Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Win32/Zbot.gen!AJ kann nicht gelöscht werden (https://www.trojaner-board.de/137428-win32-zbot-gen-aj-geloescht.html)

Eyeem 29.06.2013 21:13
Win32/Zbot.gen!AJ kann nicht gelöscht werden
 
Seit heute hat Microsoft Security Essentials folgenden Trojaner gefunden:
Win32/Zbot.gen!AJ
Nach Aufforderung eines Neustarts war der Trojaner leider immer noch im System.
Habe es auch mit Malware Bytes probiert leider ebenfalls ohne Erfolg.
Falls mir jemand helfen kann - nur vorab zur Info, ich bin KEIN PC Freak...:headbang:

schrauber 29.06.2013 21:16
Hi,

Systemscan mit FRST
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Start > Computer (Rechtsklick) > Eigenschaften)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Scan.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Eyeem 29.06.2013 21:32
FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-06-2013 01
Ran by Thomas (administrator) on 29-06-2013 22:30:28
Running from F:\Eigene Dateien\Desktop
Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe
() C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe
() C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
(DeviceVM, Inc.) C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Windows\system32\msiexec.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Huawei Technologies Co., Ltd.) C:\Users\Thomas\AppData\Roaming\T-Mobile Internet Manager\ouc.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(DeviceVM, Inc.) C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Huawei Technologies Co., Ltd.) D:\T-Mobile Internet Manager\DataCardMonitor.exe
(Apple Inc.) D:\iTunes\iTunesHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Microsoft Corporation) C:\Windows\sysWOW64\wbem\wmiprvse.exe
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil64_11_7_700_224_ActiveX.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [11545192 2010-11-02] (Realtek Semiconductor)
HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1281512 2013-01-27] (Microsoft Corporation)
HKLM\...\Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"  -f "C:\ProgramData\NVIDIA\Updatus\NvTmru\nvtmru.dat" [729088 2013-06-29] ()
HKCU\...\Run: [HW_OPENEYE_OUC_T-Mobile Internet Manager] "D:\T-Mobile Internet Manager\UpdateDog\ouc.exe" [x]
HKCU\...\Run: [Koyseko] C:\Users\Thomas\AppData\Roaming\Hylu\zyuxn.exe [641536 2011-08-16] ()
MountPoints2: {7cb2fc6c-8148-11e0-abe7-806e6f6e6963} - G:\.\Bin\ASSETUP.exe
MountPoints2: {8fc291f5-9a00-11e1-830f-f46d0496b6c6} - H:\windows\Data\setup.exe
MountPoints2: {a8150583-ac91-11e0-bd10-f46d0496b6c6} - I:\Data\setup.exe
MountPoints2: {cab3fd04-8176-11e0-8684-806e6f6e6963} - D:\.\Bin\ASSETUP.exe
MountPoints2: {ed8bf801-ff5d-11e1-8630-b86471a06979} - H:\setup.exe AUTORUN=1
MountPoints2: {fefc53e2-ffe0-11e1-9f64-f46d0496b6c6} - H:\AutoRun.exe
MountPoints2: {fefc53ee-ffe0-11e1-9f64-f46d0496b6c6} - H:\AutoRun.exe
MountPoints2: {fefc540e-ffe0-11e1-9f64-f46d0496b6c6} - H:\AutoRun.exe
HKLM-x32\...\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [375000 2009-10-26] (DeviceVM, Inc.)
HKLM-x32\...\Run: [NPSStartup]  [x]
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: []  [x]
HKLM-x32\...\Run: [DataCardMonitor] D:\T-Mobile Internet Manager\DataCardMonitor.exe [x]
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "D:\iTunes\iTunesHelper.exe" [x]
AppInit_DLLs:    [0 ] ()
Startup: C:\ProgramData\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

ProxyServer: :0
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKLM SearchScopes: DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=410&sr=0&q={searchTerms}
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=410&sr=0&q={searchTerms}
HKLM-x32 SearchScopes: DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=410&sr=0&q={searchTerms}
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=410&sr=0&q={searchTerms}
SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3241949
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} URL =
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL =
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Java\bin\jp2ssv.dll No File
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {78E516EF-11DE-47A1-8364-A99B917EC5EE} -  No File
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: HKLM-x32 {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: msdaipp - No CLSID Value -
Handler-x32: msdaipp - No CLSID Value -
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\jshqhzzg.default
FF user.js: detected! => C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\jshqhzzg.default\user.js
FF SelectedSearchEngine: Search Results
FF Homepage: hxxp://www.searchnu.com/410
FF Keyword.URL: hxxp://dts.search-results.com/sr?src=ffb&appid=0&systemid=410&sr=0&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @java.com/JavaPlugin - D:\Java\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - D:\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=1.102.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=1.110.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.1.3 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: ProxTube - Gesperrte YouTube Videos entsperren - C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\jshqhzzg.default\Extensions\ich@maltegoetz.de
FF Extension: youtubeunblocker - C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\jshqhzzg.default\Extensions\youtubeunblocker@unblocker.yt.xpi
FF HKLM-x32\...\Firefox\Extensions: [ff-bmboc@bytemobile.com] D:\Congstar\Internet-Manager\Bin\addon
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: <?xml version="1.0"?>

<RDF xmlns="hxxp://www.w3.org/1999/02/22-rdf-syntax-ns#"
    xmlns:em="hxxp://www.mozilla.org/2004/em-rdf#">
  <Description about="urn:mozilla:install-manifest">
    <em:id>smartwebprinting@hp.com</em:id>
    <em:version>4.51</em:version>

    <em:targetApplication>
      <!-- Firefox -->
      <Description>
        <em:id>{ec8030f7-c20a-464f-9b0e-13a3a9e97384}</em:id>
        <em:minVersion>3.0.0.0</em:minVersion>
        <em:maxVersion>3.*.*.*</em:maxVersion>
      </Description>
    </em:targetApplication>

    <!-- front-end metadata -->
    <em:name>HP Smart Web Printing</em:name>
    <em:description>Print what you want, how you want.</em:description>
    <em:creator>hp.com</em:creator>
    <em:homepageURL>hxxp://www.hp.com/go/smartwebprinting</em:homepageURL>
   
    <em:aboutURL>chrome://hpsmartwebprinting/content/about.xul</em:aboutURL>
    <em:iconURL>chrome://hpsmartwebprinting/skin/toolbar-icon-normal-24.png</em:iconURL>
    <em:targetPlatform>WINNT_x86-msvc</em:targetPlatform>
  </Description>
</RDF>
 - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: <?xml version="1.0"?>

<RDF xmlns="hxxp://www.w3.org/1999/02/22-rdf-syntax-ns#"
    xmlns:em="hxxp://www.mozilla.org/2004/em-rdf#">
  <Description about="urn:mozilla:install-manifest">
    <em:id>smartwebprinting@hp.com</em:id>
    <em:version>4.51</em:version>

    <em:targetApplication>
      <!-- Firefox -->
      <Description>
        <em:id>{ec8030f7-c20a-464f-9b0e-13a3a9e97384}</em:id>
        <em:minVersion>3.0.0.0</em:minVersion>
        <em:maxVersion>3.*.*.*</em:maxVersion>
      </Description>
    </em:targetApplication>

    <!-- front-end metadata -->
    <em:name>HP Smart Web Printing</em:name>
    <em:description>Print what you want, how you want.</em:description>
    <em:creator>hp.com</em:creator>
    <em:homepageURL>hxxp://www.hp.com/go/smartwebprinting</em:homepageURL>
   
    <em:aboutURL>chrome://hpsmartwebprinting/content/about.xul</em:aboutURL>
    <em:iconURL>chrome://hpsmartwebprinting/skin/toolbar-icon-normal-24.png</em:iconURL>
    <em:targetPlatform>WINNT_x86-msvc</em:targetPlatform>
  </Description>
</RDF>
 - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome:
=======
CHR HomePage: hxxp://www.google.de/
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (ESN Launch Mozilla Plugin) - C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll (ESN Social Software AB)
CHR Plugin: (ESN Launch Mozilla Plugin) - C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll (ESN Social Software AB)
CHR Plugin: (ESN Sonar API) - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (phonostar Detector) - D:\Phonostar-Player\npphonostarDetectNP.dll No File
CHR Plugin: (Uplay PC) - D:\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
CHR Plugin: (iTunes Application Detector) - D:\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Extension: (Google Docs) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Gmail) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

==================== Services (Whitelisted) =================

R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe [918144 2010-11-03] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe [915584 2010-12-02] ()
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [586880 2010-10-21] ()
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation)
R2 MSSQL$MYMOVIES; C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] (Microsoft Corporation)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-03-28] ()
S3 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011.SP2a\RpcAgentSrv.exe [93848 2009-08-10] (SiSoftware)
S2 SystemStoreService; C:\Program Files (x86)\Freetec\SystemStore\SystemStore.exe [9012224 2012-10-22] ()

==================== Drivers (Whitelisted) ====================

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-24] ()
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-24] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
S3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [114304 2009-10-12] (Huawei Technologies Co., Ltd.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)
S3 SANDRA; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011.SP2a\WNt500x64\Sandra.sys [23112 2009-08-07] (SiSoftware)
S3 AIDA64Driver; \??\H:\Install\AIDA64 Extreme Edition\kerneld.x64 [x]
S3 HSPADataCardusbmdm; system32\DRIVERS\HSPADataCardusbmdm.sys [x]
S3 HSPADataCardusbnmea; system32\DRIVERS\HSPADataCardusbnmea.sys [x]
S3 HSPADataCardusbser; system32\DRIVERS\HSPADataCardusbser.sys [x]
S3 hwusbfake; system32\DRIVERS\ewusbfake.sys [x]
S3 massfilter; system32\drivers\massfilter.sys [x]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [x]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [x]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-06-29 22:30 - 2013-06-29 22:30 - 00000000 ____D C:\FRST
2013-06-29 22:28 - 2013-06-29 22:28 - 00000346 ____A C:\Windows\PFRO.log
2013-06-29 22:28 - 2013-06-29 22:28 - 00000056 ____A C:\Windows\setupact.log
2013-06-29 22:28 - 2013-06-29 22:28 - 00000000 ____A C:\Windows\setuperr.log
2013-06-29 22:02 - 2013-06-29 22:02 - 00008194 ____A C:\AdwCleaner[R1].txt
2013-06-29 17:45 - 2013-06-29 19:37 - 00000000 ____D C:\Windows\E63D89610BA94CF39E94407ACA42846C.TMP
2013-06-29 17:45 - 2013-06-29 17:45 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-06-29 17:45 - 2013-06-29 17:45 - 00000000 ____A C:\autoexec.bat
2013-06-27 20:37 - 2013-06-29 22:28 - 00000000 ____D C:\Users\Thomas\AppData\Roaming\Owliqo
2013-06-27 20:37 - 2013-06-29 22:28 - 00000000 ____D C:\Users\Thomas\AppData\Roaming\Hylu
2013-06-27 20:37 - 2013-06-27 20:37 - 00000000 ____D C:\Users\Thomas\AppData\Roaming\Naib
2013-06-16 20:50 - 2013-06-16 20:52 - 00000000 ____D C:\Users\Thomas\AppData\Local\Paint.NET
2013-06-16 20:50 - 2013-06-16 20:50 - 00000940 ____A C:\Users\Public\Desktop\Paint.NET.lnk
2013-06-12 14:18 - 2013-06-12 14:18 - 00000065 ____A C:\Windows\wininit.ini
2013-06-12 13:22 - 2013-06-12 13:22 - 00000627 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-06-12 13:16 - 2013-06-12 13:19 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-06-12 10:22 - 2013-05-17 08:14 - 01188864 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-12 10:22 - 2013-05-17 08:13 - 01492992 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-12 10:22 - 2013-05-17 08:13 - 00134144 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-06-12 10:22 - 2013-05-17 08:10 - 09061376 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-12 10:22 - 2013-05-17 08:10 - 00735232 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-12 10:22 - 2013-05-17 08:10 - 00097792 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-06-12 10:22 - 2013-05-17 08:09 - 12294656 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-12 10:22 - 2013-05-17 08:09 - 02458112 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-12 10:22 - 2013-05-17 08:09 - 00247808 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-12 10:22 - 2013-05-17 08:09 - 00064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-12 10:22 - 2013-05-16 20:21 - 01231872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-12 10:22 - 2013-05-16 20:21 - 00981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-12 10:22 - 2013-05-16 20:21 - 00132096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-06-12 10:22 - 2013-05-16 20:18 - 06034432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-12 10:22 - 2013-05-16 20:18 - 00627712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-12 10:22 - 2013-05-16 20:18 - 00067584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-06-12 10:22 - 2013-05-16 20:17 - 11020800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-12 10:22 - 2013-05-16 20:17 - 02078208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-12 10:22 - 2013-05-16 20:17 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-12 10:22 - 2013-05-16 20:17 - 00048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-12 10:22 - 2013-05-16 19:10 - 01638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-12 10:22 - 2013-05-16 18:44 - 01638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-12 10:22 - 2013-05-13 07:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-12 10:22 - 2013-05-13 07:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-12 10:22 - 2013-05-13 07:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-12 10:22 - 2013-05-13 07:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-12 10:22 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-12 10:22 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-12 10:22 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-12 10:22 - 2013-05-13 05:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-12 10:22 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-12 10:22 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-12 10:22 - 2013-05-08 08:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-12 10:22 - 2013-04-26 07:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-12 10:22 - 2013-04-26 06:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-10 15:26 - 2013-06-12 13:24 - 00000000 ____D C:\Users\Thomas\AppData\Roaming\Puaw
2013-06-10 15:26 - 2013-06-11 11:39 - 00000000 ____D C:\Users\Thomas\AppData\Roaming\Onomry
2013-06-10 15:26 - 2013-06-10 15:26 - 00000000 ____D C:\Users\Thomas\AppData\Roaming\Ylra
2013-06-07 13:29 - 2013-06-07 13:29 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-07 13:29 - 2013-06-07 13:29 - 00000000 ____D C:\Program Files\iTunes
2013-06-07 13:29 - 2013-06-07 13:29 - 00000000 ____D C:\Program Files\iPod
2013-06-04 08:44 - 2013-03-19 07:53 - 00230400 ____A (Microsoft Corporation) C:\Windows\System32\wwansvc.dll
2013-06-04 08:44 - 2013-03-19 07:53 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\wwanprotdim.dll
2013-06-04 08:44 - 2013-01-24 08:01 - 00223752 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fvevol.sys
2013-06-04 08:44 - 2013-01-13 23:17 - 00009728 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-04 08:44 - 2013-01-13 23:17 - 00002560 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-06-04 08:44 - 2013-01-13 23:16 - 00010752 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-06-04 08:44 - 2013-01-13 23:12 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-06-04 08:44 - 2013-01-13 23:11 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-06-04 08:44 - 2013-01-13 23:11 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-06-04 08:44 - 2013-01-13 23:11 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-06-04 08:44 - 2013-01-13 23:11 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2013-06-04 08:44 - 2013-01-13 23:11 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-06-04 08:44 - 2013-01-13 22:35 - 00010752 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-06-04 08:44 - 2013-01-13 22:35 - 00009728 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-04 08:44 - 2013-01-13 22:35 - 00002560 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-06-04 08:44 - 2013-01-13 22:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-06-04 08:44 - 2013-01-13 22:31 - 01247744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-06-04 08:44 - 2013-01-13 22:31 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-06-04 08:44 - 2013-01-13 22:31 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-06-04 08:44 - 2013-01-13 22:31 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-06-04 08:44 - 2013-01-13 22:31 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
2013-06-04 08:44 - 2013-01-13 22:31 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-06-04 08:44 - 2013-01-13 22:22 - 01988096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2013-06-04 08:44 - 2013-01-13 22:20 - 00293376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2013-06-04 08:44 - 2013-01-13 22:09 - 00249856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2013-06-04 08:44 - 2013-01-13 22:08 - 01504768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-06-04 08:44 - 2013-01-13 22:08 - 00220160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2013-06-04 08:44 - 2013-01-13 21:59 - 01643520 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2013-06-04 08:44 - 2013-01-13 21:58 - 01175552 ____A (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2013-06-04 08:44 - 2013-01-13 21:54 - 00604160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2013-06-04 08:44 - 2013-01-13 21:53 - 00207872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2013-06-04 08:44 - 2013-01-13 21:53 - 00187392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2013-06-04 08:44 - 2013-01-13 21:51 - 02565120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2013-06-04 08:44 - 2013-01-13 21:49 - 00363008 ____A (Microsoft Corporation) C:\Windows\System32\dxgi.dll
2013-06-04 08:44 - 2013-01-13 21:48 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2013-06-04 08:44 - 2013-01-13 21:46 - 01080832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2013-06-04 08:44 - 2013-01-13 21:43 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-06-04 08:44 - 2013-01-13 21:38 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-06-04 08:44 - 2013-01-13 21:38 - 00333312 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2013-06-04 08:44 - 2013-01-13 21:38 - 00296960 ____A (Microsoft Corporation) C:\Windows\System32\d3d10core.dll
2013-06-04 08:44 - 2013-01-13 21:37 - 03419136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2013-06-04 08:44 - 2013-01-13 21:25 - 00245248 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll
2013-06-04 08:44 - 2013-01-13 21:24 - 00648192 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2013-06-04 08:44 - 2013-01-13 21:24 - 00221184 ____A (Microsoft Corporation) C:\Windows\System32\UIAnimation.dll
2013-06-04 08:44 - 2013-01-13 21:20 - 01238528 ____A (Microsoft Corporation) C:\Windows\System32\d3d10.dll
2013-06-04 08:44 - 2013-01-13 21:20 - 00194560 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2013-06-04 08:44 - 2013-01-13 21:15 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-06-04 08:44 - 2013-01-13 21:10 - 03928064 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2013-06-04 08:44 - 2013-01-13 21:02 - 00417792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-06-04 08:44 - 2013-01-13 20:34 - 00364544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-06-04 08:44 - 2013-01-13 20:32 - 00465920 ____A (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll
2013-06-04 08:44 - 2013-01-13 20:09 - 00522752 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
2013-06-04 08:44 - 2013-01-13 19:26 - 01158144 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2013-06-04 08:44 - 2013-01-13 19:05 - 01682432 ____A (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll
2013-06-04 08:44 - 2013-01-04 08:11 - 02776576 ____A (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll
2013-06-04 08:44 - 2013-01-04 08:11 - 02284544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll

==================== One Month Modified Files and Folders =======

2013-06-29 22:30 - 2013-06-29 22:30 - 00000000 ____D C:\FRST
2013-06-29 22:30 - 2012-08-01 16:31 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-29 22:28 - 2013-06-29 22:28 - 00000346 ____A C:\Windows\PFRO.log
2013-06-29 22:28 - 2013-06-29 22:28 - 00000056 ____A C:\Windows\setupact.log
2013-06-29 22:28 - 2013-06-29 22:28 - 00000000 ____A C:\Windows\setuperr.log
2013-06-29 22:28 - 2013-06-27 20:37 - 00000000 ____D C:\Users\Thomas\AppData\Roaming\Owliqo
2013-06-29 22:28 - 2013-06-27 20:37 - 00000000 ____D C:\Users\Thomas\AppData\Roaming\Hylu
2013-06-29 22:28 - 2013-03-23 22:45 - 00001106 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-29 22:28 - 2011-05-18 16:33 - 00000000 ____D C:\ProgramData\NVIDIA
2013-06-29 22:28 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-29 22:17 - 2013-05-03 12:09 - 01891843 ____A C:\Windows\WindowsUpdate.log
2013-06-29 22:16 - 2011-05-21 18:12 - 00000000 ____D C:\Users\Thomas\AppData\Roaming\Xfire
2013-06-29 22:02 - 2013-06-29 22:02 - 00008194 ____A C:\AdwCleaner[R1].txt
2013-06-29 21:55 - 2013-03-23 22:45 - 00001110 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-29 20:33 - 2009-07-14 06:45 - 00016016 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-29 20:33 - 2009-07-14 06:45 - 00016016 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-29 20:31 - 2009-07-14 19:58 - 50178384 ____A C:\Windows\System32\perfh007.dat
2013-06-29 20:31 - 2009-07-14 19:58 - 15866070 ____A C:\Windows\System32\perfc007.dat
2013-06-29 20:31 - 2009-07-14 07:13 - 00006502 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-29 19:37 - 2013-06-29 17:45 - 00000000 ____D C:\Windows\E63D89610BA94CF39E94407ACA42846C.TMP
2013-06-29 17:45 - 2013-06-29 17:45 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-06-29 17:45 - 2013-06-29 17:45 - 00000000 ____A C:\autoexec.bat
2013-06-27 20:37 - 2013-06-27 20:37 - 00000000 ____D C:\Users\Thomas\AppData\Roaming\Naib
2013-06-27 20:24 - 2011-05-21 18:12 - 00000000 ____D C:\ProgramData\Xfire
2013-06-22 14:14 - 2011-06-19 21:49 - 00000000 ____D C:\Users\Thomas\Documents\Turbo Lister Backup
2013-06-21 16:19 - 2009-07-14 07:08 - 00032632 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-06-16 20:52 - 2013-06-16 20:50 - 00000000 ____D C:\Users\Thomas\AppData\Local\Paint.NET
2013-06-16 20:50 - 2013-06-16 20:50 - 00000940 ____A C:\Users\Public\Desktop\Paint.NET.lnk
2013-06-13 18:20 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-06-13 09:14 - 2011-05-18 13:55 - 00000000 ____D C:\users\Thomas
2013-06-13 09:13 - 2011-06-17 21:11 - 00000000 ____D C:\Users\Thomas\Documents\FFOutput
2013-06-13 09:05 - 2012-08-01 20:01 - 00000000 ____D C:\ProgramData\DVD Shrink
2013-06-13 09:04 - 2011-05-22 11:52 - 00000000 ____D C:\Users\Thomas\AppData\Roaming\vlc
2013-06-13 08:58 - 2011-05-20 14:04 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-06-13 08:56 - 2011-05-18 14:31 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-12 20:16 - 2011-06-22 16:23 - 00000000 ____D C:\Windows\Minidump
2013-06-12 14:18 - 2013-06-12 14:18 - 00000065 ____A C:\Windows\wininit.ini
2013-06-12 13:24 - 2013-06-10 15:26 - 00000000 ____D C:\Users\Thomas\AppData\Roaming\Puaw
2013-06-12 13:22 - 2013-06-12 13:22 - 00000627 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-06-12 13:19 - 2013-06-12 13:16 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-06-12 10:30 - 2012-04-04 16:36 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-12 10:30 - 2011-05-18 15:24 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-11 11:39 - 2013-06-10 15:26 - 00000000 ____D C:\Users\Thomas\AppData\Roaming\Onomry
2013-06-10 15:26 - 2013-06-10 15:26 - 00000000 ____D C:\Users\Thomas\AppData\Roaming\Ylra
2013-06-08 21:08 - 2011-09-05 20:18 - 00000000 ____D C:\Users\Thomas\AppData\Roaming\Origin
2013-06-08 21:08 - 2011-09-05 20:18 - 00000000 ____D C:\ProgramData\Origin
2013-06-08 21:07 - 2011-09-05 20:18 - 00000000 ____D C:\Users\Thomas\AppData\Local\Origin
2013-06-07 13:29 - 2013-06-07 13:29 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-07 13:29 - 2013-06-07 13:29 - 00000000 ____D C:\Program Files\iTunes
2013-06-07 13:29 - 2013-06-07 13:29 - 00000000 ____D C:\Program Files\iPod
2013-06-05 10:57 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-06-05 10:51 - 2009-07-14 06:45 - 00422488 ____A C:\Windows\System32\FNTCACHE.DAT
2013-06-04 08:46 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\zh-HK
2013-06-04 08:46 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\tr-TR
2013-06-04 08:46 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\System32\zh-HK
2013-06-04 08:46 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\System32\tr-TR

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-06-23 17:12

==================== End Of Log ============================
--- --- ---

--- --- ---


Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-06-2013 01
Ran by Thomas at 2013-06-29 22:30:51
Running from F:\Eigene Dateien\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

 Update for Microsoft Office 2007 (KB2508958) (x32)
64 Bit HP CIO Components Installer (Version: 7.2.8)
Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.224)
Adobe Reader X (10.1.7) - Deutsch (x32 Version: 10.1.7)
Adobe Shockwave Player 11.6 (x32 Version: 11.6.0.626)
AI Suite II (x32 Version: 1.01.14)
AIO_CDA_ProductContext (x32 Version: 130.0.365.000)
AIO_CDA_Software (x32 Version: 130.0.365.000)
AIO_Scan (x32 Version: 130.0.365.000)
Amazon MP3-Downloader 1.0.9 (x32)
Apple Application Support (x32 Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (x32 Version: 2.1.3.127)
aTube Catcher (x32 Version: 2.9.1341)
Avidemux 2.5 (32-bit) (x32 Version: 2.5.4.7200)
Battlefield 3™ (x32 Version: 1.6.0.0)
Battlelog Web Plugins (x32 Version: 2.1.3)
Bonjour (Version: 3.0.0.10)
Borderlands 2 (x32)
Browser Configuration Utility (x32 Version: 1.0.10.0)
BufferChm (x32 Version: 130.0.331.000)
C5100 (x32 Version: 130.0.365.000)
c5100_Help (x32 Version: 82.0.256.000)
Call of Duty: Black Ops - Multiplayer (x32)
Call of Duty: Black Ops (x32)
Call of Duty: Black Ops II - Multiplayer (x32)
Call of Duty: Black Ops II - Zombies (x32)
Call of Duty: Black Ops II (x32)
CCleaner (Version: 3.07)
CDBurnerXP (Version: 4.3.8.2631)
CDBurnerXP (x32 Version: 4.4.0.2838)
Copy (x32 Version: 130.0.428.000)
D3DX10 (x32 Version: 15.4.2368.0902)
Dead Island (x32)
Destinations (x32 Version: 140.0.77.000)
DeviceDiscovery (x32 Version: 130.0.465.000)
DH Driver Cleaner Professional Edition (x32 Version: Version 1.5)
DHTML Editing Component (x32 Version: 6.02.0001)
Dishonored (x32 Version: 1.0)
DocProc (x32 Version: 13.0.0.0)
Doom 3 (x32 Version: 1.2)
Dual-Core Optimizer (x32 Version: 1.1.4.0169)
DVD Shrink 3.2 deutsch (DeCSS-frei) (x32)
DVD-Cover v.1.5.1.6 (x32)
DVDFab 8.2.1.8 (09/11/2012) Qt (x32)
ESN Sonar (x32 Version: 0.70.4)
F.E.A.R. 2: Project Origin (x32)
F.E.A.R. 3 (x32)
Far Cry 3 (x32 Version: 1.05)
Fax (x32 Version: 130.0.418.000)
FormatFactory 2.60 (x32 Version: 2.60)
Free Easy Burner V 5.1 (x32 Version: 5.1.0.0)
Free Mp3 Wma Converter V 2.2 (x32 Version: 2.2.0.0)
FreeRIP v3.6 (x32 Version: 3.6)
Google Chrome (x32 Version: 27.0.1453.116)
Google Update Helper (x32 Version: 1.3.21.145)
GPBaseService2 (x32 Version: 130.0.371.000)
Half-Life 2: Episode One (x32)
Half-Life 2: Episode Two (x32)
Hewlett-Packard ACLM.NET v1.1.0.0 (x32 Version: 1.00.0000)
HijackThis 2.0.2 (x32 Version: 2.0.2)
HP Customer Participation Program 13.0 (Version: 13.0)
HP Imaging Device Functions 13.0 (Version: 13.0)
HP Photosmart All-In-One Driver Software 13.0 Rel. A (Version: 13.0)
HP Photosmart Essential 3.5 (Version: 3.5)
HP Product Detection (x32 Version: 11.14.0001)
HP Smart Web Printing 4.51 (Version: 4.51)
HP Solution Center 13.0 (Version: 13.0)
HP Update (x32 Version: 5.003.001.001)
HPDiagnosticAlert (x32 Version: 1.00.0000)
HPPhotoGadget (x32 Version: 130.0.282.000)
HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000)
HPPhotosmartEssential (x32 Version: 2.04.0000)
HPProductAssistant (x32 Version: 130.0.371.000)
HPSSupply (x32 Version: 130.0.371.000)
ImgBurn (x32 Version: 2.5.7.0)
Intel(R) Management Engine Components (x32 Version: 7.0.0.1144)
Intel(R) Network Connections 15.6.25.0 (Version: 15.6.25.0)
Intel(R) Rapid Storage Technology (x32 Version: 10.1.0.1008)
Intel® Watchdog Timer Driver (Intel® WDT) (x32)
Ipswitch WS_FTP LE (x32)
iTunes (Version: 11.0.4.4)
Java Auto Updater (x32 Version: 2.0.7.1)
Java(TM) 6 Update 26 (64-bit) (Version: 6.0.260)
Java(TM) 6 Update 31 (x32 Version: 6.0.310)
JMicron JMB36X Driver (x32 Version: 1.17.58.2)
K-Lite Mega Codec Pack 8.7.0 (x32 Version: 8.7.0)
KPSA-Home (x32 Version: 1.0)
KPSA-Home (x32)
LightScribe Applications (x32 Version: 1.18.15.1)
LightScribe System Software (x32 Version: 1.18.23.1)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300)
MarketResearch (x32 Version: 130.0.374.000)
marvell 91xx driver (x32 Version: 1.0.0.1045)
Mein Schriftarten 1 (x32)
Metro 2033 (x32)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30320)
Microsoft .NET Framework 4 Extended (Version: 4.0.30320)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30320)
Microsoft Antimalware Service DE-DE Language Pack (Version: 3.0.8402.2)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Games for Windows - LIVE Redistributable (x32 Version: 3.5.88.0)
Microsoft Games for Windows Marketplace (x32 Version: 3.5.50.0)
Microsoft Office 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003)
Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Live Add-in 1.5 (x32 Version: 2.0.4024.1)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office XP Professional mit FrontPage (x32 Version: 10.0.6626.0)
Microsoft PowerPoint Viewer (x32 Version: 14.0.6029.1000)
Microsoft Security Client (Version: 4.2.0223.1)
Microsoft Security Client DE-DE Language Pack (Version: 2.1.1116.0)
Microsoft Security Essentials (Version: 4.2.223.1)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft SQL Server 2005 (x32)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft SQL Server 2005 Express Edition (MYMOVIES) (x32 Version: 9.4.5000.00)
Microsoft SQL Server 2005 Tools Express Edition (x32 Version: 9.4.5000.00)
Microsoft SQL Server Compact 3.5 SP2 ENU (x32 Version: 3.5.8080.0)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (Version: 3.5.8080.0)
Microsoft SQL Server Native Client (Version: 9.00.5000.00)
Microsoft SQL Server Setup Support Files (English) (x32 Version: 9.00.5000.00)
Microsoft SQL Server VSS Writer (Version: 9.00.5000.00)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Mozilla Firefox 12.0 (x86 de) (HKCU Version: 12.0)
Mozilla Firefox 4.0.1 (x86 de) (x32 Version: 4.0.1)
Mp3tag v2.48 (x32 Version: v2.48)
MSI Afterburner 2.3.1 (x32 Version: 2.3.1)
MSI Kombustor 2.5.0 (x32)
MSVCRT (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
My Movies Collection Management (x32 Version: 4.0.4.104)
MyFreeCodec (HKCU)
Nero 11 InfoTool (x32 Version: 11.0.00500)
Nero Core Components 11 (x32 Version: 11.0.15401.1.15)
Nero InfoTool 11 (x32 Version: 8.0.10400.1.100)
Nero InfoTool 11 Help (CHM) (x32 Version: 11.0.10000)
nero.prerequisites.msi (x32 Version: 11.0.20008)
Network64 (Version: 130.0.572.000)
Network64 (Version: 140.0.221.000)
NVIDIA 3D Vision Controller-Treiber 314.14 (Version: 314.14)
NVIDIA 3D Vision Treiber 314.14 (Version: 314.14)
NVIDIA GeForce Experience 1.0.1 (BETA) (Version: 1.0.1 (BETA))
NVIDIA Grafiktreiber 314.14 (Version: 314.14)
NVIDIA HD-Audiotreiber 1.3.23.1 (Version: 1.3.23.1)
NVIDIA Install Application (Version: 2.1002.109.706)
NVIDIA PhysX (x32 Version: 9.12.1031)
NVIDIA PhysX-Systemsoftware 9.12.1031 (Version: 9.12.1031)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1414)
NVIDIA Systemsteuerung 314.14 (Version: 314.14)
NVIDIA Update 2.47.62 (Version: 2.47.62)
NVIDIA Update Components (Version: 2.47.62)
OCR Software by I.R.I.S. 13.0 (Version: 13.0)
OF: Red River (x32 Version: 1.0.0003.129)
Origin (x32 Version: 9.1.13.85)
Paint.NET v3.5.10 (Version: 3.60.0)
PosteRazor (x32 Version: 1.5.2)
PunkBuster Services (x32 Version: 0.991)
QuickTime (x32 Version: 7.74.80.86)
RAGE (x32)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6235)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.32.0)
RESIDENT EVIL 5 (x32 Version: 1.0.0.129)
Return to Castle Wolfenstein (x32 Version: 1.41)
Samsung New PC Studio (x32 Version: 1.00.0000)
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.5.0)
Scan (x32 Version: 140.0.80.000)
Shop for HP Supplies (Version: 13.0)
SiSoftware Sandra Lite 2011.SP2a (Version: 17.55.2011.6)
SmartWebPrinting (x32 Version: 130.0.457.000)
SolutionCenter (x32 Version: 130.0.373.000)
Status (x32 Version: 130.0.469.000)
Steam (x32 Version: 1.0.0.0)
System Requirements Lab (x32)
TeamViewer 7 (x32 Version: 7.0.13989)
Text to Speech Maker version 1.6.7 (x32)
The Elder Scrolls V: Skyrim (x32)
T-Mobile Internet Manager (x32 Version: 1.0.0.3)
T-Mobile Internet Manager (x32 Version: 11.301.05.00.108)
Tomb Raider (x32)
Toolbox (x32 Version: 130.0.648.000)
TrayApp (x32 Version: 130.0.422.000)
Turbo Lister 2 (x32 Version: 2.00.0000)
Ubisoft Game Launcher (x32 Version: 1.0.0.0)
Unigine Heaven Benchmark v2.1 (x32 Version: 2.1)
UnloadSupport (x32 Version: 11.0.0)
Update for 2007 Microsoft Office System (KB967642) (x32)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (x32)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817327) 32-Bit Edition (x32)
Update für Microsoft Office Excel 2007 Help (KB963678) (x32)
Update für Microsoft Office Outlook 2007 Help (KB963677) (x32)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (x32)
Update für Microsoft Office Word 2007 Help (KB963665) (x32)
Uplay (x32 Version: 2.0)
USB Video/Audio Device Driver (x32 Version: 1.00.0000)
Visual C++ 9.0 CRT (x86) WinSXS MSM (x32 Version: 9.0)
VLC media player 2.0.5 (x32 Version: 2.0.5)
vReveal (x32)
WebReg (x32 Version: 130.0.132.017)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3555.0308)
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
WinRAR 4.01 (64-Bit) (Version: 4.01.0)
Wolfenstein(TM) 1.2 Patch (x32)
Xfire (remove only) (x32)
Yahoo! Detect (x32)
ZOTAC FireStorm (x32)

==================== Restore Points  =========================

29-06-2013 09:58:52 Removed Java(TM) 6 Update 26 (64-bit)
29-06-2013 09:59:06 Removed Java(TM) 6 Update 31
29-06-2013 15:45:12 Installed SpyHunter
29-06-2013 17:36:49 Removed SpyHunter

==================== Scheduled Tasks (whitelisted) =============

Task: {00873217-CE9C-4746-A49B-2E010F29130C} - System32\Tasks\{6F2D6E13-E3C3-46B4-8CF5-66E933B4313D} => C:\Programme\Grafik-Bildbearbeitungsprogramme\Picture Publisher 8 FULL\setup.exe No File
Task: {14E74339-14B6-4761-A3CE-F03B1E75283B} - System32\Tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor => C:\Windows\system32\sdclt.exe [2010-11-20] (Microsoft Corporation)
Task: {1E1E1EDF-6044-41F3-BC55-D0AFFCDA326D} - System32\Tasks\{BB7136E6-9F16-44A1-96A1-EDF0E7095A92} => C:\Programme\Grafik-Bildbearbeitungsprogramme\Picture Publisher 8 FULL\setup.exe No File
Task: {2A5F7682-F205-4DB1-B85E-EB8CA15A4893} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-23] (Google Inc.)
Task: {2D3C05FD-7BFB-490E-AB8E-3377B3E0D9B1} - System32\Tasks\ASUS\ASUS AI Suite II Execute => C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe [2010-11-26] (ASUSTeK Computer Inc.)
Task: {2F5655DC-C17C-4AA7-927E-5CA0EBA7330E} - System32\Tasks\{E15679CF-700E-45D3-A540-8C4D0CF14B13} => C:\Programme\Grafik-Bildbearbeitungsprogramme\Picture Publisher 8 FULL\setup.exe No File
Task: {67556C8A-5F24-4B19-AC4D-ADD662350801} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {6DE43D8B-2499-4A2E-982A-D5C502621A07} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {742A082F-7750-43FD-A7C0-1FD91F88118E} - System32\Tasks\4801 => C:\Windows\System32\wscript.exe [2009-07-14] (Microsoft Corporation)
Task: {8FD8B462-757C-4A81-8094-4F281815300B} - System32\Tasks\0 => C:\program files (x86)\internet explorer\iexplore.exe [2010-11-20] (Microsoft Corporation)
Task: {A25AFC54-63EB-4927-830F-D96DAFB110FA} - System32\Tasks\User_Feed_Synchronization-{AD176CB1-50D7-4810-8352-8DD3DE7D04F9} => C:\Windows\system32\msfeedssync.exe [2010-11-20] (Microsoft Corporation)
Task: {A4034284-7435-4AE1-B9FA-6D6952601D3A} - System32\Tasks\{CA73BACB-29C5-400B-9AFA-97235E3BE12C} => C:\Programme\Grafik-Bildbearbeitungsprogramme\Picture Publisher 8 FULL\setup.exe No File
Task: {A6322F04-1609-44B2-AC0F-54E4A5E4E93C} - System32\Tasks\{2D288029-36BF-4CB1-80F6-90507508AF5D} => C:\Programme\Grafik-Bildbearbeitungsprogramme\Picture Publisher 8 FULL\setup.exe No File
Task: {ADAC1273-88ED-48EC-97E0-5F263A8376F6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-12] (Adobe Systems Incorporated)
Task: {C855FBB7-38CC-4E93-BC3B-5C3FB3100A54} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\MpCmdRun.exe [2013-01-27] (Microsoft Corporation)
Task: {CB8B9B7E-D6B6-4A0A-9443-DD248B9AD403} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-23] (Google Inc.)
Task: {DEBC2DB5-2CC1-4ECB-8D9F-EF255B5322BE} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => C:\Windows\system32\rundll32.exe [2009-07-14] (Microsoft Corporation)
Task: {EBA0DF7A-FA95-4155-82AD-CD9861296BC3} - System32\Tasks\ASUS\ASUS DigiVRM Help => C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe [2010-10-12] (ASUSTeK Computer Inc.)
Task: {EC7EFDA9-564A-4A89-9C56-9ED974D8C4D9} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-23] (Microsoft Corporation)
Task: {EE0BDF50-6BE6-4BF0-A31C-816ED6B7B096} - System32\Tasks\{0D124AD0-CC06-4A67-BA1F-044B94D47505} => C:\Programme\Grafik-Bildbearbeitungsprogramme\Picture Publisher 8 FULL\setup.exe No File
Task: {FAEF095F-999D-4687-9867-3964A2B06D61} - System32\Tasks\{11105345-AC85-4750-869F-54D9955493E5} => C:\Eigene Dateien\Desktop\EyeInstaller.exe No File
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/29/2013 10:28:32 PM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Nicht erwarteter oder fehlender Wert (Name: "PackageName", Wert: "") für Schlüssel "HKLM\Software\Classes\Installer\Products\D139E7FE48CDB174D86B8A3385904547\SourceList".

Error: (06/29/2013 08:47:47 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (06/29/2013 08:31:52 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.

Error: (06/29/2013 08:31:52 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (06/29/2013 08:31:52 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (06/29/2013 08:26:18 PM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Nicht erwarteter oder fehlender Wert (Name: "PackageName", Wert: "") für Schlüssel "HKLM\Software\Classes\Installer\Products\D139E7FE48CDB174D86B8A3385904547\SourceList".

Error: (06/29/2013 07:15:24 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.

Error: (06/29/2013 07:15:24 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (06/29/2013 07:15:24 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (06/29/2013 07:11:20 PM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Nicht erwarteter oder fehlender Wert (Name: "PackageName", Wert: "") für Schlüssel "HKLM\Software\Classes\Installer\Products\D139E7FE48CDB174D86B8A3385904547\SourceList".


System errors:
=============
Error: (06/29/2013 10:28:17 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069

Error: (06/29/2013 10:28:17 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (06/29/2013 08:26:05 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069

Error: (06/29/2013 08:26:05 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (06/29/2013 07:11:08 PM) (Source: Service Control Manager) (User: )
Description: Dienst "HP CUE DeviceDiscovery Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (06/29/2013 07:11:05 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069

Error: (06/29/2013 07:11:05 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (06/29/2013 07:08:01 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068

Error: (06/29/2013 06:10:00 PM) (Source: DCOM) (User: )
Description: 1068netman{BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error: (06/29/2013 05:51:54 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068


Microsoft Office Sessions:
=========================
Error: (06/16/2013 00:40:45 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 166 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (04/28/2013 09:51:53 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 91 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (04/15/2013 04:17:32 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 9 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (03/24/2013 10:52:03 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 55 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (01/31/2013 11:48:36 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 11 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (01/18/2013 09:07:26 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 102 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (12/24/2012 09:21:29 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 12 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (11/26/2012 07:25:58 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 332 seconds with 120 seconds of active time.  This session ended with a crash.

Error: (11/03/2012 05:34:10 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6661.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 1407 seconds with 360 seconds of active time.  This session ended with a crash.

Error: (11/02/2012 09:35:44 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6661.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 28 seconds with 0 seconds of active time.  This session ended with a crash.


==================== Memory info ===========================

Percentage of memory in use: 23%
Total physical RAM: 8159.13 MB
Available physical RAM: 6222.46 MB
Total Pagefile: 16316.45 MB
Available Pagefile: 14119.64 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.69 GB) (Free:5.66 GB) NTFS (Disk=1 Partition=2)
Drive d: (Programme) (Fixed) (Total:310.5 GB) (Free:243.18 GB) NTFS (Disk=0 Partition=1)
Drive e: (Games) (Fixed) (Total:310.5 GB) (Free:134.42 GB) NTFS (Disk=0 Partition=2)
Drive f: (Daten) (Fixed) (Total:310.5 GB) (Free:25.15 GB) NTFS (Disk=0 Partition=3)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 8CC14EB9)
Partition 1: (Not Active) - (Size=311 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=311 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=311 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 112 GB) (Disk ID: 2B4486A0)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=112 GB) - (Type=07 NTFS)

==================== End Of Log ============================

schrauber 29.06.2013 21:43
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!
Downloade dir bitte Combofix vom folgenden Downloadspiegel

Link 1


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Eyeem 29.06.2013 21:59
Code:
ComboFix 13-06-28.02 - Thomas 29.06.2013  22:52:59.1.8 - x64
Microsoft Windows 7 Ultimate  6.1.7601.1.1252.49.1031.18.8159.5600 [GMT 2:00]
ausgeführt von:: f:\eigene dateien\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\1359056796.bdinstall.bin
c:\programdata\1360445475.bdinstall.bin
c:\users\Thomas\AppData\Roaming\Microsoft\Windows\Recent\DVDFab (2).url
c:\users\Thomas\AppData\Roaming\Microsoft\Windows\Recent\DVDFab (3).url
c:\users\Thomas\AppData\Roaming\Microsoft\Windows\Recent\DVDFab.url
c:\users\Thomas\AppData\Roaming\Naib
c:\users\Thomas\AppData\Roaming\Naib\meek.deu
c:\windows\SysWow64\muzapp.exe
c:\windows\wininit.ini
D:\install.exe
.
.
(((((((((((((((((((((((  Dateien erstellt von 2013-05-28 bis 2013-06-29  ))))))))))))))))))))))))))))))
.
.
2013-06-29 20:55 . 2013-06-29 20:55        --------        d-----w-        c:\users\UpdatusUser\AppData\Local\temp
2013-06-29 20:55 . 2013-06-29 20:55        --------        d-----w-        c:\users\Default\AppData\Local\temp
2013-06-29 20:30 . 2013-06-29 20:30        --------        d-----w-        C:\FRST
2013-06-29 20:29 . 2013-06-29 20:29        76232        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{ED7464F8-1F54-4DFD-A611-23F7F6160484}\offreg.dll
2013-06-29 15:45 . 2013-06-29 15:45        --------        d-----w-        c:\program files\Enigma Software Group
2013-06-29 15:45 . 2013-06-29 17:37        --------        d-----w-        c:\windows\E63D89610BA94CF39E94407ACA42846C.TMP
2013-06-29 15:44 . 2013-06-29 15:45        --------        d-----w-        c:\program files (x86)\Common Files\Wise Installation Wizard
2013-06-29 08:50 . 2013-06-12 03:08        9552976        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{ED7464F8-1F54-4DFD-A611-23F7F6160484}\mpengine.dll
2013-06-28 14:52 . 2013-06-12 03:08        9552976        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-06-27 18:37 . 2013-06-29 20:28        --------        d-----w-        c:\users\Thomas\AppData\Roaming\Owliqo
2013-06-27 18:37 . 2013-06-29 20:28        --------        d-----w-        c:\users\Thomas\AppData\Roaming\Hylu
2013-06-21 14:30 . 2013-06-21 14:30        964552        ------w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{99423815-BB5B-4889-B02E-8EB3509A39E3}\gapaengine.dll
2013-06-16 18:50 . 2013-06-16 18:52        --------        d-----w-        c:\users\Thomas\AppData\Local\Paint.NET
2013-06-12 11:16 . 2013-06-12 11:19        --------        d-----w-        c:\programdata\Spybot - Search & Destroy
2013-06-10 13:26 . 2013-06-12 11:24        --------        d-----w-        c:\users\Thomas\AppData\Roaming\Puaw
2013-06-10 13:26 . 2013-06-11 09:39        --------        d-----w-        c:\users\Thomas\AppData\Roaming\Onomry
2013-06-10 13:26 . 2013-06-10 13:26        --------        d-----w-        c:\users\Thomas\AppData\Roaming\Ylra
2013-06-07 11:29 . 2013-06-07 11:29        --------        d-----w-        c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-07 11:29 . 2013-06-07 11:29        --------        d-----w-        c:\program files\iPod
2013-06-07 11:29 . 2013-06-07 11:29        --------        d-----w-        c:\program files\iTunes
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-13 06:56 . 2011-05-18 12:31        75825640        ----a-w-        c:\windows\system32\MRT.exe
2013-06-12 08:30 . 2012-04-04 14:36        692104        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-12 08:30 . 2011-05-18 13:24        71048        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-25 19:07 . 2009-08-18 09:24        22240        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-21 18:24 . 2011-05-20 12:10        964552        ------w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-05-02 15:29 . 2011-05-18 12:29        278800        ------w-        c:\windows\system32\MpSigStub.exe
2013-05-01 01:59 . 2013-05-01 01:59        94208        ----a-w-        c:\windows\SysWow64\QuickTimeVR.qtx
2013-05-01 01:59 . 2013-05-01 01:59        69632        ----a-w-        c:\windows\SysWow64\QuickTime.qts
2013-04-13 05:49 . 2013-06-04 06:44        135168        ----a-w-        c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-06-04 06:44        308736        ----a-w-        c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-06-04 06:44        350208        ----a-w-        c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-06-04 06:44        111104        ----a-w-        c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-06-04 06:44        474624        ----a-w-        c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-06-04 06:44        2176512        ----a-w-        c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-24 14:27        1656680        ----a-w-        c:\windows\system32\drivers\ntfs.sys
2013-04-10 06:01 . 2013-05-15 14:21        265064        ----a-w-        c:\windows\system32\drivers\dxgmms1.sys
2013-04-10 06:01 . 2013-05-15 14:21        983400        ----a-w-        c:\windows\system32\drivers\dxgkrnl.sys
2013-04-10 03:30 . 2013-05-15 14:20        3153920        ----a-w-        c:\windows\system32\win32k.sys
2013-04-04 12:50 . 2012-08-07 18:55        25928        ----a-w-        c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HW_OPENEYE_OUC_T-Mobile Internet Manager"="d:\t-mobile internet manager\UpdateDog\ouc.exe" [2009-12-31 110592]
"Koyseko"="c:\users\Thomas\AppData\Roaming\Hylu\zyuxn.exe" [2011-08-16 641536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-10-26 375000]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"DataCardMonitor"="d:\t-mobile internet manager\DataCardMonitor.exe" [2012-09-16 253952]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"iTunesHelper"="d:\itunes\iTunesHelper.exe" [2013-05-31 152392]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux7"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute        REG_MULTI_SZ          autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SystemStoreService;System Store Service;c:\program files (x86)\Freetec\SystemStore\SystemStore.exe  -displayname System Store Service -servicename:SystemStoreService;c:\program files (x86)\Freetec\SystemStore\SystemStore.exe  -displayname System Store Service -servicename:SystemStoreService [x]
R3 AIDA64Driver;FinalWire AIDA64 Kernel Driver;h:\install\AIDA64 Extreme Edition\kerneld.x64;h:\install\AIDA64 Extreme Edition\kerneld.x64 [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 HSPADataCardusbmdm;HSPADataCard Proprietary USB Driver;c:\windows\system32\DRIVERS\HSPADataCardusbmdm.sys;c:\windows\SYSNATIVE\DRIVERS\HSPADataCardusbmdm.sys [x]
R3 HSPADataCardusbnmea;HSPADataCard NMEA Port;c:\windows\system32\DRIVERS\HSPADataCardusbnmea.sys;c:\windows\SYSNATIVE\DRIVERS\HSPADataCardusbnmea.sys [x]
R3 HSPADataCardusbser;HSPADataCard Diagnostic Port;c:\windows\system32\DRIVERS\HSPADataCardusbser.sys;c:\windows\SYSNATIVE\DRIVERS\HSPADataCardusbser.sys [x]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbdev.sys [x]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbfake.sys [x]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys;c:\windows\SYSNATIVE\drivers\massfilter.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2011.SP2a\RpcAgentSrv.exe;c:\program files\SiSoftware\SiSoftware Sandra Lite 2011.SP2a\RpcAgentSrv.exe [x]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bbus.sys [x]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bmdfl.sys [x]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bmdm.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys;c:\windows\SYSNATIVE\Drivers\TFsExDisk.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe;c:\windows\SYSNATIVE\IProsetMonitor.exe [x]
S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys;c:\windows\SYSNATIVE\DRIVERS\mv91xx.sys [x]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys;SysWow64\drivers\AsUpIO.sys [x]
S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe;c:\program files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe [x]
S2 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe;c:\program files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe [x]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [x]
S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 MSSQL$MYMOVIES;SQL Server (MYMOVIES);c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe;c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [x]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [x]
S3 ICCWDT;Intel(R) Watchdog Timer Driver (Intel(R) WDT);c:\windows\system32\DRIVERS\ICCWDT.sys;c:\windows\SYSNATIVE\DRIVERS\ICCWDT.sys [x]
S3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt        REG_MULTI_SZ          hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-04-16 10:07        451872        ----a-w-        c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-06-20 18:55        1165776        ----a-w-        c:\program files (x86)\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-06-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 08:30]
.
2013-06-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-23 20:45]
.
2013-06-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-23 20:45]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-02 11545192]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
"Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-01-19 1129248]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
FF - ProfilePath - c:\users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\jshqhzzg.default\
FF - prefs.js: browser.search.selectedEngine - Search Results
FF - prefs.js: browser.startup.homepage - hxxp://www.searchnu.com/410
FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=0&systemid=410&sr=0&q=
FF - ExtSQL: !HIDDEN! 2011-05-22 20:12; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-10 - (no file)
Wow6432Node-HKLM-Run-NPSStartup - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-10 - (no file)
WebBrowser-{78E516EF-11DE-47A1-8364-A99B917EC5EE} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SystemStoreService]
"ImagePath"="\"c:\program files (x86)\Freetec\SystemStore\SystemStore.exe\"  -displayname \"System Store Service\" -servicename:SystemStoreService"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AIDA64Driver]
"ImagePath"="\??\h:\install\AIDA64 Extreme Edition\kerneld.x64"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1080632113-3198329035-1010120444-1000\Software\SecuROM\License information*]
"datasecu"=hex:be,d5,98,f5,e0,d1,e6,fc,db,30,ba,9f,93,44,e2,1d,4a,64,c6,d7,b5,
  58,20,bf,c3,ff,f6,ae,70,06,ba,eb,8f,e9,fb,31,7a,61,69,df,c9,d2,61,6f,ea,9a,\
"rkeysecu"=hex:b1,61,1c,76,f5,3f,c1,0c,e2,ad,19,5c,2f,53,bf,e1
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-06-29  22:57:16
ComboFix-quarantined-files.txt  2013-06-29 20:57
.
Vor Suchlauf: 12 Verzeichnis(se), 10.353.655.808 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 10.274.525.184 Bytes frei
.
- - End Of File - - 883F7EA1C4AC26B596DEF7BE3F2A1F59
D41D8CD98F00B204E9800998ECF8427E

schrauber 30.06.2013 07:34
Combofix-Skript
WARNUNG für die MITLESER:
Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

  • Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm von folgenden Download-Spiegel neu herunter: Link
  • Speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)!
  • Drücke die Windows + R Taste --> notepad (hinein schreiben) --> OK
  • Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument.
    Code:
    Folder::
    c:\users\Thomas\AppData\Roaming\Owliqo
    c:\users\Thomas\AppData\Roaming\Hylu
    c:\users\Thomas\AppData\Roaming\Puaw
    c:\users\Thomas\AppData\Roaming\Onomry
    c:\users\Thomas\AppData\Roaming\Ylra
    Registry::
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Koyseko"=-
  • Speichere dies als CFScript.txt auf deinem Desktop.
  • Wichtig: Stelle deine Anti Viren Software temporär ab. Dies kann ComboFix nämlich bei der Arbeit behindern.
    Danach wieder anstellen nicht vergessen!
  • Schließe alle laufenden Programme damit ComboFix ungehindert arbeiten kann.
  • Ziehe CFScript.txt in die ComboFix.exe wie in diesem Bild:
  • Mache nichts am Computer, bewege nicht die Maus über das ComboFix-Fenster oder klicke in dieses hinein. Dies kann dazu führen, dass ComboFix sich aufhängt.
  • Wenn ComboFix fertig ist wird es ein Log erstellen: C:\ComboFix.txt
    Bitte füge es hier als Antwort (in CODE-Tags mit dem #-Button des Editors) ein.

Hinweis:
Suspect:: und Collect::
Falls im Skript diese Anweisungen enthalten sind, sollen Dateien zur Analyse eingeschickt werden. Es erscheint eine Message-Box, nachdem Combofix fertig ist. Klicke OK und folge den Aufforderungen/Anweisungen, um die Dateien hochzuladen. Teile mir unbedingt mit, ob der Upload geklappt hat!



Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


Eyeem 30.06.2013 10:17
Code:
ComboFix 13-06-28.02 - Thomas 30.06.2013  10:59:39.2.8 - x64
Microsoft Windows 7 Ultimate  6.1.7601.1.1252.49.1031.18.8159.6411 [GMT 2:00]
ausgeführt von:: f:\eigene dateien\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: f:\eigene dateien\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Thomas\AppData\Roaming\Hylu
c:\users\Thomas\AppData\Roaming\Hylu\libnspr4.dll
c:\users\Thomas\AppData\Roaming\Hylu\zyuxn.exe
c:\users\Thomas\AppData\Roaming\Onomry
c:\users\Thomas\AppData\Roaming\Onomry\ysxy.goz
c:\users\Thomas\AppData\Roaming\Onomry\ysxy.tmp
c:\users\Thomas\AppData\Roaming\Owliqo
c:\users\Thomas\AppData\Roaming\Puaw
c:\users\Thomas\AppData\Roaming\Ylra
c:\users\Thomas\AppData\Roaming\Ylra\wocee.rif
.
.
(((((((((((((((((((((((  Dateien erstellt von 2013-05-28 bis 2013-06-30  ))))))))))))))))))))))))))))))
.
.
2013-06-30 09:02 . 2013-06-30 09:02        --------        d-----w-        c:\users\UpdatusUser\AppData\Local\temp
2013-06-30 09:02 . 2013-06-30 09:02        --------        d-----w-        c:\users\Default\AppData\Local\temp
2013-06-29 21:08 . 2013-06-12 03:08        9552976        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B867AA87-560E-478C-B516-19D8EA7844BA}\mpengine.dll
2013-06-29 20:30 . 2013-06-29 20:30        --------        d-----w-        C:\FRST
2013-06-29 15:45 . 2013-06-29 15:45        --------        d-----w-        c:\program files\Enigma Software Group
2013-06-29 15:45 . 2013-06-29 17:37        --------        d-----w-        c:\windows\E63D89610BA94CF39E94407ACA42846C.TMP
2013-06-29 15:44 . 2013-06-29 15:45        --------        d-----w-        c:\program files (x86)\Common Files\Wise Installation Wizard
2013-06-29 08:50 . 2013-06-12 03:08        9552976        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-06-21 14:30 . 2013-06-21 14:30        964552        ------w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{99423815-BB5B-4889-B02E-8EB3509A39E3}\gapaengine.dll
2013-06-16 18:50 . 2013-06-16 18:52        --------        d-----w-        c:\users\Thomas\AppData\Local\Paint.NET
2013-06-12 11:16 . 2013-06-12 11:19        --------        d-----w-        c:\programdata\Spybot - Search & Destroy
2013-06-07 11:29 . 2013-06-07 11:29        --------        d-----w-        c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-07 11:29 . 2013-06-07 11:29        --------        d-----w-        c:\program files\iPod
2013-06-07 11:29 . 2013-06-07 11:29        --------        d-----w-        c:\program files\iTunes
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-13 06:56 . 2011-05-18 12:31        75825640        ----a-w-        c:\windows\system32\MRT.exe
2013-06-12 08:30 . 2012-04-04 14:36        692104        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-12 08:30 . 2011-05-18 13:24        71048        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-25 19:07 . 2009-08-18 09:24        22240        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-21 18:24 . 2011-05-20 12:10        964552        ------w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-05-02 15:29 . 2011-05-18 12:29        278800        ------w-        c:\windows\system32\MpSigStub.exe
2013-05-01 01:59 . 2013-05-01 01:59        94208        ----a-w-        c:\windows\SysWow64\QuickTimeVR.qtx
2013-05-01 01:59 . 2013-05-01 01:59        69632        ----a-w-        c:\windows\SysWow64\QuickTime.qts
2013-04-13 05:49 . 2013-06-04 06:44        135168        ----a-w-        c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-06-04 06:44        308736        ----a-w-        c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-06-04 06:44        350208        ----a-w-        c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-06-04 06:44        111104        ----a-w-        c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-06-04 06:44        474624        ----a-w-        c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-06-04 06:44        2176512        ----a-w-        c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-24 14:27        1656680        ----a-w-        c:\windows\system32\drivers\ntfs.sys
2013-04-10 06:01 . 2013-05-15 14:21        265064        ----a-w-        c:\windows\system32\drivers\dxgmms1.sys
2013-04-10 06:01 . 2013-05-15 14:21        983400        ----a-w-        c:\windows\system32\drivers\dxgkrnl.sys
2013-04-10 03:30 . 2013-05-15 14:20        3153920        ----a-w-        c:\windows\system32\win32k.sys
2013-04-04 12:50 . 2012-08-07 18:55        25928        ----a-w-        c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HW_OPENEYE_OUC_T-Mobile Internet Manager"="d:\t-mobile internet manager\UpdateDog\ouc.exe" [2009-12-31 110592]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-10-26 375000]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"DataCardMonitor"="d:\t-mobile internet manager\DataCardMonitor.exe" [2012-09-16 253952]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"iTunesHelper"="d:\itunes\iTunesHelper.exe" [2013-05-31 152392]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux7"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute        REG_MULTI_SZ          autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SystemStoreService;System Store Service;c:\program files (x86)\Freetec\SystemStore\SystemStore.exe  -displayname System Store Service -servicename:SystemStoreService;c:\program files (x86)\Freetec\SystemStore\SystemStore.exe  -displayname System Store Service -servicename:SystemStoreService [x]
R3 AIDA64Driver;FinalWire AIDA64 Kernel Driver;h:\install\AIDA64 Extreme Edition\kerneld.x64;h:\install\AIDA64 Extreme Edition\kerneld.x64 [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 HSPADataCardusbmdm;HSPADataCard Proprietary USB Driver;c:\windows\system32\DRIVERS\HSPADataCardusbmdm.sys;c:\windows\SYSNATIVE\DRIVERS\HSPADataCardusbmdm.sys [x]
R3 HSPADataCardusbnmea;HSPADataCard NMEA Port;c:\windows\system32\DRIVERS\HSPADataCardusbnmea.sys;c:\windows\SYSNATIVE\DRIVERS\HSPADataCardusbnmea.sys [x]
R3 HSPADataCardusbser;HSPADataCard Diagnostic Port;c:\windows\system32\DRIVERS\HSPADataCardusbser.sys;c:\windows\SYSNATIVE\DRIVERS\HSPADataCardusbser.sys [x]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbdev.sys [x]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbfake.sys [x]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys;c:\windows\SYSNATIVE\drivers\massfilter.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2011.SP2a\RpcAgentSrv.exe;c:\program files\SiSoftware\SiSoftware Sandra Lite 2011.SP2a\RpcAgentSrv.exe [x]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bbus.sys [x]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bmdfl.sys [x]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bmdm.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys;c:\windows\SYSNATIVE\Drivers\TFsExDisk.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe;c:\windows\SYSNATIVE\IProsetMonitor.exe [x]
S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys;c:\windows\SYSNATIVE\DRIVERS\mv91xx.sys [x]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys;SysWow64\drivers\AsUpIO.sys [x]
S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe;c:\program files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe [x]
S2 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe;c:\program files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe [x]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [x]
S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 MSSQL$MYMOVIES;SQL Server (MYMOVIES);c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe;c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [x]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [x]
S3 ICCWDT;Intel(R) Watchdog Timer Driver (Intel(R) WDT);c:\windows\system32\DRIVERS\ICCWDT.sys;c:\windows\SYSNATIVE\DRIVERS\ICCWDT.sys [x]
S3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt        REG_MULTI_SZ          hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-04-16 10:07        451872        ----a-w-        c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-06-20 18:55        1165776        ----a-w-        c:\program files (x86)\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-06-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 08:30]
.
2013-06-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-23 20:45]
.
2013-06-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-23 20:45]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-02 11545192]
"Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-01-19 1129248]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
FF - ProfilePath - c:\users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\jshqhzzg.default\
FF - prefs.js: browser.search.selectedEngine - Search Results
FF - prefs.js: browser.startup.homepage - hxxp://www.searchnu.com/410
FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=0&systemid=410&sr=0&q=
FF - ExtSQL: !HIDDEN! 2011-05-22 20:12; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-10 - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
WebBrowser-{78E516EF-11DE-47A1-8364-A99B917EC5EE} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SystemStoreService]
"ImagePath"="\"c:\program files (x86)\Freetec\SystemStore\SystemStore.exe\"  -displayname \"System Store Service\" -servicename:SystemStoreService"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AIDA64Driver]
"ImagePath"="\??\h:\install\AIDA64 Extreme Edition\kerneld.x64"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1080632113-3198329035-1010120444-1000\Software\SecuROM\License information*]
"datasecu"=hex:be,d5,98,f5,e0,d1,e6,fc,db,30,ba,9f,93,44,e2,1d,4a,64,c6,d7,b5,
  58,20,bf,c3,ff,f6,ae,70,06,ba,eb,8f,e9,fb,31,7a,61,69,df,c9,d2,61,6f,ea,9a,\
"rkeysecu"=hex:b1,61,1c,76,f5,3f,c1,0c,e2,ad,19,5c,2f,53,bf,e1
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-06-30  11:04:04
ComboFix-quarantined-files.txt  2013-06-30 09:04
ComboFix2.txt  2013-06-29 20:57
.
Vor Suchlauf: 16 Verzeichnis(se), 10.346.250.240 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 10.271.395.840 Bytes frei
.
- - End Of File - - C79E078633EEDA6762AA3F2433022C3E
D41D8CD98F00B204E9800998ECF8427E
ComboFix hat zwar gemeckert das Microsoft Security Essentials noch an ist, wurde aber von mir komplett beendet, am Taskmanager waren die Prozesse "MsMpEng.exe und msseces.exe" auch NICHT mehr vorhanden. Hoffe das passt so...

Code:
# AdwCleaner v2.303 - Datei am 30/06/2013 um 11:22:39 erstellt
# Aktualisiert am 08/06/2013 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzer : Thomas - THOMAS-PC
# Bootmodus : Normal
# Ausgeführt unter : F:\Eigene Dateien\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****

Gestoppt & Gelöscht : BCUService

***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\jshqhzzg.default\foxydeal.sqlite
Datei Gelöscht : C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\jshqhzzg.default\searchplugins\Askcom.xml
Datei Gelöscht : C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\jshqhzzg.default\searchplugins\Search_Results.xml
Ordner Gelöscht : C:\Program Files (x86)\Conduit
Ordner Gelöscht : C:\Program Files (x86)\DeviceVM
Ordner Gelöscht : C:\Program Files (x86)\FreeRIP3
Ordner Gelöscht : C:\ProgramData\Ask
Ordner Gelöscht : C:\ProgramData\boost_interprocess
Ordner Gelöscht : C:\ProgramData\FreeRIP
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeRIP3
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\Users\Thomas\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\Thomas\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Thomas\AppData\LocalLow\PriceGong
Ordner Gelöscht : C:\Users\Thomas\AppData\LocalLow\searchquband
Ordner Gelöscht : C:\Users\Thomas\AppData\Roaming\dvdvideosoftiehelpers

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\APN PIP
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\searchqutoolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Toolbar
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\DeviceVM
Schlüssel Gelöscht : HKCU\Software\Headlight
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BC86E1AB-EDA5-4059-938F-CE307B0C6F0A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gelöscht : HKCU\Software\PIP
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT3241949
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{77AA6435-2488-4A94-9FE5-49519DD2ED9B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\DeviceVM
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gelöscht : HKLM\Software\PIP
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{BC86E1AB-EDA5-4059-938F-CE307B0C6F0A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D793423B-FF18-4A54-B9C9-75B3396BAAC4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{BC86E1AB-EDA5-4059-938F-CE307B0C6F0A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [BCU]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [10]

***** [Internet Browser] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v4.0.1 (de)

Datei : C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\jshqhzzg.default\prefs.js

C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\jshqhzzg.default\user.js ... Gelöscht !

Gelöscht : user_pref("browser.search.defaultenginename", "Search Results");
Gelöscht : user_pref("browser.search.order.1", "Search Results");
Gelöscht : user_pref("browser.search.selectedEngine", "Search Results");
Gelöscht : user_pref("browser.startup.homepage", "hxxp://www.searchnu.com/410");
Gelöscht : user_pref("keyword.URL", "hxxp://dts.search-results.com/sr?src=ffb&appid=0&systemid=410&sr=0&q=");

-\\ Google Chrome v27.0.1453.116

Datei : C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

-\\ Opera v [Version kann nicht ermittelt werden]

Datei : C:\Users\Thomas\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [8194 octets] - [29/06/2013 22:02:45]
AdwCleaner[S1].txt - [6637 octets] - [30/06/2013 11:22:39]

########## EOF - C:\AdwCleaner[S1].txt - [6697 octets] ##########
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Ultimate x64
Ran by Thomas on 30.06.2013 at 11:26:01,74
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Thomas\appdata\locallow\datamngr"
Successfully deleted: [Empty Folder] C:\Users\Thomas\appdata\local\{BF9DD970-0925-4082-83D5-AAC414261134}



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 30.06.2013 at 11:28:05,73
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

schrauber 30.06.2013 14:01
Ja passt :)


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST Log bitte. Noch Probleme?

Eyeem 30.06.2013 18:20
Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=9a0d95e7888f42468cf6ff6356d82109
# engine=14209
# end=stopped
# remove_checked=false
# archives_checked=false
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-06-30 02:31:32
# local_time=2013-06-30 04:31:32 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 66878890 124232542 0 0
# scanned=106114
# found=0
# cleaned=0
# scan_time=3425
ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=9a0d95e7888f42468cf6ff6356d82109
# engine=14212
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-06-30 04:29:20
# local_time=2013-06-30 06:29:20 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 66885958 124239610 0 0
# scanned=309657
# found=0
# cleaned=0
# scan_time=6950
Code:
Results of screen317's Security Check version 0.99.68 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
``````````````Antivirus/Firewall Check:``````````````
Microsoft Security Essentials 
 Antivirus up to date! 
`````````Anti-malware/Other Utilities Check:`````````
 Out of date HijackThis  installed!
 Malwarebytes Anti-Malware Version 1.75.0.1300 
 HijackThis 2.0.2   
 DH Driver Cleaner Professional Edition
 Java(TM) 6 Update 31 
 Java version out of Date!
 Adobe Flash Player 11.7.700.224 
 Adobe Reader 10.1.7 Adobe Reader out of Date! 
 Mozilla Firefox (4.0.1)
 Google Chrome 27.0.1453.110 
 Google Chrome 27.0.1453.116 
````````Process Check: objlist.exe by Laurent```````` 
 Microsoft Security Essentials MSMpEng.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 
````````````````````End of Log``````````````````````

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-06-2013 01
Ran by Thomas (administrator) on 30-06-2013 19:23:06
Running from F:\Eigene Dateien\Desktop
Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe
() C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe
() C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Huawei Technologies Co., Ltd.) C:\Users\Thomas\AppData\Roaming\T-Mobile Internet Manager\ouc.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Huawei Technologies Co., Ltd.) D:\T-Mobile Internet Manager\DataCardMonitor.exe
(Apple Inc.) D:\iTunes\iTunesHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil64_11_7_700_224_ActiveX.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [11545192 2010-11-02] (Realtek Semiconductor)
HKLM\...\Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"  -f "C:\ProgramData\NVIDIA\Updatus\NvTmru\nvtmru.dat" [734208 2013-06-30] ()
HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1281512 2013-01-27] (Microsoft Corporation)
HKCU\...\Run: [HW_OPENEYE_OUC_T-Mobile Internet Manager] "D:\T-Mobile Internet Manager\UpdateDog\ouc.exe" [x]
HKCU\...\Policies\system: [DisableRegistryTools] 0
HKCU\...\Policies\system: [DisableTaskMgr] 0
HKLM-x32\...\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: []  [x]
HKLM-x32\...\Run: [DataCardMonitor] D:\T-Mobile Internet Manager\DataCardMonitor.exe [x]
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "D:\iTunes\iTunesHelper.exe" [x]
Startup: C:\ProgramData\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

ProxyServer: :0
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Java\bin\jp2ssv.dll No File
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {78E516EF-11DE-47A1-8364-A99B917EC5EE} -  No File
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: HKLM-x32 {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: msdaipp - No CLSID Value -
Handler-x32: msdaipp - No CLSID Value -
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\jshqhzzg.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @java.com/JavaPlugin - D:\Java\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - D:\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=1.102.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=1.110.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.1.3 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: ProxTube - Gesperrte YouTube Videos entsperren - C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\jshqhzzg.default\Extensions\ich@maltegoetz.de
FF Extension: youtubeunblocker - C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\jshqhzzg.default\Extensions\youtubeunblocker@unblocker.yt.xpi
FF HKLM-x32\...\Firefox\Extensions: [ff-bmboc@bytemobile.com] D:\Congstar\Internet-Manager\Bin\addon
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: <?xml version="1.0"?>

<RDF xmlns="hxxp://www.w3.org/1999/02/22-rdf-syntax-ns#"
    xmlns:em="hxxp://www.mozilla.org/2004/em-rdf#">
  <Description about="urn:mozilla:install-manifest">
    <em:id>smartwebprinting@hp.com</em:id>
    <em:version>4.51</em:version>

    <em:targetApplication>
      <!-- Firefox -->
      <Description>
        <em:id>{ec8030f7-c20a-464f-9b0e-13a3a9e97384}</em:id>
        <em:minVersion>3.0.0.0</em:minVersion>
        <em:maxVersion>3.*.*.*</em:maxVersion>
      </Description>
    </em:targetApplication>

    <!-- front-end metadata -->
    <em:name>HP Smart Web Printing</em:name>
    <em:description>Print what you want, how you want.</em:description>
    <em:creator>hp.com</em:creator>
    <em:homepageURL>hxxp://www.hp.com/go/smartwebprinting</em:homepageURL>
   
    <em:aboutURL>chrome://hpsmartwebprinting/content/about.xul</em:aboutURL>
    <em:iconURL>chrome://hpsmartwebprinting/skin/toolbar-icon-normal-24.png</em:iconURL>
    <em:targetPlatform>WINNT_x86-msvc</em:targetPlatform>
  </Description>
</RDF>
 - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: <?xml version="1.0"?>

<RDF xmlns="hxxp://www.w3.org/1999/02/22-rdf-syntax-ns#"
    xmlns:em="hxxp://www.mozilla.org/2004/em-rdf#">
  <Description about="urn:mozilla:install-manifest">
    <em:id>smartwebprinting@hp.com</em:id>
    <em:version>4.51</em:version>

    <em:targetApplication>
      <!-- Firefox -->
      <Description>
        <em:id>{ec8030f7-c20a-464f-9b0e-13a3a9e97384}</em:id>
        <em:minVersion>3.0.0.0</em:minVersion>
        <em:maxVersion>3.*.*.*</em:maxVersion>
      </Description>
    </em:targetApplication>

    <!-- front-end metadata -->
    <em:name>HP Smart Web Printing</em:name>
    <em:description>Print what you want, how you want.</em:description>
    <em:creator>hp.com</em:creator>
    <em:homepageURL>hxxp://www.hp.com/go/smartwebprinting</em:homepageURL>
   
    <em:aboutURL>chrome://hpsmartwebprinting/content/about.xul</em:aboutURL>
    <em:iconURL>chrome://hpsmartwebprinting/skin/toolbar-icon-normal-24.png</em:iconURL>
    <em:targetPlatform>WINNT_x86-msvc</em:targetPlatform>
  </Description>
</RDF>
 - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome:
=======
CHR HomePage: hxxp://www.google.de/
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (ESN Launch Mozilla Plugin) - C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll (ESN Social Software AB)
CHR Plugin: (ESN Launch Mozilla Plugin) - C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll (ESN Social Software AB)
CHR Plugin: (ESN Sonar API) - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (phonostar Detector) - D:\Phonostar-Player\npphonostarDetectNP.dll No File
CHR Plugin: (Uplay PC) - D:\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
CHR Plugin: (iTunes Application Detector) - D:\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Extension: (Google Docs) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Gmail) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

==================== Services (Whitelisted) =================

R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe [918144 2010-11-03] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe [915584 2010-12-02] ()
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [586880 2010-10-21] ()
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation)
R2 MSSQL$MYMOVIES; C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] (Microsoft Corporation)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-03-28] ()
S3 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011.SP2a\RpcAgentSrv.exe [93848 2009-08-10] (SiSoftware)
S2 SystemStoreService; C:\Program Files (x86)\Freetec\SystemStore\SystemStore.exe [9012224 2012-10-22] ()

==================== Drivers (Whitelisted) ====================

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-24] ()
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-24] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
S3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [114304 2009-10-12] (Huawei Technologies Co., Ltd.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)
S3 SANDRA; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011.SP2a\WNt500x64\Sandra.sys [23112 2009-08-07] (SiSoftware)
S3 AIDA64Driver; \??\H:\Install\AIDA64 Extreme Edition\kerneld.x64 [x]
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 HSPADataCardusbmdm; system32\DRIVERS\HSPADataCardusbmdm.sys [x]
S3 HSPADataCardusbnmea; system32\DRIVERS\HSPADataCardusbnmea.sys [x]
S3 HSPADataCardusbser; system32\DRIVERS\HSPADataCardusbser.sys [x]
S3 hwusbfake; system32\DRIVERS\ewusbfake.sys [x]
S3 massfilter; system32\drivers\massfilter.sys [x]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [x]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [x]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-06-30 17:20 - 2013-06-30 17:20 - 00000000 ____D C:\Users\Thomas\AppData\Roaming\FreeCDRipper
2013-06-30 11:28 - 2013-06-30 11:28 - 00000807 ____A C:\Users\Thomas\Desktop\JRT.txt
2013-06-30 11:26 - 2013-06-30 11:26 - 00000000 ____D C:\Windows\ERUNT
2013-06-30 11:25 - 2013-06-30 11:25 - 00000000 ____D C:\JRT
2013-06-30 11:22 - 2013-06-30 11:22 - 00006754 ____A C:\AdwCleaner[S1].txt
2013-06-30 11:04 - 2013-06-30 11:04 - 00023251 ____A C:\ComboFix.txt
2013-06-29 22:52 - 2011-06-26 08:45 - 00256000 ____A C:\Windows\PEV.exe
2013-06-29 22:52 - 2010-11-07 19:20 - 00208896 ____A C:\Windows\MBR.exe
2013-06-29 22:52 - 2009-04-20 06:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2013-06-29 22:52 - 2000-08-31 02:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2013-06-29 22:52 - 2000-08-31 02:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2013-06-29 22:52 - 2000-08-31 02:00 - 00098816 ____A C:\Windows\sed.exe
2013-06-29 22:52 - 2000-08-31 02:00 - 00080412 ____A C:\Windows\grep.exe
2013-06-29 22:52 - 2000-08-31 02:00 - 00068096 ____A C:\Windows\zip.exe
2013-06-29 22:45 - 2013-06-30 11:04 - 00000000 ___AD C:\Qoobox
2013-06-29 22:45 - 2013-06-29 22:56 - 00000000 ____D C:\Windows\erdnt
2013-06-29 22:30 - 2013-06-29 22:30 - 00000000 ____D C:\FRST
2013-06-29 22:28 - 2013-06-30 15:08 - 00000448 ____A C:\Windows\setupact.log
2013-06-29 22:28 - 2013-06-30 11:22 - 00001438 ____A C:\Windows\PFRO.log
2013-06-29 22:28 - 2013-06-29 22:28 - 00000000 ____A C:\Windows\setuperr.log
2013-06-29 22:02 - 2013-06-29 22:02 - 00008194 ____A C:\AdwCleaner[R1].txt
2013-06-29 17:45 - 2013-06-29 19:37 - 00000000 ____D C:\Windows\E63D89610BA94CF39E94407ACA42846C.TMP
2013-06-29 17:45 - 2013-06-29 17:45 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-06-29 17:45 - 2013-06-29 17:45 - 00000000 ____A C:\autoexec.bat
2013-06-16 20:50 - 2013-06-16 20:52 - 00000000 ____D C:\Users\Thomas\AppData\Local\Paint.NET
2013-06-16 20:50 - 2013-06-16 20:50 - 00000940 ____A C:\Users\Public\Desktop\Paint.NET.lnk
2013-06-12 13:22 - 2013-06-12 13:22 - 00000627 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-06-12 13:16 - 2013-06-12 13:19 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-06-12 10:22 - 2013-05-17 08:14 - 01188864 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-12 10:22 - 2013-05-17 08:13 - 01492992 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-12 10:22 - 2013-05-17 08:13 - 00134144 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-06-12 10:22 - 2013-05-17 08:10 - 09061376 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-12 10:22 - 2013-05-17 08:10 - 00735232 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-12 10:22 - 2013-05-17 08:10 - 00097792 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-06-12 10:22 - 2013-05-17 08:09 - 12294656 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-12 10:22 - 2013-05-17 08:09 - 02458112 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-12 10:22 - 2013-05-17 08:09 - 00247808 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-12 10:22 - 2013-05-17 08:09 - 00064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-12 10:22 - 2013-05-16 20:21 - 01231872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-12 10:22 - 2013-05-16 20:21 - 00981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-12 10:22 - 2013-05-16 20:21 - 00132096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-06-12 10:22 - 2013-05-16 20:18 - 06034432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-12 10:22 - 2013-05-16 20:18 - 00627712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-12 10:22 - 2013-05-16 20:18 - 00067584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-06-12 10:22 - 2013-05-16 20:17 - 11020800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-12 10:22 - 2013-05-16 20:17 - 02078208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-12 10:22 - 2013-05-16 20:17 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-12 10:22 - 2013-05-16 20:17 - 00048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-12 10:22 - 2013-05-16 19:10 - 01638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-12 10:22 - 2013-05-16 18:44 - 01638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-12 10:22 - 2013-05-13 07:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-12 10:22 - 2013-05-13 07:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-12 10:22 - 2013-05-13 07:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-12 10:22 - 2013-05-13 07:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-12 10:22 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-12 10:22 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-12 10:22 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-12 10:22 - 2013-05-13 05:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-12 10:22 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-12 10:22 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-12 10:22 - 2013-05-08 08:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-12 10:22 - 2013-04-26 07:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-12 10:22 - 2013-04-26 06:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-07 13:29 - 2013-06-07 13:29 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-07 13:29 - 2013-06-07 13:29 - 00000000 ____D C:\Program Files\iTunes
2013-06-07 13:29 - 2013-06-07 13:29 - 00000000 ____D C:\Program Files\iPod
2013-06-04 08:44 - 2013-03-19 07:53 - 00230400 ____A (Microsoft Corporation) C:\Windows\System32\wwansvc.dll
2013-06-04 08:44 - 2013-03-19 07:53 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\wwanprotdim.dll
2013-06-04 08:44 - 2013-01-24 08:01 - 00223752 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fvevol.sys
2013-06-04 08:44 - 2013-01-13 23:17 - 00009728 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-04 08:44 - 2013-01-13 23:17 - 00002560 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-06-04 08:44 - 2013-01-13 23:16 - 00010752 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-06-04 08:44 - 2013-01-13 23:12 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-06-04 08:44 - 2013-01-13 23:11 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-06-04 08:44 - 2013-01-13 23:11 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-06-04 08:44 - 2013-01-13 23:11 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-06-04 08:44 - 2013-01-13 23:11 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2013-06-04 08:44 - 2013-01-13 23:11 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-06-04 08:44 - 2013-01-13 22:35 - 00010752 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-06-04 08:44 - 2013-01-13 22:35 - 00009728 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-04 08:44 - 2013-01-13 22:35 - 00002560 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-06-04 08:44 - 2013-01-13 22:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-06-04 08:44 - 2013-01-13 22:31 - 01247744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-06-04 08:44 - 2013-01-13 22:31 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-06-04 08:44 - 2013-01-13 22:31 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-06-04 08:44 - 2013-01-13 22:31 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-06-04 08:44 - 2013-01-13 22:31 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
2013-06-04 08:44 - 2013-01-13 22:31 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-06-04 08:44 - 2013-01-13 22:22 - 01988096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2013-06-04 08:44 - 2013-01-13 22:20 - 00293376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2013-06-04 08:44 - 2013-01-13 22:09 - 00249856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2013-06-04 08:44 - 2013-01-13 22:08 - 01504768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-06-04 08:44 - 2013-01-13 22:08 - 00220160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2013-06-04 08:44 - 2013-01-13 21:59 - 01643520 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2013-06-04 08:44 - 2013-01-13 21:58 - 01175552 ____A (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2013-06-04 08:44 - 2013-01-13 21:54 - 00604160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2013-06-04 08:44 - 2013-01-13 21:53 - 00207872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2013-06-04 08:44 - 2013-01-13 21:53 - 00187392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2013-06-04 08:44 - 2013-01-13 21:51 - 02565120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2013-06-04 08:44 - 2013-01-13 21:49 - 00363008 ____A (Microsoft Corporation) C:\Windows\System32\dxgi.dll
2013-06-04 08:44 - 2013-01-13 21:48 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2013-06-04 08:44 - 2013-01-13 21:46 - 01080832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2013-06-04 08:44 - 2013-01-13 21:43 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-06-04 08:44 - 2013-01-13 21:38 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-06-04 08:44 - 2013-01-13 21:38 - 00333312 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2013-06-04 08:44 - 2013-01-13 21:38 - 00296960 ____A (Microsoft Corporation) C:\Windows\System32\d3d10core.dll
2013-06-04 08:44 - 2013-01-13 21:37 - 03419136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2013-06-04 08:44 - 2013-01-13 21:25 - 00245248 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll
2013-06-04 08:44 - 2013-01-13 21:24 - 00648192 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2013-06-04 08:44 - 2013-01-13 21:24 - 00221184 ____A (Microsoft Corporation) C:\Windows\System32\UIAnimation.dll
2013-06-04 08:44 - 2013-01-13 21:20 - 01238528 ____A (Microsoft Corporation) C:\Windows\System32\d3d10.dll
2013-06-04 08:44 - 2013-01-13 21:20 - 00194560 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2013-06-04 08:44 - 2013-01-13 21:15 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-06-04 08:44 - 2013-01-13 21:10 - 03928064 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2013-06-04 08:44 - 2013-01-13 21:02 - 00417792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-06-04 08:44 - 2013-01-13 20:34 - 00364544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-06-04 08:44 - 2013-01-13 20:32 - 00465920 ____A (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll
2013-06-04 08:44 - 2013-01-13 20:09 - 00522752 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
2013-06-04 08:44 - 2013-01-13 19:26 - 01158144 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2013-06-04 08:44 - 2013-01-13 19:05 - 01682432 ____A (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll
2013-06-04 08:44 - 2013-01-04 08:11 - 02776576 ____A (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll
2013-06-04 08:44 - 2013-01-04 08:11 - 02284544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll

==================== One Month Modified Files and Folders =======

2013-06-30 19:19 - 2013-05-03 12:09 - 02030621 ____A C:\Windows\WindowsUpdate.log
2013-06-30 18:55 - 2013-03-23 22:45 - 00001110 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-30 18:30 - 2012-08-01 16:31 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-30 17:20 - 2013-06-30 17:20 - 00000000 ____D C:\Users\Thomas\AppData\Roaming\FreeCDRipper
2013-06-30 15:46 - 2009-07-14 19:58 - 50299650 ____A C:\Windows\System32\perfh007.dat
2013-06-30 15:46 - 2009-07-14 19:58 - 15904644 ____A C:\Windows\System32\perfc007.dat
2013-06-30 15:46 - 2009-07-14 07:13 - 00006698 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-30 15:16 - 2009-07-14 06:45 - 00016000 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-30 15:16 - 2009-07-14 06:45 - 00016000 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-30 15:15 - 2011-05-22 11:52 - 00000000 ____D C:\Users\Thomas\AppData\Roaming\vlc
2013-06-30 15:09 - 2013-03-23 22:45 - 00001106 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-30 15:08 - 2013-06-29 22:28 - 00000448 ____A C:\Windows\setupact.log
2013-06-30 15:08 - 2011-05-18 16:33 - 00000000 ____D C:\ProgramData\NVIDIA
2013-06-30 15:08 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-30 11:33 - 2011-05-18 15:28 - 00006700 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2013-06-30 11:28 - 2013-06-30 11:28 - 00000807 ____A C:\Users\Thomas\Desktop\JRT.txt
2013-06-30 11:26 - 2013-06-30 11:26 - 00000000 ____D C:\Windows\ERUNT
2013-06-30 11:25 - 2013-06-30 11:25 - 00000000 ____D C:\JRT
2013-06-30 11:22 - 2013-06-30 11:22 - 00006754 ____A C:\AdwCleaner[S1].txt
2013-06-30 11:22 - 2013-06-29 22:28 - 00001438 ____A C:\Windows\PFRO.log
2013-06-30 11:04 - 2013-06-30 11:04 - 00023251 ____A C:\ComboFix.txt
2013-06-30 11:04 - 2013-06-29 22:45 - 00000000 ___AD C:\Qoobox
2013-06-30 11:02 - 2009-07-14 04:34 - 00000215 ____A C:\Windows\system.ini
2013-06-29 22:56 - 2013-06-29 22:45 - 00000000 ____D C:\Windows\erdnt
2013-06-29 22:30 - 2013-06-29 22:30 - 00000000 ____D C:\FRST
2013-06-29 22:28 - 2013-06-29 22:28 - 00000000 ____A C:\Windows\setuperr.log
2013-06-29 22:16 - 2011-05-21 18:12 - 00000000 ____D C:\Users\Thomas\AppData\Roaming\Xfire
2013-06-29 22:02 - 2013-06-29 22:02 - 00008194 ____A C:\AdwCleaner[R1].txt
2013-06-29 19:37 - 2013-06-29 17:45 - 00000000 ____D C:\Windows\E63D89610BA94CF39E94407ACA42846C.TMP
2013-06-29 17:45 - 2013-06-29 17:45 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-06-29 17:45 - 2013-06-29 17:45 - 00000000 ____A C:\autoexec.bat
2013-06-27 20:24 - 2011-05-21 18:12 - 00000000 ____D C:\ProgramData\Xfire
2013-06-22 14:14 - 2011-06-19 21:49 - 00000000 ____D C:\Users\Thomas\Documents\Turbo Lister Backup
2013-06-21 16:19 - 2009-07-14 07:08 - 00032632 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-06-16 20:52 - 2013-06-16 20:50 - 00000000 ____D C:\Users\Thomas\AppData\Local\Paint.NET
2013-06-16 20:50 - 2013-06-16 20:50 - 00000940 ____A C:\Users\Public\Desktop\Paint.NET.lnk
2013-06-13 18:20 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-06-13 09:14 - 2011-05-18 13:55 - 00000000 ____D C:\users\Thomas
2013-06-13 09:13 - 2011-06-17 21:11 - 00000000 ____D C:\Users\Thomas\Documents\FFOutput
2013-06-13 09:05 - 2012-08-01 20:01 - 00000000 ____D C:\ProgramData\DVD Shrink
2013-06-13 08:58 - 2011-05-20 14:04 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-06-13 08:56 - 2011-05-18 14:31 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-12 20:16 - 2011-06-22 16:23 - 00000000 ____D C:\Windows\Minidump
2013-06-12 13:22 - 2013-06-12 13:22 - 00000627 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-06-12 13:19 - 2013-06-12 13:16 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-06-12 10:30 - 2012-04-04 16:36 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-12 10:30 - 2011-05-18 15:24 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-08 21:08 - 2011-09-05 20:18 - 00000000 ____D C:\Users\Thomas\AppData\Roaming\Origin
2013-06-08 21:08 - 2011-09-05 20:18 - 00000000 ____D C:\ProgramData\Origin
2013-06-08 21:07 - 2011-09-05 20:18 - 00000000 ____D C:\Users\Thomas\AppData\Local\Origin
2013-06-07 13:29 - 2013-06-07 13:29 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-07 13:29 - 2013-06-07 13:29 - 00000000 ____D C:\Program Files\iTunes
2013-06-07 13:29 - 2013-06-07 13:29 - 00000000 ____D C:\Program Files\iPod
2013-06-05 10:57 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-06-05 10:51 - 2009-07-14 06:45 - 00422488 ____A C:\Windows\System32\FNTCACHE.DAT
2013-06-04 08:46 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\zh-HK
2013-06-04 08:46 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\tr-TR
2013-06-04 08:46 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\System32\zh-HK
2013-06-04 08:46 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\System32\tr-TR

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-06-23 17:12

==================== End Of Log ============================
--- --- ---

--- --- ---

schrauber 30.06.2013 19:30
Java und Adobe bitte updaten.

Fertig :)

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.


Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

Eyeem 03.07.2013 19:51
Hallo,

ich habe jetzt mit Malwarebytes und MSE das gesamte System inkl. aller Festplatten gescannt! Alles wieder clean!

Vielen vielen Dank !

Spende ist erfolgt...

schrauber 03.07.2013 20:41
Gern geschehen :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 13:50 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131