Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   advanced system protector entfernen (https://www.trojaner-board.de/138655-advanced-system-protector-entfernen.html)

veetex 23.07.2013 16:10
advanced system protector entfernen
 
Hallo, in letzter zeit ist mir ein programm in der task leiste aufgefallen (advanced system protector). Ich habe dann danach gegooglet, da ich dieses programm nirgendwo deinstallieren kann, und habe gelesen, dass es ein trojaner sein soll. stimmt das ? falls ja, bitte ich um hilfe, wie ich ihn los werden kann.

lg veetex

schrauber 23.07.2013 16:44
hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


veetex 23.07.2013 17:15
frst:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-07-2013
Ran by niilowski (administrator) on 23-07-2013 18:12:17
Running from C:\Users\niilowski\Desktop
Windows 7 Home Premium (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
(SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
(SAMSUNG Electronics) C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(SafeNet Inc.) C:\Windows\system32\hasplms.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files (x86)\Ttesports\ShockONE\ShockTray.exe
(PC Tools) C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
() C:\Program Files (x86)\Freemium\SystemStore\Freemium.SystemStore.WindowsService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
(Microsoft Corporation) C:\Windows\system32\AUDIODG.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10144288 2010-04-07] (Realtek Semiconductor)
HKLM\...\Run: [ETDWare] - C:\Program Files\Elantech\ETDCtrl.exe [2703752 2010-03-25] (ELAN Microelectronics Corp.)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware] - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)
HKLM-x32\...\Runonce: [Malwarebytes Anti-Malware (cleanup)] - rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [x]
HKCU\...\Run: [AdobeBridge] -  [x]
HKCU\...\Run: [Media Finder] - "C:\Program Files (x86)\Media Finder\Media Finder.exe" /opentotray [x]
HKCU\...\RunOnce: [Uninstall C:\Users\niilowski\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\niilowski\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64" [344576 2009-07-14] (Microsoft Corporation)
HKCU\...\RunOnce: [Uninstall C:\Users\niilowski\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\niilowski\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64" [344576 2009-07-14] (Microsoft Corporation)
MountPoints2: F - F:\Installer.exe
HKLM-x32\...\Run: [Ttesports] - C:\Program Files (x86)\Ttesports\ShockONE\ShockTray.exe [2506240 2010-05-20] ()
HKLM-x32\...\Run: [StartCCC] - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2010-07-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SSDMonitor] - C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe [103896 2012-03-21] (PC Tools)
HKLM-x32\...\Run: [DATAMNGR] - C:\PROGRA~2\WI3C8A~1\Datamngr\DATAMN~1.EXE [x]
HKLM-x32\...\Run: [avgnt] - "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [345144 2013-06-24] (Avira Operations GmbH & Co. KG)
AppInit_DLLs: C:\PROGRA~2\WI3C8A~1\Datamngr\x64\datamngr.dll C:\PROGRA~2\WI3C8A~1\Datamngr\x64\IEBHO.dll  [97280 2009-07-14] ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.funmoods.com/?f=1&a=grupo&chnl=grupo&cd=2XzuyEtN2Y1L1Qzu0E0CyDyD0FzyzyzyyDzzyCyB0CyByC0BtN0D0Tzu0CtBtCyCtN1L2XzutBtFtCtFtCtFtAtCtB&cr=103564449
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.funmoods.com/?f=1&a=grupo&chnl=grupo&cd=2XzuyEtN2Y1L1Qzu0E0CyDyD0FzyzyzyyDzzyCyB0CyByC0BtN0D0Tzu0CtBtCyCtN1L2XzutBtFtCtFtCtFtAtCtB&cr=103564449
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD21} URL = hxxp://search.imesh.com/web?src=ieb&appid=1083&systemid=1&sr=0&q={searchTerms}
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD21} URL = hxxp://search.imesh.com/web?src=ieb&appid=1083&systemid=1&sr=0&q={searchTerms}
SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=grupo&chnl=grupo&cd=2XzuyEtN2Y1L1Qzu0E0CyDyD0FzyzyzyyDzzyCyB0CyByC0BtN0D0Tzu0CtBtCyCtN1L2XzutBtFtCtFtCtFtAtCtB&cr=103564449
SearchScopes: HKLM-x32 - DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=grupo&chnl=grupo&cd=2XzuyEtN2Y1L1Qzu0E0CyDyD0FzyzyzyyDzzyCyB0CyByC0BtN0D0Tzu0CtBtCyCtN1L2XzutBtFtCtFtCtFtAtCtB&cr=103564449
SearchScopes: HKLM-x32 - Backup.Old.DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b}
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox
SearchScopes: HKLM-x32 - {36377DD7-B3EB-42f5-986F-680BAF59BA9D} URL = hxxp://startsear.ch/?aff=1&src=sp&cf=a4b56a12-fcce-11e0-8c16-e811324e9f1b&q={searchTerms}
SearchScopes: HKLM-x32 - {732FE02E-D1FE-3A86-48D1-6625AF0C9ACD} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2736476
SearchScopes: HKLM-x32 - {8A96AF9E-4074-43b7-BEA3-87217BDA7406} URL = hxxp://www.searchqu.com/web?src=ieb&systemid=406&q={searchTerms}
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD21} URL = hxxp://search.imesh.com/web?src=ieb&appid=1083&systemid=1&sr=0&q={searchTerms}
SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=grupo&chnl=grupo&cd=2XzuyEtN2Y1L1Qzu0E0CyDyD0FzyzyzyyDzzyCyB0CyByC0BtN0D0Tzu0CtBtCyCtN1L2XzutBtFtCtFtCtFtAtCtB&cr=103564449
SearchScopes: HKLM-x32 - {BFFED5CA-8BDF-47CC-AED0-23F4E6D77732} URL = hxxp://search.iminent.com/?appId=&ref=toolbox&q={searchTerms}
SearchScopes: HKCU - DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://mixidj.delta-search.com/?q={searchTerms}&affID=121136&babsrc=SP_ss&mntrId=CABCEA55F9995867
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://mixidj.delta-search.com/?q={searchTerms}&affID=121136&babsrc=SP_ss&mntrId=CABCEA55F9995867
BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL No File
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: UrlHelper Class - {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - C:\PROGRA~2\WI3C8A~1\Datamngr\x64\IEBHO.dll No File
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: No Name - {1ED16E0A-E8C4-40A0-8BC2-79485D21F796} -  No File
BHO-x32: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll No File
BHO-x32: MediaBar - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\ToolBar\imeshdtxmltbpi.dll No File
BHO-x32: TBSB01620 Class - {58124A0B-DC32-4180-9BFF-E0E21AE34026} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll No File
BHO-x32: Incredibar.com Helper Object - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll No File
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: No Name - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} -  No File
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI3C8A~1\ToolBar\searchqudtx.dll No File
BHO-x32: IMinent WebBooster (BHO) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files (x86)\Iminent\Iminent.WebBooster.InternetExplorer.dll No File
BHO-x32: UrlHelper Class - {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - C:\PROGRA~2\WI3C8A~1\Datamngr\IEBHO.dll No File
BHO-x32: StumbleUpon - {DB616CFF-D989-48A8-9C85-E2A8D56AB2CA} - C:\Users\niilowski\AppData\LocalLow\StumbleUpon\IE\StumbleUpon.dll (StumbleUpon Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: BandooIEPlugin Class - {EB5CEE80-030A-4ED8-8E20-454E9C68380F} - C:\Program Files (x86)\Bandoo\Plugins\IE\ieplugin.dll (Bandoo Media Inc.)
BHO-x32: SweetPacks Browser Helper - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll No File
BHO-x32: blekko search bar - {f4f99c6d-f390-4fbc-858b-1541f9113fd8} - C:\Program Files (x86)\blekkotb_001\blekkotb_019X.dll No File
BHO-x32: Yontoo - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll No File
Toolbar: HKLM-x32 - ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll No File
Toolbar: HKLM-x32 - Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI3C8A~1\ToolBar\searchqudtx.dll No File
Toolbar: HKLM-x32 - toolplugin - {DFEFCDEE-CF1A-4FC8-89AF-189327213627} - C:\Users\niilowski\AppData\Roaming\toolplugin\toolbar.dll No File
Toolbar: HKLM-x32 - MediaBar - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\ToolBar\imeshdtxmltbpi.dll No File
Toolbar: HKLM-x32 - IMinent Toolbar - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll No File
Toolbar: HKLM-x32 - Incredibar Toolbar - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll No File
Toolbar: HKLM-x32 - blekko search bar - {f4f99c6d-f390-4fbc-858b-1541f9113fd8} - C:\Program Files (x86)\blekkotb_001\blekkotb_019X.dll No File
Toolbar: HKCU - No Name - {40C3CC16-7269-4B32-9531-17F2950FB06F} -  No File
Toolbar: HKCU - No Name - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} -  No File
Toolbar: HKCU - No Name - {7E111A5C-3D11-4F56-9463-5310C3C69025} -  No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Handler: ipp - No CLSID Value -
Handler: msdaipp - No CLSID Value -
Handler-x32: ipp - No CLSID Value -
Handler-x32: msdaipp - No CLSID Value -
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\niilowski\AppData\Roaming\Mozilla\Firefox\Profiles\t2nzut4m.default
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.15.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.15.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @ngm.nexoneu.com/NxGame - C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)
FF Plugin-x32: @oberon-media.com/ONCAdapter - C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll (Oberon-Media )
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\niilowski\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\niilowski\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: intel.com/AppUp - C:\Program Files (x86)\KNOWHOW\KNOWHOWAPPCENTRE\bin\npAppUp.dll No File
FF SearchPlugin: C:\Users\niilowski\AppData\Roaming\Mozilla\Firefox\Profiles\t2nzut4m.default\searchplugins\delta.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\bingober10364378.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\McSiteAdvisor.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\Search the web.src
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\SearchquWebSearch.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\SearchResults.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\SearchTheWeb.xml
FF Extension: No Name - C:\Users\niilowski\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: No Name - C:\Users\niilowski\AppData\Roaming\Mozilla\Extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}
FF Extension: No Name - C:\Users\niilowski\AppData\Roaming\Mozilla\Firefox\Profiles\t2nzut4m.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\ffxtlbr@babylon.com
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] C:\Program Files\Web Assistant\Firefox
FF HKLM-x32\...\Firefox\Extensions: [webbooster@iminent.com] C:\Program Files (x86)\Iminent\webbooster@iminent.com
FF HKLM-x32\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] C:\Program Files\Web Assistant\Firefox

Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: () - C:\Users\NIILOW~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph\1.0
CHR HKLM\...\Chrome\Extension: [bbjciahceamgodcoidkjpchnokgfpphh] - C:\Users\NIILOW~1\AppData\Local\funmoods.crx
CHR HKLM\...\Chrome\Extension: [cjpglkicenollcignonpgiafdgfeehoj] - C:\Users\NIILOW~1\AppData\Local\funmoods-speeddial.crx
CHR HKLM\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\Web Assistant\source.crx
CHR HKLM-x32\...\Chrome\Extension: [anpiogajjmckmlehhpjnojhebaidkeod] - C:\Users\niilowski\AppData\Local\CRE\anpiogajjmckmlehhpjnojhebaidkeod.crx
CHR HKLM-x32\...\Chrome\Extension: [bbjciahceamgodcoidkjpchnokgfpphh] - C:\Users\NIILOW~1\AppData\Local\funmoods.crx
CHR HKLM-x32\...\Chrome\Extension: [bmbgdmijgopggjaelphhajpjldacbnba] - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibar.crx
CHR HKLM-x32\...\Chrome\Extension: [cjpglkicenollcignonpgiafdgfeehoj] - C:\Users\NIILOW~1\AppData\Local\funmoods-speeddial.crx
CHR HKLM-x32\...\Chrome\Extension: [cpjacnemeogppppmlcoafbiacilcpngh] - C:\Program Files (x86)\shopping-preise.de\shopping-preise-hrome.crx
CHR HKLM-x32\...\Chrome\Extension: [dednnpigldgdbpgcdpfppmlcnnbjciel] - C:\Users\niilowski\AppData\Roaming\Media Finder\Extensions\gencrawler_gc.crx
CHR HKLM-x32\...\Chrome\Extension: [dhkplhfnhceodhffomolpfigojocbpcb] - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonChrome.crx
CHR HKLM-x32\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\Web Assistant\source.crx
CHR HKLM-x32\...\Chrome\Extension: [igdhbblpcellaljokkpfhcjlagemhgjl] - C:\Program Files (x86)\Iminent\Iminent.crx
CHR HKLM-x32\...\Chrome\Extension: [jcdgjdiieiljkfkdcloehkohchhpekkn] - C:\Users\niilowski\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetFB.crx
CHR HKLM-x32\...\Chrome\Extension: [leocdeigfnkaojcapikdjcdbedcjmffc] - C:\Users\niilowski\AppData\Local\CRE\leocdeigfnkaojcapikdjcdbedcjmffc.crx
CHR HKLM-x32\...\Chrome\Extension: [lpmkgpnbiojfaoklbkpfneikocaobfai] - C:\Users\niilowski\AppData\Roaming\Media Finder\Extensions\mf_plugin_gc.crx
CHR HKLM-x32\...\Chrome\Extension: [ngnjhfpfhadncgafgbneeljaginimmmk] - C:\Users\niilowski\AppData\Local\CRE\ngnjhfpfhadncgafgbneeljaginimmmk.crx
CHR HKLM-x32\...\Chrome\Extension: [niapdbllcanepiiimjjndipklodoedlc] - C:\Users\NIILOW~1\AppData\Local\Temp\YontooLayers.crx
CHR HKLM-x32\...\Chrome\Extension: [nlafpokblfobdnjhhggocaanijghemnd] - C:\Users\NIILOW~1\AppData\Local\Temp\ccex.crx
CHR HKLM-x32\...\Chrome\Extension: [pgifblbjgdjhcelbanblbhkhmbnnmhfg] - C:\Users\niilowski\AppData\LocalLow\StumbleUpon\CHROME\StumbleUpon.crx
CHR HKLM-x32\...\Chrome\Extension: [pmlghpafmmnmmkjdhacccolfgnkiboco] - C:\Program Files (x86)\1ClickDownload\oneclickdownloader10.crx

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-06-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-06-24] (Avira Operations GmbH & Co. KG)
S2 FreemiumSelfUpdateService; C:\Program Files (x86)\Freetec\SystemStore\Freemium.SelfUpdate.exe [5686272 2012-09-22] ()
R2 hasplms; C:\Windows\system32\hasplms.exe [4941768 2012-06-28] (SafeNet Inc.)
S4 PCSUService; C:\Program Files (x86)\PC Beschleunigen\PCSUService.exe [289504 2012-05-09] ()
S4 PCToolsSSDMonitorSvc; C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [793048 2012-03-21] (PC Tools)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [66872 2013-07-09] ()
S4 Rezip; C:\Windows\SysWOW64\Rezip.exe [311296 2009-03-05] ()
S4 SelfUpdateService; C:\Program Files (x86)\Freetec\SystemStore\SelfUpdate.exe [5663232 2012-11-13] ()
S4 StumbleUponUpdater; C:\Users\niilowski\AppData\LocalLow\StumbleUpon\IE\StumbleUponUpdater.exe [18432 2011-11-22] ()
R2 SystemStore; C:\Program Files (x86)\Freemium\SystemStore\Freemium.SystemStore.WindowsService.exe [50176 2012-05-21] ()
S2 SystemStoreService; C:\Program Files (x86)\Freetec\SystemStore\SystemStore.exe [1948160 2012-12-21] ()
S3 aspnet_state; %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [x]

==================== Drivers (Whitelisted) ====================

R3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [31968 2012-10-08] (Wondershare)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-03-28] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-03-28] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-03-28] (Avira Operations GmbH & Co. KG)
R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [321536 2011-09-28] (SafeNet Inc.)
S3 rtport; C:\Windows\SysWOW64\drivers\rtport.sys [15144 2011-04-11] (Windows (R) 2003 DDK 3790 provider)
S3 rtport; C:\Windows\SysWOW64\drivers\rtport.sys [15144 2011-04-11] (Windows (R) 2003 DDK 3790 provider)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-23 18:12 - 2013-07-23 18:12 - 00000000 ____D C:\FRST
2013-07-23 18:10 - 2013-07-23 18:10 - 01779757 _____ (Farbar) C:\Users\niilowski\Desktop\FRST64.exe
2013-07-23 16:26 - 2013-07-23 16:26 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-07-23 16:26 - 2013-07-23 16:26 - 00000000 ____D C:\Users\niilowski\AppData\Roaming\Malwarebytes
2013-07-23 16:26 - 2013-07-23 16:26 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-23 16:26 - 2013-07-23 16:26 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-23 16:26 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-07-23 13:31 - 2013-07-23 15:22 - 00000000 ____D C:\$tmp
2013-07-23 13:29 - 2013-07-23 13:29 - 00000000 ____D C:\Users\niilowski\AppData\Roaming\ASCOMP Software
2013-07-23 13:29 - 2013-07-23 13:29 - 00000000 ____D C:\Program Files (x86)\ASCOMP Software
2013-07-20 21:48 - 2013-07-20 21:48 - 06710480 _____ C:\Users\niilowski\Downloads\ts3_recording_13_07_20_21_46_16.wav
2013-07-19 20:57 - 2013-07-19 20:57 - 00000000 ____D C:\Users\niilowski\AppData\Roaming\MW2 FoV Changer
2013-07-18 11:51 - 2013-07-18 11:51 - 00000000 ____D C:\Users\NIILOW~1\AppData\Local\Unity
2013-07-18 11:48 - 2013-07-18 11:48 - 00312232 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-07-18 11:48 - 2013-07-18 11:48 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-07-18 11:48 - 2013-07-18 11:48 - 00188840 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-07-18 11:48 - 2013-07-18 11:48 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-07-18 11:48 - 2013-07-18 11:48 - 00000000 ____D C:\Program Files\Java
2013-07-12 22:36 - 2013-07-12 22:36 - 00000000 ____D C:\Users\Public\Documents\EA Games
2013-07-12 22:28 - 2013-07-12 22:28 - 00000000 ____D C:\Users\niilowski\Documents\EA Games
2013-07-12 02:13 - 2013-07-12 02:18 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-07-09 09:50 - 2013-07-09 11:38 - 00103736 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2013-07-09 09:50 - 2013-07-09 10:30 - 00066872 _____ C:\Windows\SysWOW64\PnkBstrA.exe
2013-07-09 09:28 - 2013-07-19 00:26 - 00396149 _____ C:\Windows\DirectX.log
2013-07-09 09:28 - 2013-07-09 10:05 - 00000285 _____ C:\Windows\game.ini
2013-07-08 22:34 - 2013-07-08 22:42 - 00000000 ____D C:\Users\niilowski\Downloads\Call of Duty 4.rar
2013-07-08 22:33 - 2013-07-08 22:33 - 00000000 ____D C:\Users\niilowski\AppData\Roaming\uTorrent
2013-06-30 17:28 - 2013-06-30 17:28 - 00000000 ____D C:\Users\niilowski\Documents\Skype Voice Records
2013-06-30 17:28 - 2013-06-30 17:28 - 00000000 ____D C:\Users\niilowski\Documents\Clownfish Avatars
2013-06-30 10:36 - 2013-07-12 10:44 - 00003818 _____ C:\Windows\PFRO.log
2013-06-28 14:26 - 2013-07-23 16:11 - 00006412 _____ C:\Windows\setupact.log
2013-06-28 14:26 - 2013-06-28 14:26 - 00000000 _____ C:\Windows\setuperr.log
2013-06-28 12:41 - 2013-06-28 12:41 - 00002780 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2013-06-28 12:41 - 2013-06-28 12:41 - 00000000 ____D C:\Program Files\CCleaner
2013-06-28 10:58 - 2013-06-28 11:07 - 00005924 _____ C:\Users\niilowski\AppData\Roaming\AutoTagLog.log
2013-06-28 10:53 - 2013-06-28 11:09 - 00123898 _____ C:\Users\niilowski\AppData\Roaming\ReplayMusicLog.log
2013-06-28 10:53 - 2013-06-28 10:53 - 00000302 _____ C:\Users\niilowski\AppData\Roaming\RegistrationLog.log
2013-06-28 10:25 - 2013-06-28 10:25 - 00000000 ____D C:\Program Files (x86)\Audials
2013-06-27 17:42 - 2013-06-27 17:42 - 01893200 _____ C:\Users\niilowski\ts3_recording_13_06_27_17_42_19.wav
2013-06-27 13:03 - 2013-06-27 13:14 - 00000000 ____D C:\ProgramData\Razer
2013-06-27 13:03 - 2013-06-27 13:14 - 00000000 ____D C:\Program Files (x86)\Razer
2013-06-27 11:37 - 2013-06-27 11:37 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-06-26 12:07 - 2013-06-26 12:07 - 00000000 ____D C:\Users\niilowski\AppData\Roaming\.StarMade
2013-06-25 21:56 - 2013-06-21 07:12 - 00000000 ____D C:\Users\niilowski\Desktop\Genetikk-D.N.A.-DE-2013-OMA

==================== One Month Modified Files and Folders =======

2013-07-23 18:12 - 2013-07-23 18:12 - 00000000 ____D C:\FRST
2013-07-23 18:10 - 2013-07-23 18:10 - 01779757 _____ (Farbar) C:\Users\niilowski\Desktop\FRST64.exe
2013-07-23 17:37 - 2013-01-26 18:39 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-23 17:28 - 2012-05-10 16:24 - 00000000 ____D C:\Users\NIILOW~1\AppData\Local\LogMeIn Hamachi
2013-07-23 17:18 - 2010-11-24 04:09 - 02062177 _____ C:\Windows\WindowsUpdate.log
2013-07-23 17:17 - 2012-11-09 16:23 - 00000000 ____D C:\Users\niilowski\AppData\Roaming\Systweak
2013-07-23 17:09 - 2012-04-12 20:57 - 00001154 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2806026202-95748070-3344758458-1001UA.job
2013-07-23 16:35 - 2009-07-14 06:45 - 00014256 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-23 16:35 - 2009-07-14 06:45 - 00014256 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-23 16:26 - 2013-07-23 16:26 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-07-23 16:26 - 2013-07-23 16:26 - 00000000 ____D C:\Users\niilowski\AppData\Roaming\Malwarebytes
2013-07-23 16:26 - 2013-07-23 16:26 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-23 16:26 - 2013-07-23 16:26 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-23 16:13 - 2012-03-29 11:05 - 00000437 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2013-07-23 16:11 - 2013-06-28 14:26 - 00006412 _____ C:\Windows\setupact.log
2013-07-23 16:11 - 2012-08-26 22:20 - 00000344 _____ C:\Windows\Tasks\SpeedUpMyPC.job
2013-07-23 16:11 - 2012-08-18 19:00 - 00000292 _____ C:\Windows\Tasks\RMAutoUpdate.job
2013-07-23 16:11 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-23 15:22 - 2013-07-23 13:31 - 00000000 ____D C:\$tmp
2013-07-23 14:31 - 2013-05-27 15:00 - 00000000 ____D C:\Program Files (x86)\Pando Networks
2013-07-23 14:09 - 2012-04-12 20:57 - 00001132 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2806026202-95748070-3344758458-1001Core.job
2013-07-23 13:29 - 2013-07-23 13:29 - 00000000 ____D C:\Users\niilowski\AppData\Roaming\ASCOMP Software
2013-07-23 13:29 - 2013-07-23 13:29 - 00000000 ____D C:\Program Files (x86)\ASCOMP Software
2013-07-23 12:36 - 2012-10-27 00:25 - 00000000 ____D C:\Users\niilowski\Documents\FIFA 13
2013-07-23 11:52 - 2011-07-07 22:19 - 00000000 ____D C:\Program Files (x86)\Origin
2013-07-23 11:42 - 2012-03-21 18:10 - 00000000 ____D C:\Users\niilowski\AppData\Roaming\Spotify
2013-07-22 19:00 - 2012-08-17 23:57 - 00000294 _____ C:\Windows\Tasks\RMSchedule.job
2013-07-21 22:49 - 2013-05-12 13:03 - 00000000 ____D C:\Users\niilowski\AppData\Roaming\TS3Client
2013-07-21 20:58 - 2013-02-24 20:32 - 00000000 ____D C:\Users\niilowski\AppData\Roaming\.minecraft
2013-07-21 12:57 - 2012-08-03 19:25 - 00000368 _____ C:\Windows\Tasks\PC SpeedUp Service Deactivator.job
2013-07-20 21:48 - 2013-07-20 21:48 - 06710480 _____ C:\Users\niilowski\Downloads\ts3_recording_13_07_20_21_46_16.wav
2013-07-20 19:55 - 2013-02-02 21:54 - 00000000 ____D C:\Users\niilowski\Desktop\Games
2013-07-19 20:57 - 2013-07-19 20:57 - 00000000 ____D C:\Users\niilowski\AppData\Roaming\MW2 FoV Changer
2013-07-19 03:36 - 2012-07-20 15:08 - 00000456 ____H C:\Windows\Tasks\Norton Security Scan for niilowski.job
2013-07-19 01:25 - 2011-07-07 22:20 - 00000000 ____D C:\ProgramData\Origin
2013-07-19 00:26 - 2013-07-09 09:28 - 00396149 _____ C:\Windows\DirectX.log
2013-07-18 21:56 - 2011-06-02 22:47 - 00000000 ____D C:\Users\niilowski\AppData\Roaming\Skype
2013-07-18 19:15 - 2012-03-21 18:10 - 00000000 ____D C:\Users\NIILOW~1\AppData\Local\Spotify
2013-07-18 11:51 - 2013-07-18 11:51 - 00000000 ____D C:\Users\NIILOW~1\AppData\Local\Unity
2013-07-18 11:48 - 2013-07-18 11:48 - 00312232 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-07-18 11:48 - 2013-07-18 11:48 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-07-18 11:48 - 2013-07-18 11:48 - 00188840 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-07-18 11:48 - 2013-07-18 11:48 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-07-18 11:48 - 2013-07-18 11:48 - 00000000 ____D C:\Program Files\Java
2013-07-18 11:48 - 2013-02-24 20:43 - 01093032 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll
2013-07-18 11:48 - 2013-02-24 20:43 - 00972712 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll
2013-07-17 16:51 - 2011-05-31 15:57 - 00000000 ____D C:\Users\NIILOW~1\AppData\Local\Adobe
2013-07-17 16:50 - 2013-01-26 18:39 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-07-17 16:49 - 2013-01-26 18:39 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-07-17 16:49 - 2011-05-31 22:42 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-07-14 15:38 - 2012-08-04 11:01 - 00000000 ____D C:\Users\niilowski\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2013-07-13 20:35 - 2011-06-01 20:37 - 00000000 ____D C:\Windows\System32\Tasks\Games
2013-07-12 22:36 - 2013-07-12 22:36 - 00000000 ____D C:\Users\Public\Documents\EA Games
2013-07-12 22:28 - 2013-07-12 22:28 - 00000000 ____D C:\Users\niilowski\Documents\EA Games
2013-07-12 20:38 - 2012-08-03 17:59 - 00000000 ____D C:\Users\niilowski\AppData\Roaming\Origin
2013-07-12 20:03 - 2011-07-07 22:21 - 00000000 ____D C:\Users\NIILOW~1\AppData\Local\Origin
2013-07-12 18:17 - 2013-06-10 20:52 - 00000000 ____D C:\Users\niilowski\Desktop\bescht
2013-07-12 10:44 - 2013-06-30 10:36 - 00003818 _____ C:\Windows\PFRO.log
2013-07-12 02:23 - 2013-06-10 20:10 - 00000000 ____D C:\Program Files (x86)\Winamp
2013-07-12 02:18 - 2013-07-12 02:13 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-07-12 02:18 - 2011-07-01 19:22 - 00000000 ____D C:\ProgramData\Apple Computer
2013-07-11 00:18 - 2013-04-01 00:08 - 00000000 ____D C:\Program Files (x86)\osu!
2013-07-09 20:08 - 2012-12-23 16:53 - 00000000 ____D C:\Program Files (x86)\BitTorrent
2013-07-09 13:59 - 2013-05-20 15:56 - 00000000 ____D C:\Users\niilowski\Desktop\FovChangers
2013-07-09 11:38 - 2013-07-09 09:50 - 00103736 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2013-07-09 10:30 - 2013-07-09 09:50 - 00066872 _____ C:\Windows\SysWOW64\PnkBstrA.exe
2013-07-09 10:29 - 2012-08-04 14:32 - 00000000 ____D C:\Users\NIILOW~1\AppData\Local\PunkBuster
2013-07-09 10:11 - 2012-12-23 16:51 - 00000000 ____D C:\Users\niilowski\AppData\Roaming\BitTorrent
2013-07-09 10:05 - 2013-07-09 09:28 - 00000285 _____ C:\Windows\game.ini
2013-07-09 10:05 - 2010-11-24 04:04 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-07-08 22:42 - 2013-07-08 22:34 - 00000000 ____D C:\Users\niilowski\Downloads\Call of Duty 4.rar
2013-07-08 22:33 - 2013-07-08 22:33 - 00000000 ____D C:\Users\niilowski\AppData\Roaming\uTorrent
2013-07-08 22:32 - 2011-05-31 15:54 - 00000000 ____D C:\Users\niilowski
2013-07-08 09:38 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2013-07-03 15:40 - 2009-07-14 07:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-06-30 17:28 - 2013-06-30 17:28 - 00000000 ____D C:\Users\niilowski\Documents\Skype Voice Records
2013-06-30 17:28 - 2013-06-30 17:28 - 00000000 ____D C:\Users\niilowski\Documents\Clownfish Avatars
2013-06-30 17:28 - 2013-01-04 02:13 - 00000000 ____D C:\Users\niilowski\Desktop\Audioprogramme
2013-06-30 17:24 - 2011-05-31 16:07 - 00000000 ____D C:\Users\niilowski\Documents\Youcam
2013-06-30 13:26 - 2013-02-03 13:28 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-06-30 13:26 - 2010-11-24 04:17 - 00000000 ____D C:\ProgramData\Skype
2013-06-28 14:26 - 2013-06-28 14:26 - 00000000 _____ C:\Windows\setuperr.log
2013-06-28 13:00 - 2012-05-02 19:33 - 00000000 ____D C:\Program Files (x86)\PDFCreator
2013-06-28 13:00 - 2011-06-13 15:09 - 00000000 ____D C:\Users\niilowski\Tracing
2013-06-28 12:58 - 2012-05-31 17:49 - 00000000 ____D C:\Windows\Minidump
2013-06-28 12:58 - 2009-08-02 04:27 - 00000000 ____D C:\Windows\Panther
2013-06-28 12:54 - 2013-06-10 20:12 - 00000000 ____D C:\Program Files\Virtual Audio Cable
2013-06-28 12:41 - 2013-06-28 12:41 - 00002780 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2013-06-28 12:41 - 2013-06-28 12:41 - 00000000 ____D C:\Program Files\CCleaner
2013-06-28 11:09 - 2013-06-28 10:53 - 00123898 _____ C:\Users\niilowski\AppData\Roaming\ReplayMusicLog.log
2013-06-28 11:07 - 2013-06-28 10:58 - 00005924 _____ C:\Users\niilowski\AppData\Roaming\AutoTagLog.log
2013-06-28 10:53 - 2013-06-28 10:53 - 00000302 _____ C:\Users\niilowski\AppData\Roaming\RegistrationLog.log
2013-06-28 10:25 - 2013-06-28 10:25 - 00000000 ____D C:\Program Files (x86)\Audials
2013-06-28 10:25 - 2012-11-02 23:10 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin
2013-06-28 09:25 - 2011-05-31 16:07 - 00122800 _____ C:\Users\NIILOW~1\AppData\Local\GDIPFONTCACHEV1.DAT
2013-06-28 09:24 - 2013-03-14 21:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-06-28 09:24 - 2009-07-14 06:45 - 05049056 _____ C:\Windows\system32\FNTCACHE.DAT
2013-06-27 17:42 - 2013-06-27 17:42 - 01893200 _____ C:\Users\niilowski\ts3_recording_13_06_27_17_42_19.wav
2013-06-27 13:14 - 2013-06-27 13:03 - 00000000 ____D C:\ProgramData\Razer
2013-06-27 13:14 - 2013-06-27 13:03 - 00000000 ____D C:\Program Files (x86)\Razer
2013-06-27 11:37 - 2013-06-27 11:37 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-06-26 12:07 - 2013-06-26 12:07 - 00000000 ____D C:\Users\niilowski\AppData\Roaming\.StarMade
2013-06-24 11:01 - 2013-05-08 21:34 - 00083672 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys

Files to move or delete:
====================
C:\ProgramData\FullRemove.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-13 14:43

==================== End Of Log ============================
--- --- ---

addition:
FRST Additions Logfile:
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-07-2013
Ran by niilowski at 2013-07-23 18:12:54
Running from C:\Users\niilowski\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

 
„Windows Live Essentials“ (x32 Version: 16.4.3505.0912)
7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
adcom 802.11 Network Adapter (Version: 5.60.48.44)
Adobe AIR (x32 Version: 3.3.0.3670)
Adobe Download Assistant (x32 Version: 1.2.5)
Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94)
Adobe Photoshop CS6 (x32 Version: 13.0)
Adobe Reader X (10.1.6) - Deutsch (x32 Version: 10.1.6)
Adobe Shockwave Player 11.6 (x32 Version: 11.6.6.636)
Alice Greenfingers (x32)
Angry Birds (x32 Version: 2.0.2)
Atheros Client Installation Program (x32 Version: 1.0.5.0621)
ATI Catalyst Install Manager (Version: 3.0.782.0)
Audacity 2.0.2 (x32 Version: 2.0.2)
Avira Free Antivirus (x32 Version: 13.0.0.3884)
AVS Video Editor 6 (x32)
Bandoo (x32)
BatteryLifeExtender (x32 Version: 1.0.5)
Battlefield 1942™ (x32 Version: 1.6.20.0)
Battlefield Play4Free (x32)
BitTorrent (x32 Version: 7.7.2.28499)
Bonbon Quest (x32)
Cake Mania (x32)
Call of Duty(R) 4 - Modern Warfare(TM) (x32 Version: 1.00.0000)
Call of Duty(R) 4 - Modern Warfare(TM) (x32 Version: 1.7)
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch (x32 Version: 1.6)
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch (x32)
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch (x32 Version: 1.7)
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch (x32)
Call of Duty: Black Ops II - Multiplayer (x32)
Call of Duty: Black Ops II - Zombies (x32)
Call of Duty: Black Ops II (x32)
Call of Duty: Modern Warfare 2 - Multiplayer (x32)
Call of Duty: Modern Warfare 2 (x32)
Call of Duty: Modern Warfare 3 - Multiplayer (x32)
Call of Duty: Modern Warfare 3 (x32)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (x32 Version: 2010.0706.2128.36662)
Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0706.2128.36662)
Catalyst Control Center InstallProxy (x32 Version: 2010.0706.2128.36662)
Catalyst Control Center Localization All (x32 Version: 2010.0706.2128.36662)
CCC Help Chinese Standard (x32 Version: 2010.0706.2127.36662)
CCC Help Chinese Traditional (x32 Version: 2010.0706.2127.36662)
CCC Help Czech (x32 Version: 2010.0706.2127.36662)
CCC Help Danish (x32 Version: 2010.0706.2127.36662)
CCC Help Dutch (x32 Version: 2010.0706.2127.36662)
CCC Help English (x32 Version: 2010.0706.2127.36662)
CCC Help Finnish (x32 Version: 2010.0706.2127.36662)
CCC Help French (x32 Version: 2010.0706.2127.36662)
CCC Help German (x32 Version: 2010.0706.2127.36662)
CCC Help Greek (x32 Version: 2010.0706.2127.36662)
CCC Help Hungarian (x32 Version: 2010.0706.2127.36662)
CCC Help Italian (x32 Version: 2010.0706.2127.36662)
CCC Help Japanese (x32 Version: 2010.0706.2127.36662)
CCC Help Korean (x32 Version: 2010.0706.2127.36662)
CCC Help Norwegian (x32 Version: 2010.0706.2127.36662)
CCC Help Polish (x32 Version: 2010.0706.2127.36662)
CCC Help Portuguese (x32 Version: 2010.0706.2127.36662)
CCC Help Russian (x32 Version: 2010.0706.2127.36662)
CCC Help Spanish (x32 Version: 2010.0706.2127.36662)
CCC Help Swedish (x32 Version: 2010.0706.2127.36662)
CCC Help Thai (x32 Version: 2010.0706.2127.36662)
CCC Help Turkish (x32 Version: 2010.0706.2127.36662)
ccc-core-static (x32 Version: 2010.0706.2128.36662)
ccc-utility64 (Version: 2010.0706.2128.36662)
CCleaner (Version: 4.03)
CEP - Color Enable Package (x32 Version: 6.0b (beta))
Cinema 4D version R12 (x32 Version: R12)
Compatibility Pack for the 2007 Office system (x32 Version: 12.0.6514.5001)
concept/design onlineTV 8 (x32 Version: 8.2.0.1)
Counter-Strike: Global Offensive (x32)
Counter-Strike: Source (x32)
CyberLink YouCam (x32 Version: 2.0.3911)
D3DX10 (x32 Version: 15.4.2368.0902)
Daycare Nightmare (x32)
Desert Storm (x32)
Die Sims 2 (x32)
Die Sims™ 2 Vier Jahreszeiten (x32)
Easy Content Share (x32 Version: 1.0.0.13)
Easy Display Manager (x32 Version: 3.2)
Easy Network Manager (x32 Version: 4.3.3)
Easy SpeedUp Manager (x32 Version: 2.1.0.11)
EasyBatteryManager (x32 Version: 4.0.0.4)
EasyFileShare (x32 Version: 1.0.3)
ETDWare PS/2-x64 7.0.7.0_WHQL (Version: 7.0.7.0)
Facebook Video Calling 1.2.0.287 (x32 Version: 1.2.287)
FIFA 13 (x32 Version: 1.1.0.0)
Flip Words (x32)
Fraps (remove only) (x32)
Galapago (x32)
Game Pack (x32 Version: 6.3.1.1)
GameSpy Comrade (x32 Version: 1.4.3.154)
Gem Shop (x32)
GIMP 2.8.4 (Version: 2.8.4)
iLivid (x32 Version: 1.80.0.107046)
iMesh (x32 Version: 11.0.0.116221)
Iminent (x32 Version: 5.18.52.0)
Insaniquarium Deluxe (x32)
Intel(R) Rapid Storage Technology (x32 Version: 9.6.3.1001)
Intel(R) Turbo Boost Technology Driver (x32 Version: 01.02.00.1002)
Java 7 Update 15 (x32 Version: 7.0.150)
Java 7 Update 25 (64-bit) (Version: 7.0.250)
Java Auto Updater (x32 Version: 2.1.9.0)
JavaFX 2.1.1 (x32 Version: 2.1.1)
League of Legends (x32 Version: 1.3)
LogMeIn Hamachi (x32 Version: 2.1.0.294)
Mahjong Escape Ancient China (x32)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Marvell Miniport Driver (x32 Version: 11.22.3.3)
Microsoft Age of Empires II (x32)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2000 Premium (x32 Version: 9.00.2816)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000)
Microsoft Office Klick-und-Los 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Starter 2010 - Deutsch (x32 Version: 14.0.4763.1000)
Microsoft PowerPoint Viewer (x32 Version: 14.0.4763.1000)
Microsoft Silverlight (x32 Version: 5.1.10411.0)
Microsoft SkyDrive (HKCU Version: 17.0.2006.0314)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (x32 Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft XNA Framework Redistributable 3.1 (x32 Version: 3.1.10527.0)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000)
Moorhuhn Kart 2 XS (x32)
Moorhuhn Kart 3 Demo (x32 Version: 1.00.0000)
Mozilla Firefox 22.0 (x86 de) (x32 Version: 22.0)
Mozilla Maintenance Service (x32 Version: 22.0)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT Redists (Version: 1.0)
MSVCRT Redists (x32 Version: 1.0)
MSVCRT110 (x32 Version: 16.4.1108.0727)
MSVCRT110_amd64 (Version: 16.4.1109.0912)
MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0)
Network Stumbler 0.4.0 (remove only) (x32)
ODF Add-In für Microsoft Office (x32 Version: 4.0.5309.0)
Optimizer Pro v3.0 (x32 Version: 3.0)
Origin (x32 Version: 8.6.0.357)
osu! (x32 Version: 0.0.0.0)
PC Beschleunigen - Vollständige Deinstallation (Version: 3.0.6)
PCSpeedUp (HKCU)
PDF Settings CS6 (x32 Version: 11.0)
PDFCreator (x32 Version: 1.3.2)
Podstawowe programy Windows Live (x32 Version: 16.4.3505.0912)
PowerISO (x32 Version: 5.4)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6083)
REALTEK Wireless LAN Software (x32 Version: 0133.09.1202)
Samsung Recovery Solution 4 (x32 Version: 4.0.0.6)
Samsung Support Center (x32 Version: 1.0.2)
Samsung Update Plus (x32 Version: 2.0)
Sauerbraten (x32)
Screen Recording Suite V2.5.0 (x32 Version: 2.5.0)
Secure Eraser (x32 Version: 4.2.0.1)
Shared Add-in Extensibility Update for Microsoft .NET Framework 2.0 (KB908002) (x32 Version: 1.0.0)
Shared Add-in Support Update for Microsoft .NET Framework 2.0 (KB908002) (x32 Version: 1.0.0)
Skype™ 6.5 (x32 Version: 6.5.158)
Slingo (x32)
Spotify (HKCU Version: 0.9.1.57.ge7405149)
Steam (x32 Version: 1.0.0.0)
Steam Trading Card Beta Access (x32)
Streaming Video Recorder V4.3.1 (Version: 4.3.1)
swMSM (x32 Version: 12.0.0.1)
TeamSpeak 3 Client (Version: 3.0.10)
TeamViewer 8 (x32 Version: 8.0.19617)
Technitium MAC Address Changer v6.0.3 (x32 Version: 6.0.3)
TimeLeft (x32 Version: 3.56)
Tt eSPORTS ShockONE gaming headset Driver V1.0 (x32)
TubeBox (x32 Version: 1.0.0.0)
TubeBox (x32 Version: 4.0.0.0)
Uniblue SpeedUpMyPC (x32 Version: 5.3.0.14)
Unity Web Player (HKCU Version: )
Universal Viewer Pro Version 6.5.0.1 (x32 Version: 6.5.0.1)
User Guide (x32 Version: 1.0)
VirtualDJ Home FREE (x32 Version: 7.0.5)
Windows Live (x32 Version: 16.4.3505.0912)
Windows Live Communications Platform (x32 Version: 16.4.3505.0912)
Windows Live Essentials (x32 Version: 16.4.3505.0912)
Windows Live Fotogalleri (x32 Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0)
Windows Live Installer (x32 Version: 16.4.3505.0912)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Messenger (x32 Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912)
Windows Live SOXE (x32 Version: 16.4.3505.0912)
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912)
Windows Live Temel Parçalar (x32 Version: 16.4.3505.0912)
Windows Live UX Platform (x32 Version: 16.4.3505.0912)
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
Windows Live 필수 패키지 (x32 Version: 16.4.3505.0912)
Windows Live 程式集 (x32 Version: 16.4.3505.0912)
Windows Live 软件包 (x32 Version: 16.4.3505.0912)
Windows Liven peruspaketti (x32 Version: 16.4.3505.0912)
WinRAR 4.01 (32-Bit) (x32 Version: 4.01.0)
Word in Works Suite-Add-In (x32 Version: 1.0.0.0000)
Yontoo 1.10.02 (Version: 1.10.02)
Основные компоненты Windows Live (x32 Version: 16.4.3505.0912)

==================== Restore Points  =========================


==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {012082EE-48AE-4572-AEA6-4E002910D406} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {053FDB6A-37B8-48D3-B405-FB2CB8119345} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => C:\Windows\system32\rundll32.exe [2009-07-14] (Microsoft Corporation)
Task: {0FFCC565-DBE3-4ECA-9150-1A37BA2B2D69} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2806026202-95748070-3344758458-1001UA => C:\Users\niilowski\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.)
Task: {14EA2066-7791-4F07-BBED-7BF69BC9893D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-06-19] (Piriform Ltd)
Task: {1751B37D-C0EC-43F4-B464-43BE7E4E6D1B} - System32\Tasks\EasyDisplayMgr => C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe [2010-06-08] (Samsung Electronics Co., Ltd.)
Task: {2A07BA27-3E99-41B9-ACB4-F29CD4D39C4B} - System32\Tasks\Games\UpdateCheck_S-1-5-21-2806026202-95748070-3344758458-1001
Task: {344196F0-AC7A-4BC5-A8BC-69329EA37A1A} - System32\Tasks\SUPBackground => C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe No File
Task: {388C5940-4D58-4963-A6FF-F0FCB8BF2879} - System32\Tasks\RMAutoUpdate => C:\Program Files (x86)\PC Tools Registry Mechanic\SULauncher.exe No File
Task: {3A933D4B-FC97-4B66-91C4-8A08A47CA1E6} - System32\Tasks\{0004E6F7-986B-4D72-94DB-7E188F25965E} => C:\Users\niilowski\Desktop\Modern Warfare® 3 - Ultimate-Hack-Package\Modern Warfare® 3 - Ultimate-Hack-Package\UNLOCKERS\Modern Warfare® 3 - Multi Trainer.exe No File
Task: {529F6870-4182-40F9-A65C-DD8993AC2FFA} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2009-07-14] (Microsoft Corporation)
Task: {552D2A01-432D-4526-99D5-B4D057807711} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe [2010-05-09] (Microsoft Corporation)
Task: {56435270-CB7B-418B-A906-8E8A9C129689} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-17] (Adobe Systems Incorporated)
Task: {711D60BC-AF4A-4A7D-A196-CDEC8E9B77BA} - System32\Tasks\Microsoft\Windows Defender\MpIdleTask => c:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation)
Task: {797891C4-7BF1-45CE-998F-B30157AD59CC} - System32\Tasks\Game_Booster_AutoUpdate => C:\Program Files (x86)\IObit\Game Booster 3\AutoUpdate.exe No File
Task: {849217B7-F6A7-41BE-9B0C-9A9638CADD33} - System32\Tasks\advSRS4 => C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe [2010-01-19] (SEC)
Task: {968A2F62-5535-4A17-AF29-71C4C794BDD6} - System32\Tasks\SamsungSupportCenter => %programfiles(x86)%\Samsung\Samsung Support Center\SSCKbdHk.exe No File
Task: {A1E43A80-0A65-4492-9CD0-B70B7A92C24F} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation)
Task: {A3F2E65B-35E3-41B7-8B9D-6F5D6077D467} - System32\Tasks\{0A91B7A4-785A-458E-AF1E-5217644DC921} => C:\Users\niilowski\Desktop\Modern Warfare® 3 - Ultimate-Hack-Package\Modern Warfare® 3 - Ultimate-Hack-Package\UNLOCKERS\Modern Warfare® 3 - Multi Trainer.exe No File
Task: {A451CA96-B0CC-4C3A-9D1E-939383FD47C7} - System32\Tasks\EasyBatteryManager => %ProgramFiles(x86)%\Samsung\EasyBatteryManager\EasyBatteryMgr4.exe No File
Task: {A98F769D-698D-4682-BA4E-29CAC7E86BAB} - System32\Tasks\RMSchedule => C:\Program Files (x86)\PC Tools Registry Mechanic\RegMech.exe No File
Task: {B1F5EA2C-0C00-4973-BB1E-3F0FC775B74F} - System32\Tasks\EasySpeedUpManager => %programfiles(x86)%\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe No File
Task: {BAEBF9E5-2B57-454E-A8B6-9551C592D5BD} - System32\Tasks\Norton Security Scan for niilowski => C:\PROGRA~2\NORTON~2\Engine\372~1.5\Nss.exe No File
Task: {CBB3D82C-30EF-4F40-88E4-257474E1E1CD} - System32\Tasks\PC SpeedUp Service Deactivator => C:\Program Files (x86)\PC Beschleunigen\PCSUSD.exe [2012-05-09] ()
Task: {D2C40146-459E-4737-8C67-8F333BBA74AF} - System32\Tasks\BatteryLifeExtender => C:\Program Files (x86)\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe [2010-06-01] (Samsung Electronics. Co. Ltd.)
Task: {D2FC62A6-AD6E-457A-9A8B-D5BB18D78168} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2806026202-95748070-3344758458-1001Core => C:\Users\niilowski\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.)
Task: {E2B109C5-C70A-4751-902F-43CE1B274FC9} - System32\Tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor => C:\Windows\system32\sdclt.exe [2009-07-14] (Microsoft Corporation)
Task: {F0846B56-761B-459A-876E-29D32765A5AB} - System32\Tasks\SpeedUpMyPC => C:\Program Files (x86)\Uniblue\SpeedUpMyPC\spmonitor.exe [2012-07-08] (Uniblue Systems Ltd)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2806026202-95748070-3344758458-1001Core.job => C:\Users\niilowski\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2806026202-95748070-3344758458-1001UA.job => C:\Users\niilowski\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\Norton Security Scan for niilowski.job => C:\PROGRA~2\NORTON~2\Engine\372~1.5\Nss.exe
Task: C:\Windows\Tasks\PC SpeedUp Service Deactivator.job => C:\Program Files (x86)\PC Beschleunigen\PCSUSD.exe
Task: C:\Windows\Tasks\RMAutoUpdate.job => C:\Program Files (x86)\PC Tools Registry Mechanic\SULauncher.exe
Task: C:\Windows\Tasks\RMSchedule.job => C:\Program Files (x86)\PC Tools Registry Mechanic\RegMech.exe
Task: C:\Windows\Tasks\SpeedUpMyPC.job => C:\Program Files (x86)\Uniblue\SpeedUpMyPC\spmonitor.exe

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Microsoft-Adapter für Miniports virtueller WiFis
Description: Microsoft-Adapter für Miniports virtueller WiFis
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/23/2013 05:46:33 PM) (Source: ESENT) (User: )
Description: wuaueng.dll (472)SUS20ClientDataStore: Die Kopfzeile der Protokolldatei C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log konnte nicht gelesen werden. Fehler -546.

Error: (07/23/2013 05:46:33 PM) (Source: ESENT) (User: )
Description: wuaueng.dll (472)SUS20ClientDataStore: Die Kopfzeile der Protokolldatei C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log konnte nicht gelesen werden. Fehler -546.

Error: (07/23/2013 05:46:33 PM) (Source: ESENT) (User: )
Description: wuaueng.dll (472)SUS20ClientDataStore: Die Kopfzeile der Protokolldatei C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log konnte nicht gelesen werden. Fehler -546.

Error: (07/23/2013 05:46:33 PM) (Source: ESENT) (User: )
Description: wuaueng.dll (472)SUS20ClientDataStore: Die Kopfzeile der Protokolldatei C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log konnte nicht gelesen werden. Fehler -546.

Error: (07/23/2013 05:18:29 PM) (Source: ESENT) (User: )
Description: wuaueng.dll (472)SUS20ClientDataStore: Die Kopfzeile der Protokolldatei C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log konnte nicht gelesen werden. Fehler -546.

Error: (07/23/2013 05:18:29 PM) (Source: ESENT) (User: )
Description: wuaueng.dll (472)SUS20ClientDataStore: Die Kopfzeile der Protokolldatei C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log konnte nicht gelesen werden. Fehler -546.

Error: (07/23/2013 05:18:29 PM) (Source: ESENT) (User: )
Description: wuaueng.dll (472)SUS20ClientDataStore: Die Kopfzeile der Protokolldatei C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log konnte nicht gelesen werden. Fehler -546.

Error: (07/23/2013 05:18:29 PM) (Source: ESENT) (User: )
Description: wuaueng.dll (472)SUS20ClientDataStore: Die Kopfzeile der Protokolldatei C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log konnte nicht gelesen werden. Fehler -546.

Error: (07/23/2013 05:18:29 PM) (Source: ESENT) (User: )
Description: wuaueng.dll (472)SUS20ClientDataStore: Die Kopfzeile der Protokolldatei C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log konnte nicht gelesen werden. Fehler -546.

Error: (07/23/2013 05:18:29 PM) (Source: ESENT) (User: )
Description: wuaueng.dll (472)SUS20ClientDataStore: Die Kopfzeile der Protokolldatei C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log konnte nicht gelesen werden. Fehler -546.


System errors:
=============
Error: (07/23/2013 05:22:25 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows-Fehlerberichterstattungsdienst erreicht.

Error: (07/23/2013 04:53:59 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows-Fehlerberichterstattungsdienst erreicht.

Error: (07/23/2013 04:40:23 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows-Fehlerberichterstattungsdienst erreicht.

Error: (07/23/2013 04:13:48 PM) (Source: ipnathlp) (User: )
Description: 192.168.178.52192.168.137.0255.255.255.0

Error: (07/23/2013 04:13:48 PM) (Source: ipnathlp) (User: )
Description:

Error: (07/23/2013 04:13:41 PM) (Source: ipnathlp) (User: )
Description: 0

Error: (07/23/2013 04:13:39 PM) (Source: Service Control Manager) (User: )
Description: Dienst "Freemium Self Update Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (07/23/2013 04:11:25 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ‎23.‎07.‎2013 um 15:59:04 unerwartet heruntergefahren.

Error: (07/23/2013 02:34:37 PM) (Source: ipnathlp) (User: )
Description: 192.168.178.52192.168.137.0255.255.255.0

Error: (07/23/2013 02:34:37 PM) (Source: ipnathlp) (User: )
Description:


Microsoft Office Sessions:
=========================
Error: (07/23/2013 05:46:33 PM) (Source: ESENT)(User: )
Description: wuaueng.dll472SUS20ClientDataStore: C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log-546

Error: (07/23/2013 05:46:33 PM) (Source: ESENT)(User: )
Description: wuaueng.dll472SUS20ClientDataStore: C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log-546

Error: (07/23/2013 05:46:33 PM) (Source: ESENT)(User: )
Description: wuaueng.dll472SUS20ClientDataStore: C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log-546

Error: (07/23/2013 05:46:33 PM) (Source: ESENT)(User: )
Description: wuaueng.dll472SUS20ClientDataStore: C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log-546

Error: (07/23/2013 05:18:29 PM) (Source: ESENT)(User: )
Description: wuaueng.dll472SUS20ClientDataStore: C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log-546

Error: (07/23/2013 05:18:29 PM) (Source: ESENT)(User: )
Description: wuaueng.dll472SUS20ClientDataStore: C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log-546

Error: (07/23/2013 05:18:29 PM) (Source: ESENT)(User: )
Description: wuaueng.dll472SUS20ClientDataStore: C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log-546

Error: (07/23/2013 05:18:29 PM) (Source: ESENT)(User: )
Description: wuaueng.dll472SUS20ClientDataStore: C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log-546

Error: (07/23/2013 05:18:29 PM) (Source: ESENT)(User: )
Description: wuaueng.dll472SUS20ClientDataStore: C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log-546

Error: (07/23/2013 05:18:29 PM) (Source: ESENT)(User: )
Description: wuaueng.dll472SUS20ClientDataStore: C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log-546


==================== Memory info ===========================

Percentage of memory in use: 49%
Total physical RAM: 3946.17 MB
Available physical RAM: 1980.95 MB
Total Pagefile: 7890.49 MB
Available Pagefile: 5814.26 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (Cu T) (Fixed) (Total:112 GB) (Free:37.82 GB) NTFS (Disk=0 Partition=3)
Drive d: (DyY X) (Fixed) (Total:165.99 GB) (Free:52.25 GB) NTFS (Disk=0 Partition=4)
Drive e: (Sims2_EP5_1) (CDROM) (Total:0.71 GB) (Free:0 GB) UDF
Drive h: (bÄmm) (Fixed) (Total:931.51 GB) (Free:502.51 GB) NTFS (Disk=1 Partition=1)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298 GB) (Disk ID: 02FC8BF3)
Partition 1: (Not Active) - (Size=20 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=112 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=166 GB) - (Type=OF Extended)

========================================================
Disk: 1 (Size: 932 GB) (Disk ID: 77F434CE)
Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)

==================== End Of Log ============================
--- --- ---

schrauber 23.07.2013 19:03
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!
Downloade dir bitte Combofix vom folgenden Downloadspiegel

Link 1


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

veetex 23.07.2013 20:12
Code:
ComboFix 13-07-23.01 - niilowski 23.07.2013  20:57:46.1.2 - x64
Microsoft Windows 7 Home Premium  6.1.7600.0.1252.49.1031.18.3946.1845 [GMT 2:00]
ausgeführt von:: c:\users\niilowski\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
c:\users\niilowski\AppData\Roaming\Microsoft\~DFK15aeed7.tmp
c:\users\niilowski\AppData\Roaming\Microsoft\~DFK15b4f7d.tmp
c:\users\niilowski\AppData\Roaming\Microsoft\~DFK15d878d.tmp
c:\users\niilowski\AppData\Roaming\Microsoft\1eaadjc.dll
c:\users\niilowski\AppData\Roaming\Microsoft\bass.dll
c:\users\niilowski\AppData\Roaming\Microsoft\engine_vx.dll
c:\users\niilowski\AppData\Roaming\Microsoft\kfgresk.dll
c:\users\niilowski\AppData\Roaming\Microsoft\mjcriu.dll
c:\users\niilowski\AppData\Roaming\Microsoft\peaadje.dll
c:\users\niilowski\AppData\Roaming\Microsoft\qwadjb.dll
c:\users\niilowski\AppData\Roaming\Microsoft\rsaadjd.dll
c:\windows\SysWow64\frapsvid.dll
c:\windows\SysWow64\tmp2223.tmp
c:\windows\SysWow64\tmp2291.tmp
c:\windows\SysWow64\tmp32C.tmp
.
.
(((((((((((((((((((((((  Dateien erstellt von 2013-06-23 bis 2013-07-23  ))))))))))))))))))))))))))))))
.
.
2013-07-23 19:07 . 2013-07-23 19:07        --------        d-----w-        c:\users\hedev\AppData\Local\temp
2013-07-23 19:07 . 2013-07-23 19:07        --------        d-----w-        c:\users\Gast\AppData\Local\temp
2013-07-23 19:07 . 2013-07-23 19:07        --------        d-----w-        c:\users\Default\AppData\Local\temp
2013-07-23 16:12 . 2013-07-23 16:12        --------        d-----w-        C:\FRST
2013-07-23 15:29 . 2013-07-23 15:29        76232        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{5DFC10F7-A013-4D76-942E-F966E44FC284}\offreg.dll
2013-07-23 15:19 . 2013-07-02 08:34        9460976        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{5DFC10F7-A013-4D76-942E-F966E44FC284}\mpengine.dll
2013-07-23 14:26 . 2013-07-23 14:26        --------        d-----w-        c:\users\niilowski\AppData\Roaming\Malwarebytes
2013-07-23 14:26 . 2013-07-23 14:26        --------        d-----w-        c:\programdata\Malwarebytes
2013-07-23 14:26 . 2013-07-23 14:26        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware
2013-07-23 14:26 . 2013-04-04 12:50        25928        ----a-w-        c:\windows\system32\drivers\mbam.sys
2013-07-23 11:31 . 2013-07-23 13:22        --------        d-----w-        C:\$tmp
2013-07-23 11:29 . 2013-07-23 11:29        --------        d-----w-        c:\users\niilowski\AppData\Roaming\ASCOMP Software
2013-07-23 11:29 . 2013-07-23 11:29        --------        d-----w-        c:\program files (x86)\ASCOMP Software
2013-07-19 18:57 . 2013-07-19 18:57        --------        d-----w-        c:\users\niilowski\AppData\Roaming\MW2 FoV Changer
2013-07-18 09:51 . 2013-07-18 09:51        --------        d-----w-        c:\users\niilowski\AppData\Local\Unity
2013-07-18 09:48 . 2013-07-18 09:48        312232        ----a-w-        c:\windows\system32\javaws.exe
2013-07-18 09:48 . 2013-07-18 09:48        108968        ----a-w-        c:\windows\system32\WindowsAccessBridge-64.dll
2013-07-18 09:48 . 2013-07-18 09:48        189352        ----a-w-        c:\windows\system32\javaw.exe
2013-07-18 09:48 . 2013-07-18 09:48        188840        ----a-w-        c:\windows\system32\java.exe
2013-07-18 09:48 . 2013-07-18 09:48        --------        d-----w-        c:\program files\Java
2013-07-12 00:13 . 2013-07-12 00:18        --------        d-----w-        c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-07-09 07:50 . 2013-07-09 09:38        103736        ----a-w-        c:\windows\SysWow64\PnkBstrB.exe
2013-07-09 07:50 . 2013-07-09 08:30        66872        ----a-w-        c:\windows\SysWow64\PnkBstrA.exe
2013-07-08 20:33 . 2013-07-08 20:33        --------        d-----w-        c:\users\niilowski\AppData\Roaming\uTorrent
2013-06-28 10:41 . 2013-06-28 10:41        --------        d-----w-        c:\program files\CCleaner
2013-06-28 08:25 . 2013-06-28 08:25        --------        d-----w-        c:\program files (x86)\Audials
2013-06-27 11:03 . 2013-06-27 11:14        --------        d-----w-        c:\program files (x86)\Razer
2013-06-27 11:03 . 2013-06-27 11:14        --------        d-----w-        c:\programdata\Razer
2013-06-26 10:07 . 2013-06-26 10:07        --------        d-----w-        c:\users\niilowski\AppData\Roaming\.StarMade
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-18 09:48 . 2013-02-24 18:43        972712        ----a-w-        c:\windows\system32\deployJava1.dll
2013-07-18 09:48 . 2013-02-24 18:43        1093032        ----a-w-        c:\windows\system32\npDeployJava1.dll
2013-07-17 14:49 . 2013-01-26 16:39        692104        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2013-07-17 14:49 . 2011-05-31 20:42        71048        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-24 09:01 . 2013-05-08 19:34        83672        ----a-w-        c:\windows\system32\drivers\avnetflt.sys
2013-06-10 18:12 . 2013-06-10 18:12        66728        ----a-w-        c:\windows\system32\drivers\vrtaucbl.sys
2013-05-10 20:06 . 2012-07-17 13:37        22240        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-02-23 21:20 . 2013-02-23 21:20        581120        ----a-w-        c:\program files (x86)\ShutDownTimer.exe
2012-12-23 15:01 . 2013-02-01 15:18        84        ----a-w-        c:\program files (x86)\update-flatout2.bat
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{DB616CFF-D989-48A8-9C85-E2A8D56AB2CA}]
2011-11-22 08:59        269824        ----a-w-        c:\users\niilowski\AppData\LocalLow\StumbleUpon\IE\StumbleUpon.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{EB5CEE80-030A-4ED8-8E20-454E9C68380F}]
2011-05-25 14:55        2046864        ----a-w-        c:\program files (x86)\Bandoo\Plugins\IE\ieplugin.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-03-19 10:31        222808        ----a-w-        c:\users\niilowski\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-03-19 10:31        222808        ----a-w-        c:\users\niilowski\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-03-19 10:31        222808        ----a-w-        c:\users\niilowski\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"="c:\users\niilowski\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-07-08 1104384]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Ttesports"="c:\program files (x86)\Ttesports\ShockONE\ShockTray.exe" [2010-05-20 2506240]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-07-06 98304]
"SSDMonitor"="c:\program files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2012-03-21 103896]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-06-24 345144]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2013-04-04 532040]
"Malwarebytes Anti-Malware (cleanup)"="c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll" [2013-04-04 1127496]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 FreemiumSelfUpdateService;Freemium Self Update Service;c:\program files (x86)\Freetec\SystemStore\Freemium.SelfUpdate.exe;c:\program files (x86)\Freetec\SystemStore\Freemium.SelfUpdate.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 SystemStoreService;System Store Service;c:\program files (x86)\Freetec\SystemStore\SystemStore.exe  -displayname System Store Service -servicename:SystemStoreService;c:\program files (x86)\Freetec\SystemStore\SystemStore.exe  -displayname System Store Service -servicename:SystemStoreService [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys;c:\windows\SYSNATIVE\drivers\ScreamingBAudio64.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [x]
R4 PCSUService;PC Speed Up Service;c:\program files (x86)\PC Beschleunigen\PCSUService.exe;c:\program files (x86)\PC Beschleunigen\PCSUService.exe [x]
R4 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe;c:\program files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [x]
R4 Rezip;Rezip;c:\windows\SysWOW64\Rezip.exe;c:\windows\SysWOW64\Rezip.exe [x]
R4 SelfUpdateService;Self Update Service;c:\program files (x86)\Freetec\SystemStore\SelfUpdate.exe  -displayname Self Update Service -servicename SelfUpdateService;c:\program files (x86)\Freetec\SystemStore\SelfUpdate.exe  -displayname Self Update Service -servicename SelfUpdateService [x]
R4 StumbleUponUpdater;StumbleUpon Updater;c:\users\niilowski\AppData\LocalLow\StumbleUpon\IE\StumbleUponUpdater.exe;c:\users\niilowski\AppData\LocalLow\StumbleUpon\IE\StumbleUponUpdater.exe [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys;c:\windows\SYSNATIVE\Drivers\SABI.sys [x]
S2 aksdf;aksdf;c:\windows\system32\drivers\aksdf.sys;c:\windows\SYSNATIVE\drivers\aksdf.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
S2 hasplms;Sentinel Local License Manager;c:\windows\system32\hasplms.exe  -run;c:\windows\SYSNATIVE\hasplms.exe  -run [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 SystemStore;System Store;c:\program files (x86)\Freemium\SystemStore\Freemium.SystemStore.WindowsService.exe;c:\program files (x86)\Freemium\SystemStore\Freemium.SystemStore.WindowsService.exe [x]
S3 Apowersoft_AudioDevice;Apowersoft_AudioDevice;c:\windows\system32\drivers\Apowersoft_AudioDevice.sys;c:\windows\SYSNATIVE\drivers\Apowersoft_AudioDevice.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
S4 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-07-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-26 14:49]
.
2013-07-23 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2806026202-95748070-3344758458-1001Core.job
- c:\users\niilowski\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-12 12:03]
.
2013-07-23 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2806026202-95748070-3344758458-1001UA.job
- c:\users\niilowski\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-12 12:03]
.
2013-07-21 c:\windows\Tasks\PC SpeedUp Service Deactivator.job
- c:\program files (x86)\PC Beschleunigen\PCSUSD.exe [2012-08-03 12:56]
.
2013-07-23 c:\windows\Tasks\SpeedUpMyPC.job
- c:\program files (x86)\Uniblue\SpeedUpMyPC\spmonitor.exe [2012-08-26 05:37]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-03-19 10:31        261704        ----a-w-        c:\users\niilowski\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-03-19 10:31        261704        ----a-w-        c:\users\niilowski\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-03-19 10:31        261704        ----a-w-        c:\users\niilowski\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-04-07 10144288]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.de/
mStart Page = hxxp://start.funmoods.com/?f=1&a=grupo&chnl=grupo&cd=2XzuyEtN2Y1L1Qzu0E0CyDyD0FzyzyzyyDzzyCyB0CyByC0BtN0D0Tzu0CtBtCyCtN1L2XzutBtFtCtFtCtFtAtCtB&cr=103564449
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <-loopback>
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\niilowski\AppData\Roaming\Mozilla\Firefox\Profiles\t2nzut4m.default\
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{28387537-e3f9-4ed7-860c-11e69af4a8a0} - c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\imeshdtxmltbpi.dll
BHO-{58124A0B-DC32-4180-9BFF-E0E21AE34026} - c:\program files (x86)\IMinent Toolbar\tbcore3.dll
BHO-{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll
BHO-{84FF7BD6-B47F-46F8-9130-01B2696B36CB} - (no file)
BHO-{99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~2\WI3C8A~1\ToolBar\searchqudtx.dll
BHO-{A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - c:\progra~2\WI3C8A~1\Datamngr\IEBHO.dll
BHO-{EEE6C35C-6118-11DC-9C72-001320C79847} - c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
BHO-{f4f99c6d-f390-4fbc-858b-1541f9113fd8} - c:\program files (x86)\blekkotb_001\blekkotb_019X.dll
BHO-{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - c:\program files (x86)\Yontoo\YontooIEClient.dll
Toolbar-Locked - (no file)
Toolbar-{99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~2\WI3C8A~1\ToolBar\searchqudtx.dll
Toolbar-10 - (no file)
Toolbar-{DFEFCDEE-CF1A-4FC8-89AF-189327213627} - c:\users\niilowski\AppData\Roaming\toolplugin\toolbar.dll
Toolbar-{28387537-e3f9-4ed7-860c-11e69af4a8a0} - c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\imeshdtxmltbpi.dll
Toolbar-{977AE9CC-AF83-45E8-9E03-E2798216E2D5} - c:\program files (x86)\IMinent Toolbar\tbcore3.dll
Toolbar-{F9639E4A-801B-4843-AEE3-03D9DA199E77} - c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll
Toolbar-{f4f99c6d-f390-4fbc-858b-1541f9113fd8} - c:\program files (x86)\blekkotb_001\blekkotb_019X.dll
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKCU-Run-Media Finder - c:\program files (x86)\Media Finder\Media Finder.exe
Wow6432Node-HKLM-Run-DATAMNGR - c:\progra~2\WI3C8A~1\Datamngr\DATAMN~1.EXE
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
WebBrowser-{40C3CC16-7269-4B32-9531-17F2950FB06F} - (no file)
WebBrowser-{977AE9CC-AF83-45E8-9E03-E2798216E2D5} - (no file)
WebBrowser-{7E111A5C-3D11-4F56-9463-5310C3C69025} - (no file)
HKLM-Run-ETDWare - c:\program files (x86)\Elantech\ETDCtrl.exe
AddRemove-KNOWHOW(TM) APP CENTRE 25501 - c:\program files (x86)\KNOWHOW\KNOWHOWAPPCENTRE\run_uninstaller.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SystemStoreService]
"ImagePath"="\"c:\program files (x86)\Freetec\SystemStore\SystemStore.exe\"  -displayname \"System Store Service\" -servicename:SystemStoreService"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
  00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-07-23  21:10:12
ComboFix-quarantined-files.txt  2013-07-23 19:10
.
Vor Suchlauf: 13 Verzeichnis(se), 40.250.961.920 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 39.979.655.168 Bytes frei
.
- - End Of File - - B1AEED3E98F643F06E7DF0E4E32D5E1B
D41D8CD98F00B204E9800998ECF8427E

schrauber 23.07.2013 21:04
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

veetex 23.07.2013 21:15
yolo trojaner ist wech, hab eben nen kumpel rüberschauen lassen, er ist da spezialisiert :D naja trotzdem danke

schrauber 23.07.2013 21:19
Zitat:
er ist da spezialisiert
Is klar. Es gibt ca 250 wirklich qualifizierte weltweit, und ich kenn jeden davon ;)


Alle Zeitangaben in WEZ +1. Es ist jetzt 14:25 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27