppData\Local\Temp\_MEI15522\_ctypes.pyd
c:\users\jules\AppData\Local\Temp\_MEI15522\_elementtree.pyd
c:\users\jules\AppData\Local\Temp\_MEI15522\_hashlib.pyd
c:\users\jules\AppData\Local\Temp\_MEI15522\_multiprocessing.pyd
c:\users\jules\AppData\Local\Temp\_MEI15522\_socket.pyd
c:\users\jules\AppData\Local\Temp\_MEI15522\_ssl.pyd
c:\users\jules\AppData\Local\Temp\_MEI15522\pyexpat.pyd
c:\users\jules\AppData\Local\Temp\_MEI15522\pysqlite2._sqlite.pyd
c:\users\jules\AppData\Local\Temp\_MEI15522\python27.dll
c:\users\jules\AppData\Local\Temp\_MEI15522\pythoncom27.dll
c:\users\jules\AppData\Local\Temp\_MEI15522\PyWinTypes27.dll
c:\users\jules\AppData\Local\Temp\_MEI15522\select.pyd
c:\users\jules\AppData\Local\Temp\_MEI15522\unicodedata.pyd
c:\users\jules\AppData\Local\Temp\_MEI15522\win32api.pyd
c:\users\jules\AppData\Local\Temp\_MEI15522\win32com.shell.shell.pyd
c:\users\jules\AppData\Local\Temp\_MEI15522\win32crypt.pyd
c:\users\jules\AppData\Local\Temp\_MEI15522\win32event.pyd
c:\users\jules\AppData\Local\Temp\_MEI15522\win32file.pyd
c:\users\jules\AppData\Local\Temp\_MEI15522\win32gui.pyd
c:\users\jules\AppData\Local\Temp\_MEI15522\win32inet.pyd
c:\users\jules\AppData\Local\Temp\_MEI15522\win32pdh.pyd
c:\users\jules\AppData\Local\Temp\_MEI15522\win32pipe.pyd
c:\users\jules\AppData\Local\Temp\_MEI15522\win32process.pyd
c:\users\jules\AppData\Local\Temp\_MEI15522\win32profile.pyd
c:\users\jules\AppData\Local\Temp\_MEI15522\win32security.pyd
c:\users\jules\AppData\Local\Temp\_MEI15522\win32ts.pyd
c:\users\jules\AppData\Local\Temp\_MEI15522\windows._lib_cacheinvalidation.pyd
c:\users\jules\AppData\Local\Temp\_MEI15522\wx._animate.pyd
c:\users\jules\AppData\Local\Temp\_MEI15522\wx._controls_.pyd
c:\users\jules\AppData\Local\Temp\_MEI15522\wx._core_.pyd
c:\users\jules\AppData\Local\Temp\_MEI15522\wx._gdi_.pyd
c:\users\jules\AppData\Local\Temp\_MEI15522\wx._html2.pyd
c:\users\jules\AppData\Local\Temp\_MEI15522\wx._misc_.pyd
c:\users\jules\AppData\Local\Temp\_MEI15522\wx._windows_.pyd
c:\users\jules\AppData\Local\Temp\_MEI15522\wx._wizard.pyd
c:\users\jules\AppData\Local\Temp\_MEI15522\wxbase294u_net_vc90.dll
c:\users\jules\AppData\Local\Temp\_MEI15522\wxbase294u_vc90.dll
c:\users\jules\AppData\Local\Temp\_MEI15522\wxmsw294u_adv_vc90.dll
c:\users\jules\AppData\Local\Temp\_MEI15522\wxmsw294u_core_vc90.dll
c:\users\jules\AppData\Local\Temp\_MEI15522\wxmsw294u_html_vc90.dll
c:\users\jules\AppData\Local\Temp\_MEI15522\wxmsw294u_webview_vc90.dll
c:\users\jules\AppData\Roaming\.#
.
.
(((((((((((((((((((((((  Dateien erstellt von 2014-04-27 bis 2014-05-27  ))))))))))))))))))))))))))))))
.
.
2014-05-27 07:21 . 2014-05-27 07:21        --------        d-----w-        c:\program files\VS Revo Group
2014-05-26 22:12 . 2014-05-26 22:14        --------        dc----w-        C:\FRST
2014-05-26 21:00 . 2014-05-26 21:00        62576        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{30DE796E-37B0-4D3B-B2E8-FAFF2326E425}\offreg.dll
2014-05-23 07:09 . 2014-04-30 23:37        8073384        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{30DE796E-37B0-4D3B-B2E8-FAFF2326E425}\mpengine.dll
2014-05-14 20:54 . 2014-05-06 22:58        1383424        ----a-w-        c:\windows\system32\mshtml.tlb
2014-05-08 11:21 . 2014-05-08 11:21        188272        ----a-w-        c:\program files\Internet Explorer\Plugins\nppdf32.dll
2014-05-07 07:03 . 2014-05-27 07:19        --------        d-----w-        c:\users\jules\AppData\Roaming\DropboxMaster
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-13 20:09 . 2012-09-02 09:54        692400        ----a-w-        c:\windows\system32\FlashPlayerApp.exe
2014-05-13 20:09 . 2011-07-10 18:28        70832        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2014-04-15 00:34 . 2014-04-15 00:34        1070232        ----a-w-        c:\windows\system32\MSCOMCTL.OCX
2014-03-31 07:35 . 2012-05-02 23:35        231584        ------w-        c:\windows\system32\MpSigStub.exe
2014-02-27 17:24 . 2014-04-13 17:13        834048        ----a-w-        c:\windows\system32\wininet.dll
2014-02-27 17:23 . 2014-04-13 17:13        53760        ----a-w-        c:\windows\apppatch\iebrshim.dll
2014-02-27 17:23 . 2014-04-13 17:13        19456        ----a-w-        c:\windows\system32\corpol.dll
2014-02-27 16:01 . 2014-04-13 17:13        389632        ----a-w-        c:\windows\system32\html.iec
2010-08-13 00:04 . 2014-05-11 20:01        119808        ----a-w-        c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54        131248        ----a-w-        c:\users\jules\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54        131248        ----a-w-        c:\users\jules\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54        131248        ----a-w-        c:\users\jules\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2014-04-25 08:03        579400        ----a-w-        c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-04-25 08:03        579400        ----a-w-        c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2014-04-25 08:03        579400        ----a-w-        c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2014-04-25 08:03        579400        ----a-w-        c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2014-04-25 08:03        579400        ----a-w-        c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ProductReg"="c:\program files\Acer\WR_PopUp\ProductReg.exe" [2008-11-17 135168]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-16 68856]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Steam"="c:\program files\Steam\steam.exe" [2014-05-21 1775808]
"Olympus ib"="c:\program files\Olympus\ib\olycamdetect.exe" [2009-12-10 93376]
"Akamai NetSession Interface"="c:\users\jules\AppData\Local\Akamai\netsession_win.exe" [2014-04-17 4672920]
"GoogleDriveSync"="c:\program files\Google\Drive\googledrivesync.exe" [2014-04-25 22415552]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2014-02-10 20922016]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-25 1049896]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-25 28672]
"RtHDVCpl"="RtHDVCpl.exe" [2008-09-19 6294048]
"Skytel"="Skytel.exe" [2008-09-19 1833504]
"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-12-17 858632]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-13 30192]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2007-07-17 1687824]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2007-07-18 2094352]
"MDS_Menu"="c:\program files\Olympus\ib\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"PDFPrint"="c:\program files\PDF24\pdf24.exe" [2013-12-12 186408]
"Aeria Ignite"="c:\program files\Aeria Games\Ignite\aeriaignite.exe" [2013-06-06 1925656]
.
c:\users\jules\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\jules\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-5-20 33322312]
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
VPN Client.lnk - c:\windows\Installer\{1CE60928-8325-49A8-8B06-633E48DD2B67}\Icon3E5562ED7.ico -user_logon [2012-10-22 6144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation        REG_MULTI_SZ          FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-05-21 13:53        1091912        ----a-w-        c:\program files\Google\Chrome\Application\35.0.1916.114\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-05-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-02 20:09]
.
2014-05-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-01 09:41]
.
2014-05-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-01 09:41]
.
2014-05-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1746654511-3761473265-4038029783-1000Core.job
- c:\users\jules\AppData\Local\Google\Update\GoogleUpdate.exe [2014-04-29 14:42]
.
2014-05-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1746654511-3761473265-4038029783-1000UA.job
- c:\users\jules\AppData\Local\Google\Update\GoogleUpdate.exe [2014-04-29 14:42]
.
2014-05-26 c:\windows\Tasks\Norton Security Scan for jules.job
- c:\program files\Norton Security Scan\Engine\2.7.6.13\Nss.exe [2011-05-17 11:26]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = <local>
IE: An OneNote s&enden - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
Trusted Zone: aeriagames.com
TCP: DhcpNameServer = 80.69.103.78 80.69.102.158
FF - ProfilePath - c:\users\jules\AppData\Roaming\Mozilla\Firefox\Profiles\l92ad71y.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - user.js: yahoo.homepage.dontask - true
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{5e5ab302-7f65-44cd-8211-c1d4caaccea3} - c:\program files\XfireXO\tbXfi1.dll
BHO-{5e5ab302-7f65-44cd-8211-c1d4caaccea3} - c:\program files\XfireXO\tbXfi1.dll
Toolbar-{5e5ab302-7f65-44cd-8211-c1d4caaccea3} - c:\program files\XfireXO\tbXfi1.dll
WebBrowser-{5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - c:\program files\XfireXO\tbXfi1.dll
HKCU-Run-ICQ - c:\program files\ICQ7.2\ICQ.exe
HKCU-Run-GameXN GO - c:\programdata\GameXN\GameXNGO.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-BattlEye for A2 - c:\program files\steam\steamapps\common\arma 2BattlEye\UnInstallBE.exe
AddRemove-Free Audio Converter_is1 - c:\program files\DVDVideoSoft\Free Audio Converter\unins000.exe
AddRemove-XfireXO Toolbar - c:\progra~1\XfireXO\UNWISE.EXE
.
.
.
**************************************************************************
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien:
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\windows\System32\WUDFHost.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\ICQ6Toolbar\ICQ Service.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
c:\program files\McAfee\SiteAdvisor\McSACore.exe
c:\acer\Mobility Center\MobilityService.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Cyberlink\Shared files\RichVideo.exe
c:\program files\TeamViewer\Version8\TeamViewer_Service.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
c:\windows\system32\conime.exe
c:\program files\NVIDIA Corporation\Display\nvtray.exe
c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-05-27  10:17:27 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2014-05-27 08:16
.
Vor Suchlauf: 15 Verzeichnis(se), 25.227.579.392 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 32.270.200.832 Bytes frei
.
- - End Of File - - 98A2C9F5218AF7C2D011B1F07B2A8E88
BB9D3A6A13C5010348DA7C900BB6AF50

schrauber 28.05.2014 10:49
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

Dirknash 28.05.2014 15:45
MBAM.TXT
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 28.05.2014
Suchlauf-Zeit: 15:58:55
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.05.28.05
Rootkit Datenbank: v2014.05.21.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows Vista Service Pack 2
CPU: x86
Dateisystem: NTFS
Benutzer: jules

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 286943
Verstrichene Zeit: 9 Min, 23 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Warnen
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 0
(No malicious items detected)

Registrierungswerte: 2
PUP.Optional.ConduitTB.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}, In Quarantäne, [efd684d2b9c2350123dddc8c24dec937],
PUP.Optional.ConduitTB.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS|{5E5AB302-7F65-44CD-8211-C1D4CAACCEA3}, In Quarantäne, [efd684d2b9c2350123dddc8c24dec937],

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 4
PUP.Optional.Conduit.A, C:\Users\jules\AppData\Roaming\Mozilla\Firefox\Profiles\l92ad71y.default\searchplugins\conduit.xml, In Quarantäne, [ccf94b0bd8a32e08c4f6c4d9cd3557a9],
PUP.Optional.Conduit.A, C:\Users\jules\AppData\Roaming\Mozilla\Firefox\Profiles\l92ad71y.default\prefs.js, Gut: (), Schlecht: (user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}");), Ersetzt,[eadbf16592e9a0962aaac5c2966e8b75]
PUP.Optional.Conduit.A, C:\Users\jules\AppData\Roaming\Mozilla\Firefox\Profiles\l92ad71y.default\prefs.js, Gut: (), Schlecht: (user_pref("CT2269050.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q=");), Ersetzt,[b1147dd97cff1d196e675b2ca064639d]
PUP.Optional.Conduit.A, C:\Users\jules\AppData\Roaming\Mozilla\Firefox\Profiles\l92ad71y.default\prefs.js, Gut: (), Schlecht: (user_pref("CT2304157.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2304157&q=");), Ersetzt,[3b8a1d397ffcc472f5e0840307fdb24e]

Physische Sektoren: 0
(No malicious items detected)


(end)
ADWCLEANER

Code:
# AdwCleaner v3.211 - Bericht erstellt am 28/05/2014 um 16:16:10
# Aktualisiert 26/05/2014 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzername : jules - JULES-PC
# Gestartet von : C:\Users\jules\Desktop\adwcleaner_3.211.exe
# Option : Löschen

***** [ Dienste ] *****

Dienst Gelöscht : ICQ Service

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\ICQ\ICQToolbar
Ordner Gelöscht : C:\Program Files\Conduit
Ordner Gelöscht : C:\Program Files\ICQ6Toolbar
Ordner Gelöscht : C:\Program Files\Common Files\DVDVideoSoft\TB
Ordner Gelöscht : C:\Users\jules\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\jules\AppData\LocalLow\xfirexo
Ordner Gelöscht : C:\Users\jules\AppData\Roaming\Mozilla\Firefox\Profiles\l92ad71y.default\Conduit
Ordner Gelöscht : C:\Users\jules\AppData\Roaming\Mozilla\Firefox\Profiles\l92ad71y.default\ConduitEngine
Ordner Gelöscht : C:\Users\jules\AppData\Roaming\Mozilla\Firefox\Profiles\l92ad71y.default\ICQToolbarData
Ordner Gelöscht : C:\Users\jules\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj
Datei Gelöscht : C:\Program Files\Mozilla Firefox\Components\AskSearch.js
Datei Gelöscht : C:\Users\jules\AppData\Roaming\Mozilla\Firefox\Profiles\l92ad71y.default\searchplugins\11-suche.xml
Datei Gelöscht : C:\Users\jules\AppData\Roaming\Mozilla\Firefox\Profiles\l92ad71y.default\searchplugins\Ask.xml
Datei Gelöscht : C:\Users\jules\AppData\Roaming\Mozilla\Firefox\Profiles\l92ad71y.default\searchplugins\icqplugin.xml
Datei Gelöscht : C:\Users\jules\AppData\Roaming\Mozilla\Firefox\Profiles\l92ad71y.default\searchplugins\icqplugin-1.xml
Datei Gelöscht : C:\Users\jules\AppData\Roaming\Mozilla\Firefox\Profiles\l92ad71y.default\searchplugins\icqplugin-10.xml
Datei Gelöscht : C:\Users\jules\AppData\Roaming\Mozilla\Firefox\Profiles\l92ad71y.default\searchplugins\icqplugin-11.xml
Datei Gelöscht : C:\Users\jules\AppData\Roaming\Mozilla\Firefox\Profiles\l92ad71y.default\searchplugins\icqplugin-2.xml
Datei Gelöscht : C:\Users\jules\AppData\Roaming\Mozilla\Firefox\Profiles\l92ad71y.default\searchplugins\icqplugin-3.xml
Datei Gelöscht : C:\Users\jules\AppData\Roaming\Mozilla\Firefox\Profiles\l92ad71y.default\searchplugins\icqplugin-4.xml
Datei Gelöscht : C:\Users\jules\AppData\Roaming\Mozilla\Firefox\Profiles\l92ad71y.default\searchplugins\icqplugin-5.xml
Datei Gelöscht : C:\Users\jules\AppData\Roaming\Mozilla\Firefox\Profiles\l92ad71y.default\searchplugins\icqplugin-6.xml
Datei Gelöscht : C:\Users\jules\AppData\Roaming\Mozilla\Firefox\Profiles\l92ad71y.default\searchplugins\icqplugin-7.xml
Datei Gelöscht : C:\Users\jules\AppData\Roaming\Mozilla\Firefox\Profiles\l92ad71y.default\searchplugins\icqplugin-8.xml
Datei Gelöscht : C:\Users\jules\AppData\Roaming\Mozilla\Firefox\Profiles\l92ad71y.default\searchplugins\icqplugin-9.xml
Datei Gelöscht : C:\Users\jules\AppData\Roaming\Mozilla\Firefox\Profiles\l92ad71y.default\searchplugins\Startsear.xml
Datei Gelöscht : C:\Users\jules\AppData\Roaming\Mozilla\Firefox\Profiles\l92ad71y.default\user.js

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\ICQ\ICQToolBar
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\ICQ Service.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ICQToolBar.IEHook
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ICQToolBar.IEHook.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2269050
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2304157
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{5D723752-5899-47E8-99B4-62C824EF9E13}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{53CCF7BF-3AFB-4CB6-95C1-ECB77D9A8EEC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{761DB444-09E6-49E3-8141-E9CD25828573}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{761DB444-09E6-49E3-8141-E9CD25828573}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Schlüssel Gelöscht : HKCU\Software\ICQ\ICQToolbar
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\StartSearch
Schlüssel Gelöscht : HKCU\Software\vShare.tv
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\dt soft\daemon tools toolbar
Schlüssel Gelöscht : HKLM\Software\ICQ\ICQToolbar
Schlüssel Gelöscht : HKLM\Software\XfireXO
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ICQToolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Ask Toolbar_is1
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ICQToolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\vShare.tv plugin
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\XfireXO Toolbar

***** [ Browser ] *****

-\\ Internet Explorer v7.0.6002.18005

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]

-\\ Mozilla Firefox v29.0.1 (de)

[ Datei : C:\Users\jules\AppData\Roaming\Mozilla\Firefox\Profiles\l92ad71y.default\prefs.js ]

Zeile gelöscht : user_pref("CT2269050.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Zeile gelöscht : user_pref("CT2269050.CTID", "CT2269050");
Zeile gelöscht : user_pref("CT2269050.CurrentServerDate", "14-4-2010");
Zeile gelöscht : user_pref("CT2269050.DialogsAlignMode", "LTR");
Zeile gelöscht : user_pref("CT2269050.EMailNotifierPollDate", "Wed Apr 14 2010 22:53:40 GMT+0200");
Zeile gelöscht : user_pref("CT2269050.FirstServerDate", "14-4-2010");
Zeile gelöscht : user_pref("CT2269050.FirstTime", true);
Zeile gelöscht : user_pref("CT2269050.FirstTimeFF3", true);
Zeile gelöscht : user_pref("CT2269050.FixPageNotFoundErrors", true);
Zeile gelöscht : user_pref("CT2269050.GroupingServerCheckInterval", 1440);
Zeile gelöscht : user_pref("CT2269050.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Zeile gelöscht : user_pref("CT2269050.Initialize", true);
Zeile gelöscht : user_pref("CT2269050.InitializeCommonPrefs", true);
Zeile gelöscht : user_pref("CT2269050.InstalledDate", "Wed Apr 14 2010 22:53:38 GMT+0200");
Zeile gelöscht : user_pref("CT2269050.InvalidateCache", false);
Zeile gelöscht : user_pref("CT2269050.IsGrouping", false);
Zeile gelöscht : user_pref("CT2269050.IsMulticommunity", false);
Zeile gelöscht : user_pref("CT2269050.IsOpenThankYouPage", false);
Zeile gelöscht : user_pref("CT2269050.IsOpenUninstallPage", false);
Zeile gelöscht : user_pref("CT2269050.LanguagePackLastCheckTime", "Wed Apr 14 2010 22:53:40 GMT+0200");
Zeile gelöscht : user_pref("CT2269050.LanguagePackReloadIntervalMM", 1440);
Zeile gelöscht : user_pref("CT2269050.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
Zeile gelöscht : user_pref("CT2269050.LastLogin_2.5.8.6", "Wed Apr 14 2010 22:53:39 GMT+0200");
Zeile gelöscht : user_pref("CT2269050.LatestVersion", "2.1.0.18");
Zeile gelöscht : user_pref("CT2269050.Locale", "en");
Zeile gelöscht : user_pref("CT2269050.LoginCache", 4);
Zeile gelöscht : user_pref("CT2269050.MCDetectTooltipHeight", "83");
Zeile gelöscht : user_pref("CT2269050.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Zeile gelöscht : user_pref("CT2269050.MCDetectTooltipWidth", "295");
Zeile gelöscht : user_pref("CT2269050.RadioIsPodcast", false);
Zeile gelöscht : user_pref("CT2269050.RadioLastCheckTime", "Wed Apr 14 2010 22:53:39 GMT+0200");
Zeile gelöscht : user_pref("CT2269050.RadioLastUpdateIPServer", "3");
Zeile gelöscht : user_pref("CT2269050.RadioLastUpdateServer", "129132338014870000");
Zeile gelöscht : user_pref("CT2269050.RadioMediaID", "12473383");
Zeile gelöscht : user_pref("CT2269050.RadioMediaType", "Media Player");
Zeile gelöscht : user_pref("CT2269050.RadioMenuSelectedID", "EBRadioMenu_CT226905012473383");
Zeile gelöscht : user_pref("CT2269050.RadioStationName", "Hotmix%20108");
Zeile gelöscht : user_pref("CT2269050.RadioStationURL", "hxxp://67.202.67.18:8082");
Zeile gelöscht : user_pref("CT2269050.SHRINK_TOOLBAR", 1);
Zeile gelöscht : user_pref("CT2269050.SavedHomepage", "hxxp://www.google.de/");
Zeile gelöscht : user_pref("CT2269050.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TERM&ctid=CT2269050&octid=EB_ORIGINAL_CTID");
Zeile gelöscht : user_pref("CT2269050.SearchFromAddressBarIsInit", true);
Zeile gelöscht : user_pref("CT2269050.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q=");
Zeile gelöscht : user_pref("CT2269050.SearchInNewTabEnabled", true);
Zeile gelöscht : user_pref("CT2269050.SearchInNewTabIntervalMM", 1440);
Zeile gelöscht : user_pref("CT2269050.SearchInNewTabLastCheckTime", "Wed Apr 14 2010 22:53:39 GMT+0200");
Zeile gelöscht : user_pref("CT2269050.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
Zeile gelöscht : user_pref("CT2269050.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID");
Zeile gelöscht : user_pref("CT2269050.SettingsCheckIntervalMin", 120);
Zeile gelöscht : user_pref("CT2269050.SettingsLastCheckTime", "Wed Apr 14 2010 22:53:34 GMT+0200");
Zeile gelöscht : user_pref("CT2269050.SettingsLastUpdate", "1271255997");
Zeile gelöscht : user_pref("CT2269050.ThirdPartyComponentsInterval", 504);
Zeile gelöscht : user_pref("CT2269050.ThirdPartyComponentsLastCheck", "Wed Apr 14 2010 22:53:34 GMT+0200");
Zeile gelöscht : user_pref("CT2269050.ThirdPartyComponentsLastUpdate", "1271255997");
Zeile gelöscht : user_pref("CT2269050.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=101&sealid=112");
Zeile gelöscht : user_pref("CT2269050.UserID", "UN96839706514171735");
Zeile gelöscht : user_pref("CT2269050.WeatherNetwork", "");
Zeile gelöscht : user_pref("CT2269050.WeatherPollDate", "Wed Apr 14 2010 22:53:40 GMT+0200");
Zeile gelöscht : user_pref("CT2269050.WeatherUnit", "C");
Zeile gelöscht : user_pref("CT2269050.alertChannelId", "666138");
Zeile gelöscht : user_pref("CT2269050.backendstorage.hxxp://cmg1_conduit-widgets_com/pitsi.state", "4F50454E");
Zeile gelöscht : user_pref("CT2269050.clientLogIsEnabled", true);
Zeile gelöscht : user_pref("CT2269050.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
Zeile gelöscht : user_pref("CT2269050.myStuffEnabled", true);
Zeile gelöscht : user_pref("CT2269050.myStuffPublihserMinWidth", 400);
Zeile gelöscht : user_pref("CT2269050.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=2&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
Zeile gelöscht : user_pref("CT2269050.myStuffServiceIntervalMM", 1440);
Zeile gelöscht : user_pref("CT2269050.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
Zeile gelöscht : user_pref("CT2269050.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
Zeile gelöscht : user_pref("CT2304157.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Zeile gelöscht : user_pref("CT2304157.CTID", "CT2304157");
Zeile gelöscht : user_pref("CT2304157.CurrentServerDate", "22-3-2010");
Zeile gelöscht : user_pref("CT2304157.DialogsAlignMode", "LTR");
Zeile gelöscht : user_pref("CT2304157.FeedLastCount129078895246717929", 20);
Zeile gelöscht : user_pref("CT2304157.FeedLastCount129095439763593837", 20);
Zeile gelöscht : user_pref("CT2304157.FeedPollDate129078895250311712", "Mon Mar 22 2010 21:20:44 GMT+0100");
Zeile gelöscht : user_pref("CT2304157.FeedPollDate129095439763593837", "Mon Mar 22 2010 21:20:44 GMT+0100");
Zeile gelöscht : user_pref("CT2304157.FeedTTL129078895250311712", 40);
Zeile gelöscht : user_pref("CT2304157.FirstServerDate", "22-3-2010");
Zeile gelöscht : user_pref("CT2304157.FirstTime", true);
Zeile gelöscht : user_pref("CT2304157.FirstTimeFF3", true);
Zeile gelöscht : user_pref("CT2304157.GroupingServerCheckInterval", 1440);
Zeile gelöscht : user_pref("CT2304157.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Zeile gelöscht : user_pref("CT2304157.Initialize", true);
Zeile gelöscht : user_pref("CT2304157.InitializeCommonPrefs", true);
Zeile gelöscht : user_pref("CT2304157.InstalledDate", "Mon Mar 22 2010 21:20:45 GMT+0100");
Zeile gelöscht : user_pref("CT2304157.IsGrouping", false);
Zeile gelöscht : user_pref("CT2304157.IsMulticommunity", false);
Zeile gelöscht : user_pref("CT2304157.IsOpenThankYouPage", true);
Zeile gelöscht : user_pref("CT2304157.IsOpenUninstallPage", true);
Zeile gelöscht : user_pref("CT2304157.LanguagePackLastCheckTime", "Mon Mar 22 2010 21:20:45 GMT+0100");
Zeile gelöscht : user_pref("CT2304157.LanguagePackReloadIntervalMM", 1440);
Zeile gelöscht : user_pref("CT2304157.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
Zeile gelöscht : user_pref("CT2304157.LastLogin_2.5.8.6", "Mon Mar 22 2010 21:20:51 GMT+0100");
Zeile gelöscht : user_pref("CT2304157.LatestVersion", "2.1.0.18");
Zeile gelöscht : user_pref("CT2304157.Locale", "en");
Zeile gelöscht : user_pref("CT2304157.LoginCache", 4);
Zeile gelöscht : user_pref("CT2304157.MCDetectTooltipHeight", "83");
Zeile gelöscht : user_pref("CT2304157.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Zeile gelöscht : user_pref("CT2304157.MCDetectTooltipWidth", "295");
Zeile gelöscht : user_pref("CT2304157.SHRINK_TOOLBAR", 1);
Zeile gelöscht : user_pref("CT2304157.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TERM&ctid=CT2304157&octid=EB_ORIGINAL_CTID");
Zeile gelöscht : user_pref("CT2304157.SearchFromAddressBarIsInit", true);
Zeile gelöscht : user_pref("CT2304157.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2304157&q=");
Zeile gelöscht : user_pref("CT2304157.SearchInNewTabEnabled", true);
Zeile gelöscht : user_pref("CT2304157.SearchInNewTabIntervalMM", 1440);
Zeile gelöscht : user_pref("CT2304157.SearchInNewTabLastCheckTime", "Mon Mar 22 2010 21:20:51 GMT+0100");
Zeile gelöscht : user_pref("CT2304157.SearchInNewTabServiceUrl", "hxxp://hosting.conduit-services.com/newtab/?ctid=EB_TOOLBAR_ID");
Zeile gelöscht : user_pref("CT2304157.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID");
Zeile gelöscht : user_pref("CT2304157.SettingsCheckIntervalMin", 120);
Zeile gelöscht : user_pref("CT2304157.SettingsLastCheckTime", "Mon Mar 22 2010 21:20:42 GMT+0100");
Zeile gelöscht : user_pref("CT2304157.SettingsLastUpdate", "1269028500");
Zeile gelöscht : user_pref("CT2304157.ThirdPartyComponentsInterval", 504);
Zeile gelöscht : user_pref("CT2304157.ThirdPartyComponentsLastCheck", "Mon Mar 22 2010 21:20:42 GMT+0100");
Zeile gelöscht : user_pref("CT2304157.ThirdPartyComponentsLastUpdate", "1269028500");
Zeile gelöscht : user_pref("CT2304157.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=101&sealid=112");
Zeile gelöscht : user_pref("CT2304157.UserID", "UN85896602348596514");
Zeile gelöscht : user_pref("CT2304157.ValidationData_Toolbar", 0);
Zeile gelöscht : user_pref("CT2304157.alertChannelId", "700614");
Zeile gelöscht : user_pref("CT2304157.clientLogIsEnabled", true);
Zeile gelöscht : user_pref("CT2304157.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
Zeile gelöscht : user_pref("CT2304157.myStuffEnabled", true);
Zeile gelöscht : user_pref("CT2304157.myStuffPublihserMinWidth", 400);
Zeile gelöscht : user_pref("CT2304157.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=2&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
Zeile gelöscht : user_pref("CT2304157.myStuffServiceIntervalMM", 1440);
Zeile gelöscht : user_pref("CT2304157.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
Zeile gelöscht : user_pref("CT2304157.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/DE", "\"0\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"803651ba7facb1:0\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3.2", "\"07b2625f8cb1:0\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "634356118310000000");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/2011 11:17:11 AM", "634356118310000000");
Zeile gelöscht : user_pref("CommunityToolbar.EngineOwner", "ConduitEngine");
Zeile gelöscht : user_pref("CommunityToolbar.EngineOwnerGuid", "engine@conduit.com");
Zeile gelöscht : user_pref("CommunityToolbar.EngineOwnerToolbarId", "conduitengine");
Zeile gelöscht : user_pref("CommunityToolbar.IsEngineShown", true);
Zeile gelöscht : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Zeile gelöscht : user_pref("CommunityToolbar.OriginalEngineOwner", "ConduitEngine");
Zeile gelöscht : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "engine@conduit.com");
Zeile gelöscht : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "conduitengine");
Zeile gelöscht : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13165&gct=&gc=1&q=");
Zeile gelöscht : user_pref("CommunityToolbar.ToolbarsList", "CT2304157,CT2269050,ConduitEngine");
Zeile gelöscht : user_pref("CommunityToolbar.ToolbarsList2", "CT2304157,CT2269050");
Zeile gelöscht : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Mon May 30 2011 22:05:41 GMT+0200");
Zeile gelöscht : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Zeile gelöscht : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Sun Jun 19 2011 22:17:22 GMT+0200");
Zeile gelöscht : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Zeile gelöscht : user_pref("CommunityToolbar.alert.locale", "en");
Zeile gelöscht : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Zeile gelöscht : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Tue Jun 21 2011 23:07:19 GMT+0200");
Zeile gelöscht : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
Zeile gelöscht : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Zeile gelöscht : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Zeile gelöscht : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Zeile gelöscht : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Zeile gelöscht : user_pref("CommunityToolbar.alert.userId", "b421264a-60e2-4aea-b7dc-22717649e56e");
Zeile gelöscht : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Wed Apr 14 2010 22:53:39 GMT+0200");
Zeile gelöscht : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Zeile gelöscht : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Zeile gelöscht : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2269050");
Zeile gelöscht : user_pref("CommunityToolbar.twitter.user_21817319.LastCheckTime", "Mon Mar 22 2010 21:20:44 GMT+0100");
Zeile gelöscht : user_pref("ConduitEngine.AppTrackingLastCheckTime", "Wed May 25 2011 13:54:16 GMT+0200");
Zeile gelöscht : user_pref("ConduitEngine.CTID", "ConduitEngine");
Zeile gelöscht : user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Sun Jun 19 2011 03:41:00 GMT+0200");
Zeile gelöscht : user_pref("ConduitEngine.FirstServerDate", "05/08/2011 15");
Zeile gelöscht : user_pref("ConduitEngine.FirstTime", true);
Zeile gelöscht : user_pref("ConduitEngine.FirstTimeFF3", true);
Zeile gelöscht : user_pref("ConduitEngine.HasUserGlobalKeys", true);
Zeile gelöscht : user_pref("ConduitEngine.Initialize", true);
Zeile gelöscht : user_pref("ConduitEngine.InitializeCommonPrefs", true);
Zeile gelöscht : user_pref("ConduitEngine.InstalledDate", "Sun May 08 2011 14:28:02 GMT+0200");
Zeile gelöscht : user_pref("ConduitEngine.IsMulticommunity", false);
Zeile gelöscht : user_pref("ConduitEngine.IsOpenThankYouPage", false);
Zeile gelöscht : user_pref("ConduitEngine.IsOpenUninstallPage", true);
Zeile gelöscht : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Tue Jun 21 2011 23:07:20 GMT+0200");
Zeile gelöscht : user_pref("ConduitEngine.LastLogin_3.3.3.2", "Tue Jun 21 2011 20:29:09 GMT+0200");
Zeile gelöscht : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
Zeile gelöscht : user_pref("ConduitEngine.SettingsLastCheckTime", "Tue Jun 21 2011 20:29:09 GMT+0200");
Zeile gelöscht : user_pref("ConduitEngine.UserID", "UN18964841195246358");
Zeile gelöscht : user_pref("ConduitEngine.approveUntrustedApps", true);
Zeile gelöscht : user_pref("ConduitEngine.componentAlertEnabled", false);
Zeile gelöscht : user_pref("ConduitEngine.engineLocale", "de");
Zeile gelöscht : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Tue Jun 21 2011 23:07:20 GMT+0200");
Zeile gelöscht : user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Tue Jun 21 2011 20:29:09 GMT+0200");
Zeile gelöscht : user_pref("ConduitEngine.initDone", true);
Zeile gelöscht : user_pref("ConduitEngine.isAppTrackingManagerOn", true);
Zeile gelöscht : user_pref("ConduitEngine.isDetectionEnabled", false);
Zeile gelöscht : user_pref("ConduitEngine.usageEnabled", false);
Zeile gelöscht : user_pref("ConduitEngine.usagesFlag", 2);
Zeile gelöscht : user_pref("browser.search.defaultengine", "Web Search");
Zeile gelöscht : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}");
Zeile gelöscht : user_pref("browser.search.order.1", "Web Search");
Zeile gelöscht : user_pref("extensions.snipit.askTbInstalled", true);
Zeile gelöscht : user_pref("extensions.snipit.chromeURL", "hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13165&gct=&gc=1&q={searchTerms}&crm=1");
Zeile gelöscht : user_pref("icqtoolbar.allowSendURL", false);
Zeile gelöscht : user_pref("icqtoolbar.engineVerified", false);
Zeile gelöscht : user_pref("icqtoolbar.geolastmodified", 1318190408);
Zeile gelöscht : user_pref("icqtoolbar.hiddenElements", "itb_options");
Zeile gelöscht : user_pref("icqtoolbar.history", "us%20data%20toolbar%20yahoo%20epa||google||gauweiler||Ring%20of%20death%20reparieren%20xbox||innere%20organe%20bauch||innere%20organe%20bauch%20mann||severus%20snape||[...]
Zeile gelöscht : user_pref("icqtoolbar.hpChange", true);
Zeile gelöscht : user_pref("icqtoolbar.icqgeo", 49);
Zeile gelöscht : user_pref("icqtoolbar.installTime", "1317160002");
Zeile gelöscht : user_pref("icqtoolbar.installsource", "1");
Zeile gelöscht : user_pref("icqtoolbar.newtab_state", "0");
Zeile gelöscht : user_pref("icqtoolbar.numberOfSearches", 0);
Zeile gelöscht : user_pref("icqtoolbar.previousFFVersion", "7.0.1");
Zeile gelöscht : user_pref("icqtoolbar.skip_default_search", "no");
Zeile gelöscht : user_pref("icqtoolbar.suggestions", false);
Zeile gelöscht : user_pref("icqtoolbar.uniqueID", "128820948912882092891288290177580");
Zeile gelöscht : user_pref("icqtoolbar.usageStatstTimestamp", 1318538977);
Zeile gelöscht : user_pref("icqtoolbar.userHpApproved", true);
Zeile gelöscht : user_pref("icqtoolbar.version", "1.3.3");
Zeile gelöscht : user_pref("icqtoolbar.voucherHideClicks", 0);
Zeile gelöscht : user_pref("icqtoolbar.voucherMoreLinkClicks", 0);
Zeile gelöscht : user_pref("icqtoolbar.voucherRedeemClicks", 0);
Zeile gelöscht : user_pref("icqtoolbar.voucherWasShown", 0);
Zeile gelöscht : user_pref("icqtoolbar.xmlEnableHomePageDsGuard", true);
Zeile gelöscht : user_pref("icqtoolbar.xmlEnableSuggestions", false);
Zeile gelöscht : user_pref("icqtoolbar.xmlLanguage", "de");
Zeile gelöscht : user_pref("startup.homepage_override_url", "hxxp://www.ask.com/?o=13166&l=dis");

-\\ Google Chrome v35.0.1916.114

[ Datei : C:\Users\jules\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gelöscht [Search Provider] : hxxp://startsear.ch/?aff=1&src=sp&cf=645eb223-f9c2-11e0-b59a-001d72ee86ae&q={searchTerms}
Gelöscht [Extension] : kpionmjnkbpcdpcflammlgllecmejgjj

*************************

AdwCleaner[R0].txt - [28221 octets] - [28/05/2014 16:14:35]
AdwCleaner[S0].txt - [27894 octets] - [28/05/2014 16:16:10]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [27955 octets] ##########
JRT.TXT
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Windows Vista (TM) Home Premium x86
Ran by jules on 28.05.2014 at 16:33:56,64
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Windows\system32\ai_recyclebin"



~~~ FireFox

Emptied folder: C:\Users\jules\AppData\Roaming\mozilla\firefox\profiles\l92ad71y.default\minidumps [153 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 28.05.2014 at 16:38:05,10
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST.TXT

Code:
can result of Farbar Recovery Scan Tool (FRST) (x86) Version:25-05-2014 02
Ran by jules (administrator) on JULES-PC on 28-05-2014 16:42:03
Running from C:\Users\jules\Desktop\LogTrojanerBoard
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 7
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(NewTech Infosystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
() C:\Windows\PLFSetI.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(McAfee, Inc.) C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
() C:\Acer\Mobility Center\MobilityService.exe
(NewTech InfoSystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
() C:\Windows\System32\PnkBstrA.exe
() C:\Program Files\Cyberlink\Shared files\RichVideo.exe
(Realtek Semiconductor Corp.) C:\Users\jules\AppData\Local\temp\RtkBtMnt.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Dritek System Inc.) C:\Program Files\Launch Manager\LManager.exe
(Google) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
(Geek Software GmbH) C:\Program Files\PDF24\pdf24.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(OLYMPUS IMAGING CORP.) C:\Program Files\Olympus\ib\olycamdetect.exe
(Akamai Technologies, Inc.) C:\Users\jules\AppData\Local\Akamai\netsession_win.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Dropbox, Inc.) C:\Users\jules\AppData\Roaming\Dropbox\bin\Dropbox.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Akamai Technologies, Inc.) C:\Users\jules\AppData\Local\Akamai\netsession_win.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1049896 2008-04-25] (Synaptics, Inc.)
HKLM\...\Run: [BkupTray] => C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe [28672 2008-04-25] ()
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [6294048 2008-09-19] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1833504 2008-09-19] (Realtek Semiconductor Corp.)
HKLM\...\Run: [PLFSetI] => C:\Windows\PLFSetI.exe [200704 2007-10-23] ()
HKLM\...\Run: [LManager] => C:\Program Files\Launch Manager\LManager.exe [858632 2008-12-17] (Dritek System Inc.)
HKLM\...\Run: [Google Desktop Search] => C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-08-13] (Google)
HKLM\...\Run: [NeroFilterCheck] => C:\Windows\system32\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
HKLM\...\Run: [Launch LCDMon] => C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe [1687824 2007-07-18] (Logitech Inc.)
HKLM\...\Run: [Launch LGDCore] => C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe [2094352 2007-07-18] (Logitech Inc.)
HKLM\...\Run: [MDS_Menu] => C:\Program Files\Olympus\ib\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM\...\Run: [DivXUpdate] => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1230704 2011-03-21] ()
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [248552 2010-05-14] (Sun Microsystems, Inc.)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [PDFPrint] => C:\Program Files\PDF24\pdf24.exe [186408 2013-12-12] (Geek Software GmbH)
HKLM\...\Run: [Aeria Ignite] => C:\Program Files\Aeria Games\Ignite\aeriaignite.exe [1925656 2013-06-06] (Aeria Games & Entertainment)
HKU\S-1-5-21-1746654511-3761473265-4038029783-1000\...\Run: [ProductReg] => C:\Program Files\Acer\WR_PopUp\ProductReg.exe [135168 2008-11-17] (Acer)
HKU\S-1-5-21-1746654511-3761473265-4038029783-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [68856 2009-06-16] (Google Inc.)
HKU\S-1-5-21-1746654511-3761473265-4038029783-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-1746654511-3761473265-4038029783-1000\...\Run: [Steam] => C:\Program Files\Steam\steam.exe [1775808 2014-05-21] (Valve Corporation)
HKU\S-1-5-21-1746654511-3761473265-4038029783-1000\...\Run: [Olympus ib] => C:\Program Files\Olympus\ib\olycamdetect.exe [93376 2009-12-10] (OLYMPUS IMAGING CORP.)
HKU\S-1-5-21-1746654511-3761473265-4038029783-1000\...\Run: [Akamai NetSession Interface] => C:\Users\jules\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-1746654511-3761473265-4038029783-1000\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [22415552 2014-04-25] (Google)
HKU\S-1-5-21-1746654511-3761473265-4038029783-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-1746654511-3761473265-4038029783-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-1746654511-3761473265-4038029783-1001\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-1746654511-3761473265-4038029783-1001\...\Run: [ProductReg] => C:\Program Files\Acer\WR_PopUp\ProductReg.exe [135168 2008-11-17] (Acer)
HKU\S-1-5-21-1746654511-3761473265-4038029783-1001\...\RunOnce: [AcerScrSav] - C:\Windows\Acer\run_NB.exe [24576 2007-08-21] ()
AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll => C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll [123392 2010-08-13] (Google)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk
ShortcutTarget: VPN Client.lnk -> C:\Windows\Installer\{1CE60928-8325-49A8-8B06-633E48DD2B67}\Icon3E5562ED7.ico ()
Startup: C:\Users\jules\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\jules\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\jules\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
ShortcutTarget: OpenOffice.org 3.2.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
URLSearchHook: HKLM - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
URLSearchHook: HKCU - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
URLSearchHook: HKCU - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {3055BE9B-C574-4C23-9D32-16D177511334} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKCU - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?}
SearchScopes: HKCU - {3055BE9B-C574-4C23-9D32-16D177511334} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE332
BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
BHO: DivX HiQ - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: No Name - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} -  No File
BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 80.69.103.78 80.69.102.158

FireFox:
========
FF ProfilePath: C:\Users\jules\AppData\Roaming\Mozilla\Firefox\Profiles\l92ad71y.default
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @mcafee.com/SAFFPlugin - C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\jules\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\jules\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\jules\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\jules\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\jules\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\jules\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Users\jules\AppData\Roaming\Mozilla\Firefox\Profiles\l92ad71y.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\jules\AppData\Roaming\Mozilla\Firefox\Profiles\l92ad71y.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\jules\AppData\Roaming\Mozilla\Firefox\Profiles\l92ad71y.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\jules\AppData\Roaming\Mozilla\Firefox\Profiles\l92ad71y.default\searchplugins\searchplugins-backup
FF SearchPlugin: C:\Users\jules\AppData\Roaming\Mozilla\Firefox\Profiles\l92ad71y.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Adblock Plus - C:\Users\jules\AppData\Roaming\Mozilla\Firefox\Profiles\l92ad71y.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-05-03]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-05-11]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011-05-16]
FF HKLM\...\Firefox\Extensions: [{6904342A-8307-11DF-A508-4AE2DFD72085}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa
FF Extension: DivX HiQ - C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011-05-16]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files\McAfee\SiteAdvisor [2009-06-17]

Chrome:
=======
CHR HomePage: hxxp://www.google.de/
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\33.0.1750.117\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.220.4) - C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (DivX Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\33.0.1750.117\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\33.0.1750.117\pdf.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Users\jules\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.1_0\McChPlg.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
CHR Plugin: (Skype Toolbars) - C:\Users\jules\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8312_0\npSkypeChromePlugin.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (Google Drive) - C:\Users\jules\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-01]
CHR Extension: (SiteAdvisor) - C:\Users\jules\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2011-05-16]
CHR Extension: (DivX HiQ) - C:\Users\jules\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae [2011-05-16]
CHR Extension: (No Name) - C:\Users\jules\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj [2011-11-30]
CHR Extension: (Skype Click to Call) - C:\Users\jules\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2011-10-13]
CHR Extension: (Google Wallet) - C:\Users\jules\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-14]
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\jules\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2011-05-16]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files\McAfee\SiteAdvisor\McChPlg.crx [2010-06-22]
CHR HKLM\...\Chrome\Extension: [fnjbmmemklcjgepojigaapkoodmkgbae] - C:\Program Files\DivX\DivX Plus Web Player\google_chrome\wpa\wpa.crx [2011-02-08]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-01-17]
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\google_chrome\html5video\html5video.crx [2011-02-08]
CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\jules\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-01-29]

========================== Services (Whitelisted) =================

S3 BEService; C:\Program Files\Common Files\BattlEye\BEService.exe [49152 2013-05-26] ()
R2 CVPND; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1528616 2010-09-27] (Cisco Systems, Inc.)
S3 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-08-13] (Google)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [95200 2012-01-13] (McAfee, Inc.)
R2 MobilityService; C:\Acer\Mobility Center\MobilityService.exe [110592 2007-12-06] ()
S3 npggsvc; C:\Windows\system32\GameMon.des [3953632 2012-03-05] (INCA Internet Co., Ltd.)
R2 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [131072 2008-04-25] ()
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [75136 2011-03-30] ()
R2 RichVideo; c:\Program Files\Cyberlink\Shared files\RichVideo.exe [272024 2007-01-09] ()

==================== Drivers (Whitelisted) ====================

R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [281760 2010-01-16] ()
S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
R2 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [308859 2010-09-27] (Cisco Systems, Inc.)
R3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [131984 2008-11-16] (Deterministic Networks, Inc.)
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
R3 hidshim; C:\Windows\System32\DRIVERS\hidshim.sys [5632 2008-10-08] (Windows (R) Codename Longhorn DDK provider)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25888 2010-01-16] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-05-28] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation)
R3 nuvotonhidgeneric; C:\Windows\System32\DRIVERS\nuvotonhidgeneric.sys [22528 2008-10-08] (Nuvoton Technology Corporation)
S3 OlyCamComm; C:\Windows\System32\DRIVERS\OlyCamComm.sys [21648 2009-09-14] (OLYMPUS IMAGING CORP.)
S3 spc999; C:\Windows\System32\drivers\spc999.sys [487936 2009-12-14] (                                                            )
S3 spc999m; C:\Windows\System32\drivers\spc999m.sys [7680 2009-12-14] (                                                            )
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2010-05-23] (Duplex Secure Ltd.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 FairplayKD; \??\C:\ProgramData\MTA San Andreas All\Common\temp\FairplayKD.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 vtany; \??\C:\Windows\vtany.sys [X]
S3 WisINT15; \??\C:\Elements\1stboot\WisINT15.SYS [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-28 16:38 - 2014-05-28 16:38 - 00001153 _____ () C:\Users\jules\Desktop\JRT.txt
2014-05-28 16:28 - 2014-05-28 16:28 - 01016261 _____ (Thisisu) C:\Users\jules\Desktop\JRT.exe
2014-05-28 16:28 - 2014-05-28 16:28 - 00000000 ____D () C:\Windows\ERUNT
2014-05-28 16:22 - 2014-05-28 16:22 - 00028036 _____ () C:\Users\jules\Desktop\AdwCleaner[S0].txt
2014-05-28 16:14 - 2014-05-28 16:16 - 00000000 ___DC () C:\AdwCleaner
2014-05-28 16:14 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-05-28 16:13 - 2014-05-28 16:13 - 01327971 _____ () C:\Users\jules\Desktop\adwcleaner_3.211.exe
2014-05-28 16:12 - 2014-05-28 16:12 - 00002496 _____ () C:\Users\jules\Desktop\mbam.txt
2014-05-28 15:56 - 2014-05-28 16:32 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-28 15:56 - 2014-05-28 15:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-28 15:56 - 2014-05-28 15:56 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-05-28 15:56 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-28 15:56 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-28 15:55 - 2014-05-28 15:55 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\jules\Desktop\mbam-setup-2.0.2.1012.exe
2014-05-27 14:11 - 2014-05-28 16:42 - 00000000 ____D () C:\Users\jules\Desktop\LogTrojanerBoard
2014-05-27 10:17 - 2014-05-27 10:17 - 00016771 ____C () C:\ComboFix.txt
2014-05-27 09:49 - 2014-05-27 10:17 - 00000000 ___DC () C:\ComboFix
2014-05-27 09:49 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-05-27 09:49 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-05-27 09:49 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-05-27 09:49 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-05-27 09:49 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-05-27 09:49 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-05-27 09:49 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-05-27 09:49 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-05-27 09:48 - 2014-05-27 10:17 - 00000000 ___DC () C:\Qoobox
2014-05-27 09:48 - 2014-05-27 10:14 - 00000000 ____D () C:\Windows\erdnt
2014-05-27 09:30 - 2014-05-27 09:30 - 00000000 _____ () C:\Users\jules\Desktop\ANTWORT.txt
2014-05-27 09:26 - 2014-05-27 09:26 - 05203612 ____R (Swearware) C:\Users\jules\Desktop\ComboFix.exe
2014-05-27 09:21 - 2014-05-27 09:21 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-05-27 00:12 - 2014-05-28 16:42 - 00000000 ___DC () C:\FRST
2014-05-27 00:02 - 2014-05-27 00:02 - 00000020 _____ () C:\Users\jules\defogger_reenable
2014-05-26 23:22 - 2014-05-26 23:22 - 00166520 _____ () C:\Windows\Minidump\Mini052614-02.dmp
2014-05-26 22:44 - 2014-05-26 22:44 - 00166520 _____ () C:\Windows\Minidump\Mini052614-01.dmp
2014-05-26 16:43 - 2014-05-26 16:46 - 00000000 ____D () C:\Users\jules\Documents\BIS Core Engine
2014-05-21 20:19 - 2014-05-21 20:19 - 00000285 _____ () C:\Users\jules\Desktop\makrofaebookkack.txt
2014-05-15 14:01 - 2014-05-15 14:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\bwin Poker
2014-05-15 01:36 - 2014-05-15 01:36 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-05-14 22:54 - 2014-05-07 02:26 - 03627520 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-14 22:54 - 2014-05-07 02:26 - 00480256 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-14 22:54 - 2014-05-07 00:58 - 01383424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-14 22:54 - 2014-03-25 15:26 - 11587584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-11 22:01 - 2014-05-11 22:02 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-05-07 21:37 - 2014-05-07 21:37 - 00001006 _____ () C:\Users\Public\Desktop\R i386 3.1.0.lnk
2014-05-07 11:12 - 2014-05-08 10:17 - 00001246 _____ () C:\Users\jules\Desktop\KurseWarschaumadness.txt
2014-05-07 09:03 - 2014-05-28 16:35 - 00000000 ____D () C:\Users\jules\AppData\Roaming\DropboxMaster
2014-05-06 15:52 - 2014-05-07 22:18 - 00000000 ____D () C:\Users\jules\Desktop\KurseInWarsaw
2014-04-29 20:37 - 2014-05-28 15:54 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1746654511-3761473265-4038029783-1000UA.job
2014-04-29 20:37 - 2014-05-28 15:54 - 00001068 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1746654511-3761473265-4038029783-1000Core.job

==================== One Month Modified Files and Folders =======

2014-05-28 16:42 - 2014-05-27 14:11 - 00000000 ____D () C:\Users\jules\Desktop\LogTrojanerBoard
2014-05-28 16:42 - 2014-05-27 00:12 - 00000000 ___DC () C:\FRST
2014-05-28 16:38 - 2014-05-28 16:38 - 00001153 _____ () C:\Users\jules\Desktop\JRT.txt
2014-05-28 16:38 - 2009-12-14 21:56 - 00000000 ____D () C:\Program Files\Steam
2014-05-28 16:35 - 2014-05-07 09:03 - 00000000 ____D () C:\Users\jules\AppData\Roaming\DropboxMaster
2014-05-28 16:35 - 2013-06-23 21:57 - 00000000 ___RD () C:\Users\jules\Dropbox
2014-05-28 16:35 - 2013-06-23 21:52 - 00000000 ____D () C:\Users\jules\AppData\Roaming\Dropbox
2014-05-28 16:35 - 2012-10-17 10:16 - 00299617 _____ () C:\Windows\AutoKMS.log
2014-05-28 16:35 - 2009-12-05 17:31 - 00000000 ____D () C:\Users\jules\AppData\Roaming\Skype
2014-05-28 16:35 - 2009-01-19 22:35 - 01334806 _____ () C:\Windows\WindowsUpdate.log
2014-05-28 16:34 - 2014-01-29 12:28 - 00000000 ___RD () C:\Users\jules\Google Drive
2014-05-28 16:32 - 2014-05-28 15:56 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-28 16:30 - 2010-04-01 11:41 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-28 16:30 - 2008-11-20 05:53 - 00000147 _____ () C:\Windows\system32\agent.log
2014-05-28 16:30 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-28 16:30 - 2006-11-02 14:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-28 16:30 - 2006-11-02 14:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-28 16:29 - 2006-11-02 15:01 - 00032530 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-28 16:28 - 2014-05-28 16:28 - 01016261 _____ (Thisisu) C:\Users\jules\Desktop\JRT.exe
2014-05-28 16:28 - 2014-05-28 16:28 - 00000000 ____D () C:\Windows\ERUNT
2014-05-28 16:22 - 2014-05-28 16:22 - 00028036 _____ () C:\Users\jules\Desktop\AdwCleaner[S0].txt
2014-05-28 16:18 - 2008-01-21 04:47 - 03423216 _____ () C:\Windows\PFRO.log
2014-05-28 16:16 - 2014-05-28 16:14 - 00000000 ___DC () C:\AdwCleaner
2014-05-28 16:16 - 2009-06-24 20:25 - 00000000 ____D () C:\Program Files\Common Files\DVDVideoSoft
2014-05-28 16:13 - 2014-05-28 16:13 - 01327971 _____ () C:\Users\jules\Desktop\adwcleaner_3.211.exe
2014-05-28 16:12 - 2014-05-28 16:12 - 00002496 _____ () C:\Users\jules\Desktop\mbam.txt
2014-05-28 16:08 - 2012-09-02 11:54 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-28 15:56 - 2014-05-28 15:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-28 15:56 - 2014-05-28 15:56 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-05-28 15:56 - 2013-05-13 21:35 - 00000903 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-28 15:56 - 2012-05-03 15:36 - 00000000 ____D () C:\Users\jules\AppData\Roaming\Malwarebytes
2014-05-28 15:56 - 2012-05-03 15:35 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-28 15:55 - 2014-05-28 15:55 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\jules\Desktop\mbam-setup-2.0.2.1012.exe
2014-05-28 15:54 - 2014-04-29 20:37 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1746654511-3761473265-4038029783-1000UA.job
2014-05-28 15:54 - 2014-04-29 20:37 - 00001068 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1746654511-3761473265-4038029783-1000Core.job
2014-05-28 15:53 - 2010-04-01 11:41 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-27 21:00 - 2012-08-14 14:48 - 00000000 ____D () C:\Users\jules\AppData\Local\ArmA 2 OA
2014-05-27 10:17 - 2014-05-27 10:17 - 00016771 ____C () C:\ComboFix.txt
2014-05-27 10:17 - 2014-05-27 09:49 - 00000000 ___DC () C:\ComboFix
2014-05-27 10:17 - 2014-05-27 09:48 - 00000000 ___DC () C:\Qoobox
2014-05-27 10:17 - 2006-11-02 13:18 - 00000000 __RHD () C:\Users\Default
2014-05-27 10:17 - 2006-11-02 13:18 - 00000000 ___RD () C:\Users\Public
2014-05-27 10:14 - 2014-05-27 09:48 - 00000000 ____D () C:\Windows\erdnt
2014-05-27 10:08 - 2006-11-02 12:23 - 00000215 ____C () C:\Windows\system.ini
2014-05-27 09:30 - 2014-05-27 09:30 - 00000000 _____ () C:\Users\jules\Desktop\ANTWORT.txt
2014-05-27 09:26 - 2014-05-27 09:26 - 05203612 ____R (Swearware) C:\Users\jules\Desktop\ComboFix.exe
2014-05-27 09:21 - 2014-05-27 09:21 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-05-27 09:17 - 2010-04-05 17:25 - 00000000 ____D () C:\Users\jules\Tracing
2014-05-27 00:02 - 2014-05-27 00:02 - 00000020 _____ () C:\Users\jules\defogger_reenable
2014-05-27 00:02 - 2009-06-16 17:03 - 00000000 ____D () C:\Users\jules
2014-05-26 23:26 - 2009-12-14 21:56 - 00000000 ____D () C:\Program Files\Common Files\Steam
2014-05-26 23:22 - 2014-05-26 23:22 - 00166520 _____ () C:\Windows\Minidump\Mini052614-02.dmp
2014-05-26 23:22 - 2012-04-27 21:45 - 318719702 _____ () C:\Windows\MEMORY.DMP
2014-05-26 23:22 - 2012-04-27 21:45 - 00000000 ____D () C:\Windows\Minidump
2014-05-26 22:44 - 2014-05-26 22:44 - 00166520 _____ () C:\Windows\Minidump\Mini052614-01.dmp
2014-05-26 20:54 - 2009-06-16 17:04 - 00000000 ____D () C:\Users\jules\AppData\Local\Google
2014-05-26 20:07 - 2011-05-17 13:26 - 00000474 ____H () C:\Windows\Tasks\Norton Security Scan for jules.job
2014-05-26 16:46 - 2014-05-26 16:43 - 00000000 ____D () C:\Users\jules\Documents\BIS Core Engine
2014-05-23 09:03 - 2013-06-23 21:57 - 00000923 _____ () C:\Users\jules\Desktop\Dropbox.lnk
2014-05-23 09:03 - 2013-06-23 21:55 - 00000000 ____D () C:\Users\jules\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-05-22 00:10 - 2013-11-03 22:57 - 00000000 ____D () C:\Users\jules\Desktop\Makro
2014-05-21 20:54 - 2009-06-16 18:23 - 00000000 ____D () C:\Users\jules\AppData\Roaming\Mozilla
2014-05-21 20:19 - 2014-05-21 20:19 - 00000285 _____ () C:\Users\jules\Desktop\makrofaebookkack.txt
2014-05-21 15:54 - 2010-04-01 16:53 - 00001967 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-05-15 14:01 - 2014-05-15 14:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\bwin Poker
2014-05-15 14:01 - 2014-02-13 20:38 - 00001431 _____ () C:\Users\jules\Desktop\bwin Poker.lnk
2014-05-15 14:01 - 2013-03-18 02:57 - 00001437 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\bwin Poker.lnk
2014-05-15 14:01 - 2006-11-02 14:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-05-15 09:39 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-05-15 09:38 - 2012-10-11 19:06 - 00002425 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-05-15 01:39 - 2008-11-20 05:57 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-15 01:36 - 2014-05-15 01:36 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-05-15 01:35 - 2013-08-16 19:09 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-15 01:32 - 2006-11-02 12:24 - 90547776 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-05-13 22:09 - 2012-09-02 11:54 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-05-13 22:09 - 2011-07-10 20:28 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-05-12 14:41 - 2006-11-02 12:33 - 01567488 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-12 09:02 - 2012-05-03 15:09 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-05-12 07:26 - 2014-05-28 15:56 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-05-28 15:56 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:25 - 2012-05-03 15:35 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-11 22:35 - 2014-01-06 02:12 - 00000139 _____ () C:\Users\jules\Desktop\xxxxxxxxxxxx.txt
2014-05-11 22:02 - 2014-05-11 22:01 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-05-08 15:54 - 2014-01-29 12:20 - 00001911 _____ () C:\Users\Public\Desktop\Google Slides.lnk
2014-05-08 15:54 - 2014-01-29 12:20 - 00001909 _____ () C:\Users\Public\Desktop\Google Sheets.lnk
2014-05-08 15:54 - 2014-01-29 12:20 - 00001899 _____ () C:\Users\Public\Desktop\Google Docs.lnk
2014-05-08 15:54 - 2014-01-29 12:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-05-08 10:17 - 2014-05-07 11:12 - 00001246 _____ () C:\Users\jules\Desktop\KurseWarschaumadness.txt
2014-05-07 22:18 - 2014-05-06 15:52 - 00000000 ____D () C:\Users\jules\Desktop\KurseInWarsaw
2014-05-07 22:14 - 2013-10-21 16:22 - 00000000 ____D () C:\Users\jules\Desktop\Semester3
2014-05-07 21:37 - 2014-05-07 21:37 - 00001006 _____ () C:\Users\Public\Desktop\R i386 3.1.0.lnk
2014-05-07 21:37 - 2012-10-11 18:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R
2014-05-07 21:36 - 2012-10-11 18:14 - 00000000 ____D () C:\Program Files\R
2014-05-07 10:40 - 2014-01-08 23:41 - 00000000 ____D () C:\Users\jules\Desktop\Ausland
2014-05-07 02:26 - 2014-05-14 22:54 - 03627520 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-07 02:26 - 2014-05-14 22:54 - 00480256 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-07 00:58 - 2014-05-14 22:54 - 01383424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-05 00:47 - 2012-10-22 17:45 - 00000000 ____D () C:\ProgramData\CanonIJPLM

Some content of TEMP:
====================
C:\Users\jules\AppData\Local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpfqpci1.dll
C:\Users\jules\AppData\Local\temp\Quarantine.exe
C:\Users\jules\AppData\Local\temp\RtkBtMnt.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-28 16:38

==================== End Of Log ============================
Viele Grüße

schrauber 29.05.2014 14:03

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

Dirknash 30.05.2014 11:31
Hi, ESET hatte irgendwas von wg. Trojaner erkannt :killpc:

ESET-LOG

Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7587
# api_version=3.0.2
# EOSSerial=95fc1a4b78b03748a30e8e2f29fa0f37
# engine=18459
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-05-29 04:06:49
# local_time=2014-05-29 06:06:49 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode_1=''
# compatibility_mode=5892 16776574 100 100 241600 238912337 0 0
# scanned=279233
# found=9
# cleaned=0
# scan_time=9464
sh=359D977D432E4F90FE627B2717144AE873990AC4 ft=1 fh=63c7b0ee3e7f229d vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Common Files\DVDVideoSoft\TB\DVDVideoSoftTB.exe.vir"
sh=052529D1B57123707DE6304CA2A2E8832E80A1F1 ft=1 fh=487ceb503c81f5f9 vn="Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Conduit\Community Alerts\Alert.dll.vir"
sh=F5558D33A5DD8FCAB61F344533F3F65D5CD0837B ft=0 fh=0000000000000000 vn="Variante von Java/Exploit.CVE-2010-4452.H Trojaner" ac=I fn="C:\Users\jules\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\474b614f-2e81538c"
sh=07BB1098F396F3480833058F4F239FDD22C40B9D ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\jules\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\c669a2-1c9385ea"
sh=C367B50CB872A96316F167DD55B5627E78C97AC0 ft=1 fh=8a8ff7b623857879 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\jules\Desktop\Downloads\FreeYouTubeDownload.exe"
sh=08C151559835CDAB069358F372B3831CE0E1715C ft=1 fh=8a8ff7b6cc3c47ac vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\jules\Desktop\Downloads\FreeYouTubeToMp3Converter(2).exe"
sh=FAA14E2370421961A27460898197906EFFE1C9DF ft=1 fh=03032ff1abb9982e vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\jules\Desktop\Downloads\FreeYouTubeToMp3Converter(3).exe"
sh=AAECCD22EB069876E1327A866806FCBAB8095A03 ft=1 fh=398a74cde4667e3b vn="Win32/Toolbar.Conduit.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\jules\Desktop\Downloads\FreeYouTubeToMp3Converter68.exe"
sh=5DE4084222A4AF0D57FF89E0A8F32D7654EEA9F5 ft=1 fh=20b3f2bda540ff2c vn="Win32/TopMedia.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\jules\Desktop\Downloads\vshare-plugin.exe"
sec-check

Code:
Results of screen317's Security Check version 0.99.83 
 Windows Vista Service Pack 2 x86 (UAC is enabled) 
 Internet Explorer 7 Out of date!
``````````````Antivirus/Firewall Check:``````````````
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Java(TM) 6 Update 22 
 Java version out of Date!
 Adobe Flash Player        13.0.0.214 
 Adobe Reader 9 Adobe Reader out of Date!
 Adobe Reader 10.1.10 Adobe Reader out of Date! 
 Mozilla Firefox (29.0.1)
 Google Chrome 34.0.1847.137 
 Google Chrome 35.0.1916.114 
````````Process Check: objlist.exe by Laurent```````` 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````
FRST


FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:25-05-2014 02
Ran by jules (administrator) on JULES-PC on 29-05-2014 18:20:26
Running from C:\Users\jules\Desktop\LogTrojanerBoard
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 7
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(NewTech Infosystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
(McAfee, Inc.) C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
() C:\Acer\Mobility Center\MobilityService.exe
(NewTech InfoSystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
() C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Windows\System32\PnkBstrA.exe
() C:\Program Files\Cyberlink\Shared files\RichVideo.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
() C:\Windows\PLFSetI.exe
(Realtek Semiconductor Corp.) C:\Users\jules\AppData\Local\temp\RtkBtMnt.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Dritek System Inc.) C:\Program Files\Launch Manager\LManager.exe
(Google) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Geek Software GmbH) C:\Program Files\PDF24\pdf24.exe
(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(OLYMPUS IMAGING CORP.) C:\Program Files\Olympus\ib\olycamdetect.exe
(Akamai Technologies, Inc.) C:\Users\jules\AppData\Local\Akamai\netsession_win.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Dropbox, Inc.) C:\Users\jules\AppData\Roaming\Dropbox\bin\Dropbox.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe
(Akamai Technologies, Inc.) C:\Users\jules\AppData\Local\Akamai\netsession_win.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1049896 2008-04-25] (Synaptics, Inc.)
HKLM\...\Run: [BkupTray] => C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe [28672 2008-04-25] ()
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [6294048 2008-09-19] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1833504 2008-09-19] (Realtek Semiconductor Corp.)
HKLM\...\Run: [PLFSetI] => C:\Windows\PLFSetI.exe [200704 2007-10-23] ()
HKLM\...\Run: [LManager] => C:\Program Files\Launch Manager\LManager.exe [858632 2008-12-17] (Dritek System Inc.)
HKLM\...\Run: [Google Desktop Search] => C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-08-13] (Google)
HKLM\...\Run: [NeroFilterCheck] => C:\Windows\system32\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
HKLM\...\Run: [Launch LCDMon] => C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe [1687824 2007-07-18] (Logitech Inc.)
HKLM\...\Run: [Launch LGDCore] => C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe [2094352 2007-07-18] (Logitech Inc.)
HKLM\...\Run: [MDS_Menu] => C:\Program Files\Olympus\ib\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM\...\Run: [DivXUpdate] => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1230704 2011-03-21] ()
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [248552 2010-05-14] (Sun Microsystems, Inc.)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [PDFPrint] => C:\Program Files\PDF24\pdf24.exe [186408 2013-12-12] (Geek Software GmbH)
HKLM\...\Run: [Aeria Ignite] => C:\Program Files\Aeria Games\Ignite\aeriaignite.exe [1925656 2013-06-06] (Aeria Games & Entertainment)
HKU\S-1-5-21-1746654511-3761473265-4038029783-1000\...\Run: [ProductReg] => C:\Program Files\Acer\WR_PopUp\ProductReg.exe [135168 2008-11-17] (Acer)
HKU\S-1-5-21-1746654511-3761473265-4038029783-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [68856 2009-06-16] (Google Inc.)
HKU\S-1-5-21-1746654511-3761473265-4038029783-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-1746654511-3761473265-4038029783-1000\...\Run: [Steam] => C:\Program Files\Steam\steam.exe [1775808 2014-05-21] (Valve Corporation)
HKU\S-1-5-21-1746654511-3761473265-4038029783-1000\...\Run: [Olympus ib] => C:\Program Files\Olympus\ib\olycamdetect.exe [93376 2009-12-10] (OLYMPUS IMAGING CORP.)
HKU\S-1-5-21-1746654511-3761473265-4038029783-1000\...\Run: [Akamai NetSession Interface] => C:\Users\jules\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-1746654511-3761473265-4038029783-1000\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [22415552 2014-04-25] (Google)
HKU\S-1-5-21-1746654511-3761473265-4038029783-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-1746654511-3761473265-4038029783-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-1746654511-3761473265-4038029783-1001\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-1746654511-3761473265-4038029783-1001\...\Run: [ProductReg] => C:\Program Files\Acer\WR_PopUp\ProductReg.exe [135168 2008-11-17] (Acer)
HKU\S-1-5-21-1746654511-3761473265-4038029783-1001\...\RunOnce: [AcerScrSav] - C:\Windows\Acer\run_NB.exe [24576 2007-08-21] ()
AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll => C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll [123392 2010-08-13] (Google)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk
ShortcutTarget: VPN Client.lnk -> C:\Windows\Installer\{1CE60928-8325-49A8-8B06-633E48DD2B67}\Icon3E5562ED7.ico ()
Startup: C:\Users\jules\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\jules\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\jules\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
ShortcutTarget: OpenOffice.org 3.2.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
URLSearchHook: HKLM - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
URLSearchHook: HKCU - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
URLSearchHook: HKCU - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {3055BE9B-C574-4C23-9D32-16D177511334} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKCU - DefaultScope {3055BE9B-C574-4C23-9D32-16D177511334} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE332
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?}
SearchScopes: HKCU - {3055BE9B-C574-4C23-9D32-16D177511334} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE332
BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
BHO: DivX HiQ - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: No Name - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} -  No File
BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 80.69.103.78 80.69.102.158

FireFox:
========
FF ProfilePath: C:\Users\jules\AppData\Roaming\Mozilla\Firefox\Profiles\l92ad71y.default
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @mcafee.com/SAFFPlugin - C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\jules\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\jules\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\jules\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\jules\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\jules\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\jules\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Users\jules\AppData\Roaming\Mozilla\Firefox\Profiles\l92ad71y.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\jules\AppData\Roaming\Mozilla\Firefox\Profiles\l92ad71y.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\jules\AppData\Roaming\Mozilla\Firefox\Profiles\l92ad71y.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\jules\AppData\Roaming\Mozilla\Firefox\Profiles\l92ad71y.default\searchplugins\searchplugins-backup
FF SearchPlugin: C:\Users\jules\AppData\Roaming\Mozilla\Firefox\Profiles\l92ad71y.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Adblock Plus - C:\Users\jules\AppData\Roaming\Mozilla\Firefox\Profiles\l92ad71y.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-05-03]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-05-11]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011-05-16]
FF HKLM\...\Firefox\Extensions: [{6904342A-8307-11DF-A508-4AE2DFD72085}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa
FF Extension: DivX HiQ - C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011-05-16]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files\McAfee\SiteAdvisor [2009-06-17]

Chrome:
=======
CHR HomePage: hxxp://www.google.de/
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\33.0.1750.117\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.220.4) - C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (DivX Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\33.0.1750.117\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\33.0.1750.117\pdf.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Users\jules\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.1_0\McChPlg.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
CHR Plugin: (Skype Toolbars) - C:\Users\jules\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8312_0\npSkypeChromePlugin.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (Google Drive) - C:\Users\jules\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-01]
CHR Extension: (SiteAdvisor) - C:\Users\jules\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2011-05-16]
CHR Extension: (DivX HiQ) - C:\Users\jules\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae [2011-05-16]
CHR Extension: (No Name) - C:\Users\jules\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj [2011-11-30]
CHR Extension: (Skype Click to Call) - C:\Users\jules\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2011-10-13]
CHR Extension: (Google Wallet) - C:\Users\jules\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-14]
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\jules\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2011-05-16]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files\McAfee\SiteAdvisor\McChPlg.crx [2010-06-22]
CHR HKLM\...\Chrome\Extension: [fnjbmmemklcjgepojigaapkoodmkgbae] - C:\Program Files\DivX\DivX Plus Web Player\google_chrome\wpa\wpa.crx [2011-02-08]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-01-17]
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\google_chrome\html5video\html5video.crx [2011-02-08]
CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\jules\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-01-29]

========================== Services (Whitelisted) =================

S3 BEService; C:\Program Files\Common Files\BattlEye\BEService.exe [49152 2013-05-26] ()
R2 CVPND; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1528616 2010-09-27] (Cisco Systems, Inc.)
S3 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-08-13] (Google)
S2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [95200 2012-01-13] (McAfee, Inc.)
R2 MobilityService; C:\Acer\Mobility Center\MobilityService.exe [110592 2007-12-06] ()
S3 npggsvc; C:\Windows\system32\GameMon.des [3953632 2012-03-05] (INCA Internet Co., Ltd.)
R2 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [131072 2008-04-25] ()
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [75136 2011-03-30] ()
R2 RichVideo; c:\Program Files\Cyberlink\Shared files\RichVideo.exe [272024 2007-01-09] ()

==================== Drivers (Whitelisted) ====================

R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [281760 2010-01-16] ()
S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
R2 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [308859 2010-09-27] (Cisco Systems, Inc.)
R3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [131984 2008-11-16] (Deterministic Networks, Inc.)
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
R3 hidshim; C:\Windows\System32\DRIVERS\hidshim.sys [5632 2008-10-08] (Windows (R) Codename Longhorn DDK provider)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25888 2010-01-16] ()
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation)
R3 nuvotonhidgeneric; C:\Windows\System32\DRIVERS\nuvotonhidgeneric.sys [22528 2008-10-08] (Nuvoton Technology Corporation)
S3 OlyCamComm; C:\Windows\System32\DRIVERS\OlyCamComm.sys [21648 2009-09-14] (OLYMPUS IMAGING CORP.)
S3 spc999; C:\Windows\System32\drivers\spc999.sys [487936 2009-12-14] (                                                            )
S3 spc999m; C:\Windows\System32\drivers\spc999m.sys [7680 2009-12-14] (                                                            )
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2010-05-23] (Duplex Secure Ltd.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 FairplayKD; \??\C:\ProgramData\MTA San Andreas All\Common\temp\FairplayKD.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 vtany; \??\C:\Windows\vtany.sys [X]
S3 WisINT15; \??\C:\Elements\1stboot\WisINT15.SYS [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-29 18:15 - 2014-05-29 18:15 - 00854367 _____ () C:\Users\jules\Desktop\SecurityCheck.exe
2014-05-29 15:24 - 2014-05-29 18:14 - 00000000 ____D () C:\Program Files\ESET
2014-05-29 09:37 - 2014-05-29 09:37 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-05-28 21:02 - 2014-05-28 21:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\bwin Poker
2014-05-28 16:28 - 2014-05-28 16:28 - 00000000 ____D () C:\Windows\ERUNT
2014-05-28 16:14 - 2014-05-28 16:16 - 00000000 ___DC () C:\AdwCleaner
2014-05-28 16:14 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-05-28 15:56 - 2014-05-29 14:31 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-28 15:56 - 2014-05-28 15:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-28 15:56 - 2014-05-28 15:56 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-05-28 15:56 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-28 15:56 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-27 14:11 - 2014-05-29 18:20 - 00000000 ____D () C:\Users\jules\Desktop\LogTrojanerBoard
2014-05-27 10:17 - 2014-05-27 10:17 - 00016771 ____C () C:\ComboFix.txt
2014-05-27 09:49 - 2014-05-27 10:17 - 00000000 ___DC () C:\ComboFix
2014-05-27 09:49 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-05-27 09:49 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-05-27 09:49 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-05-27 09:49 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-05-27 09:49 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-05-27 09:49 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-05-27 09:49 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-05-27 09:49 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-05-27 09:48 - 2014-05-27 10:17 - 00000000 ___DC () C:\Qoobox
2014-05-27 09:48 - 2014-05-27 10:14 - 00000000 ____D () C:\Windows\erdnt
2014-05-27 09:30 - 2014-05-27 09:30 - 00000000 _____ () C:\Users\jules\Desktop\ANTWORT.txt
2014-05-27 09:26 - 2014-05-27 09:26 - 05203612 ____R (Swearware) C:\Users\jules\Desktop\ComboFix.exe
2014-05-27 09:21 - 2014-05-27 09:21 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-05-27 00:12 - 2014-05-29 18:20 - 00000000 ___DC () C:\FRST
2014-05-27 00:02 - 2014-05-27 00:02 - 00000020 _____ () C:\Users\jules\defogger_reenable
2014-05-26 23:22 - 2014-05-26 23:22 - 00166520 _____ () C:\Windows\Minidump\Mini052614-02.dmp
2014-05-26 22:44 - 2014-05-26 22:44 - 00166520 _____ () C:\Windows\Minidump\Mini052614-01.dmp
2014-05-26 16:43 - 2014-05-26 16:46 - 00000000 ____D () C:\Users\jules\Documents\BIS Core Engine
2014-05-21 20:19 - 2014-05-21 20:19 - 00000285 _____ () C:\Users\jules\Desktop\makrofaebookkack.txt
2014-05-15 01:36 - 2014-05-15 01:36 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-05-14 22:54 - 2014-05-07 02:26 - 03627520 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-14 22:54 - 2014-05-07 02:26 - 00480256 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-14 22:54 - 2014-05-07 00:58 - 01383424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-14 22:54 - 2014-03-25 15:26 - 11587584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-11 22:01 - 2014-05-11 22:02 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-05-07 21:37 - 2014-05-07 21:37 - 00001006 _____ () C:\Users\Public\Desktop\R i386 3.1.0.lnk
2014-05-07 11:12 - 2014-05-08 10:17 - 00001246 _____ () C:\Users\jules\Desktop\KurseWarschaumadness.txt
2014-05-07 09:03 - 2014-05-29 09:37 - 00000000 ____D () C:\Users\jules\AppData\Roaming\DropboxMaster
2014-05-06 15:52 - 2014-05-07 22:18 - 00000000 ____D () C:\Users\jules\Desktop\KurseInWarsaw
2014-04-29 20:37 - 2014-05-29 17:54 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1746654511-3761473265-4038029783-1000UA.job
2014-04-29 20:37 - 2014-05-29 15:54 - 00001068 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1746654511-3761473265-4038029783-1000Core.job

==================== One Month Modified Files and Folders =======

2014-05-29 18:21 - 2009-12-05 17:31 - 00000000 ____D () C:\Users\jules\AppData\Roaming\Skype
2014-05-29 18:20 - 2014-05-27 14:11 - 00000000 ____D () C:\Users\jules\Desktop\LogTrojanerBoard
2014-05-29 18:20 - 2014-05-27 00:12 - 00000000 ___DC () C:\FRST
2014-05-29 18:15 - 2014-05-29 18:15 - 00854367 _____ () C:\Users\jules\Desktop\SecurityCheck.exe
2014-05-29 18:14 - 2014-05-29 15:24 - 00000000 ____D () C:\Program Files\ESET
2014-05-29 18:08 - 2012-09-02 11:54 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-29 17:54 - 2014-04-29 20:37 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1746654511-3761473265-4038029783-1000UA.job
2014-05-29 17:53 - 2010-04-01 11:41 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-29 17:32 - 2006-11-02 14:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-29 17:32 - 2006-11-02 14:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-29 15:54 - 2014-04-29 20:37 - 00001068 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1746654511-3761473265-4038029783-1000Core.job
2014-05-29 15:53 - 2010-04-01 11:41 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-29 15:35 - 2013-06-23 21:52 - 00000000 ____D () C:\Users\jules\AppData\Roaming\Dropbox
2014-05-29 14:31 - 2014-05-28 15:56 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-29 09:46 - 2009-01-19 22:35 - 01350819 _____ () C:\Windows\WindowsUpdate.log
2014-05-29 09:38 - 2009-12-14 21:56 - 00000000 ____D () C:\Program Files\Steam
2014-05-29 09:37 - 2014-05-29 09:37 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-05-29 09:37 - 2014-05-07 09:03 - 00000000 ____D () C:\Users\jules\AppData\Roaming\DropboxMaster
2014-05-29 09:37 - 2013-06-23 21:57 - 00000000 ___RD () C:\Users\jules\Dropbox
2014-05-29 09:37 - 2012-10-17 10:16 - 00300041 _____ () C:\Windows\AutoKMS.log
2014-05-29 09:37 - 2009-12-05 17:30 - 00000000 ___RD () C:\Program Files\Skype
2014-05-29 09:37 - 2009-10-08 15:15 - 00000000 ____D () C:\ProgramData\Skype
2014-05-29 09:36 - 2014-01-29 12:28 - 00000000 ___RD () C:\Users\jules\Google Drive
2014-05-29 09:32 - 2008-11-20 05:53 - 00000147 _____ () C:\Windows\system32\agent.log
2014-05-29 09:32 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-29 01:01 - 2006-11-02 15:01 - 00032530 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-28 21:02 - 2014-05-28 21:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\bwin Poker
2014-05-28 21:02 - 2014-02-13 20:38 - 00001431 _____ () C:\Users\jules\Desktop\bwin Poker.lnk
2014-05-28 21:02 - 2013-03-18 02:57 - 00001437 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\bwin Poker.lnk
2014-05-28 21:02 - 2006-11-02 14:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-05-28 20:07 - 2011-05-17 13:26 - 00000474 ____H () C:\Windows\Tasks\Norton Security Scan for jules.job
2014-05-28 18:00 - 2012-08-14 14:48 - 00000000 ____D () C:\Users\jules\AppData\Local\ArmA 2 OA
2014-05-28 16:52 - 2014-03-24 01:18 - 00002379 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-05-28 16:28 - 2014-05-28 16:28 - 00000000 ____D () C:\Windows\ERUNT
2014-05-28 16:18 - 2008-01-21 04:47 - 03423216 _____ () C:\Windows\PFRO.log
2014-05-28 16:16 - 2014-05-28 16:14 - 00000000 ___DC () C:\AdwCleaner
2014-05-28 16:16 - 2010-10-28 20:17 - 00000000 ____D () C:\ProgramData\ICQ
2014-05-28 16:16 - 2009-06-24 20:25 - 00000000 ____D () C:\Program Files\Common Files\DVDVideoSoft
2014-05-28 15:56 - 2014-05-28 15:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-28 15:56 - 2014-05-28 15:56 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-05-28 15:56 - 2013-05-13 21:35 - 00000903 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-28 15:56 - 2012-05-03 15:36 - 00000000 ____D () C:\Users\jules\AppData\Roaming\Malwarebytes
2014-05-28 15:56 - 2012-05-03 15:35 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-27 10:17 - 2014-05-27 10:17 - 00016771 ____C () C:\ComboFix.txt
2014-05-27 10:17 - 2014-05-27 09:49 - 00000000 ___DC () C:\ComboFix
2014-05-27 10:17 - 2014-05-27 09:48 - 00000000 ___DC () C:\Qoobox
2014-05-27 10:17 - 2006-11-02 13:18 - 00000000 __RHD () C:\Users\Default
2014-05-27 10:17 - 2006-11-02 13:18 - 00000000 ___RD () C:\Users\Public
2014-05-27 10:14 - 2014-05-27 09:48 - 00000000 ____D () C:\Windows\erdnt
2014-05-27 10:08 - 2006-11-02 12:23 - 00000215 ____C () C:\Windows\system.ini
2014-05-27 09:30 - 2014-05-27 09:30 - 00000000 _____ () C:\Users\jules\Desktop\ANTWORT.txt
2014-05-27 09:26 - 2014-05-27 09:26 - 05203612 ____R (Swearware) C:\Users\jules\Desktop\ComboFix.exe
2014-05-27 09:21 - 2014-05-27 09:21 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-05-27 09:17 - 2010-04-05 17:25 - 00000000 ____D () C:\Users\jules\Tracing
2014-05-27 00:02 - 2014-05-27 00:02 - 00000020 _____ () C:\Users\jules\defogger_reenable
2014-05-27 00:02 - 2009-06-16 17:03 - 00000000 ____D () C:\Users\jules
2014-05-26 23:26 - 2009-12-14 21:56 - 00000000 ____D () C:\Program Files\Common Files\Steam
2014-05-26 23:22 - 2014-05-26 23:22 - 00166520 _____ () C:\Windows\Minidump\Mini052614-02.dmp
2014-05-26 23:22 - 2012-04-27 21:45 - 318719702 _____ () C:\Windows\MEMORY.DMP
2014-05-26 23:22 - 2012-04-27 21:45 - 00000000 ____D () C:\Windows\Minidump
2014-05-26 22:44 - 2014-05-26 22:44 - 00166520 _____ () C:\Windows\Minidump\Mini052614-01.dmp
2014-05-26 20:54 - 2009-06-16 17:04 - 00000000 ____D () C:\Users\jules\AppData\Local\Google
2014-05-26 16:46 - 2014-05-26 16:43 - 00000000 ____D () C:\Users\jules\Documents\BIS Core Engine
2014-05-23 09:03 - 2013-06-23 21:57 - 00000923 _____ () C:\Users\jules\Desktop\Dropbox.lnk
2014-05-23 09:03 - 2013-06-23 21:55 - 00000000 ____D () C:\Users\jules\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-05-22 00:10 - 2013-11-03 22:57 - 00000000 ____D () C:\Users\jules\Desktop\Makro
2014-05-21 20:54 - 2009-06-16 18:23 - 00000000 ____D () C:\Users\jules\AppData\Roaming\Mozilla
2014-05-21 20:19 - 2014-05-21 20:19 - 00000285 _____ () C:\Users\jules\Desktop\makrofaebookkack.txt
2014-05-21 15:54 - 2010-04-01 16:53 - 00001967 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-05-15 09:39 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-05-15 09:38 - 2012-10-11 19:06 - 00002425 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-05-15 01:39 - 2008-11-20 05:57 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-15 01:36 - 2014-05-15 01:36 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-05-15 01:35 - 2013-08-16 19:09 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-15 01:32 - 2006-11-02 12:24 - 90547776 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-05-13 22:09 - 2012-09-02 11:54 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-05-13 22:09 - 2011-07-10 20:28 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-05-12 14:41 - 2006-11-02 12:33 - 01567488 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-12 09:02 - 2012-05-03 15:09 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-05-12 07:26 - 2014-05-28 15:56 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-05-28 15:56 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:25 - 2012-05-03 15:35 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-11 22:35 - 2014-01-06 02:12 - 00000139 _____ () C:\Users\jules\Desktop\xxxxxxxxxxxx.txt
2014-05-11 22:02 - 2014-05-11 22:01 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-05-08 15:54 - 2014-01-29 12:20 - 00001911 _____ () C:\Users\Public\Desktop\Google Slides.lnk
2014-05-08 15:54 - 2014-01-29 12:20 - 00001909 _____ () C:\Users\Public\Desktop\Google Sheets.lnk
2014-05-08 15:54 - 2014-01-29 12:20 - 00001899 _____ () C:\Users\Public\Desktop\Google Docs.lnk
2014-05-08 15:54 - 2014-01-29 12:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-05-08 10:17 - 2014-05-07 11:12 - 00001246 _____ () C:\Users\jules\Desktop\KurseWarschaumadness.txt
2014-05-07 22:18 - 2014-05-06 15:52 - 00000000 ____D () C:\Users\jules\Desktop\KurseInWarsaw
2014-05-07 22:14 - 2013-10-21 16:22 - 00000000 ____D () C:\Users\jules\Desktop\Semester3
2014-05-07 21:37 - 2014-05-07 21:37 - 00001006 _____ () C:\Users\Public\Desktop\R i386 3.1.0.lnk
2014-05-07 21:37 - 2012-10-11 18:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R
2014-05-07 21:36 - 2012-10-11 18:14 - 00000000 ____D () C:\Program Files\R
2014-05-07 10:40 - 2014-01-08 23:41 - 00000000 ____D () C:\Users\jules\Desktop\Ausland
2014-05-07 02:26 - 2014-05-14 22:54 - 03627520 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-07 02:26 - 2014-05-14 22:54 - 00480256 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-07 00:58 - 2014-05-14 22:54 - 01383424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-05 00:47 - 2012-10-22 17:45 - 00000000 ____D () C:\ProgramData\CanonIJPLM

Some content of TEMP:
====================
C:\Users\jules\AppData\Local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpytdbub.dll
C:\Users\jules\AppData\Local\temp\Quarantine.exe
C:\Users\jules\AppData\Local\temp\RtkBtMnt.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-29 09:48

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---

--- --- ---



Also mein Browser ist wieder schneller. Dafür bin ich dir schonmal sehr dankbar. Haben wir die infizierten Dateien auch jetzt gelöscht?
PS: Adobe hab ich gerade neu runtergeladen - da stand es ist schon alles installiert. Auch wenn ich das Programm starte und ihm sage nach Updates suchen sagt er: Keine Updates verfügbar. Scheint irgendwie einen unterschied zw. Englisch 10.1.4 und 10.1.1 (deutsch) zu geben. warum er mir adobe reader 9 anzeigt weiß ich nicht. Internet Explorer benutze ich nie. Ist Java so unsicher, sollte ich das lieber deinstallieren oder wofür braucht man das?

Bin bis Sonntag nicht am Laptop.

schrauber 31.05.2014 10:31
Java updaten. Wenn Du kein Java brauchst kannste es auch weglassen. Du wirst dann schon merken wenn es fehlt :).
Die ESET-Funde in den Downloads von Hand löschen.


Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop.
Schließe nun alle offenen Programme und trenne Dich von dem Internet.
Doppelklick auf die TFC.exe und drücke auf Start.
Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen.



Fertig :)

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun :)

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

Dirknash 01.06.2014 19:36
Hallo, besten Dank für deine Hilfe und die Tipps.

Mir ist beim deinstallieren von Combofix ein Misgeschick passiert: hatte beim umbenennen einen Tippfehler und so ließ ich Combofix nochmal laufen. Hoffe das macht nichts.

Ansonsten alles wie beschrieben ausgeführt.

Nochmals vielen Dank, eine kleine Spende folgt!

schrauber 02.06.2014 18:32
Gern Geschehen :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 14:10 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131