Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Windows 7: Problem mit TR/Graftor 149114 (https://www.trojaner-board.de/162645-windows-7-problem-tr-graftor-149114-a.html)

Asator 10.01.2015 19:38
Windows 7: Problem mit TR/Graftor 149114
 
Sehr geehrte Torjaner-Board Gemeinde,
jetzt brauche ich schon zum zweiten Mal eure Hilfe.

Kurze Beschreibung des Problems:

Bei jedem PC-Start meldet mein Avira Antivirus einen TR/Graftor. 149114, dabei hilft das Entfernen der Datei nicht vor einer neuer Infizierung beim neuen PC-Start.

Ich habe bereits den Avira Antivir, Malware Bytes und den ESET Online Scanner benutzt. Dabei entdeckten die Programme eine Masse von Trojanern etc., das "eigentliche" Problem wurde aber nicht gelöst.

Im Anhang finden sie alle benötigten Logfiles.

P.S. Nachdem ich die Logfiles erstellt habe und den PC neugestartet habe, hat mein Antivir plötzlich eine neue Datei erkannt ohne die alte zu finden.

Jetzt ist es ein "TR/Dldr. Agent. 183838." im neuen Ordnerverzeichnis.

Ich wäre für Ihre Hilfe sehr Dankbar und bin bereit Ihren Anweisungen zu folgen.

Mit freundlichen Grüssen,
Asator

schrauber 10.01.2015 20:15
Hi,

Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.
Ich kann auf Arbeit keine Anhänge öffnen, danke.

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

Asator 10.01.2015 20:30
Vielen Dank für die Antwort!
Wird gemacht:

Additional:
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-01-2015
Ran by Vladimir at 2015-01-10 13:01:18
Running from C:\Users\Vladimir\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Acer Backup Manager (HKLM-x32\...\InstallShield_{30075A70-B5D2-440B-AFA3-FB2021740121}) (Version: 2.0.2.19 - NewTech Infosystems)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3005 - Acer Incorporated)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.02.3006 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0812 - Acer Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden
AMD Catalyst Install Manager (HKLM\...\{6119B3A6-3603-9695-0398-CDF2AF0A13F8}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Arma 2 (HKLM-x32\...\Steam App 33910) (Version:  - Bohemia Interactive)
Arma 2: Operation Arrowhead (HKLM-x32\...\Steam App 33930) (Version:  - Bohemia Interactive)
Avira (HKLM-x32\...\{e7c7c227-b742-4878-9425-f09bbf9951db}) (Version: 1.1.27.25527 - Avira Operations & Co. KG)
Avira (x32 Version: 1.1.27.25527 - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
AVRStudio4 (x32 Version: 4.15.623 - Atmel) Hidden
Backup Manager Advance (x32 Version: 2.0.2.19 - NewTech Infosystems) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.3.2.3825 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.4.0 - EA Digital Illusions CE AB)
BattlEye for OA Uninstall (HKLM-x32\...\BattlEye for OA) (Version:  - )
BattlEye Uninstall (HKLM-x32\...\BattlEye for A2) (Version:  - )
Blender (HKLM\...\Blender) (Version: 2.70a - Blender Foundation)
Call of Duty(R) - World at War(TM) 1.1 Patch (x32 Version:  - ) Hidden
Call of Duty(R) - World at War(TM) 1.2 Patch (x32 Version:  - ) Hidden
Call of Duty(R) - World at War(TM) 1.3 Patch (x32 Version:  - ) Hidden
CameraHelperMsi (x32 Version: 13.50.854.0 - Logitech) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.03 - Piriform)
Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Content Transfer (HKLM-x32\...\{CFADE4AF-C0CF-4A04-A776-741318F1658F}) (Version: 1.3.0.23190 - Sony Corporation)
CPUID CPU-Z 1.69.2 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
Crysis WARHEAD(R) (HKLM\...\{7353BAE6-5E49-46C4-A9B5-8A269A313789}) (Version: 1.0 - Crytek)
Crysis WARHEAD(R) (HKLM\...\Crysis WARHEAD(R)) (Version:  - Electronic Arts)
Crysis WARHEAD(R) (HKLM-x32\...\{7353BAE6-5E49-46C4-A9B5-8A269A313789}) (Version: 1.0 - Crytek)
Crysis WARHEAD(R) (HKLM-x32\...\Crysis WARHEAD(R)) (Version:  - Electronic Arts)
Crystal Reports Basic for Visual Studio 2008 (HKLM-x32\...\{AA467959-A1D6-4F45-90CD-11DC57733F32}) (Version: 10.5.0.0 - Business Objects)
Crystal Reports Basic German Language Pack for Visual Studio 2008 (HKLM-x32\...\{3924C3E7-C440-4B23-9740-9A9EC0545F21}) (Version: 10.5.0.0 - Business Objects)
Crystal Reports Basic Runtime for Visual Studio 2008 (x64) (HKLM\...\{2BFA9B05-7418-4EDE-A6FC-620427BAAAA3}) (Version: 10.5.0.0 - Business Objects)
Crystal Reports Basic Runtime German Language Pack for Visual Studio 2008 (x64) (HKLM\...\{1D5F34D0-6329-4D92-B81A-E24E9028910C}) (Version: 10.5.0.0 - Business Objects)
Crystal Reports for Visual Studio (x32 Version: 12.51.0.240 - SAP) Hidden
cv act sc/interface - Admin Edition (64-Bit) (HKLM\...\{05A84E0B-67C4-4ACA-8CAD-F62673D4C194}) (Version: 6.0.15 - cv cryptovision GmbH)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DayZ Commander (HKLM-x32\...\{B3653588-3AC0-4A1D-950F-D96531E84374}) (Version: 0.92.91 - Dotjosh Studios)
Diablo II (HKLM-x32\...\Diablo II) (Version:  - Blizzard Entertainment)
Dotfuscator Software Services - Community Edition (HKLM-x32\...\{41B31ABE-5A6E-498A-8F28-3BA3B8779A41}) (Version: 5.0.2300.0 - PreEmptive Solutions)
Dream Day First Home (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}) (Version:  - Oberon Media)
Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
EAGLE 5.3.0 (HKLM-x32\...\EAGLE 5.3.0) (Version: 5.3.0 - CadSoft Computer GmbH)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - )
EPSON-Drucker-Software (HKLM\...\EPSON Printer and Utilities) (Version:  - SEIKO EPSON Corporation)
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Exact Audio Copy 1.0beta3 (HKLM-x32\...\Exact Audio Copy) (Version: 1.0beta3 - Andre Wiethoff)
Fallout 3 (HKLM\...\{974C4B12-4D02-4879-85E0-61C95CC63E9E}) (Version: 1.00.0000 - Bethesda Softworks)
Fallout 3 (HKLM-x32\...\{974C4B12-4D02-4879-85E0-61C95CC63E9E}) (Version: 1.00.0000 - Bethesda Softworks)
Far Cry (Patch 1.4) (x32 Version: 1.00.0000 - Ubisoft) Hidden
Fotogalerie (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 5.3.1.606 - Foxit Corporation)
Free Audio CD to MP3 Converter version 1.3.12.1228 (HKLM-x32\...\Free Audio CD to MP3 Converter_is1) (Version: 1.3.12.1228 - DVDVideoSoft Ltd.)
Free Video to MP3 Converter version 5.0.21.1212 (HKLM-x32\...\Free Video to MP3 Converter_is1) (Version: 5.0.21.1212 - DVDVideoSoft Ltd.)
Free YouTube Download version 3.2.43.806 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.43.806 - DVDVideoSoft Ltd.)
Google Chrome (HKU\S-1-5-21-2921061897-715250580-3416074679-1000\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Grand Theft Auto IV (HKLM-x32\...\Steam App 12210) (Version:  - Rockstar North)
Grand Theft Auto IV (x32 Version: 1.0.0013.131 - Rockstar Games Inc.) Hidden
Grand Theft Auto: Episodes from Liberty City (HKLM-x32\...\Steam App 12220) (Version:  - Rockstar North / Toronto)
GTA IV Vehicle Mod Installer v1.5 (HKLM-x32\...\GTA IV Vehicle Mod Installer v1.5_is1) (Version:  - MobileD2)
Guitar Pro 5.1 (HKLM-x32\...\Guitar Pro 5_is1) (Version:  - Arobas Music)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Hoffmans Lotto-Experte V3.12 (HKLM-x32\...\Hoffmanns Lotto-Experte_is1) (Version:  - Hoffmann Software - Eppendorf)
Hotfix für Microsoft Visual Studio 2008 Professional Edition - DEU (KBKB971091) (HKLM-x32\...\{445174EA-3D3A-308E-84AD-446127E71441}.KB971091) (Version: 1 - Microsoft Corporation)
Hotfix für Microsoft Visual Studio 2008 Professional Edition - DEU (KBKB973674) (HKLM-x32\...\{445174EA-3D3A-308E-84AD-446127E71441}.KB973674) (Version: 1 - Microsoft Corporation)
Hotkey Utility (HKLM-x32\...\Hotkey Utility) (Version: 1.00.3004 - Acer Incorporated)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3002 - Acer Incorporated)
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
IsoBuster 2.8 (HKLM-x32\...\IsoBuster_is1) (Version: 2.8 - Smart Projects)
IZArc 4.1.2 (HKLM-x32\...\{97C82B44-D408-4F14-9252-47FC1636D23E}_is1) (Version: 4.1.2 - Ivan Zahariev)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
JMicron JMB36X Driver (HKLM-x32\...\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}) (Version: 1.00.0000 - JMicron Technology Corp.)
Jove's Mod Pack 0.9.0 version 11.0 (4/15/2014) (HKLM-x32\...\{B0F4B9B2-D252-44B6-B6C4-464809AA675B}_is1) (Version: 11.0 (4/15/2014) - )
Junk Mail filter update (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
K-Lite Codec Pack 6.3.0 (Full) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 6.3.0 - )
Logitech Vid HD (HKLM-x32\...\Logitech Vid) (Version: 7.2 (7248) - Logitech Inc..)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.0 - Logitech Inc.)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.291 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.291 - LogMeIn, Inc.) Hidden
LWS VideoEffects (Version: 13.30.1379.0 - Logitech) Hidden
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mathcad 14.0 M020 (HKLM-x32\...\{8796E14E-2031-463F-8A9A-31062B2652B4}) (Version: 14.0.2.0 - PTC)
Mathcad 14.0 M020 Help (HKLM-x32\...\{205ACCD7-5342-4694-91F3-3A99E4FD5AA6}) (Version: 14.0.2.0 - Ihr Firmenname)
Mathcad 14.0 M020 Resource Center (HKLM-x32\...\{EBD38AE9-D52D-448D-9DB4-4D5F66E1DAFC}) (Version: 14.0.2.0 - Ihr Firmenname)
Microsoft .NET Compact Framework 2.0 SP2 (HKLM-x32\...\{B1060346-9388-4C5B-AA52-176C39819E43}) (Version: 2.0.7045 - Microsoft Corporation)
Microsoft .NET Compact Framework 3.5 (HKLM-x32\...\{72CCBEA1-8D57-4981-A337-81019F28C5BA}) (Version: 3.5.7283 - Microsoft Corporation)
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools (HKLM-x32\...\{40416836-56CC-4C0E-A6AF-5C34BADCE483}) (Version: 2.0.50217.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 2 (HKLM-x32\...\{DD8FF2F3-0D97-4CF3-AF78-FA0E1B242244}) (Version: 2.0.60926.0 - Microsoft Corporation)
Microsoft Device Emulator (64 Bit) Version 3.0 - DEU (HKLM\...\{7ECA1AEA-2B61-3DE6-8276-6A9A2693F111}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Document Explorer 2008 (HKLM-x32\...\Microsoft Document Explorer 2008) (Version:  - Microsoft Corporation)
Microsoft Document Explorer 2008 Language Pack - DEU (HKLM-x32\...\Microsoft Document Explorer 2008 Language Pack - DEU) (Version:  - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Help Viewer 1.0 (HKLM\...\Microsoft Help Viewer 1.0) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0100-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Language Pack 2007 - German/Deutsch (HKLM-x32\...\OMUI.de-de) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (German) (HKLM-x32\...\{95120000-00AF-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Standard 2010 (HKLM-x32\...\Office14.STANDARD) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Silverlight 3 SDK (HKLM-x32\...\{2012098D-EEE9-4769-8DD3-B038050854D4}) (Version: 3.0.40818.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Data-Tier Application Framework (HKLM-x32\...\{0DDCEC37-369C-484B-B16D-B4413FD42FB9}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Data-Tier Application Project (HKLM-x32\...\{E5AE9031-79A5-4627-9641-BEFA82819B08}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{4E968D9C-21A7-4915-B698-F7AEB913541D}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (x64) (HKLM\...\{DA67488A-2689-4F10-B90F-D2F6977509D6}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Transact-SQL Language Service (HKLM-x32\...\{78C3657E-742C-40B1-9F53-E5A921D40F17}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 Design Tools DEU (HKLM-x32\...\{E32260E7-0B10-43C7-9B77-AB9F4184676D}) (Version: 3.5.5386.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 DEU (HKLM-x32\...\{159098AF-4EB8-4C10-B0C6-24CDA32B45F9}) (Version: 3.5.5386.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 for Devices DEU (HKLM-x32\...\{1C3ADB5F-750E-4453-AC98-B75C5323845C}) (Version: 3.5.5386.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Database Publishing Wizard 1.2 (HKLM-x32\...\{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}) (Version: 1.2.0.0 - Microsoft Corporation)
Microsoft SQL Server Database Publishing Wizard 1.4 (HKLM-x32\...\{ACE28263-76A4-4BF5-B6F4-8BD719595969}) (Version: 10.1.2512.8 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{7C39E0D1-E138-42B1-B083-213EC2CF7692}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{2A2F3AE8-246A-4252-BB26-1BEB45627074}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (x64) (HKLM\...\{4A8CE6D7-4D52-43B9-970B-03FC75FAD667}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{1FBEA8BA-D40B-48BC-85BC-EE2D5575F27C}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Sync Framework Runtime v1.0 SP1 (x64) (HKLM\...\{8438EC02-B8A9-462D-AC72-1B521349C001}) (Version: 1.0.3010.0 - Microsoft Corporation)
Microsoft Sync Framework SDK v1.0 SP1 (HKLM-x32\...\{0E3DFC64-CC49-4BE2-8C9C-58EF129675DB}) (Version: 1.0.3010.0 - Microsoft Corporation)
Microsoft Sync Framework Services v1.0 SP1 (x64) (HKLM\...\{034106B5-54B7-467F-B477-5B7DBB492624}) (Version: 1.0.3010.0 - Microsoft Corporation)
Microsoft Sync Services for ADO.NET v2.0 SP1 (x64) (HKLM\...\{1D1CEEF8-3741-45BD-8E77-963E1DEBDDD3}) (Version: 2.0.3010.0 - Microsoft Corporation)
Microsoft Team Foundation Server 2010 Object Model - ENU (HKLM\...\Microsoft Team Foundation Server 2010 Object Model - ENU) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (HKLM-x32\...\{B7E38540-E355-3503-AFD7-635B2F2F76E1}) (Version: 9.0.30729.4974 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Designtime - 10.0.30319 (HKLM\...\{F5079164-1DB9-3BDA-853B-F78AF67CE071}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Runtime - 10.0.30319 (HKLM\...\{94D70749-4281-39AC-AD90-B56A0E0A402E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Runtime - 10.0.30319 (HKLM-x32\...\{6A86554B-8928-30E4-A53C-D7337689134D}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{3bcf8c72-b231-4d28-9f39-3405c22d8b5a}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual F# 2.0 Runtime (HKLM-x32\...\{729A3000-BC8A-3B74-BA5D-5068FE12D70C}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Office Runtime Language Pack (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime Language Pack) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2008 Professional Edition - DEU (HKLM-x32\...\Microsoft Visual Studio 2008 Professional Edition - DEU) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2008 Remote Debugger - DEU (HKLM\...\Microsoft Visual Studio 2008 Remote Debugger - DEU) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (HKLM-x32\...\{14DD7530-CCD2-3798-B37D-3839ED6A441C}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 2010 IntelliTrace Collection (x64) (HKLM\...\{88BAE373-00F4-3E33-828F-96E89E5E0CB9}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010 Ultimate - ENU (HKLM-x32\...\Microsoft Visual Studio 2010 Ultimate - ENU) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Macro Tools (HKLM-x32\...\Microsoft Visual Studio Macro Tools) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Web Authoring Component (HKLM-x32\...\VisualWebDeveloper) (Version: 12.0.4518.1066 - Microsoft Corporation)
Microsoft Windows Media Video 9 VCM (HKLM-x32\...\WMV9_VCM) (Version:  - )
Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools (HKLM\...\{AC888A60-9557-3B74-B52B-F353D01BD544}) (Version: 3.5.21022 - Microsoft)
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries (HKLM\...\{5DE154DF-A55E-4FA5-BE59-32E78FCACF3E}) (Version: 6.1.5288.17011 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense (HKLM\...\{9aa5f39c-a8de-46b0-919a-0248f8bc8490}) (Version: 6.1.5288.17011 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 Tools (HKLM\...\{62EED300-E841-4083-A1D6-60B906271804}) (Version: 6.1.5288.17011 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 Win32 Tools (HKLM\...\{A992BBAA-723D-4574-A07F-983BF8FAA3E1}) (Version: 6.1.5288.17011 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{62F7DA7E-CCCB-439C-A760-00C3926E761F}) (Version: 9.7.0621 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 29.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSI Afterburner 3.0.0 (HKLM-x32\...\Afterburner) (Version: 3.0.0 - MSI Co., LTD)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML4 Parser (HKLM-x32\...\{01501EBA-EC35-4F9F-8889-3BE346E5DA13}) (Version: 1.0.0 - Microsoft Game Studios)
MyWinLocker (HKLM-x32\...\{68301905-2DEA-41CE-A4D4-E8B443B099BA}) (Version: 3.1.76.0 - Egis Technology Inc.)
Nero 9 Essentials (HKLM-x32\...\{965ef942-36c2-4f92-b60f-c75cd1dcde2f}) (Version:  - Nero AG)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.7 - )
NVIDIA PhysX (HKLM-x32\...\{80407BA7-7763-4395-AB98-5233F1B34E65}) (Version: 9.13.1220 - NVIDIA Corporation)
NWZ-E450 WALKMAN Guide (HKLM-x32\...\{0A6C2811-AD29-473F-8086-F0B401276DEC}) (Version: 2.1.0.17210 - Sony Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenOffice.org 3.2 (HKLM-x32\...\{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}) (Version: 3.2.9502 - OpenOffice.org)
Origin (HKLM-x32\...\Origin) (Version: 9.3.1.4482 - Electronic Arts, Inc.)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)
PDF Architect (HKLM-x32\...\{30B41B7A-3C9D-44DE-A7A1-949011F33CC3}) (Version: 1.0.41.8362 - pdfforge)
PDF24 Creator 5.3.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.6.0 - Frank Heindörfer, Philip Chinery)
PhotoScape (HKLM-x32\...\PhotoScape) (Version:  - )
PSpice Student 9.1 (HKLM-x32\...\PSpice Student) (Version:  - )
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
QIP 2010 10.10.12.4240 (HKU\S-1-5-21-2921061897-715250580-3416074679-1000\...\QIP 2010) (Version: 10.10.12.4240 - )
QIP Infium 2.0.9034 (HKU\S-1-5-21-2921061897-715250580-3416074679-1000\...\QIP Infium) (Version: 2.0.9034 - )
QuickTime (HKLM-x32\...\{0E64B098-8018-4256-BA23-C316A43AD9B0}) (Version: 7.72.80.56 - Apple Inc.)
Risen 3 - Titan Lords (HKLM-x32\...\Risen 3 - Titan Lords_is1) (Version:  - Deep Silver)
RUBICon (HKLM-x32\...\{438134D3-0BD4-4C52-8575-5B2B63AD01C2}) (Version: 2.0.25 - RUB)
SAMSUNG Intelli-studio (HKLM-x32\...\Intelli-studio) (Version:  - )
SCR3xxx Smart Card Reader (HKLM-x32\...\{6DA99C69-0799-467E-9496-F37E1E452A4A}) (Version: 8.40 - SCM Microsystems)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
SmartCopy (HKLM-x32\...\{B7BD291B-D415-4484-89A4-82077504BE93}_is1) (Version:  - Northstar Systems Corp.)
SmartLauncher (HKLM-x32\...\{57634571-FD82-4BEC-B822-A1ED7765474F}_is1) (Version:  - Northstar Systems Corp.)
Solid Edge ST5 (HKLM\...\{6350353B-BE44-4E86-9B3F-CE2C77BDFAEC}) (Version: 105.00.00102 - Siemens)
SopCast 3.3.2 (HKLM-x32\...\SopCast) (Version: 3.3.2 - www.sopcast.com)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
TouchChip USB Driver 2.20 (Version: 2.20.0.0196 - AuthenTec Inc.) Hidden
Touchstone Installer (x32 Version: 1.00.000 - Touchstone) Hidden
Tunatic (HKLM-x32\...\Tunatic) (Version:  - )
TVUPlayer 2.5.3.1 (HKLM-x32\...\TVUPlayer) (Version: 2.5.3.1 - TVU networks)
Überwachungstool für die Intel® Turbo-Boost-Technologie (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.115.11 - Intel)
UGS NX 7.5 (HKLM-x32\...\{66BE05E7-4FA4-49C7-9BF4-44A522DEE57B}) (Version: 7.5.0.32 - UGS)
UGSLicensing (HKLM-x32\...\{B40EED7A-63D4-4ED2-910D-9A64FF94DF22}) (Version: 4.0.0 - UGS)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) (HKLM-x32\...\{07629207-FAA0-4F1A-8092-BF5085BE511F}) (Version: 9.00.5000.00 - Microsoft Corporation)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0021-0000-0000-0000000FF1CE}_VisualWebDeveloper_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_OMUI.de-de_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_OMUI.de-de_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_OMUI.de-de_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_OMUI.de-de_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
Update für Microsoft Visual Studio 2008 Professional Edition - DEU (KBKB972221) (HKLM-x32\...\{445174EA-3D3A-308E-84AD-446127E71441}.KB972221) (Version: 1 - Microsoft Corporation)
USBtiny500 v0.1 (HKLM-x32\...\USBtiny500_is1) (Version:  - )
VC Runtimes MSI (x32 Version: 9.0.21022 - Microsoft) Hidden
Visual Studio .NET Prerequisites - English (HKLM\...\{ACD875CC-A146-3125-8F99-D3766F46FD86}) (Version: 9.0.21022 - Microsoft Corporation)
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
Visual Studio 2010 Prerequisites - English (HKLM\...\{662014D2-0450-37ED-ABAE-157C88127BEB}) (Version: 10.0.30319 - Microsoft Corporation)
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{112C23F2-C036-4D40-BED4-0CB47BF5555C}) (Version: 4.0.8080.0 - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
Visual Studio-Tools für Office System 3.0 Runtime Language Pack - DEU (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime Language Pack - DEU) (Version:  - Microsoft Corporation)
VKMusic 4 (HKLM-x32\...\VKMusic 4_is1) (Version: 4.62 - )
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Web Deployment Tool (HKLM\...\{0F37D969-1260-419E-B308-EF7D29ABDE20}) (Version: 1.1.0618 - Microsoft Corporation)
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.00.3008 - Acer Incorporated)
Win7codecs (HKLM-x32\...\{8C0CAA7A-3272-4991-A808-2C7559DE3409}) (Version: 2.6.1 - Shark007)
WinDjView 1.0.3 (HKLM-x32\...\WinDjView) (Version: 1.0.3 - Andrew Zhezherun)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Mobile 5.0 SDK R2 for Pocket PC (HKLM-x32\...\{721B5CF0-D220-4955-BB6F-EBCFB1096DE7}) (Version: 5.00.1700.5.14343.06 - Microsoft Corporation)
Windows Mobile 5.0 SDK R2 for Smartphone (HKLM-x32\...\{DA7F48EF-5F56-45FE-9169-3B8159A7A323}) (Version: 5.00.1700.5.14343.06 - Microsoft Corporation)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version:  - )
Yahoo! Detect (HKLM-x32\...\YTdetect) (Version:  - )
ZSMC USB PC Camera (ZS0211) (HKLM-x32\...\{44D02D8B-FFB3-4245-8D26-68D10B4C4023}) (Version: 2007.07.05 - ZSMC)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2921061897-715250580-3416074679-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Vladimir\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No File
CustomCLSID: HKU\S-1-5-21-2921061897-715250580-3416074679-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Vladimir\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2921061897-715250580-3416074679-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Vladimir\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2921061897-715250580-3416074679-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Vladimir\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2921061897-715250580-3416074679-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Vladimir\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2921061897-715250580-3416074679-1000_Classes\CLSID\{D45F043D-F17F-4e8a-8435-70971D9FA46D}\InprocServer32 -> C:\Program Files\Blender Foundation\Blender\BlendThumb64.dll ()
CustomCLSID: HKU\S-1-5-21-2921061897-715250580-3416074679-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Vladimir\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2921061897-715250580-3416074679-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Vladimir\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

==================== Restore Points  =========================

18-12-2014 03:00:14 Windows Update
25-12-2014 12:31:32 Geplanter Prüfpunkt
09-01-2015 03:49:19 Geplanter Prüfpunkt

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2013-07-09 19:15 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {06E9E636-B628-4720-9117-A132C2885629} - System32\Tasks\{4846DC04-34BC-4C2A-A348-767E108F7763} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2014-07-24] (Skype Technologies S.A.)
Task: {09D8D36E-880C-4681-82CC-5BFDFD6BC738} - System32\Tasks\{4C4FC05B-30C4-4D3A-9F0F-907CE01532ED} => pcalua.exe -a "D:\PC Sicherheit\HiJackThis204.exe" -d "D:\PC Sicherheit"
Task: {165AA4E2-F02F-4E44-A9F8-AD0A15F8DB3C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {307A366C-37FA-49BD-BE93-16C87A9EB931} - System32\Tasks\{C1D917D2-77A7-4867-A093-1953D106C3EA} => C:\Games\Worms Forts Under Siege\WF.exe
Task: {360A29C8-6113-4639-81E3-F40FFCE7A8D9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)
Task: {3C344965-4200-4C08-B172-3CAEDACDFF44} - System32\Tasks\{F38EED2C-111D-467D-B23E-62D5F21744E8} => D:\Games\Game of Thrones\Binaries\Win32\ShippingPC-AGOTGame.exe
Task: {49C93DE9-25E4-44BE-A461-DE517DA5887A} - System32\Tasks\{85632E55-8981-4E8E-8EF4-F80ADC63FE69} => pcalua.exe -a C:\Users\Vladimir\Downloads\epson324680eu.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {5339F8BA-FD81-42C8-865F-2EADA0BA4D89} - System32\Tasks\{132D18C9-DE90-435D-ABBD-A98211AD5032} => pcalua.exe -a "D:\Eigene Dateien\PC Sicherheit, Einrichtung\HiJackThis204.exe" -d "D:\Eigene Dateien\PC Sicherheit, Einrichtung"
Task: {5B6F8062-A0CF-4FB2-9E28-0EE7D9E0C21C} - System32\Tasks\{1087EA07-FBA7-4386-AF75-F4E660CA44F1} => C:\Games\Worms Forts Under Siege\WF.exe
Task: {6D35DBC2-054F-4AD8-82C8-1CB2B1586433} - System32\Tasks\{32C454F7-EAF9-4462-985A-BC1362BFB2D5} => pcalua.exe -a "C:\PROGRA~2\Êàçàêè - Ïîñëåäíèé Äîâîä Êîðîëåé\UNWISE.EXE" -c C:\PROGRA~2\Êàçàêè - Ïîñëåäíèé Äîâîä Êîðîëåé\INSTALL.LOG
Task: {776D0EE2-1BD9-4061-A395-2A1B3FB28179} - System32\Tasks\{604C3558-9D01-4EED-A4DC-571040F60CB9} => pcalua.exe -a L:\Support\GameLauncher\UbisoftGameLauncherInstaller.exe -d L:\Support\GameLauncher
Task: {7B484208-6A63-4458-8B52-B9D41436D3CC} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-06-19] (Piriform Ltd)
Task: {7EFB8BAC-1E21-48CA-9F91-A2C5C26934AF} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2921061897-715250580-3416074679-1000Core => C:\Users\Vladimir\AppData\Local\Google\Update\GoogleUpdate.exe [2013-07-09] (Google Inc.)
Task: {83744018-4231-4C4E-9B93-E746003CEB28} - System32\Tasks\AdobeAAMUpdater-1.0-Vladimir-PC-Vladimir => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated)
Task: {86C7F25A-3858-4EC3-831B-1354AC1D9F94} - System32\Tasks\{AF213385-E27A-4F8F-AE58-BB8F8495E93E} => Firefox.exe hxxp://ui.skype.com/ui/0/5.3.0.111.259/en/abandoninstall?page=tsMain&installinfo=google-toolbar:notoffered;ienotdefaultbrowser2,google-chrome:offered-installed;madedefault
Task: {A14D2CF1-21AE-48FE-986A-798EE85243DA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)
Task: {AAF9F12E-F61D-483D-AE13-6CCCE1055E83} - System32\Tasks\{D1B73B00-C294-42D0-89E2-413715A3ED09} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{D80A6A73-E58A-4673-AFF5-F12D7110661F}\setup.exe" -c -runfromtemp -l0x0409
Task: {AB2BF20D-12AF-4594-B920-7CB517A06B75} - System32\Tasks\{E761D291-A1CE-4E91-A062-317E70166D6B} => pcalua.exe -a "C:\Games\Medieval Lords\unins000.exe"
Task: {B438ECF2-F408-4362-BC35-A3679E5DEB63} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2921061897-715250580-3416074679-1000UA => C:\Users\Vladimir\AppData\Local\Google\Update\GoogleUpdate.exe [2013-07-09] (Google Inc.)
Task: {BE187D93-54A6-4BA6-AFD2-EC36C29A2DF3} - System32\Tasks\{1B190C84-77B2-4DC6-B6FE-CF44C842BCB1} => pcalua.exe -a "D:\Games\The Battle for Middle-earth (tm) II\eauninstall.exe" -d "D:\Games\The Battle for Middle-earth (tm) II"
Task: {C75F9DBC-030B-4F41-9A7C-91A4B528A111} - System32\Tasks\{2634C6AD-5EE4-46A5-AEA2-376B36F4D30F} => pcalua.exe -a "C:\Program Files\DAEMON Tools Pro\uninst.exe" -d "C:\Program Files\DAEMON Tools Pro"
Task: {CD810C14-1613-49E0-9957-FCAD6F3731C9} - System32\Tasks\{274856B8-8D0F-41DE-B74F-AE8010AE2457} => pcalua.exe -a "C:\Games\Wilhelm Tell Game\uninstall.exe" -d "C:\Games\Wilhelm Tell Game"
Task: {D5701C97-17A2-42EF-94DC-A8BC2E6E59B6} - System32\Tasks\{322D7AD0-60BC-4B76-9FED-C4C7677B79C3} => pcalua.exe -a C:\Users\Vladimir\Downloads\RegCleaner.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {DD9955E4-F972-4060-AF43-429C0F4E4227} - System32\Tasks\{68BEE561-36DC-44D5-B3C5-CB4DDC73CF07} => pcalua.exe -a C:\Users\Vladimir\Downloads\epson324678eu.exe -d C:\Users\Vladimir\Downloads
Task: {E1B0CB64-6AC3-4139-A407-A70322D39F70} - System32\Tasks\{790AB2CC-9E47-492A-8406-5A13611BC1E5} => pcalua.exe -a E:\Driver\Setup.exe -d E:\Driver
Task: {E682EFF2-7441-4B69-A157-902CCE6F68FC} - System32\Tasks\{5BC80E73-8D08-4430-A019-A256F340BCAD} => D:\Games\Game of Thrones\Binaries\Win32\ShippingPC-AGOTGame.exe
Task: {EEA0128A-A977-42DB-8A58-36F3556528BE} - System32\Tasks\{917103B2-A58B-42CA-AF13-3F1FEDD32FC8} => pcalua.exe -a "D:\Games\Grand Theft Auto - Vice City\UNWISE.EXE" -c D:\Games\Grand Theft Auto - Vice City\INSTALL.LOG
Task: {F46647C5-28E1-4ECA-809B-0A30AEE7A47E} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {F92E7CD9-A2A7-4A4F-A88A-EDF91FE56425} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-10] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2921061897-715250580-3416074679-1000Core.job => C:\Users\Vladimir\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2921061897-715250580-3416074679-1000UA.job => C:\Users\Vladimir\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2010-03-17 23:06 - 2005-06-07 12:26 - 00043008 _____ () C:\Programme\WinRAR\rarext64.dll
2010-02-19 19:40 - 2009-01-07 12:08 - 00319488 _____ () C:\Program Files (x86)\Northstar\SmartCopy\SmartCopy.exe
2009-08-18 08:27 - 2009-08-18 08:27 - 00629280 _____ () C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
2010-08-01 20:40 - 2014-06-28 05:40 - 00076152 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2009-12-14 03:19 - 2009-12-09 10:24 - 00076320 _____ () C:\OEM\USBDECTION\USBS3S4Detection.exe
2009-12-11 13:00 - 2010-05-11 22:55 - 00643072 _____ () C:\Program Files (x86)\UGS\UGSLicensing\ugslmd.exe
2009-04-10 00:04 - 2009-04-10 00:04 - 02141008 _____ () C:\Program Files (x86)\Logitech\Vid HD\QtCore4.dll
2009-03-03 23:17 - 2009-03-03 23:17 - 07704400 _____ () C:\Program Files (x86)\Logitech\Vid HD\QtGui4.dll
2009-04-22 22:53 - 2009-04-22 22:53 - 00969040 _____ () C:\Program Files (x86)\Logitech\Vid HD\QtNetwork4.dll
2009-03-03 23:17 - 2009-03-03 23:17 - 00475472 _____ () C:\Program Files (x86)\Logitech\Vid HD\QtOpenGL4.dll
2009-03-03 23:17 - 2009-03-03 23:17 - 00363856 _____ () C:\Program Files (x86)\Logitech\Vid HD\QtXml4.dll
2009-03-03 23:17 - 2009-03-03 23:17 - 00200016 _____ () C:\Program Files (x86)\Logitech\Vid HD\QtSql4.dll
2011-01-13 02:55 - 2011-01-13 02:55 - 00027472 _____ () C:\Program Files (x86)\Logitech\Vid HD\SDL.dll
2009-03-03 23:17 - 2009-03-03 23:17 - 11311952 _____ () C:\Program Files (x86)\Logitech\Vid HD\QtWebKit4.dll
2009-03-03 23:17 - 2009-03-03 23:17 - 00291664 _____ () C:\Program Files (x86)\Logitech\Vid HD\phonon4.dll
2011-01-13 02:57 - 2011-01-13 02:57 - 00751616 _____ () C:\Program Files (x86)\Logitech\Vid HD\vpxmd.dll
2009-03-03 23:18 - 2009-03-03 23:18 - 00029008 _____ () C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qgif4.dll
2009-03-03 23:18 - 2009-03-03 23:18 - 00035152 _____ () C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qico4.dll
2009-03-03 23:18 - 2009-03-03 23:18 - 00138064 _____ () C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qjpeg4.dll
2012-01-18 07:43 - 2012-01-18 07:43 - 00183320 _____ () C:\Program Files (x86)\Common Files\logishrd\SharedBin\LVAPI11.dll
2009-02-03 02:33 - 2009-02-03 02:33 - 00460199 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
2008-09-29 02:55 - 2008-09-29 02:55 - 01076224 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\ACE.dll
2009-08-18 08:31 - 2009-08-18 08:31 - 00163840 _____ () C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyHook.dll
2011-11-11 14:08 - 2011-11-11 14:08 - 02145304 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll
2011-11-11 14:08 - 2011-11-11 14:08 - 07956504 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll
2011-11-11 14:08 - 2011-11-11 14:08 - 00342552 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll
2011-11-11 14:08 - 2011-11-11 14:08 - 00029208 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2011-11-11 14:08 - 2011-11-11 14:08 - 00128536 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2014-05-14 17:45 - 2014-05-14 17:45 - 00090624 _____ () C:\Program Files (x86)\PasswordBox\libwebsocketswin32.dll
2014-12-13 01:33 - 2014-12-06 02:50 - 01077064 _____ () C:\Users\Vladimir\AppData\Local\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
2014-12-13 01:33 - 2014-12-06 02:50 - 00211272 _____ () C:\Users\Vladimir\AppData\Local\Google\Chrome\Application\39.0.2171.95\libegl.dll
2014-12-13 01:33 - 2014-12-06 02:50 - 09009480 _____ () C:\Users\Vladimir\AppData\Local\Google\Chrome\Application\39.0.2171.95\pdf.dll
2014-12-13 01:33 - 2014-12-06 02:50 - 01677128 _____ () C:\Users\Vladimir\AppData\Local\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:0B9176C0

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-2921061897-715250580-3416074679-500 - Administrator - Disabled)
ASPNET (S-1-5-21-2921061897-715250580-3416074679-1005 - Limited - Enabled)
Gast (S-1-5-21-2921061897-715250580-3416074679-501 - Limited - Disabled)
Vladimir (S-1-5-21-2921061897-715250580-3416074679-1000 - Administrator - Enabled) => C:\Users\Vladimir

==================== Faulty Device Manager Devices =============

Name: Standardtastatur (PS/2)
Description: Standardtastatur (PS/2)
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standardtastaturen)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: SBRE
Description: SBRE
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: SBRE
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Microsoft PS/2-Maus
Description: Microsoft PS/2-Maus
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/10/2015 00:50:46 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (01/09/2015 03:44:06 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (01/09/2015 03:44:06 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (01/09/2015 03:44:06 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (01/09/2015 03:44:06 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (12/29/2014 03:43:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Skype.exe, Version: 6.18.0.106, Zeitstempel: 0x53d13f6d
Name des fehlerhaften Moduls: Skype.exe, Version: 6.18.0.106, Zeitstempel: 0x53d13f6d
Ausnahmecode: 0xc0000005
Fehleroffset: 0x004c9c6c
ID des fehlerhaften Prozesses: 0x9e4
Startzeit der fehlerhaften Anwendung: 0xSkype.exe0
Pfad der fehlerhaften Anwendung: Skype.exe1
Pfad des fehlerhaften Moduls: Skype.exe2
Berichtskennung: Skype.exe3

Error: (12/29/2014 10:31:24 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (12/29/2014 10:31:24 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (12/29/2014 10:31:24 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (12/29/2014 10:31:23 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".


System errors:
=============
Error: (01/10/2015 00:53:49 PM) (Source: ipnathlp) (EventID: 30013) (User: )
Description: 25.2.33.12192.168.137.0255.255.255.0

Error: (01/10/2015 00:53:49 PM) (Source: ipnathlp) (EventID: 1233) (User: )
Description:

Error: (01/10/2015 00:53:37 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
SBRE

Error: (01/10/2015 00:52:35 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Virtual keyboard 32-bit service" wurde mit folgendem Fehler beendet:
%%2

Error: (01/10/2015 00:52:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "IOPort" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275

Error: (01/10/2015 00:52:35 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Windows\SysWow64\DRIVERS\IOPORT.SYS nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (01/10/2015 00:52:34 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "3D Graphic adapter for video card" wurde mit folgendem Fehler beendet:
%%2

Error: (01/10/2015 00:23:53 PM) (Source: ipnathlp) (EventID: 30013) (User: )
Description: 25.2.33.12192.168.137.0255.255.255.0

Error: (01/10/2015 00:23:53 PM) (Source: ipnathlp) (EventID: 1233) (User: )
Description:

Error: (01/10/2015 00:23:43 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
SBRE


Microsoft Office Sessions:
=========================
Error: (01/10/2015 00:50:46 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Vladimir\Downloads\esetsmartinstaller_deu.exe

Error: (01/09/2015 03:44:06 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksWP.exe

Error: (01/09/2015 03:44:06 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksss.exe

Error: (01/09/2015 03:44:06 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksCal.exe

Error: (01/09/2015 03:44:06 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksdb.exe

Error: (12/29/2014 03:43:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Skype.exe6.18.0.10653d13f6dSkype.exe6.18.0.10653d13f6dc0000005004c9c6c9e401d02371cc8ec0aaC:\Program Files (x86)\Skype\Phone\Skype.exeC:\Program Files (x86)\Skype\Phone\Skype.exe085e834e-8f69-11e4-8d7e-90fba6496df4

Error: (12/29/2014 10:31:24 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksWP.exe

Error: (12/29/2014 10:31:24 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksss.exe

Error: (12/29/2014 10:31:24 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksCal.exe

Error: (12/29/2014 10:31:23 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksdb.exe


CodeIntegrity Errors:
===================================
  Date: 2014-12-14 09:03:01.336
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\ipnat.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-07-09 20:14:54.454
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-07-09 20:14:54.342
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2012-12-28 09:35:39.539
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\http.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2012-12-28 09:35:39.447
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\http.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2012-12-28 09:35:39.004
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\http.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2012-12-28 09:35:38.921
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\http.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2012-12-28 09:35:38.843
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\http.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2012-12-28 09:35:38.770
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\http.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2012-12-28 09:35:31.919
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\http.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7 CPU 860 @ 2.80GHz
Percentage of memory in use: 47%
Total physical RAM: 4055.06 MB
Available physical RAM: 2148.98 MB
Total Pagefile: 8108.3 MB
Available Pagefile: 4780.84 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:458.45 GB) (Free:241.48 GB) NTFS
Drive d: (DATA) (Fixed) (Total:458.96 GB) (Free:146.63 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 9F97D0CA)
Partition 1: (Not Active) - (Size=14 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=458.5 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=459 GB) - (Type=07 NTFS)

==================== End Of Log ============================
FRST:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-01-2015
Ran by Vladimir (administrator) on VLADIMIR-PC on 10-01-2015 13:00:11
Running from C:\Users\Vladimir\Desktop
Loaded Profile: Vladimir (Available profiles: Vladimir)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(cv cryptovision GmbH) C:\Program Files (x86)\cv cryptovision\cv act sc interface\RegisterTool.exe
() C:\Program Files (x86)\Northstar\SmartCopy\SmartCopy.exe
(North Star com.) C:\Program Files (x86)\Northstar\SmartLauncher\SmartLauncher.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
() C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
(ZSMCSNAP) C:\Windows\ZSSnp211.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(PasswordBox, Inc.) C:\Program Files (x86)\PasswordBox\pbbtnService.exe
(pdfforge GbR) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GbR) C:\Program Files (x86)\PDF Architect\ConversionService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Acresso Software Inc.) C:\Program Files (x86)\UGS\UGSLicensing\lmgrd.exe
(Acer) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
() C:\OEM\USBDECTION\USBS3S4Detection.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Acresso Software Inc.) C:\Program Files (x86)\UGS\UGSLicensing\lmgrd.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
() C:\Program Files (x86)\UGS\UGSLicensing\ugslmd.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Logitech, Inc.) C:\Users\Vladimir\AppData\Local\Logitech® Webcam-Software\Logishrd\LU2.0\LULnchr.exe
(Logitech, Inc.) C:\Users\Vladimir\AppData\Local\Logitech® Webcam-Software\Logishrd\LU2.0\LogitechUpdate.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Users\Vladimir\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Vladimir\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Vladimir\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Vladimir\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Vladimir\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Vladimir\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Vladimir\AppData\Local\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [mwlDaemon] => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe [349480 2009-09-10] (Egis Technology Inc.)
HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-10-13] (Intel Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [JMB36X IDE Setup] => C:\Windows\RaidTool\xInsIDE.exe [36864 2007-03-20] ()
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [261888 2009-08-12] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [Hotkey Utility] => C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [629280 2009-08-18] ()
HKLM-x32\...\Run: [EgisTecLiveUpdate] => C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe [199464 2009-08-04] (Egis Technology Inc.)
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [BigDogPath] => C:\Windows\ZSSnp211.exe [57344 2007-04-06] (ZSMCSNAP)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-11-11] (Logitech Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-04-18] (Apple Inc.)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [162856 2013-02-19] (Geek Software GmbH)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-09] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-04-17] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126200 2014-11-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3838800 2014-12-13] (LogMeIn Inc.)
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKU\S-1-5-21-2921061897-715250580-3416074679-1000\...\Run: [Logitech Vid] => C:\Program Files (x86)\Logitech\Vid HD\Vid.exe [6129496 2011-01-13] (Logitech Inc.)
HKU\S-1-5-21-2921061897-715250580-3416074679-1000\...\Run: [Google Update] => C:\Users\Vladimir\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-07-09] (Google Inc.)
HKU\S-1-5-21-2921061897-715250580-3416074679-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21650016 2014-07-24] (Skype Technologies S.A.)
HKU\S-1-5-21-2921061897-715250580-3416074679-1000\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\Overwolf.exe -silent
HKU\S-1-5-21-2921061897-715250580-3416074679-1000\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x91000000
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\cv act sc interface RegisterTool.lnk
ShortcutTarget: cv act sc interface RegisterTool.lnk -> C:\Program Files (x86)\cv cryptovision\cv act sc interface\RegisterTool.exe (cv cryptovision GmbH)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SmartCopy.lnk
ShortcutTarget: SmartCopy.lnk -> C:\Program Files (x86)\Northstar\SmartCopy\SmartCopy.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SmartLauncher.lnk
ShortcutTarget: SmartLauncher.lnk -> C:\Program Files (x86)\Northstar\SmartLauncher\SmartLauncher.exe (North Star com.)
ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x64\psdprotect.dll (Egis Technology Inc.)
ShellIconOverlayIdentifiers-x32: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\psdprotect.dll (Egis Technology Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2921061897-715250580-3416074679-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2921061897-715250580-3416074679-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yandex.ru/?win=49&clid=48577
HKU\S-1-5-21-2921061897-715250580-3416074679-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 -> Yandex URL = hxxp://yandex.ru/yandsearch?clid=931045&text={searchTerms}
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2921061897-715250580-3416074679-1000 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE371
SearchScopes: HKU\S-1-5-21-2921061897-715250580-3416074679-1000 -> Yandex URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE371
SearchScopes: HKU\S-1-5-21-2921061897-715250580-3416074679-1000 -> yandex.ru-133725 URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE371
SearchScopes: HKU\S-1-5-21-2921061897-715250580-3416074679-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE371
BHO: APIHelperBHO -> {0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2} -> C:\Users\Vladimir\AppData\Local\Microsoft\Internet Explorer\Extensions\APIHelper_64.dll ()
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: APIHelperBHO -> {0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2} -> C:\Users\Vladimir\AppData\Local\Microsoft\Internet Explorer\Extensions\APIHelper.dll ()
BHO-x32: PDF Architect Helper -> {3A2D5EBA-F86D-4BD3-A177-019765996711} -> C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GbR)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Microsoft Web Test Recorder 10.0 Helper -> {DDA57003-0068-4ed2-9D32-4D1EC707D94D} -> C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-2921061897-715250580-3416074679-1000 -> No Name - {51A86BB3-6602-4C85-92A5-130EE4864F13} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Vladimir\AppData\Roaming\Mozilla\Firefox\Profiles\6pguj3o2.default-1399240151521
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin-x32: @esn/npbattlelog,version=2.3.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.1\npbattlelog.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pages.tvunetworks.com/WebPlayer -> C:\Program Files (x86)\TVUPlayer\npTVUAx.dll (TVU networks)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2921061897-715250580-3416074679-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Vladimir\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-2921061897-715250580-3416074679-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Vladimir\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-2921061897-715250580-3416074679-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Extension: APIHelper - C:\Users\Vladimir\AppData\Roaming\Mozilla\Firefox\Profiles\6pguj3o2.default-1399240151521\Extensions\{2A4702A6-63E6-46E4-BEF3-E2769B6774A0} [2014-05-22]
FF Extension: Who stole my pictures? - C:\Users\Vladimir\AppData\Roaming\Mozilla\Firefox\Profiles\6pguj3o2.default-1399240151521\Extensions\images@wink.su.xpi [2014-07-01]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2012-12-10]
FF HKLM-x32\...\Firefox\Extensions: [firefox@passwordbox.com] - C:\Program Files (x86)\PasswordBox\Firefox
FF Extension: PasswordBox - C:\Program Files (x86)\PasswordBox\Firefox [2013-11-21]

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://google.de/"
CHR Profile: C:\Users\Vladimir\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (APIHelper) - C:\Users\Vladimir\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdigkpjbmbdepgpkjeabfghlchdmphke [2014-10-01]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Vladimir\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-03]
CHR Extension: (Adobe Flash Player) - C:\Users\Vladimir\AppData\Local\Google\Chrome\User Data\Default\Extensions\nifhnnbiicacappckiefpdmmdjbamgfe [2013-07-09]
CHR Extension: (Google Wallet) - C:\Users\Vladimir\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-29]
CHR HKLM-x32\...\Chrome\Extension: [nifhnnbiicacappckiefpdmmdjbamgfe] - C:\Users\Vladimir\AppData\Local\Google\Chrome\Extensions\nifhnnbiicacappckiefpdmmdjbamgfe\afp.crx [2013-06-25]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-09] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [166192 2014-11-20] (Avira Operations GmbH & Co. KG)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2014-05-20] () [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S2 d3dadapter; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S2 d3dadapter; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
R2 EPSON_PM_RPCV4_01; C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE [102400 2006-04-18] (SEIKO EPSON CORPORATION) [File not signed]
R2 ir16_32; C:\Windows\SysWOW64\ir16_32.dll [522783 2010-11-20] () [File not signed]
S2 KBDMAI; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S2 KBDMAI; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2013-06-18] () [File not signed]
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2014-12-02] (LogMeIn, Inc.)
R2 LMS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [262144 2009-09-30] (Intel Corporation) [File not signed]
R2 MSSQL$SQLEXPRESS; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
S4 msvsmon90; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe [4466688 2007-11-08] (Microsoft Corporation)
S3 MWLService; C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [305448 2009-09-10] (Egis Technology Inc.)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1903472 2015-01-08] (Electronic Arts)
R2 PasswordBox; C:\Program Files (x86)\PasswordBox\pbbtnService.exe [67584 2014-05-14] (PasswordBox, Inc.) [File not signed]
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1522312 2012-11-22] (pdfforge GbR)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [905864 2012-11-22] (pdfforge GbR)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2014-06-28] ()
R2 UGS License Server (ugslmd); C:\Program Files (x86)\UGS\UGSLicensing\lmgrd.exe [1510152 2009-07-07] (Acresso Software Inc.)
R2 UNS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2314240 2009-09-30] (Intel Corporation) [File not signed]
R2 USBS3S4Detection; C:\OEM\USBDECTION\USBS3S4Detection.exe [76320 2009-12-09] ()
R2 wlanmgr; C:\Windows\SysWOW64\wlanmgr.dll [343571 2014-03-04] () [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2010-03-25] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-09] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-28] (Avira Operations GmbH & Co. KG)
S2 IOPort; C:\Windows\SysWOW64\DRIVERS\IOPORT.SYS [6144 2001-03-01] (Erik Salaj) [File not signed]
S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [16896 2007-03-20] (hxxp://libusb-win32.sourceforge.net) [File not signed]
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2010-03-25] ()
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-08] (Malwarebytes Corporation)
S3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [13480 2014-05-19] ()
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2010-03-17] (Duplex Secure Ltd.)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-08-06] ()
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
S3 vvftav211; C:\Windows\System32\drivers\vvftav211.sys [308224 2007-12-10] (Vimicro Corporation)
S3 ZSMC30x; C:\Windows\System32\Drivers\ZS211.sys [1491712 2007-12-13] (ZSMC.Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]
S1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

NETSVCx32: KBDMAI -> No ServiceDLL Path.
NETSVCx32: ir16_32 -> C:\Windows\SysWOW64\ir16_32.dll ()
NETSVCx32: d3dadapter -> No ServiceDLL Path.
NETSVCx32: wlanmgr -> C:\Windows\SysWOW64\wlanmgr.dll ()

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-10 13:00 - 2015-01-10 13:00 - 00025478 _____ () C:\Users\Vladimir\Desktop\FRST.txt
2015-01-10 13:00 - 2015-01-10 13:00 - 00000000 ____D () C:\FRST
2015-01-10 12:58 - 2015-01-10 12:58 - 02124288 _____ (Farbar) C:\Users\Vladimir\Desktop\FRST64.exe
2015-01-10 12:58 - 2015-01-10 12:58 - 00380416 _____ () C:\Users\Vladimir\Desktop\geh1eqn3.exe
2015-01-10 12:53 - 2015-01-10 12:53 - 00000000 ____D () C:\Users\Vladimir\AppData\Local\Torch
2015-01-10 12:53 - 2015-01-10 12:53 - 00000000 ____D () C:\Users\Vladimir\AppData\Local\Orbitum
2015-01-10 12:51 - 2015-01-10 12:51 - 00000658 _____ () C:\Users\Vladimir\Desktop\defogger_disable.log
2015-01-10 12:51 - 2015-01-10 12:51 - 00000188 _____ () C:\Users\Vladimir\defogger_reenable
2015-01-10 12:50 - 2015-01-10 12:50 - 00050477 _____ () C:\Users\Vladimir\Desktop\Defogger.exe
2015-01-10 12:44 - 2015-01-10 12:44 - 00638888 _____ (Oracle Corporation) C:\Users\Vladimir\Downloads\chromeinstall-8u25.exe
2015-01-10 12:30 - 2015-01-10 12:30 - 00000000 __SHD () C:\Users\Vladimir\AppData\Local\EmieBrowserModeList
2014-12-28 23:38 - 2014-12-28 23:38 - 00000662 _____ () C:\Users\Vladimir\Desktop\foto prag - Verknüpfung.lnk
2014-12-28 12:52 - 2014-12-28 12:52 - 02347384 _____ (ESET) C:\Users\Vladimir\Downloads\esetsmartinstaller_deu.exe
2014-12-28 12:28 - 2014-12-28 12:40 - 00000000 ____D () C:\AdwCleaner
2014-12-28 12:25 - 2014-12-28 12:25 - 02173952 _____ () C:\Users\Vladimir\Desktop\AdwCleaner_4.106.exe
2014-12-27 17:35 - 2014-12-27 17:35 - 00001066 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-24 07:25 - 2014-12-24 07:25 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2014-12-17 22:38 - 2014-12-13 06:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-17 22:38 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-15 19:41 - 2014-12-15 19:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-12-15 19:41 - 2014-12-15 19:41 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-12-13 13:34 - 2014-12-13 16:44 - 00000000 ____D () C:\Users\Vladimir\Desktop\Bewebung 2014
2014-12-11 20:10 - 2014-12-11 20:10 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-11 13:20 - 2014-10-18 03:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-11 13:20 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-12-11 12:37 - 2014-12-04 03:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2014-12-11 12:37 - 2014-12-04 03:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2014-12-11 12:37 - 2014-12-04 03:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-11 12:37 - 2014-12-04 03:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-12-11 12:37 - 2014-12-04 03:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-11 12:37 - 2014-12-04 03:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-12-11 12:37 - 2014-12-04 03:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-11 12:37 - 2014-12-02 00:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2014-12-11 12:37 - 2014-11-27 02:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-11 12:37 - 2014-11-27 02:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-11 12:37 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-11 12:37 - 2014-11-22 04:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-11 12:37 - 2014-11-22 04:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-11 12:37 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-11 12:37 - 2014-11-22 03:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-11 12:37 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-11 12:37 - 2014-11-22 03:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-11 12:37 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-11 12:37 - 2014-11-22 03:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-11 12:37 - 2014-11-22 03:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-11 12:37 - 2014-11-22 03:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-11 12:37 - 2014-11-22 03:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-11 12:37 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-11 12:37 - 2014-11-22 03:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-11 12:37 - 2014-11-22 03:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-11 12:37 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-11 12:37 - 2014-11-22 03:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-11 12:37 - 2014-11-22 03:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-11 12:37 - 2014-11-22 03:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-11 12:37 - 2014-11-22 03:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-11 12:37 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-11 12:37 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-11 12:37 - 2014-11-22 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-11 12:37 - 2014-11-22 03:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-12-11 12:37 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-11 12:37 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-11 12:37 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-11 12:37 - 2014-11-22 02:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-11 12:37 - 2014-11-22 02:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-11 12:37 - 2014-11-22 02:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-11 12:37 - 2014-11-22 02:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-12-11 12:37 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-11 12:37 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-11 12:37 - 2014-11-22 02:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-11 12:37 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-11 12:37 - 2014-11-22 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-11 12:37 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-11 12:37 - 2014-11-22 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-11 12:37 - 2014-11-22 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-11 12:37 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-11 12:37 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-11 12:37 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-11 12:37 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-11 12:37 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-11 12:37 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-11 12:37 - 2014-11-22 02:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-12-11 12:37 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-11 12:37 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-11 12:37 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-11 12:37 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-11 12:37 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-11 12:37 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-11 12:37 - 2014-11-11 04:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-11 12:37 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-11 12:37 - 2014-11-11 02:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-11 12:36 - 2014-11-08 04:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-11 12:36 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-12-11 12:36 - 2014-10-30 03:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-11 12:36 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2014-12-11 12:36 - 2014-10-03 03:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-11 12:36 - 2014-10-03 03:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-11 12:36 - 2014-10-03 03:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-11 12:36 - 2014-10-03 03:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-11 12:36 - 2014-10-03 03:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-11 12:36 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-12-11 12:36 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-11 12:36 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2014-12-11 12:36 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2014-12-11 12:36 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-10 12:57 - 2010-02-19 19:13 - 01665154 _____ () C:\Windows\WindowsUpdate.log
2015-01-10 12:55 - 2010-11-21 19:10 - 00000000 ____D () C:\Users\Vladimir\AppData\Roaming\Skype
2015-01-10 12:54 - 2013-06-29 09:09 - 00131186 _____ () C:\Windows\SysWOW64\ir16_32.dat
2015-01-10 12:53 - 2012-08-30 10:12 - 00000435 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2015-01-10 12:53 - 2011-08-18 18:12 - 00000000 ____D () C:\Users\Vladimir\AppData\Local\LogMeIn Hamachi
2015-01-10 12:52 - 2014-06-13 06:53 - 00022859 _____ () C:\Windows\setupact.log
2015-01-10 12:52 - 2012-04-04 11:16 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-10 12:52 - 2010-03-17 21:19 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-10 12:52 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-10 12:51 - 2010-03-17 20:56 - 00000000 ____D () C:\Users\Vladimir
2015-01-10 12:48 - 2014-05-30 16:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-10 12:45 - 2014-04-22 17:38 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-10 12:45 - 2014-04-22 17:37 - 00272296 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2015-01-10 12:45 - 2014-04-22 17:37 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2015-01-10 12:45 - 2014-04-22 17:37 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2015-01-10 12:45 - 2014-04-22 17:37 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-01-10 12:45 - 2014-04-22 17:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-01-10 12:45 - 2010-05-18 08:27 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-10 12:38 - 2009-11-18 22:39 - 00000000 ____D () C:\Program Files (x86)\Acer GameZone
2015-01-10 12:37 - 2010-03-17 21:19 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-10 12:36 - 2009-11-18 22:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer GameZone
2015-01-10 12:31 - 2009-07-14 05:45 - 00018512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-10 12:31 - 2009-07-14 05:45 - 00018512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-10 12:30 - 2014-08-21 22:37 - 00000000 ____D () C:\Users\Vladimir\AppData\Local\Adobe
2015-01-10 12:30 - 2013-07-09 22:21 - 00001132 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2921061897-715250580-3416074679-1000UA.job
2015-01-10 12:30 - 2010-03-17 21:56 - 00000000 ____D () C:\Users\Vladimir\Desktop\Games
2015-01-10 12:29 - 2012-04-04 11:16 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-10 12:29 - 2012-04-04 11:16 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-10 12:29 - 2011-05-19 17:11 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-09 11:30 - 2013-07-09 22:21 - 00001080 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2921061897-715250580-3416074679-1000Core.job
2015-01-08 20:36 - 2014-08-21 22:12 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-08 17:05 - 2013-08-16 13:09 - 00000000 ____D () C:\ProgramData\Origin
2015-01-08 17:03 - 2013-08-16 13:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2015-01-08 17:03 - 2013-08-16 13:09 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-12-28 12:43 - 2014-08-12 09:27 - 00004456 _____ () C:\Windows\PFRO.log
2014-12-27 18:03 - 2011-07-13 15:28 - 00000000 __SHD () C:\Windows\ei_temp
2014-12-27 17:35 - 2014-08-21 22:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-27 17:35 - 2014-08-21 22:12 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-21 20:30 - 2010-02-17 16:00 - 00770442 _____ () C:\Windows\system32\perfh007.dat
2014-12-21 20:30 - 2010-02-17 16:00 - 00179494 _____ () C:\Windows\system32\perfc007.dat
2014-12-21 20:30 - 2009-07-14 06:13 - 01807692 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-13 15:33 - 2010-02-19 19:38 - 00002569 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office PowerPoint Viewer 2007.lnk
2014-12-12 12:48 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-12-11 20:10 - 2014-05-06 02:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-11 20:10 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-11 20:10 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\AppCompat
2014-12-11 13:23 - 2009-11-18 22:48 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-11 12:29 - 2014-06-02 11:02 - 00000000 ____D () C:\ProgramData\Package Cache
2014-12-11 12:28 - 2014-11-19 10:33 - 00001101 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-12-11 12:28 - 2013-08-05 23:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-12-11 12:28 - 2013-08-05 23:58 - 00000000 ____D () C:\Program Files (x86)\Avira

Some content of TEMP:
====================
C:\Users\Vladimir\AppData\Local\Temp\avgnt.exe
C:\Users\Vladimir\AppData\Local\Temp\drm_dyndata_7380014.dll
C:\Users\Vladimir\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp3qbvi8.dll
C:\Users\Vladimir\AppData\Local\Temp\Foxit Updater.exe
C:\Users\Vladimir\AppData\Local\Temp\Quarantine.exe
C:\Users\Vladimir\AppData\Local\Temp\sender.exe
C:\Users\Vladimir\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Vladimir\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-09 03:42

==================== End Of Log ============================
--- --- ---

--- --- ---

Asator 10.01.2015 20:30
2ter Teil:

Defogger:
Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 12:51 on 10/01/2015 (Vladimir)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
HKCU:DAEMON Tools Lite -> Removed

Checking for services/drivers...
SPTD -> Disabled (Service running -> reboot required)


-=E.O.F=-
Gmer:
Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-01-10 19:03:30
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD10 rev.01.0 931,51GB
Running: geh1eqn3.exe; Driver: C:\Users\Vladimir\AppData\Local\Temp\axldqkob.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528                                                                                                                                fffff800033b5000 47 bytes [65, 4C, 8B, 24, 25, 20, 00, ...]
INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 576                                                                                                                                fffff800033b5030 7 bytes [89, 36, F0, 44, 21, 2B, C6]

---- User code sections - GMER 2.1 ----

.text    C:\Windows\SysWOW64\svchost.exe[2016] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                                                      0000000076421401 2 bytes JMP 76aab21b C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\svchost.exe[2016] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                                                        0000000076421419 2 bytes JMP 76aab346 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\svchost.exe[2016] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                                                      0000000076421431 2 bytes JMP 76b28ea9 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\svchost.exe[2016] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                                                      000000007642144a 2 bytes CALL 76a848ad C:\Windows\syswow64\kernel32.dll
.text    ...                                                                                                                                                                                                * 9
.text    C:\Windows\SysWOW64\svchost.exe[2016] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                                                        00000000764214dd 2 bytes JMP 76b287a2 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\svchost.exe[2016] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                                                  00000000764214f5 2 bytes JMP 76b28978 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\svchost.exe[2016] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                                                        000000007642150d 2 bytes JMP 76b28698 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\svchost.exe[2016] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                                                  0000000076421525 2 bytes JMP 76b28a62 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\svchost.exe[2016] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                                                        000000007642153d 2 bytes JMP 76a9fca8 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\svchost.exe[2016] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                                            0000000076421555 2 bytes JMP 76aa68ef C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\svchost.exe[2016] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                                                      000000007642156d 2 bytes JMP 76b28f61 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\svchost.exe[2016] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                                                        0000000076421585 2 bytes JMP 76b28ac2 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\svchost.exe[2016] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                                                          000000007642159d 2 bytes JMP 76b2865c C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\svchost.exe[2016] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                                                        00000000764215b5 2 bytes JMP 76a9fd41 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\svchost.exe[2016] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                                                      00000000764215cd 2 bytes JMP 76aab2dc C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\svchost.exe[2016] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                                                  00000000764216b2 2 bytes JMP 76b28e24 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\svchost.exe[2016] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                                                  00000000764216bd 2 bytes JMP 76b285f1 C:\Windows\syswow64\kernel32.dll
?        C:\Windows\system32\mssprxy.dll [2016] entry point in ".rdata" section                                                                                                                            000000005f8e71e6
.text    C:\Windows\SysWOW64\PnkBstrA.exe[3076] C:\Windows\SysWOW64\WSOCK32.dll!recv + 82                                                                                                                  00000000746917fa 2 bytes CALL 76a811a9 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\PnkBstrA.exe[3076] C:\Windows\SysWOW64\WSOCK32.dll!recvfrom + 88                                                                                                              0000000074691860 2 bytes CALL 76a811a9 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\PnkBstrA.exe[3076] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 98                                                                                                            0000000074691942 2 bytes JMP 76087089 C:\Windows\syswow64\WS2_32.dll
.text    C:\Windows\SysWOW64\PnkBstrA.exe[3076] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 109                                                                                                            000000007469194d 2 bytes JMP 7608cba6 C:\Windows\syswow64\WS2_32.dll
.text    C:\Windows\SysWOW64\PnkBstrA.exe[3076] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                                                    0000000076421401 2 bytes JMP 76aab21b C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\PnkBstrA.exe[3076] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                                                      0000000076421419 2 bytes JMP 76aab346 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\PnkBstrA.exe[3076] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                                                    0000000076421431 2 bytes JMP 76b28ea9 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\PnkBstrA.exe[3076] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                                                    000000007642144a 2 bytes CALL 76a848ad C:\Windows\syswow64\kernel32.dll
.text    ...                                                                                                                                                                                                * 9
.text    C:\Windows\SysWOW64\PnkBstrA.exe[3076] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                                                        00000000764214dd 2 bytes JMP 76b287a2 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\PnkBstrA.exe[3076] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                                                00000000764214f5 2 bytes JMP 76b28978 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\PnkBstrA.exe[3076] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                                                        000000007642150d 2 bytes JMP 76b28698 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\PnkBstrA.exe[3076] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                                                0000000076421525 2 bytes JMP 76b28a62 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\PnkBstrA.exe[3076] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                                                      000000007642153d 2 bytes JMP 76a9fca8 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\PnkBstrA.exe[3076] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                                            0000000076421555 2 bytes JMP 76aa68ef C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\PnkBstrA.exe[3076] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                                                    000000007642156d 2 bytes JMP 76b28f61 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\PnkBstrA.exe[3076] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                                                      0000000076421585 2 bytes JMP 76b28ac2 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\PnkBstrA.exe[3076] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                                                          000000007642159d 2 bytes JMP 76b2865c C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\PnkBstrA.exe[3076] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                                                      00000000764215b5 2 bytes JMP 76a9fd41 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\PnkBstrA.exe[3076] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                                                    00000000764215cd 2 bytes JMP 76aab2dc C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\PnkBstrA.exe[3076] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                                                00000000764216b2 2 bytes JMP 76b28e24 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\PnkBstrA.exe[3076] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                                                00000000764216bd 2 bytes JMP 76b285f1 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\UGS\UGSLicensing\lmgrd.exe[3408] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                                    0000000076421401 2 bytes JMP 76aab21b C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\UGS\UGSLicensing\lmgrd.exe[3408] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                                      0000000076421419 2 bytes JMP 76aab346 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\UGS\UGSLicensing\lmgrd.exe[3408] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                                    0000000076421431 2 bytes JMP 76b28ea9 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\UGS\UGSLicensing\lmgrd.exe[3408] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                                    000000007642144a 2 bytes CALL 76a848ad C:\Windows\syswow64\kernel32.dll
.text    ...                                                                                                                                                                                                * 9
.text    C:\Program Files (x86)\UGS\UGSLicensing\lmgrd.exe[3408] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                                      00000000764214dd 2 bytes JMP 76b287a2 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\UGS\UGSLicensing\lmgrd.exe[3408] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                                00000000764214f5 2 bytes JMP 76b28978 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\UGS\UGSLicensing\lmgrd.exe[3408] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                                      000000007642150d 2 bytes JMP 76b28698 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\UGS\UGSLicensing\lmgrd.exe[3408] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                                0000000076421525 2 bytes JMP 76b28a62 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\UGS\UGSLicensing\lmgrd.exe[3408] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                                      000000007642153d 2 bytes JMP 76a9fca8 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\UGS\UGSLicensing\lmgrd.exe[3408] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                          0000000076421555 2 bytes JMP 76aa68ef C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\UGS\UGSLicensing\lmgrd.exe[3408] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                                    000000007642156d 2 bytes JMP 76b28f61 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\UGS\UGSLicensing\lmgrd.exe[3408] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                                      0000000076421585 2 bytes JMP 76b28ac2 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\UGS\UGSLicensing\lmgrd.exe[3408] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                                        000000007642159d 2 bytes JMP 76b2865c C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\UGS\UGSLicensing\lmgrd.exe[3408] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                                      00000000764215b5 2 bytes JMP 76a9fd41 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\UGS\UGSLicensing\lmgrd.exe[3408] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                                    00000000764215cd 2 bytes JMP 76aab2dc C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\UGS\UGSLicensing\lmgrd.exe[3408] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                                00000000764216b2 2 bytes JMP 76b28e24 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\UGS\UGSLicensing\lmgrd.exe[3408] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                                00000000764216bd 2 bytes JMP 76b285f1 C:\Windows\syswow64\kernel32.dll
.text    C:\Users\Vladimir\AppData\Local\Logitech® Webcam-Software\Logishrd\LU2.0\LogitechUpdate.exe[2336] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                          0000000076421401 2 bytes JMP 76aab21b C:\Windows\syswow64\kernel32.dll
.text    C:\Users\Vladimir\AppData\Local\Logitech® Webcam-Software\Logishrd\LU2.0\LogitechUpdate.exe[2336] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                            0000000076421419 2 bytes JMP 76aab346 C:\Windows\syswow64\kernel32.dll
.text    C:\Users\Vladimir\AppData\Local\Logitech® Webcam-Software\Logishrd\LU2.0\LogitechUpdate.exe[2336] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                          0000000076421431 2 bytes JMP 76b28ea9 C:\Windows\syswow64\kernel32.dll
.text    C:\Users\Vladimir\AppData\Local\Logitech® Webcam-Software\Logishrd\LU2.0\LogitechUpdate.exe[2336] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                          000000007642144a 2 bytes CALL 76a848ad C:\Windows\syswow64\kernel32.dll
.text    ...                                                                                                                                                                                                * 9
.text    C:\Users\Vladimir\AppData\Local\Logitech® Webcam-Software\Logishrd\LU2.0\LogitechUpdate.exe[2336] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                            00000000764214dd 2 bytes JMP 76b287a2 C:\Windows\syswow64\kernel32.dll
.text    C:\Users\Vladimir\AppData\Local\Logitech® Webcam-Software\Logishrd\LU2.0\LogitechUpdate.exe[2336] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                      00000000764214f5 2 bytes JMP 76b28978 C:\Windows\syswow64\kernel32.dll
.text    C:\Users\Vladimir\AppData\Local\Logitech® Webcam-Software\Logishrd\LU2.0\LogitechUpdate.exe[2336] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                            000000007642150d 2 bytes JMP 76b28698 C:\Windows\syswow64\kernel32.dll
.text    C:\Users\Vladimir\AppData\Local\Logitech® Webcam-Software\Logishrd\LU2.0\LogitechUpdate.exe[2336] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                      0000000076421525 2 bytes JMP 76b28a62 C:\Windows\syswow64\kernel32.dll
.text    C:\Users\Vladimir\AppData\Local\Logitech® Webcam-Software\Logishrd\LU2.0\LogitechUpdate.exe[2336] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                            000000007642153d 2 bytes JMP 76a9fca8 C:\Windows\syswow64\kernel32.dll
.text    C:\Users\Vladimir\AppData\Local\Logitech® Webcam-Software\Logishrd\LU2.0\LogitechUpdate.exe[2336] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                0000000076421555 2 bytes JMP 76aa68ef C:\Windows\syswow64\kernel32.dll
.text    C:\Users\Vladimir\AppData\Local\Logitech® Webcam-Software\Logishrd\LU2.0\LogitechUpdate.exe[2336] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                          000000007642156d 2 bytes JMP 76b28f61 C:\Windows\syswow64\kernel32.dll
.text    C:\Users\Vladimir\AppData\Local\Logitech® Webcam-Software\Logishrd\LU2.0\LogitechUpdate.exe[2336] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                            0000000076421585 2 bytes JMP 76b28ac2 C:\Windows\syswow64\kernel32.dll
.text    C:\Users\Vladimir\AppData\Local\Logitech® Webcam-Software\Logishrd\LU2.0\LogitechUpdate.exe[2336] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                              000000007642159d 2 bytes JMP 76b2865c C:\Windows\syswow64\kernel32.dll
.text    C:\Users\Vladimir\AppData\Local\Logitech® Webcam-Software\Logishrd\LU2.0\LogitechUpdate.exe[2336] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                            00000000764215b5 2 bytes JMP 76a9fd41 C:\Windows\syswow64\kernel32.dll
.text    C:\Users\Vladimir\AppData\Local\Logitech® Webcam-Software\Logishrd\LU2.0\LogitechUpdate.exe[2336] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                          00000000764215cd 2 bytes JMP 76aab2dc C:\Windows\syswow64\kernel32.dll
.text    C:\Users\Vladimir\AppData\Local\Logitech® Webcam-Software\Logishrd\LU2.0\LogitechUpdate.exe[2336] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                      00000000764216b2 2 bytes JMP 76b28e24 C:\Windows\syswow64\kernel32.dll
.text    C:\Users\Vladimir\AppData\Local\Logitech® Webcam-Software\Logishrd\LU2.0\LogitechUpdate.exe[2336] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                      00000000764216bd 2 bytes JMP 76b285f1 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2816] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                      0000000076421401 2 bytes JMP 76aab21b C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2816] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                        0000000076421419 2 bytes JMP 76aab346 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2816] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                      0000000076421431 2 bytes JMP 76b28ea9 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2816] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                      000000007642144a 2 bytes CALL 76a848ad C:\Windows\syswow64\kernel32.dll
.text    ...                                                                                                                                                                                                * 9
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2816] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                          00000000764214dd 2 bytes JMP 76b287a2 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2816] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                  00000000764214f5 2 bytes JMP 76b28978 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2816] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                          000000007642150d 2 bytes JMP 76b28698 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2816] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                  0000000076421525 2 bytes JMP 76b28a62 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2816] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                        000000007642153d 2 bytes JMP 76a9fca8 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2816] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                              0000000076421555 2 bytes JMP 76aa68ef C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2816] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                      000000007642156d 2 bytes JMP 76b28f61 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2816] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                        0000000076421585 2 bytes JMP 76b28ac2 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2816] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                            000000007642159d 2 bytes JMP 76b2865c C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2816] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                        00000000764215b5 2 bytes JMP 76a9fd41 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2816] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                      00000000764215cd 2 bytes JMP 76aab2dc C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2816] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                  00000000764216b2 2 bytes JMP 76b28e24 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2816] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                  00000000764216bd 2 bytes JMP 76b285f1 C:\Windows\syswow64\kernel32.dll

---- Threads - GMER 2.1 ----

Thread    c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2672:2712]                                                                                                            00000000778f2e65
Thread    c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2672:2112]                                                                                                            00000000718a29e1
Thread    c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2672:1764]                                                                                                            00000000718a29e1
Thread    c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2672:2312]                                                                                                            00000000718a29e1
Thread    c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2672:2208]                                                                                                            00000000718a29e1
Thread    c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2672:2192]                                                                                                            00000000718a29e1
Thread    c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2672:2188]                                                                                                            00000000718a29e1
Thread    c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2672:2352]                                                                                                            00000000718a29e1
Thread    c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2672:2348]                                                                                                            00000000718a29e1
Thread    c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2672:2356]                                                                                                            00000000718a29e1
Thread    c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2672:1664]                                                                                                            00000000718a29e1
Thread    c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2672:1660]                                                                                                            00000000718a29e1
Thread    c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2672:1656]                                                                                                            00000000718a29e1
Thread    c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2672:2364]                                                                                                            00000000718a29e1
Thread    c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2672:1744]                                                                                                            00000000718a29e1
Thread    c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2672:1740]                                                                                                            00000000718a29e1
Thread    c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2672:2368]                                                                                                            00000000718a29e1
Thread    c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2672:1704]                                                                                                            00000000718a29e1
Thread    c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2672:1720]                                                                                                            00000000718a29e1
Thread    c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2672:3544]                                                                                                            00000000718a29e1
Thread    c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2672:3640]                                                                                                            00000000718a29e1
Thread    c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2672:3644]                                                                                                            00000000718a29e1
Thread    c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2672:4704]                                                                                                            00000000718a29e1
Thread    c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2672:4712]                                                                                                            00000000718a29e1
Thread    c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2672:4724]                                                                                                            00000000718a29e1
Thread    c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2672:4968]                                                                                                            00000000718a29e1
Thread    c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2672:4972]                                                                                                            00000000718a29e1
Thread    c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2672:5008]                                                                                                            00000000778f3e85
Thread    c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2672:5012]                                                                                                            00000000718a29e1
Thread    c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2672:5024]                                                                                                            00000000718a29e1
Thread    c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2672:6040]                                                                                                            00000000718a29e1
Thread    c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2672:6044]                                                                                                            00000000718a29e1
Thread    c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2672:6048]                                                                                                            00000000718a29e1
Thread    c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2672:6052]                                                                                                            00000000718a29e1
Thread    c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2672:6056]                                                                                                            00000000718a29e1
Thread    c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2672:6060]                                                                                                            00000000718a29e1
Thread    c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2672:6064]                                                                                                            00000000718a29e1
Thread    c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2672:6068]                                                                                                            00000000718a29e1
Thread    c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2672:4852]                                                                                                            00000000718a29e1
Thread    c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2672:5128]                                                                                                            00000000718a29e1
Thread    c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2672:288]                                                                                                            00000000718a29e1
Thread    c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2672:5892]                                                                                                            00000000718a29e1
Thread    c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2672:5888]                                                                                                            00000000778f3e85
---- Processes - GMER 2.1 ----

Library  C:\Programme\WinRAR\rarext64.dll (*** suspicious ***) @ C:\Windows\Explorer.EXE [1768](2010-03-17 22:06:36)                                                                                        000000001c000000

---- Registry - GMER 2.1 ----

Reg      HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04                                                                                                                 
Reg      HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                                                                                                                1
Reg      HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                                                                                                            0x90 0xBA 0x95 0x8A ...
Reg      HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                                                                                                 
Reg      HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                                                                                                0xD4 0x01 0x00 0x00 ...
Reg      HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                                                                                                0
Reg      HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                                                                                            0x57 0x7D 0x54 0x47 ...
Reg      HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                                                                                                C:\Program Files (x86)\DAEMON Tools Lite\
Reg      HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                                                                                                         
Reg      HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                                                                                                      0x20 0x01 0x00 0x00 ...
Reg      HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                                                                                                    0x2A 0x09 0xCB 0xC9 ...
Reg      HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                                                                                                   
Reg      HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                                                                                              0xAF 0xB5 0xBC 0xDB ...
Reg      HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1                                                                                                   
Reg      HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12                                                                                              0x2C 0xDB 0xF0 0x0D ...
Reg      HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2                                                                                                   
Reg      HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12                                                                                              0xF6 0x7C 0xD6 0x60 ...
Reg      HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3                                                                                                   
Reg      HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3@hdf12                                                                                              0x6C 0xF1 0x31 0xAC ...
Reg      HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)                                                                                             
Reg      HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                                                                                                                    1
Reg      HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                                                                                                                0x90 0xBA 0x95 0x8A ...
Reg      HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                                                                                             
Reg      HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                                                                                                    0xD4 0x01 0x00 0x00 ...
Reg      HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                                                                                                    0
Reg      HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                                                                                                0x57 0x7D 0x54 0x47 ...
Reg      HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                                                                                                    C:\Program Files (x86)\DAEMON Tools Lite\
Reg      HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)                                                                                     
Reg      HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                                                                                                          0x20 0x01 0x00 0x00 ...
Reg      HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                                                                                                        0x2A 0x09 0xCB 0xC9 ...
Reg      HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)                                                                               
Reg      HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                                                                                                  0xAF 0xB5 0xBC 0xDB ...
Reg      HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)                                                                               
Reg      HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12                                                                                                  0x2C 0xDB 0xF0 0x0D ...
Reg      HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2 (not active ControlSet)                                                                               
Reg      HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12                                                                                                  0xF6 0x7C 0xD6 0x60 ...
Reg      HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3 (not active ControlSet)                                                                               
Reg      HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3@hdf12                                                                                                  0x6C 0xF1 0x31 0xAC ...
Reg      HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Users\Vladimir\AppData\Local\Logitech\xae Webcam-Software\Logishrd\LU2.0\LogitechUpdate.exe  1

---- EOF - GMER 2.1 ----

schrauber 10.01.2015 20:38
hi,

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Asator 10.01.2015 21:49
fertig
Code:
ComboFix 15-01-08.01 - Vladimir 10.01.2015  20:56:08.1.8 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.4055.2531 [GMT 1:00]
ausgeführt von:: c:\users\Vladimir\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Vladimir\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
c:\windows\SysWow64\wlanmgr.dll
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((  Dateien erstellt von 2014-12-10 bis 2015-01-10  ))))))))))))))))))))))))))))))
.
.
2015-01-10 20:07 . 2015-01-10 20:07        --------        d-----w-        c:\users\Public\AppData\Local\temp
2015-01-10 20:07 . 2015-01-10 20:07        --------        d-----w-        c:\users\Default\AppData\Local\temp
2015-01-10 12:00 . 2015-01-10 12:02        --------        d-----w-        C:\FRST
2015-01-10 11:53 . 2015-01-10 11:53        --------        d-----w-        c:\users\Vladimir\AppData\Local\Torch
2015-01-10 11:53 . 2015-01-10 11:53        --------        d-----w-        c:\users\Vladimir\AppData\Local\Orbitum
2015-01-10 11:46 . 2015-01-10 11:46        --------        d-----w-        c:\program files (x86)\Common Files\Java
2015-01-10 11:30 . 2015-01-10 11:30        --------        d-sh--w-        c:\users\Vladimir\AppData\Local\EmieBrowserModeList
2014-12-28 11:28 . 2014-12-28 11:40        --------        d-----w-        C:\AdwCleaner
2014-12-17 21:38 . 2014-12-13 05:09        144384        ----a-w-        c:\windows\system32\ieUnatt.exe
2014-12-17 21:38 . 2014-12-13 03:33        115712        ----a-w-        c:\windows\SysWow64\ieUnatt.exe
2014-12-15 18:41 . 2014-12-15 18:41        --------        d-----w-        c:\program files (x86)\LogMeIn Hamachi
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-01-10 11:45 . 2014-04-22 16:37        98216        ----a-w-        c:\windows\SysWow64\WindowsAccessBridge-32.dll
2015-01-10 11:29 . 2012-04-04 10:16        701616        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2015-01-10 11:29 . 2011-05-19 16:11        71344        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-01-08 19:36 . 2014-08-21 21:12        129752        ----a-w-        c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-12-10 20:04 . 2014-04-29 09:05        3981488        ----a-w-        c:\windows\SysWow64\FlashPlayerInstaller.exe
2014-12-04 02:50 . 2014-12-11 11:37        413184        ----a-w-        c:\windows\system32\generaltel.dll
2014-12-04 02:50 . 2014-12-11 11:37        741376        ----a-w-        c:\windows\system32\invagent.dll
2014-12-04 02:50 . 2014-12-11 11:37        396800        ----a-w-        c:\windows\system32\devinv.dll
2014-12-04 02:50 . 2014-12-11 11:37        830976        ----a-w-        c:\windows\system32\appraiser.dll
2014-12-04 02:50 . 2014-12-11 11:37        192000        ----a-w-        c:\windows\system32\aepic.dll
2014-12-04 02:50 . 2014-12-11 11:37        227328        ----a-w-        c:\windows\system32\aepdu.dll
2014-12-04 02:44 . 2014-12-11 11:37        1083392        ----a-w-        c:\windows\system32\aeinv.dll
2014-12-01 23:28 . 2014-12-11 11:37        1232040        ----a-w-        c:\windows\system32\aitstatic.exe
2014-11-27 01:43 . 2014-12-11 11:37        389296        ----a-w-        c:\windows\system32\iedkcs32.dll
2014-11-22 03:13 . 2014-12-11 11:37        25059840        ----a-w-        c:\windows\system32\mshtml.dll
2014-11-22 03:06 . 2014-12-11 11:37        2724864        ----a-w-        c:\windows\system32\mshtml.tlb
2014-11-22 03:06 . 2014-12-11 11:37        4096        ----a-w-        c:\windows\system32\ieetwcollectorres.dll
2014-11-22 02:50 . 2014-12-11 11:37        66560        ----a-w-        c:\windows\system32\iesetup.dll
2014-11-22 02:50 . 2014-12-11 11:37        580096        ----a-w-        c:\windows\system32\vbscript.dll
2014-11-22 02:49 . 2014-12-11 11:37        48640        ----a-w-        c:\windows\system32\ieetwproxystub.dll
2014-11-22 02:49 . 2014-12-11 11:37        2885120        ----a-w-        c:\windows\system32\iertutil.dll
2014-11-22 02:48 . 2014-12-11 11:37        88064        ----a-w-        c:\windows\system32\MshtmlDac.dll
2014-11-22 02:41 . 2014-12-11 11:37        54784        ----a-w-        c:\windows\system32\jsproxy.dll
2014-11-22 02:40 . 2014-12-11 11:37        34304        ----a-w-        c:\windows\system32\iernonce.dll
2014-11-22 02:37 . 2014-12-11 11:37        633856        ----a-w-        c:\windows\system32\ieui.dll
2014-11-22 02:35 . 2014-12-11 11:37        114688        ----a-w-        c:\windows\system32\ieetwcollector.exe
2014-11-22 02:34 . 2014-12-11 11:37        814080        ----a-w-        c:\windows\system32\jscript9diag.dll
2014-11-22 02:34 . 2014-12-11 11:37        6039552        ----a-w-        c:\windows\system32\jscript9.dll
2014-11-22 02:26 . 2014-12-11 11:37        968704        ----a-w-        c:\windows\system32\MsSpellCheckingFacility.exe
2014-11-22 02:22 . 2014-12-11 11:37        490496        ----a-w-        c:\windows\system32\dxtmsft.dll
2014-11-22 02:20 . 2014-12-11 11:37        2724864        ----a-w-        c:\windows\SysWow64\mshtml.tlb
2014-11-22 02:14 . 2014-12-11 11:37        77824        ----a-w-        c:\windows\system32\JavaScriptCollectionAgent.dll
2014-11-22 02:09 . 2014-12-11 11:37        199680        ----a-w-        c:\windows\system32\msrating.dll
2014-11-22 02:08 . 2014-12-11 11:37        92160        ----a-w-        c:\windows\system32\mshtmled.dll
2014-11-22 02:07 . 2014-12-11 11:37        501248        ----a-w-        c:\windows\SysWow64\vbscript.dll
2014-11-22 02:07 . 2014-12-11 11:37        62464        ----a-w-        c:\windows\SysWow64\iesetup.dll
2014-11-22 02:06 . 2014-12-11 11:37        47616        ----a-w-        c:\windows\SysWow64\ieetwproxystub.dll
2014-11-22 02:05 . 2014-12-11 11:37        64000        ----a-w-        c:\windows\SysWow64\MshtmlDac.dll
2014-11-22 02:05 . 2014-12-11 11:37        316928        ----a-w-        c:\windows\system32\dxtrans.dll
2014-11-22 01:54 . 2014-12-11 11:37        620032        ----a-w-        c:\windows\SysWow64\jscript9diag.dll
2014-11-22 01:49 . 2014-12-11 11:37        718848        ----a-w-        c:\windows\system32\ie4uinit.exe
2014-11-22 01:49 . 2014-12-11 11:37        800768        ----a-w-        c:\windows\system32\msfeeds.dll
2014-11-22 01:47 . 2014-12-11 11:37        1359360        ----a-w-        c:\windows\system32\mshtmlmedia.dll
2014-11-22 01:46 . 2014-12-11 11:37        2125312        ----a-w-        c:\windows\system32\inetcpl.cpl
2014-11-22 01:43 . 2014-12-11 11:37        14412800        ----a-w-        c:\windows\system32\ieframe.dll
2014-11-22 01:40 . 2014-12-11 11:37        60416        ----a-w-        c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-11-22 01:29 . 2014-12-11 11:37        4299264        ----a-w-        c:\windows\SysWow64\jscript9.dll
2014-11-22 01:28 . 2014-12-11 11:37        2358272        ----a-w-        c:\windows\system32\wininet.dll
2014-11-22 01:22 . 2014-12-11 11:37        2052096        ----a-w-        c:\windows\SysWow64\inetcpl.cpl
2014-11-22 01:21 . 2014-12-11 11:37        1155072        ----a-w-        c:\windows\SysWow64\mshtmlmedia.dll
2014-11-22 01:15 . 2014-12-11 11:37        1548288        ----a-w-        c:\windows\system32\urlmon.dll
2014-11-22 01:03 . 2014-12-11 11:37        800768        ----a-w-        c:\windows\system32\ieapfltr.dll
2014-11-22 01:00 . 2014-12-11 11:37        1888256        ----a-w-        c:\windows\SysWow64\wininet.dll
2014-11-21 05:14 . 2014-08-21 21:12        63704        ----a-w-        c:\windows\system32\drivers\mwac.sys
2014-11-21 05:14 . 2014-08-21 21:12        93400        ----a-w-        c:\windows\system32\drivers\mbamchameleon.sys
2014-11-21 05:14 . 2012-09-27 06:57        25816        ----a-w-        c:\windows\system32\drivers\mbam.sys
2014-11-19 03:31 . 2014-11-19 03:31        1217192        ----a-w-        c:\windows\SysWow64\FM20.DLL
2014-11-11 03:09 . 2014-12-11 11:37        1424384        ----a-w-        c:\windows\system32\WindowsCodecs.dll
2014-11-11 03:08 . 2014-11-18 20:10        241152        ----a-w-        c:\windows\system32\pku2u.dll
2014-11-11 03:08 . 2014-11-18 20:11        728064        ----a-w-        c:\windows\system32\kerberos.dll
2014-11-11 02:44 . 2014-12-11 11:37        1230336        ----a-w-        c:\windows\SysWow64\WindowsCodecs.dll
2014-11-11 02:44 . 2014-11-18 20:10        186880        ----a-w-        c:\windows\SysWow64\pku2u.dll
2014-11-11 02:44 . 2014-11-18 20:10        550912        ----a-w-        c:\windows\SysWow64\kerberos.dll
2014-11-11 01:46 . 2014-12-11 11:37        119296        ----a-w-        c:\windows\system32\drivers\tdx.sys
2014-11-08 03:16 . 2014-12-11 11:36        2048        ----a-w-        c:\windows\system32\tzres.dll
2014-11-08 02:45 . 2014-12-11 11:36        2048        ----a-w-        c:\windows\SysWow64\tzres.dll
2014-10-30 02:03 . 2014-12-11 11:36        165888        ----a-w-        c:\windows\system32\charmap.exe
2014-10-30 01:45 . 2014-12-11 11:36        155136        ----a-w-        c:\windows\SysWow64\charmap.exe
2014-10-25 01:57 . 2014-11-12 18:43        77824        ----a-w-        c:\windows\system32\packager.dll
2014-10-25 01:32 . 2014-11-12 18:43        67584        ----a-w-        c:\windows\SysWow64\packager.dll
2014-10-18 02:05 . 2014-11-12 18:43        861696        ----a-w-        c:\windows\system32\oleaut32.dll
2014-10-18 02:05 . 2014-12-11 12:20        4121600        ----a-w-        c:\windows\system32\mf.dll
2014-10-18 01:33 . 2014-11-12 18:43        571904        ----a-w-        c:\windows\SysWow64\oleaut32.dll
2014-10-18 01:33 . 2014-12-11 12:20        3209728        ----a-w-        c:\windows\SysWow64\mf.dll
2014-10-14 02:16 . 2014-11-12 18:44        155064        ----a-w-        c:\windows\system32\drivers\ksecpkg.sys
2014-10-14 02:13 . 2014-11-12 18:44        683520        ----a-w-        c:\windows\system32\termsrv.dll
2014-10-14 02:13 . 2014-11-12 18:43        3241984        ----a-w-        c:\windows\system32\msi.dll
2014-10-14 02:12 . 2014-11-12 18:44        1460736        ----a-w-        c:\windows\system32\lsasrv.dll
2014-10-14 02:09 . 2014-11-12 18:44        146432        ----a-w-        c:\windows\system32\msaudite.dll
2014-10-14 02:07 . 2014-11-12 18:44        681984        ----a-w-        c:\windows\system32\adtschema.dll
2014-10-14 01:50 . 2014-11-12 18:44        22016        ----a-w-        c:\windows\SysWow64\secur32.dll
2014-10-14 01:50 . 2014-11-12 18:43        2363904        ----a-w-        c:\windows\SysWow64\msi.dll
2014-10-14 01:49 . 2014-11-12 18:44        96768        ----a-w-        c:\windows\SysWow64\sspicli.dll
2014-10-14 01:47 . 2014-11-12 18:44        146432        ----a-w-        c:\windows\SysWow64\msaudite.dll
2014-10-14 01:46 . 2014-11-12 18:44        681984        ----a-w-        c:\windows\SysWow64\adtschema.dll
2011-11-07 16:02 . 2011-11-07 16:02        543000        ----a-w-        c:\program files\TunaticSetup.exe
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-09-10 13:41        120104        ----a-w-        c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech Vid"="c:\program files (x86)\Logitech\Vid HD\Vid.exe" [2011-01-13 6129496]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-07-24 21650016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-08-12 261888]
"Hotkey Utility"="c:\program files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe" [2009-08-18 629280]
"EgisTecLiveUpdate"="c:\program files (x86)\EgisTec Egis Software Update\EgisUpdate.exe" [2009-08-04 199464]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"BigDogPath"="c:\windows\ZSSnp211.exe" [2007-04-06 57344]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
"PDFPrint"="c:\program files (x86)\PDF24\pdf24.exe" [2013-02-19 162856]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-12-09 702768]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2014-04-17 767200]
"Avira Systray"="c:\program files (x86)\Avira\My Avira\Avira.OE.Systray.exe" [2014-11-20 126200]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2014-12-13 3838800]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
cv act sc interface RegisterTool.lnk - c:\program files (x86)\cv cryptovision\cv act sc interface\RegisterTool.exe [2013-12-18 9552384]
SmartCopy.lnk - c:\program files (x86)\Northstar\SmartCopy\SmartCopy.exe [2010-2-19 319488]
SmartLauncher.lnk - c:\program files (x86)\Northstar\SmartLauncher\SmartLauncher.exe [2010-2-19 53760]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableSecureUIAPath"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys;c:\windows\SYSNATIVE\drivers\SBREdrv.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 d3dadapter;3D Graphic adapter for video card;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
R2 IOPort;IOPort;c:\windows\system32\DRIVERS\IOPORT.SYS;c:\windows\SYSNATIVE\DRIVERS\IOPORT.SYS [x]
R2 KBDMAI;Virtual keyboard 32-bit service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
R2 KMService;KMService;c:\windows\system32\srvany.exe;c:\windows\SYSNATIVE\srvany.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 wlanmgr;Wireless Manager;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
R3 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe;c:\program files (x86)\Common Files\BattlEye\BEService.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 libusb0;LibUsb-Win32 - Kernel Driver 03/20/2007, 0.1.12.1;c:\windows\system32\DRIVERS\libusb0.sys;c:\windows\SYSNATIVE\DRIVERS\libusb0.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [x]
R3 Origin Client Service;Origin Client Service;c:\program files (x86)\Origin\OriginClientService.exe;c:\program files (x86)\Origin\OriginClientService.exe [x]
R3 RTCore64;RTCore64;c:\program files (x86)\MSI Afterburner\RTCore64.sys;c:\program files (x86)\MSI Afterburner\RTCore64.sys [x]
R3 S3XXx64;SCR3xx USB SmartCardReader64;c:\windows\system32\DRIVERS\S3XXx64.sys;c:\windows\SYSNATIVE\DRIVERS\S3XXx64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
R3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys;c:\program files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [x]
R3 vvftav211;vvftav211;c:\windows\system32\drivers\vvftav211.sys;c:\windows\SYSNATIVE\drivers\vvftav211.sys [x]
R3 ZSMC30x;USB PC Camera Service ZSMC30x;c:\windows\system32\Drivers\ZS211.sys;c:\windows\SYSNATIVE\Drivers\ZS211.sys [x]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 Avira.OE.ServiceHost;Avira Service Host;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe;c:\program files (x86)\Acer\Registration\GregHSRW.exe [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
S2 ir16_32;Intel Indeo(N) service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [x]
S2 PasswordBox;PasswordBox;c:\program files (x86)\PasswordBox\pbbtnService.exe;c:\program files (x86)\PasswordBox\pbbtnService.exe [x]
S2 PDF Architect Helper Service;PDF Architect Helper Service;c:\program files (x86)\PDF Architect\HelperService.exe;c:\program files (x86)\PDF Architect\HelperService.exe [x]
S2 PDF Architect Service;PDF Architect Service;c:\program files (x86)\PDF Architect\ConversionService.exe;c:\program files (x86)\PDF Architect\ConversionService.exe [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S2 UGS License Server (ugslmd);UGS-Lizenzserver (ugslmd);c:\program files (x86)\UGS\UGSLicensing\lmgrd.exe;c:\program files (x86)\UGS\UGSLicensing\lmgrd.exe [x]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
S2 USBS3S4Detection;USBS3S4Detection;c:\oem\USBDECTION\USBS3S4Detection.exe;c:\oem\USBDECTION\USBS3S4Detection.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1k62x64.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
S3 LVUVC64;Logitech HD Webcam C270(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
KBDMAI
ir16_32
d3dadapter
wlanmgr
.
Inhalt des "geplante Tasks" Ordners
.
2015-01-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 11:29]
.
2015-01-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-17 01:10]
.
2015-01-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-17 01:10]
.
2015-01-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2921061897-715250580-3416074679-1000Core.job
- c:\users\Vladimir\AppData\Local\Google\Update\GoogleUpdate.exe [2013-07-09 21:21]
.
2015-01-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2921061897-715250580-3416074679-1000UA.job
- c:\users\Vladimir\AppData\Local\Google\Update\GoogleUpdate.exe [2013-07-09 21:21]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-09-10 13:44        137512        ----a-w-        c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mwlDaemon"="c:\program files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-09-10 349480]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-10-13 186904]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.yandex.ru/?win=49&clid=48577
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: &??????? ? Microsoft Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Vladimir\AppData\Roaming\Mozilla\Firefox\Profiles\6pguj3o2.default-1399240151521\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-Overwolf - c:\program files (x86)\Overwolf\Overwolf.exe
WebBrowser-{51A86BB3-6602-4C85-92A5-130EE4864F13} - (no file)
AddRemove-Battlelog Web Plugins - c:\program files (x86)\Battlelog Web Plugins\uninstall.exe
AddRemove-BattlEye for A2 - d:\games\Steam\steamapps\common\Arma 2BattlEye\UnInstallBE.exe
AddRemove-GTA IV Vehicle Mod Installer v1.5_is1 - d:\games\GTA 4 Mods\v1.5\unins000.exe
AddRemove-{B0F4B9B2-D252-44B6-B6C4-464809AA675B}_is1 - d:\games\World_of_Tanks\unins001.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2921061897-715250580-3416074679-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:0d,93,4e,66,33,db,27,79,3e,ba,e6,16,c5,75,2c,d1,b6,c1,6a,2d,6d,9a,e8,
  ab,9f,a2,7a,33,98,b3,22,41,bb,e6,4b,6d,14,a0,aa,5e,31,69,5b,1c,74,69,ba,6c,\
"??"=hex:56,1b,0f,dc,29,18,f7,c7,b9,ae,a1,c8,ff,45,e4,24
.
[HKEY_USERS\S-1-5-21-2921061897-715250580-3416074679-1000\Software\SecuROM\License information*]
"datasecu"=hex:3c,06,fc,1c,46,c2,cd,5d,43,46,2b,63,1a,5b,19,0d,cd,f8,59,06,c0,
  67,31,e1,13,9b,51,3e,19,08,90,cb,56,67,92,c1,02,2a,cd,54,40,f8,60,81,5f,11,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_246_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_246_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_246_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_246_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_246.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.15"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_246.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_246.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_246.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
@Denied: (A) (Everyone)
"Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
"Key"="ActionsPane"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\programdata\EPSON\EPW!3 SSRP\E_S30RP1.EXE
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files (x86)\UGS\UGSLicensing\ugslmd.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2015-01-10  21:18:11 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2015-01-10 20:18
.
Vor Suchlauf: 29 Verzeichnis(se), 259.531.186.176 Bytes frei
Nach Suchlauf: 31 Verzeichnis(se), 259.309.064.192 Bytes frei
.
- - End Of File - - E6ADFCE2C44FAE6607DA49D2AC21AFD3
A36C5E4F47E84449FF07ED3517B43A31
Oh, habe grade gemerkt dass man während Combofix arbeitet, nicht am PC arbeiten sollte. Habs aber beim ersten Mal gemacht (zumindest versucht...)

Von daher habe ich es noch mal laufen lassen, vorsichtshalber:

Code:
ComboFix 15-01-08.01 - Vladimir 10.01.2015  21:25:36.2.8 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.4055.2645 [GMT 1:00]
ausgeführt von:: c:\users\Vladimir\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((  Dateien erstellt von 2014-12-10 bis 2015-01-10  ))))))))))))))))))))))))))))))
.
.
2015-01-10 20:35 . 2015-01-10 20:35        --------        d-----w-        c:\users\Public\AppData\Local\temp
2015-01-10 20:35 . 2015-01-10 20:35        --------        d-----w-        c:\users\Default\AppData\Local\temp
2015-01-10 12:00 . 2015-01-10 12:02        --------        d-----w-        C:\FRST
2015-01-10 11:53 . 2015-01-10 11:53        --------        d-----w-        c:\users\Vladimir\AppData\Local\Torch
2015-01-10 11:53 . 2015-01-10 11:53        --------        d-----w-        c:\users\Vladimir\AppData\Local\Orbitum
2015-01-10 11:46 . 2015-01-10 11:46        --------        d-----w-        c:\program files (x86)\Common Files\Java
2015-01-10 11:30 . 2015-01-10 11:30        --------        d-sh--w-        c:\users\Vladimir\AppData\Local\EmieBrowserModeList
2014-12-28 11:28 . 2014-12-28 11:40        --------        d-----w-        C:\AdwCleaner
2014-12-17 21:38 . 2014-12-13 05:09        144384        ----a-w-        c:\windows\system32\ieUnatt.exe
2014-12-17 21:38 . 2014-12-13 03:33        115712        ----a-w-        c:\windows\SysWow64\ieUnatt.exe
2014-12-15 18:41 . 2014-12-15 18:41        --------        d-----w-        c:\program files (x86)\LogMeIn Hamachi
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-01-10 11:45 . 2014-04-22 16:37        98216        ----a-w-        c:\windows\SysWow64\WindowsAccessBridge-32.dll
2015-01-10 11:29 . 2012-04-04 10:16        701616        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2015-01-10 11:29 . 2011-05-19 16:11        71344        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-01-08 19:36 . 2014-08-21 21:12        129752        ----a-w-        c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-12-10 20:04 . 2014-04-29 09:05        3981488        ----a-w-        c:\windows\SysWow64\FlashPlayerInstaller.exe
2014-12-04 02:50 . 2014-12-11 11:37        413184        ----a-w-        c:\windows\system32\generaltel.dll
2014-12-04 02:50 . 2014-12-11 11:37        741376        ----a-w-        c:\windows\system32\invagent.dll
2014-12-04 02:50 . 2014-12-11 11:37        396800        ----a-w-        c:\windows\system32\devinv.dll
2014-12-04 02:50 . 2014-12-11 11:37        830976        ----a-w-        c:\windows\system32\appraiser.dll
2014-12-04 02:50 . 2014-12-11 11:37        192000        ----a-w-        c:\windows\system32\aepic.dll
2014-12-04 02:50 . 2014-12-11 11:37        227328        ----a-w-        c:\windows\system32\aepdu.dll
2014-12-04 02:44 . 2014-12-11 11:37        1083392        ----a-w-        c:\windows\system32\aeinv.dll
2014-12-01 23:28 . 2014-12-11 11:37        1232040        ----a-w-        c:\windows\system32\aitstatic.exe
2014-11-27 01:43 . 2014-12-11 11:37        389296        ----a-w-        c:\windows\system32\iedkcs32.dll
2014-11-22 03:13 . 2014-12-11 11:37        25059840        ----a-w-        c:\windows\system32\mshtml.dll
2014-11-22 03:06 . 2014-12-11 11:37        2724864        ----a-w-        c:\windows\system32\mshtml.tlb
2014-11-22 03:06 . 2014-12-11 11:37        4096        ----a-w-        c:\windows\system32\ieetwcollectorres.dll
2014-11-22 02:50 . 2014-12-11 11:37        66560        ----a-w-        c:\windows\system32\iesetup.dll
2014-11-22 02:50 . 2014-12-11 11:37        580096        ----a-w-        c:\windows\system32\vbscript.dll
2014-11-22 02:49 . 2014-12-11 11:37        48640        ----a-w-        c:\windows\system32\ieetwproxystub.dll
2014-11-22 02:49 . 2014-12-11 11:37        2885120        ----a-w-        c:\windows\system32\iertutil.dll
2014-11-22 02:48 . 2014-12-11 11:37        88064        ----a-w-        c:\windows\system32\MshtmlDac.dll
2014-11-22 02:41 . 2014-12-11 11:37        54784        ----a-w-        c:\windows\system32\jsproxy.dll
2014-11-22 02:40 . 2014-12-11 11:37        34304        ----a-w-        c:\windows\system32\iernonce.dll
2014-11-22 02:37 . 2014-12-11 11:37        633856        ----a-w-        c:\windows\system32\ieui.dll
2014-11-22 02:35 . 2014-12-11 11:37        114688        ----a-w-        c:\windows\system32\ieetwcollector.exe
2014-11-22 02:34 . 2014-12-11 11:37        814080        ----a-w-        c:\windows\system32\jscript9diag.dll
2014-11-22 02:34 . 2014-12-11 11:37        6039552        ----a-w-        c:\windows\system32\jscript9.dll
2014-11-22 02:26 . 2014-12-11 11:37        968704        ----a-w-        c:\windows\system32\MsSpellCheckingFacility.exe
2014-11-22 02:22 . 2014-12-11 11:37        490496        ----a-w-        c:\windows\system32\dxtmsft.dll
2014-11-22 02:20 . 2014-12-11 11:37        2724864        ----a-w-        c:\windows\SysWow64\mshtml.tlb
2014-11-22 02:14 . 2014-12-11 11:37        77824        ----a-w-        c:\windows\system32\JavaScriptCollectionAgent.dll
2014-11-22 02:09 . 2014-12-11 11:37        199680        ----a-w-        c:\windows\system32\msrating.dll
2014-11-22 02:08 . 2014-12-11 11:37        92160        ----a-w-        c:\windows\system32\mshtmled.dll
2014-11-22 02:07 . 2014-12-11 11:37        501248        ----a-w-        c:\windows\SysWow64\vbscript.dll
2014-11-22 02:07 . 2014-12-11 11:37        62464        ----a-w-        c:\windows\SysWow64\iesetup.dll
2014-11-22 02:06 . 2014-12-11 11:37        47616        ----a-w-        c:\windows\SysWow64\ieetwproxystub.dll
2014-11-22 02:05 . 2014-12-11 11:37        64000        ----a-w-        c:\windows\SysWow64\MshtmlDac.dll
2014-11-22 02:05 . 2014-12-11 11:37        316928        ----a-w-        c:\windows\system32\dxtrans.dll
2014-11-22 01:54 . 2014-12-11 11:37        620032        ----a-w-        c:\windows\SysWow64\jscript9diag.dll
2014-11-22 01:49 . 2014-12-11 11:37        718848        ----a-w-        c:\windows\system32\ie4uinit.exe
2014-11-22 01:49 . 2014-12-11 11:37        800768        ----a-w-        c:\windows\system32\msfeeds.dll
2014-11-22 01:47 . 2014-12-11 11:37        1359360        ----a-w-        c:\windows\system32\mshtmlmedia.dll
2014-11-22 01:46 . 2014-12-11 11:37        2125312        ----a-w-        c:\windows\system32\inetcpl.cpl
2014-11-22 01:43 . 2014-12-11 11:37        14412800        ----a-w-        c:\windows\system32\ieframe.dll
2014-11-22 01:40 . 2014-12-11 11:37        60416        ----a-w-        c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-11-22 01:29 . 2014-12-11 11:37        4299264        ----a-w-        c:\windows\SysWow64\jscript9.dll
2014-11-22 01:28 . 2014-12-11 11:37        2358272        ----a-w-        c:\windows\system32\wininet.dll
2014-11-22 01:22 . 2014-12-11 11:37        2052096        ----a-w-        c:\windows\SysWow64\inetcpl.cpl
2014-11-22 01:21 . 2014-12-11 11:37        1155072        ----a-w-        c:\windows\SysWow64\mshtmlmedia.dll
2014-11-22 01:15 . 2014-12-11 11:37        1548288        ----a-w-        c:\windows\system32\urlmon.dll
2014-11-22 01:03 . 2014-12-11 11:37        800768        ----a-w-        c:\windows\system32\ieapfltr.dll
2014-11-22 01:00 . 2014-12-11 11:37        1888256        ----a-w-        c:\windows\SysWow64\wininet.dll
2014-11-21 05:14 . 2014-08-21 21:12        63704        ----a-w-        c:\windows\system32\drivers\mwac.sys
2014-11-21 05:14 . 2014-08-21 21:12        93400        ----a-w-        c:\windows\system32\drivers\mbamchameleon.sys
2014-11-21 05:14 . 2012-09-27 06:57        25816        ----a-w-        c:\windows\system32\drivers\mbam.sys
2014-11-19 03:31 . 2014-11-19 03:31        1217192        ----a-w-        c:\windows\SysWow64\FM20.DLL
2014-11-11 03:09 . 2014-12-11 11:37        1424384        ----a-w-        c:\windows\system32\WindowsCodecs.dll
2014-11-11 03:08 . 2014-11-18 20:10        241152        ----a-w-        c:\windows\system32\pku2u.dll
2014-11-11 03:08 . 2014-11-18 20:11        728064        ----a-w-        c:\windows\system32\kerberos.dll
2014-11-11 02:44 . 2014-12-11 11:37        1230336        ----a-w-        c:\windows\SysWow64\WindowsCodecs.dll
2014-11-11 02:44 . 2014-11-18 20:10        186880        ----a-w-        c:\windows\SysWow64\pku2u.dll
2014-11-11 02:44 . 2014-11-18 20:10        550912        ----a-w-        c:\windows\SysWow64\kerberos.dll
2014-11-11 01:46 . 2014-12-11 11:37        119296        ----a-w-        c:\windows\system32\drivers\tdx.sys
2014-11-08 03:16 . 2014-12-11 11:36        2048        ----a-w-        c:\windows\system32\tzres.dll
2014-11-08 02:45 . 2014-12-11 11:36        2048        ----a-w-        c:\windows\SysWow64\tzres.dll
2014-10-30 02:03 . 2014-12-11 11:36        165888        ----a-w-        c:\windows\system32\charmap.exe
2014-10-30 01:45 . 2014-12-11 11:36        155136        ----a-w-        c:\windows\SysWow64\charmap.exe
2014-10-25 01:57 . 2014-11-12 18:43        77824        ----a-w-        c:\windows\system32\packager.dll
2014-10-25 01:32 . 2014-11-12 18:43        67584        ----a-w-        c:\windows\SysWow64\packager.dll
2014-10-18 02:05 . 2014-11-12 18:43        861696        ----a-w-        c:\windows\system32\oleaut32.dll
2014-10-18 02:05 . 2014-12-11 12:20        4121600        ----a-w-        c:\windows\system32\mf.dll
2014-10-18 01:33 . 2014-11-12 18:43        571904        ----a-w-        c:\windows\SysWow64\oleaut32.dll
2014-10-18 01:33 . 2014-12-11 12:20        3209728        ----a-w-        c:\windows\SysWow64\mf.dll
2014-10-14 02:16 . 2014-11-12 18:44        155064        ----a-w-        c:\windows\system32\drivers\ksecpkg.sys
2014-10-14 02:13 . 2014-11-12 18:44        683520        ----a-w-        c:\windows\system32\termsrv.dll
2014-10-14 02:13 . 2014-11-12 18:43        3241984        ----a-w-        c:\windows\system32\msi.dll
2014-10-14 02:12 . 2014-11-12 18:44        1460736        ----a-w-        c:\windows\system32\lsasrv.dll
2014-10-14 02:09 . 2014-11-12 18:44        146432        ----a-w-        c:\windows\system32\msaudite.dll
2014-10-14 02:07 . 2014-11-12 18:44        681984        ----a-w-        c:\windows\system32\adtschema.dll
2014-10-14 01:50 . 2014-11-12 18:44        22016        ----a-w-        c:\windows\SysWow64\secur32.dll
2014-10-14 01:50 . 2014-11-12 18:43        2363904        ----a-w-        c:\windows\SysWow64\msi.dll
2014-10-14 01:49 . 2014-11-12 18:44        96768        ----a-w-        c:\windows\SysWow64\sspicli.dll
2014-10-14 01:47 . 2014-11-12 18:44        146432        ----a-w-        c:\windows\SysWow64\msaudite.dll
2014-10-14 01:46 . 2014-11-12 18:44        681984        ----a-w-        c:\windows\SysWow64\adtschema.dll
2011-11-07 16:02 . 2011-11-07 16:02        543000        ----a-w-        c:\program files\TunaticSetup.exe
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-09-10 13:41        120104        ----a-w-        c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech Vid"="c:\program files (x86)\Logitech\Vid HD\Vid.exe" [2011-01-13 6129496]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-07-24 21650016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-08-12 261888]
"Hotkey Utility"="c:\program files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe" [2009-08-18 629280]
"EgisTecLiveUpdate"="c:\program files (x86)\EgisTec Egis Software Update\EgisUpdate.exe" [2009-08-04 199464]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"BigDogPath"="c:\windows\ZSSnp211.exe" [2007-04-06 57344]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
"PDFPrint"="c:\program files (x86)\PDF24\pdf24.exe" [2013-02-19 162856]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-12-09 702768]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2014-04-17 767200]
"Avira Systray"="c:\program files (x86)\Avira\My Avira\Avira.OE.Systray.exe" [2014-11-20 126200]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2014-12-13 3838800]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
cv act sc interface RegisterTool.lnk - c:\program files (x86)\cv cryptovision\cv act sc interface\RegisterTool.exe [2013-12-18 9552384]
SmartCopy.lnk - c:\program files (x86)\Northstar\SmartCopy\SmartCopy.exe [2010-2-19 319488]
SmartLauncher.lnk - c:\program files (x86)\Northstar\SmartLauncher\SmartLauncher.exe [2010-2-19 53760]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableSecureUIAPath"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys;c:\windows\SYSNATIVE\drivers\SBREdrv.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 d3dadapter;3D Graphic adapter for video card;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
R2 IOPort;IOPort;c:\windows\system32\DRIVERS\IOPORT.SYS;c:\windows\SYSNATIVE\DRIVERS\IOPORT.SYS [x]
R2 KBDMAI;Virtual keyboard 32-bit service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
R2 KMService;KMService;c:\windows\system32\srvany.exe;c:\windows\SYSNATIVE\srvany.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 wlanmgr;Wireless Manager;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
R3 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe;c:\program files (x86)\Common Files\BattlEye\BEService.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 libusb0;LibUsb-Win32 - Kernel Driver 03/20/2007, 0.1.12.1;c:\windows\system32\DRIVERS\libusb0.sys;c:\windows\SYSNATIVE\DRIVERS\libusb0.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [x]
R3 Origin Client Service;Origin Client Service;c:\program files (x86)\Origin\OriginClientService.exe;c:\program files (x86)\Origin\OriginClientService.exe [x]
R3 RTCore64;RTCore64;c:\program files (x86)\MSI Afterburner\RTCore64.sys;c:\program files (x86)\MSI Afterburner\RTCore64.sys [x]
R3 S3XXx64;SCR3xx USB SmartCardReader64;c:\windows\system32\DRIVERS\S3XXx64.sys;c:\windows\SYSNATIVE\DRIVERS\S3XXx64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
R3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys;c:\program files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [x]
R3 vvftav211;vvftav211;c:\windows\system32\drivers\vvftav211.sys;c:\windows\SYSNATIVE\drivers\vvftav211.sys [x]
R3 ZSMC30x;USB PC Camera Service ZSMC30x;c:\windows\system32\Drivers\ZS211.sys;c:\windows\SYSNATIVE\Drivers\ZS211.sys [x]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 Avira.OE.ServiceHost;Avira Service Host;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe;c:\program files (x86)\Acer\Registration\GregHSRW.exe [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
S2 ir16_32;Intel Indeo(N) service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [x]
S2 PasswordBox;PasswordBox;c:\program files (x86)\PasswordBox\pbbtnService.exe;c:\program files (x86)\PasswordBox\pbbtnService.exe [x]
S2 PDF Architect Helper Service;PDF Architect Helper Service;c:\program files (x86)\PDF Architect\HelperService.exe;c:\program files (x86)\PDF Architect\HelperService.exe [x]
S2 PDF Architect Service;PDF Architect Service;c:\program files (x86)\PDF Architect\ConversionService.exe;c:\program files (x86)\PDF Architect\ConversionService.exe [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S2 UGS License Server (ugslmd);UGS-Lizenzserver (ugslmd);c:\program files (x86)\UGS\UGSLicensing\lmgrd.exe;c:\program files (x86)\UGS\UGSLicensing\lmgrd.exe [x]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
S2 USBS3S4Detection;USBS3S4Detection;c:\oem\USBDECTION\USBS3S4Detection.exe;c:\oem\USBDECTION\USBS3S4Detection.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1k62x64.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
S3 LVUVC64;Logitech HD Webcam C270(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
KBDMAI
ir16_32
d3dadapter
wlanmgr
.
Inhalt des "geplante Tasks" Ordners
.
2015-01-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 11:29]
.
2015-01-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-17 01:10]
.
2015-01-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-17 01:10]
.
2015-01-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2921061897-715250580-3416074679-1000Core.job
- c:\users\Vladimir\AppData\Local\Google\Update\GoogleUpdate.exe [2013-07-09 21:21]
.
2015-01-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2921061897-715250580-3416074679-1000UA.job
- c:\users\Vladimir\AppData\Local\Google\Update\GoogleUpdate.exe [2013-07-09 21:21]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-09-10 13:44        137512        ----a-w-        c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mwlDaemon"="c:\program files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-09-10 349480]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-10-13 186904]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.yandex.ru/?win=49&clid=48577
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: &??????? ? Microsoft Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Vladimir\AppData\Roaming\Mozilla\Firefox\Profiles\6pguj3o2.default-1399240151521\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{51A86BB3-6602-4C85-92A5-130EE4864F13} - (no file)
AddRemove-Battlelog Web Plugins - c:\program files (x86)\Battlelog Web Plugins\uninstall.exe
AddRemove-BattlEye for A2 - d:\games\Steam\steamapps\common\Arma 2BattlEye\UnInstallBE.exe
AddRemove-GTA IV Vehicle Mod Installer v1.5_is1 - d:\games\GTA 4 Mods\v1.5\unins000.exe
AddRemove-{B0F4B9B2-D252-44B6-B6C4-464809AA675B}_is1 - d:\games\World_of_Tanks\unins001.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2921061897-715250580-3416074679-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:0d,93,4e,66,33,db,27,79,3e,ba,e6,16,c5,75,2c,d1,b6,c1,6a,2d,6d,9a,e8,
  ab,9f,a2,7a,33,98,b3,22,41,bb,e6,4b,6d,14,a0,aa,5e,31,69,5b,1c,74,69,ba,6c,\
"??"=hex:56,1b,0f,dc,29,18,f7,c7,b9,ae,a1,c8,ff,45,e4,24
.
[HKEY_USERS\S-1-5-21-2921061897-715250580-3416074679-1000\Software\SecuROM\License information*]
"datasecu"=hex:3c,06,fc,1c,46,c2,cd,5d,43,46,2b,63,1a,5b,19,0d,cd,f8,59,06,c0,
  67,31,e1,13,9b,51,3e,19,08,90,cb,56,67,92,c1,02,2a,cd,54,40,f8,60,81,5f,11,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_246_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_246_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_246_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_246_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_246.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.15"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_246.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_246.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_246.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
@Denied: (A) (Everyone)
"Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
"Key"="ActionsPane"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2015-01-10  21:38:52
ComboFix-quarantined-files.txt  2015-01-10 20:38
ComboFix2.txt  2015-01-10 20:18
.
Vor Suchlauf: 30 Verzeichnis(se), 259.325.931.520 Bytes frei
Nach Suchlauf: 31 Verzeichnis(se), 259.245.953.024 Bytes frei
.
- - End Of File - - A6519B245630636097119C6715B09839
A36C5E4F47E84449FF07ED3517B43A31

schrauber 10.01.2015 22:59
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

Asator 11.01.2015 01:08
Ok Vielen Dank Noch mal für die Hilfe.

Das PRoblem ist aber nich nicht behoben.
Hier die Logfiles:

Malware Bytes:
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 10.01.2015
Suchlauf-Zeit: 23:52:58
Logdatei: Maleware.txt
Administrator: Ja

Version: 2.00.4.1028
Malware Datenbank: v2015.01.10.18
Rootkit Datenbank: v2015.01.07.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Vladimir

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 392237
Verstrichene Zeit: 37 Min, 1 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristik: Aktiviert
PUP: Warnen
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 16
Trojan.BHO, HKLM\SOFTWARE\CLASSES\CLSID\{0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2}, In Quarantäne, [beda33c1afdae056b64732db40c348b8],
Trojan.BHO, HKLM\SOFTWARE\CLASSES\TYPELIB\{A8954909-1F0F-41A5-A7FA-3B376D69E226}, In Quarantäne, [beda33c1afdae056b64732db40c348b8],
Trojan.BHO, HKLM\SOFTWARE\CLASSES\INTERFACE\{967A494A-6AEC-4555-9CAF-FA6EB00ACF91}, In Quarantäne, [beda33c1afdae056b64732db40c348b8],
Trojan.BHO, HKLM\SOFTWARE\CLASSES\INTERFACE\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}, In Quarantäne, [beda33c1afdae056b64732db40c348b8],
Trojan.BHO, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{967A494A-6AEC-4555-9CAF-FA6EB00ACF91}, In Quarantäne, [beda33c1afdae056b64732db40c348b8],
Trojan.BHO, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}, In Quarantäne, [beda33c1afdae056b64732db40c348b8],
Trojan.BHO, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{A8954909-1F0F-41A5-A7FA-3B376D69E226}, In Quarantäne, [beda33c1afdae056b64732db40c348b8],
Trojan.BHO, HKLM\SOFTWARE\CLASSES\CLSID\{0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2}\INPROCSERVER32, In Quarantäne, [beda33c1afdae056b64732db40c348b8],
Trojan.BHO, HKLM\SOFTWARE\CLASSES\APIHelper.BhoApp.1, In Quarantäne, [beda33c1afdae056b64732db40c348b8],
Trojan.BHO, HKLM\SOFTWARE\CLASSES\APIHelper.BhoApp, In Quarantäne, [beda33c1afdae056b64732db40c348b8],
Trojan.BHO, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APIHelper.BhoApp, In Quarantäne, [beda33c1afdae056b64732db40c348b8],
Trojan.BHO, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2}, In Quarantäne, [beda33c1afdae056b64732db40c348b8],
Trojan.BHO, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2}, In Quarantäne, [beda33c1afdae056b64732db40c348b8],
Trojan.BHO, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APIHelper.BhoApp.1, In Quarantäne, [beda33c1afdae056b64732db40c348b8],
Trojan.BHO, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2}, In Quarantäne, [beda33c1afdae056b64732db40c348b8],
Trojan.BHO, HKU\S-1-5-21-2921061897-715250580-3416074679-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2}, Löschen bei Neustart, [beda33c1afdae056b64732db40c348b8],

Registrierungswerte: 0
(Keine schädliche Elemente erkannt)

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 0
(Keine schädliche Elemente erkannt)

Dateien: 2
Trojan.BHO, C:\Users\Vladimir\AppData\Local\Microsoft\Internet Explorer\Extensions\APIHelper_64.dll, In Quarantäne, [beda33c1afdae056b64732db40c348b8],
Trojan.BHO, C:\Users\Vladimir\AppData\Local\Microsoft\Internet Explorer\Extensions\APIHelper.dll, In Quarantäne, [beda33c1afdae056b64732db40c348b8],

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)
AdwCleaner:
Code:
# AdwCleaner v4.107 - Bericht erstellt am 11/01/2015 um 00:54:32
# Aktualisiert 07/01/2015 von Xplode
# Database : 2015-01-03.1 [Live]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Vladimir - VLADIMIR-PC
# Gestartet von : C:\Users\Vladimir\Desktop\AdwCleaner_4.107.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Users\Vladimir\AppData\Local\Orbitum
Ordner Gelöscht : C:\Users\Vladimir\AppData\Local\torch

***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17496


-\\ Mozilla Firefox v29.0.1 (de)


-\\ Google Chrome v


-\\ Chromium v


-\\ Comodo Dragon v


-\\ Opera v0.0.0.0


*************************

AdwCleaner[R0].txt - [6560 octets] - [28/12/2014 12:28:52]
AdwCleaner[R1].txt - [1115 octets] - [11/01/2015 00:47:21]
AdwCleaner[R2].txt - [1175 octets] - [11/01/2015 00:52:49]
AdwCleaner[S0].txt - [7108 octets] - [28/12/2014 12:40:15]
AdwCleaner[S1].txt - [1097 octets] - [11/01/2015 00:54:32]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1157 octets] ##########

JRT:
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Home Premium x64
Ran by Vladimir on 11.01.2015 at  1:00:08,00
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Vladimir\AppData\Roaming\getrighttogo"



~~~ FireFox

Emptied folder: C:\Users\Vladimir\AppData\Roaming\mozilla\firefox\profiles\6pguj3o2.default-1399240151521\minidumps [12 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 11.01.2015 at  1:02:59,70
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST:


FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-01-2015
Ran by Vladimir (administrator) on VLADIMIR-PC on 11-01-2015 01:03:46
Running from C:\Users\Vladimir\Desktop
Loaded Profile: Vladimir (Available profiles: Vladimir)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
() C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
(ZSMCSNAP) C:\Windows\ZSSnp211.exe
() C:\Program Files (x86)\Northstar\SmartCopy\SmartCopy.exe
(North Star com.) C:\Program Files (x86)\Northstar\SmartLauncher\SmartLauncher.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(PasswordBox, Inc.) C:\Program Files (x86)\PasswordBox\pbbtnService.exe
(pdfforge GbR) C:\Program Files (x86)\PDF Architect\HelperService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(pdfforge GbR) C:\Program Files (x86)\PDF Architect\ConversionService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Acresso Software Inc.) C:\Program Files (x86)\UGS\UGSLicensing\lmgrd.exe
() C:\OEM\USBDECTION\USBS3S4Detection.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Acresso Software Inc.) C:\Program Files (x86)\UGS\UGSLicensing\lmgrd.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
() C:\Program Files (x86)\UGS\UGSLicensing\ugslmd.exe
(Logitech, Inc.) C:\Users\Vladimir\AppData\Local\Logitech® Webcam-Software\Logishrd\LU2.0\LULnchr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Logitech, Inc.) C:\Users\Vladimir\AppData\Local\Logitech® Webcam-Software\Logishrd\LU2.0\LogitechUpdate.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [mwlDaemon] => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe [349480 2009-09-10] (Egis Technology Inc.)
HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-10-13] (Intel Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [JMB36X IDE Setup] => C:\Windows\RaidTool\xInsIDE.exe [36864 2007-03-20] ()
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [261888 2009-08-12] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [Hotkey Utility] => C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [629280 2009-08-18] ()
HKLM-x32\...\Run: [EgisTecLiveUpdate] => C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe [199464 2009-08-04] (Egis Technology Inc.)
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [BigDogPath] => C:\Windows\ZSSnp211.exe [57344 2007-04-06] (ZSMCSNAP)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-11-11] (Logitech Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-04-18] (Apple Inc.)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [162856 2013-02-19] (Geek Software GmbH)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-09] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-04-17] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126200 2014-11-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3838800 2014-12-13] (LogMeIn Inc.)
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKU\S-1-5-21-2921061897-715250580-3416074679-1000\...\Run: [Logitech Vid] => C:\Program Files (x86)\Logitech\Vid HD\Vid.exe [6129496 2011-01-13] (Logitech Inc.)
HKU\S-1-5-21-2921061897-715250580-3416074679-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21650016 2014-07-24] (Skype Technologies S.A.)
HKU\S-1-5-21-2921061897-715250580-3416074679-1000\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x91000000
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\cv act sc interface RegisterTool.lnk
ShortcutTarget: cv act sc interface RegisterTool.lnk -> C:\Program Files (x86)\cv cryptovision\cv act sc interface\RegisterTool.exe (cv cryptovision GmbH)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SmartCopy.lnk
ShortcutTarget: SmartCopy.lnk -> C:\Program Files (x86)\Northstar\SmartCopy\SmartCopy.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SmartLauncher.lnk
ShortcutTarget: SmartLauncher.lnk -> C:\Program Files (x86)\Northstar\SmartLauncher\SmartLauncher.exe (North Star com.)
ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x64\psdprotect.dll (Egis Technology Inc.)
ShellIconOverlayIdentifiers-x32: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\psdprotect.dll (Egis Technology Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2921061897-715250580-3416074679-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2921061897-715250580-3416074679-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yandex.ru/?win=49&clid=48577
HKU\S-1-5-21-2921061897-715250580-3416074679-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 -> Yandex URL = hxxp://yandex.ru/yandsearch?clid=931045&text={searchTerms}
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2921061897-715250580-3416074679-1000 -> Yandex URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE371
SearchScopes: HKU\S-1-5-21-2921061897-715250580-3416074679-1000 -> yandex.ru-133725 URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE371
SearchScopes: HKU\S-1-5-21-2921061897-715250580-3416074679-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE371
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: PDF Architect Helper -> {3A2D5EBA-F86D-4BD3-A177-019765996711} -> C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GbR)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Microsoft Web Test Recorder 10.0 Helper -> {DDA57003-0068-4ed2-9D32-4D1EC707D94D} -> C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-2921061897-715250580-3416074679-1000 -> No Name - {51A86BB3-6602-4C85-92A5-130EE4864F13} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Vladimir\AppData\Roaming\Mozilla\Firefox\Profiles\6pguj3o2.default-1399240151521
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin-x32: @esn/npbattlelog,version=2.3.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.1\npbattlelog.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pages.tvunetworks.com/WebPlayer -> C:\Program Files (x86)\TVUPlayer\npTVUAx.dll (TVU networks)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2921061897-715250580-3416074679-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Vladimir\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-2921061897-715250580-3416074679-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Vladimir\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-2921061897-715250580-3416074679-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Extension: APIHelper - C:\Users\Vladimir\AppData\Roaming\Mozilla\Firefox\Profiles\6pguj3o2.default-1399240151521\Extensions\{2A4702A6-63E6-46E4-BEF3-E2769B6774A0} [2014-05-22]
FF Extension: Who stole my pictures? - C:\Users\Vladimir\AppData\Roaming\Mozilla\Firefox\Profiles\6pguj3o2.default-1399240151521\Extensions\images@wink.su.xpi [2014-07-01]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2012-12-10]
FF HKLM-x32\...\Firefox\Extensions: [firefox@passwordbox.com] - C:\Program Files (x86)\PasswordBox\Firefox
FF Extension: PasswordBox - C:\Program Files (x86)\PasswordBox\Firefox [2013-11-21]

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://google.de/"
CHR Profile: C:\Users\Vladimir\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (APIHelper) - C:\Users\Vladimir\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdigkpjbmbdepgpkjeabfghlchdmphke [2014-10-01]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Vladimir\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-03]
CHR Extension: (Adobe Flash Player) - C:\Users\Vladimir\AppData\Local\Google\Chrome\User Data\Default\Extensions\nifhnnbiicacappckiefpdmmdjbamgfe [2013-07-09]
CHR Extension: (Google Wallet) - C:\Users\Vladimir\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-29]
CHR HKLM-x32\...\Chrome\Extension: [nifhnnbiicacappckiefpdmmdjbamgfe] - C:\Users\Vladimir\AppData\Local\Google\Chrome\Extensions\nifhnnbiicacappckiefpdmmdjbamgfe\afp.crx [2013-06-25]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-09] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [166192 2014-11-20] (Avira Operations GmbH & Co. KG)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2014-05-20] () [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S2 d3dadapter; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S2 d3dadapter; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
R2 EPSON_PM_RPCV4_01; C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE [102400 2006-04-18] (SEIKO EPSON CORPORATION) [File not signed]
R2 ir16_32; C:\Windows\SysWOW64\ir16_32.dll [522783 2010-11-20] () [File not signed]
S2 KBDMAI; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S2 KBDMAI; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2013-06-18] () [File not signed]
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2014-12-02] (LogMeIn, Inc.)
R2 LMS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [262144 2009-09-30] (Intel Corporation) [File not signed]
R2 MSSQL$SQLEXPRESS; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
S4 msvsmon90; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe [4466688 2007-11-08] (Microsoft Corporation)
S3 MWLService; C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [305448 2009-09-10] (Egis Technology Inc.)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1903472 2015-01-08] (Electronic Arts)
R2 PasswordBox; C:\Program Files (x86)\PasswordBox\pbbtnService.exe [67584 2014-05-14] (PasswordBox, Inc.) [File not signed]
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1522312 2012-11-22] (pdfforge GbR)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [905864 2012-11-22] (pdfforge GbR)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2014-06-28] ()
R2 UGS License Server (ugslmd); C:\Program Files (x86)\UGS\UGSLicensing\lmgrd.exe [1510152 2009-07-07] (Acresso Software Inc.)
R2 UNS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2314240 2009-09-30] (Intel Corporation) [File not signed]
R2 USBS3S4Detection; C:\OEM\USBDECTION\USBS3S4Detection.exe [76320 2009-12-09] ()
S2 wlanmgr; %SystemRoot%\System32\wlanmgr.dll [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2010-03-25] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-09] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-28] (Avira Operations GmbH & Co. KG)
S2 IOPort; C:\Windows\SysWOW64\DRIVERS\IOPORT.SYS [6144 2001-03-01] (Erik Salaj) [File not signed]
S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [16896 2007-03-20] (hxxp://libusb-win32.sourceforge.net) [File not signed]
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2010-03-25] ()
S3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [13480 2014-05-19] ()
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2010-03-17] (Duplex Secure Ltd.)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-08-06] ()
S3 vvftav211; C:\Windows\System32\drivers\vvftav211.sys [308224 2007-12-10] (Vimicro Corporation)
S3 ZSMC30x; C:\Windows\System32\Drivers\ZS211.sys [1491712 2007-12-13] (ZSMC.Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]
S1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

NETSVCx32: KBDMAI -> No ServiceDLL Path.
NETSVCx32: ir16_32 -> C:\Windows\SysWOW64\ir16_32.dll ()
NETSVCx32: d3dadapter -> No ServiceDLL Path.
NETSVCx32: wlanmgr -> C:\Windows\SysWOW64\wlanmgr.dll ==> No File.

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-11 01:02 - 2015-01-11 01:02 - 00000860 _____ () C:\Users\Vladimir\Desktop\JRT.txt
2015-01-11 00:56 - 2015-01-11 00:57 - 00001237 _____ () C:\Users\Vladimir\Desktop\ADWCleaner.txt
2015-01-11 00:35 - 2015-01-11 00:35 - 00003802 _____ () C:\Users\Vladimir\Desktop\Maleware.txt
2015-01-10 23:56 - 2015-01-10 23:56 - 02191360 _____ () C:\Users\Vladimir\Desktop\AdwCleaner_4.107.exe
2015-01-10 23:56 - 2015-01-10 23:56 - 01707939 _____ (Thisisu) C:\Users\Vladimir\Desktop\JRT.exe
2015-01-10 21:38 - 2015-01-10 21:38 - 00028917 _____ () C:\ComboFix.txt
2015-01-10 20:54 - 2015-01-10 21:38 - 00000000 ____D () C:\Qoobox
2015-01-10 20:54 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-01-10 20:54 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-01-10 20:54 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-01-10 20:54 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-01-10 20:54 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-01-10 20:54 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-01-10 20:54 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-01-10 20:54 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-01-10 20:46 - 2015-01-10 20:50 - 05609736 ____R (Swearware) C:\Users\Vladimir\Desktop\ComboFix.exe
2015-01-10 19:46 - 2015-01-10 19:46 - 00000671 _____ () C:\Users\Vladimir\Desktop\World of Tanks.lnk
2015-01-10 19:46 - 2015-01-10 19:46 - 00000000 ____D () C:\Users\Vladimir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\World of Tanks
2015-01-10 19:45 - 2015-01-10 19:45 - 05994752 _____ (Wargaming.net ) C:\Users\Vladimir\Downloads\WoT_internet_install_eu.exe
2015-01-10 19:03 - 2015-01-10 19:03 - 00045340 _____ () C:\Users\Vladimir\Desktop\gmer.log
2015-01-10 13:01 - 2015-01-10 13:05 - 00061295 _____ () C:\Users\Vladimir\Desktop\Addition.txt
2015-01-10 13:00 - 2015-01-11 01:03 - 00023256 _____ () C:\Users\Vladimir\Desktop\FRST.txt
2015-01-10 13:00 - 2015-01-11 01:03 - 00000000 ____D () C:\FRST
2015-01-10 12:58 - 2015-01-10 12:58 - 02124288 _____ (Farbar) C:\Users\Vladimir\Desktop\FRST64.exe
2015-01-10 12:58 - 2015-01-10 12:58 - 00380416 _____ () C:\Users\Vladimir\Desktop\geh1eqn3.exe
2015-01-10 12:51 - 2015-01-10 12:51 - 00000658 _____ () C:\Users\Vladimir\Desktop\defogger_disable.log
2015-01-10 12:51 - 2015-01-10 12:51 - 00000188 _____ () C:\Users\Vladimir\defogger_reenable
2015-01-10 12:50 - 2015-01-10 12:50 - 00050477 _____ () C:\Users\Vladimir\Desktop\Defogger.exe
2015-01-10 12:44 - 2015-01-10 12:44 - 00638888 _____ (Oracle Corporation) C:\Users\Vladimir\Downloads\chromeinstall-8u25.exe
2015-01-10 12:30 - 2015-01-10 12:30 - 00000000 __SHD () C:\Users\Vladimir\AppData\Local\EmieBrowserModeList
2014-12-28 23:38 - 2014-12-28 23:38 - 00000662 _____ () C:\Users\Vladimir\Desktop\foto prag - Verknüpfung.lnk
2014-12-28 12:52 - 2014-12-28 12:52 - 02347384 _____ (ESET) C:\Users\Vladimir\Downloads\esetsmartinstaller_deu.exe
2014-12-28 12:28 - 2015-01-11 00:54 - 00000000 ____D () C:\AdwCleaner
2014-12-27 17:35 - 2014-12-27 17:35 - 00001066 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-24 07:25 - 2014-12-24 07:25 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2014-12-17 22:38 - 2014-12-13 06:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-17 22:38 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-15 19:41 - 2014-12-15 19:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-12-15 19:41 - 2014-12-15 19:41 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-12-13 13:34 - 2014-12-13 16:44 - 00000000 ____D () C:\Users\Vladimir\Desktop\Bewebung 2014

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-11 01:04 - 2012-04-04 11:16 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-11 00:59 - 2011-08-18 18:12 - 00000000 ____D () C:\Users\Vladimir\AppData\Local\LogMeIn Hamachi
2015-01-11 00:58 - 2013-06-29 09:09 - 00199728 _____ () C:\Windows\SysWOW64\ir16_32.dat
2015-01-11 00:58 - 2012-08-30 10:12 - 00000435 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2015-01-11 00:56 - 2010-11-21 19:10 - 00000000 ____D () C:\Users\Vladimir\AppData\Roaming\Skype
2015-01-11 00:55 - 2014-08-12 09:27 - 00006836 _____ () C:\Windows\PFRO.log
2015-01-11 00:55 - 2014-06-13 06:53 - 00023139 _____ () C:\Windows\setupact.log
2015-01-11 00:55 - 2010-03-17 21:19 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-11 00:55 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-11 00:54 - 2010-02-19 19:13 - 01994747 _____ () C:\Windows\WindowsUpdate.log
2015-01-11 00:46 - 2009-07-14 05:45 - 00018512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-11 00:46 - 2009-07-14 05:45 - 00018512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-11 00:38 - 2010-03-17 21:19 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-11 00:30 - 2013-07-09 22:21 - 00001132 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2921061897-715250580-3416074679-1000UA.job
2015-01-11 00:29 - 2013-12-11 11:48 - 00000000 ____D () C:\Users\Vladimir\AppData\Local\Battle.net
2015-01-10 23:52 - 2014-08-21 22:12 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-10 21:35 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2015-01-10 21:07 - 2013-07-09 19:06 - 00000000 ____D () C:\Windows\erdnt
2015-01-10 20:50 - 2014-01-27 23:19 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2015-01-10 20:38 - 2014-01-27 23:18 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2015-01-10 19:45 - 2010-09-01 22:45 - 00000000 ____D () C:\Games
2015-01-10 12:51 - 2010-03-17 20:56 - 00000000 ____D () C:\Users\Vladimir
2015-01-10 12:48 - 2014-05-30 16:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-10 12:45 - 2014-04-22 17:38 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-10 12:45 - 2014-04-22 17:37 - 00272296 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2015-01-10 12:45 - 2014-04-22 17:37 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2015-01-10 12:45 - 2014-04-22 17:37 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2015-01-10 12:45 - 2014-04-22 17:37 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-01-10 12:45 - 2014-04-22 17:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-01-10 12:45 - 2010-05-18 08:27 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-10 12:38 - 2009-11-18 22:39 - 00000000 ____D () C:\Program Files (x86)\Acer GameZone
2015-01-10 12:36 - 2009-11-18 22:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer GameZone
2015-01-10 12:30 - 2014-08-21 22:37 - 00000000 ____D () C:\Users\Vladimir\AppData\Local\Adobe
2015-01-10 12:30 - 2010-03-17 21:56 - 00000000 ____D () C:\Users\Vladimir\Desktop\Games
2015-01-10 12:29 - 2012-04-04 11:16 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-10 12:29 - 2012-04-04 11:16 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-10 12:29 - 2011-05-19 17:11 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-09 11:30 - 2013-07-09 22:21 - 00001080 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2921061897-715250580-3416074679-1000Core.job
2015-01-08 17:05 - 2013-08-16 13:09 - 00000000 ____D () C:\ProgramData\Origin
2015-01-08 17:03 - 2013-08-16 13:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2015-01-08 17:03 - 2013-08-16 13:09 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-12-27 18:03 - 2011-07-13 15:28 - 00000000 __SHD () C:\Windows\ei_temp
2014-12-27 17:35 - 2014-08-21 22:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-27 17:35 - 2014-08-21 22:12 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-21 20:30 - 2010-02-17 16:00 - 00770442 _____ () C:\Windows\system32\perfh007.dat
2014-12-21 20:30 - 2010-02-17 16:00 - 00179494 _____ () C:\Windows\system32\perfc007.dat
2014-12-21 20:30 - 2009-07-14 06:13 - 01807692 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-13 15:33 - 2010-02-19 19:38 - 00002569 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office PowerPoint Viewer 2007.lnk
2014-12-12 12:48 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache

Some content of TEMP:
====================
C:\Users\Vladimir\AppData\Local\Temp\avgnt.exe
C:\Users\Vladimir\AppData\Local\Temp\Quarantine.exe
C:\Users\Vladimir\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-09 03:42

==================== End Of Log ============================
--- --- ---

--- --- ---

schrauber 11.01.2015 08:31
Wo meldet Avira den?

Asator 11.01.2015 09:34
C:\Windows\SysWOW64\KBDMAI.dll

schrauber 11.01.2015 09:58
Die Datei bitte wie in der Anleitung angegeben bei VT prüfen, Ergebnislink hier posten:
Dateien online auf Viren prüfen - so geht&#039;s - Anleitungen

Asator 11.01.2015 10:36
Es geht leider nicht. Folgende Fehlermeldung erscheint:

"Sie verfügen nicht über die Berechtigung diese Datei zu öffnen.
Wenden Sie sich an den Besitzer oder Administrator..."

Ich habe leider nicht rausfinden können wie ich das Problem lösen kann.
Die Datei lässt sich auch nicht kopieren. (Ich habe es "Als Administrator" versucht, jedoch werden jegliche Aktivitäten verhindert)

Malewarebytes meldet die Datei aber als nicht schädlich.

schrauber 11.01.2015 13:50
Du kannst diese Datei nicht bei VT hochladen? Also bei VT auf der Seite, in dem Datei suchen Dialog?
Das muss normal problemlos gehen.

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
C:\Windows\SysWOW64\KBDMAI.dll
S2 KBDMAI; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S2 KBDMAI; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2013-06-18] () [File not signed]
C:\Windows\SysWOW64\srvany.exe
NETSVCx32: KBDMAI -> No ServiceDLL Path.
NETSVCx32: ir16_32 -> C:\Windows\SysWOW64\ir16_32.dll ()
NETSVCx32: d3dadapter -> No ServiceDLL Path.
NETSVCx32: wlanmgr -> C:\Windows\SysWOW64\wlanmgr.dll ==> No File.
Emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.






ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

Asator 11.01.2015 18:28
Es hat doch geklappt, denn davor mein Antivirus hat den Zugriff auf die Datei blockiert:

https://www.virustotal.com/de/file/399cb59ce4c39cf7f6a990a00d60c42c72e0354a2a50f83a0672b4ce0cc40010/analysis/1420997113/

Habe den FRST Fix ausgeführt, und nach dem Neustart ist die Datei nicht mehr aufgetaucht!

Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-01-2015
Ran by Vladimir at 2015-01-11 18:33:43 Run:1
Running from C:\Users\Vladimir\Desktop
Loaded Profile: Vladimir (Available profiles: Vladimir)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\Windows\SysWOW64\KBDMAI.dll
S2 KBDMAI; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S2 KBDMAI; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2013-06-18] () [File not signed]
C:\Windows\SysWOW64\srvany.exe
NETSVCx32: KBDMAI -> No ServiceDLL Path.
NETSVCx32: ir16_32 -> C:\Windows\SysWOW64\ir16_32.dll ()
NETSVCx32: d3dadapter -> No ServiceDLL Path.
NETSVCx32: wlanmgr -> C:\Windows\SysWOW64\wlanmgr.dll ==> No File.
Emptytemp:
       
*****************

C:\Windows\SysWOW64\KBDMAI.dll => Moved successfully.
KBDMAI => Service deleted successfully.
KBDMAI => Service not found.
KMService => Service deleted successfully.
C:\Windows\SysWOW64\srvany.exe => Moved successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs KBDMAI => Deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs ir16_32 => Deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs d3dadapter => Deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs wlanmgr => Deleted successfully.
EmptyTemp: => Removed 1.1 GB temporary data.


The system needed a reboot.

==== End of Fixlog 18:34:35 ====
Sollte ich noch irgendwas unternehmen?

Und Vielen Dank schon mal für professionelle Hilfe.
Ohne Sie hätte ich sowas nicht hinbekommen!

schrauber 11.01.2015 20:55
Dann den Rest von oben bitte, Onlinescan und so :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 16:51 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131