| |
| |||||||
Log-Analyse und Auswertung: Malware http://www_getwindowinfo/ läßt sich nicht entfernenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
06.08.2013, 10:24
| #1 |
 |  Malware http://www_getwindowinfo/ läßt sich nicht entfernen Hallo an Alle, ich habe folgendes Problem: vor 3 Tagen hat sich meine Freundin auf meinen Laptop ein Freewareprogram zum konvertieren von Pdf Datein bei Chip.de runtergeladen.Seitdem habe ich eine Malware auf meinem Laptop, die einfach nicht verschwinden will. Das problem ist das sich ständig der Internet Explorer öffnet und die seite hxxp://www_getwindowinfo/ öffnet. wenn ich den explorer schließe, wird er sofort wieder geöffnet. Ich habe schon mehrfach Malwarebytes drüberlaufen lassen selbst im abgesicherten Modus und er zeigt mir wenn ich einen weiteren Scan mache immerwieder Infektionen an. Habe es dann mit adwcleaner versucht und über cccleaner Verlaufe und Cookies analysiert und den CCleaner gestartet.Ich habe sogar den Adobe Flashplayer gelöscht (was ich im abgesicherten Modus machen musste da der Explorer ja nicht zu schließen geht) und trotzdem wird immer wieder die hxxp://www_getwindowinfo/ anzeigt und ich habe den Adobe reader und Java neu installiert. Dann habe ich mit HitmanPro gescannt der auch Infektionen gefunden hat und den Laptop neugestartet. Jedoch das selbe problem besteht weiterhin. Bei einem weiteren Scan zeigt mit Hitmanpro aber an das alles sauber ist. Habe jetzt verzweifelt nochmal den CCleaner drüberlaufen lassen und nochmal Malwarebytes dann neugestartet aber keine Veränderung des Problems. Hier die letzten beiden Logfiles: Malwarebytes: Code:
ATTFilter Malwarebytes Anti-Malware (PRO) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.08.05.08 Windows 7 x64 NTFS Internet Explorer 8.0.7600.16385 And :: AND-PC [Administrator] Schutz: Aktiviert 06.08.2013 10:24:49 mbam-log-2013-08-06 (10-24-49).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 268987 Laufzeit: 14 Minute(n), 53 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 2 HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (PUM.UserWLoad) -> Daten: C:\Users\And\LOCALS~1\Temp\mswaqq.exe -> Löschen bei Neustart. HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (Trojan.Agent) -> Daten: C:\Users\And\LOCALS~1\Temp\mswaqq.exe -> Löschen bei Neustart. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 3 C:\Users\And\AppData\Local\Temp\G6ntRk+l.exe.part (PUP.Optional.Somoto) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\And\AppData\Local\Temp\hwry1TC9.exe.part (PUP.Optional.Installex) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\And\AppData\Local\Temp\ufNQ6MXu.exe.part (PUP.Optional.Somoto) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter # AdwCleaner v2.306 - Datei am 06/08/2013 um 10:12:39 erstellt
# Aktualisiert am 19/07/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium (64 bits)
# Benutzer : And - AND-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\And\Desktop\adwcleaner06.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
***** [Registrierungsdatenbank] *****
***** [Internet Browser] *****
-\\ Internet Explorer v8.0.7600.16722
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v22.0 (de)
Datei : C:\Users\And\AppData\Roaming\Mozilla\Firefox\Profiles\c4ua26qo.default\prefs.js
[OK] Die Datei ist sauber.
Datei : C:\Users\Andicore\AppData\Roaming\Mozilla\Firefox\Profiles\toomd3re.default\prefs.js
[OK] Die Datei ist sauber.
-\\ Google Chrome v28.0.1500.95
Datei : C:\Users\And\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
-\\ Opera v11.51.1087.0
Datei : C:\Users\And\AppData\Roaming\Opera\Opera\operaprefs.ini
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [193497 octets] - [04/08/2013 20:00:00]
AdwCleaner[R2].txt - [1883 octets] - [04/08/2013 20:07:03]
AdwCleaner[R3].txt - [1483 octets] - [05/08/2013 11:07:51]
AdwCleaner[S1].txt - [52900 octets] - [04/08/2013 20:02:21]
AdwCleaner[S2].txt - [1951 octets] - [04/08/2013 20:09:33]
AdwCleaner[S3].txt - [1545 octets] - [05/08/2013 11:10:22]
AdwCleaner[S4].txt - [1757 octets] - [06/08/2013 00:35:47]
AdwCleaner[S5].txt - [1523 octets] - [06/08/2013 10:12:39]
########## EOF - C:\AdwCleaner[S5].txt - [1583 octets] ##########
bitte helft mir bin schon am verzeifeln  |
|
06.08.2013, 11:51
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Malware http://www_getwindowinfo/ läßt sich nicht entfernen Hallo und
__________________ Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten! Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht! Zudem bitte auch ein Log mit Farbars Tool machen: Scan mit Farbar's Recovery Scan Tool (FRST) Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
 Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
06.08.2013, 13:16
| #3 |
| | Malware http://www_getwindowinfo/ läßt sich nicht entfernen ok hier noch die weiteren logs von Malwarebytes mit Funden:
__________________Code:
ATTFilter Malwarebytes Anti-Malware (PRO) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.08.04.04 Windows 7 x64 NTFS (Abgesichertenmodus) Internet Explorer 8.0.7600.16385 And :: AND-PC [Administrator] Schutz: Deaktiviert 05.08.2013 09:16:33 mbam-log-2013-08-05 (09-16-33).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 496664 Laufzeit: 1 Stunde(n), 37 Minute(n), 36 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 2 HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (PUM.UserWLoad) -> Daten: C:\Users\And\LOCALS~1\Temp\mswaqq.exe -> Löschen bei Neustart. HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (Trojan.Agent) -> Daten: C:\Users\And\LOCALS~1\Temp\mswaqq.exe -> Löschen bei Neustart. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter Malwarebytes Anti-Malware (PRO) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.08.04.04 Windows 7 x64 NTFS Internet Explorer 8.0.7600.16385 And :: AND-PC [Administrator] Schutz: Aktiviert 04.08.2013 20:35:00 mbam-log-2013-08-04 (20-35-00).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 500787 Laufzeit: 1 Stunde(n), 26 Minute(n), 50 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 2 HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (PUM.UserWLoad) -> Daten: C:\Users\And\LOCALS~1\Temp\mswaqq.exe -> Löschen bei Neustart. HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (Trojan.Agent) -> Daten: C:\Users\And\LOCALS~1\Temp\mswaqq.exe -> Löschen bei Neustart. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter Malwarebytes Anti-Malware (PRO) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.08.04.03 Windows 7 x64 NTFS Internet Explorer 8.0.7600.16385 And :: AND-PC [Administrator] Schutz: Aktiviert 04.08.2013 17:22:02 mbam-log-2013-08-04 (17-22-02).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 270779 Laufzeit: 8 Minute(n), 58 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wajam (PUP.Optional.Wajam.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 2 HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (PUM.UserWLoad) -> Daten: C:\Users\And\LOCALS~1\Temp\mswaqq.exe -> Löschen bei Neustart. HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (Trojan.Agent) -> Daten: C:\Users\And\LOCALS~1\Temp\mswaqq.exe -> Löschen bei Neustart. Infizierte Dateiobjekte der Registrierung: 8 HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Search Page (Hijack.SearchPage) -> Bösartig: (hxxp://search.certified-toolbar.com?si=46364&tid=3869&ver=3.7&ts=1375623323278.000005&tguid=46364-3869-1375623323278-74C3C9F24FF7F15752B56B2ACC075E52&st=chrome&q=) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Search Bar (Hijack.SearchPage) -> Bösartig: (hxxp://search.certified-toolbar.com?si=46364&tid=3869&ver=3.7&ts=1375623323278.000005&tguid=46364-3869-1375623323278-74C3C9F24FF7F15752B56B2ACC075E52&st=chrome&q=) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Default_Search_URL (Hijack.SearchPage) -> Bösartig: (hxxp://search.certified-toolbar.com?si=46364&tid=3869&ver=3.7&ts=1375623323278.000005&tguid=46364-3869-1375623323278-74C3C9F24FF7F15752B56B2ACC075E52&st=chrome&q=) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Internet Explorer\Search|Default_Search_URL (Hijack.SearchPage) -> Bösartig: (hxxp://search.certified-toolbar.com?si=46364&tid=3869&ver=3.7&ts=1375623323278.000005&tguid=46364-3869-1375623323278-74C3C9F24FF7F15752B56B2ACC075E52&st=chrome&q=) Gut: (hxxp://www.google.com/) -> Erfolgreich ersetzt und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Default_Search_URL (Hijack.SearchPage) -> Bösartig: (hxxp://search.certified-toolbar.com?si=46364&tid=3869&ver=3.7&ts=1375623323278.000005&tguid=46364-3869-1375623323278-74C3C9F24FF7F15752B56B2ACC075E52&st=chrome&q=) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Search Page (Hijack.SearchPage) -> Bösartig: (hxxp://search.certified-toolbar.com?si=46364&tid=3869&ver=3.7&ts=1375623323278.000005&tguid=46364-3869-1375623323278-74C3C9F24FF7F15752B56B2ACC075E52&st=chrome&q=) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Search Bar (Hijack.SearchPage) -> Bösartig: (hxxp://search.certified-toolbar.com?si=46364&tid=3869&ver=3.7&ts=1375623323278.000005&tguid=46364-3869-1375623323278-74C3C9F24FF7F15752B56B2ACC075E52&st=chrome&q=) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Internet Explorer\Search|Default_Search_URL (Hijack.SearchPage) -> Bösartig: (hxxp://search.certified-toolbar.com?si=46364&tid=3869&ver=3.7&ts=1375623323278.000005&tguid=46364-3869-1375623323278-74C3C9F24FF7F15752B56B2ACC075E52&st=chrome&q=) Gut: (hxxp://www.google.com/) -> Erfolgreich ersetzt und in Quarantäne gestellt. Infizierte Verzeichnisse: 4 C:\Program Files (x86)\Wajam (PUP.Optional.Wajam.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Wajam\Firefox (PUP.Optional.Wajam.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Wajam\IE (PUP.Optional.Wajam.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Wajam\Updater (PUP.Optional.Wajam.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateien: 7 C:\Windows\Installer\aa17ea.msi (PUP.Optional.SweetIM) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Windows\Installer\aa17f4.msi (PUP.Optional.SweetIM) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Wajam\uninstall.exe (PUP.Optional.Wajam.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi (PUP.Optional.Wajam.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Wajam\IE\favicon.ico (PUP.Optional.Wajam.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Wajam\IE\wajamLogo.bmp (PUP.Optional.Wajam.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Wajam\Updater\update.exe (PUP.Optional.Wajam.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter Malwarebytes Anti-Malware (PRO) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.08.04.03 Windows 7 x64 NTFS Internet Explorer 8.0.7600.16385 And :: AND-PC [Administrator] Schutz: Aktiviert 04.08.2013 19:03:39 mbam-log-2013-08-04 (19-03-39).txt Art des Suchlaufs: Flash-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: Registrierung | Dateisystem | P2P Durchsuchte Objekte: 234849 Laufzeit: 44 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 2 HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (PUM.UserWLoad) -> Daten: C:\Users\And\LOCALS~1\Temp\mswaqq.exe -> Löschen bei Neustart. HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (Trojan.Agent) -> Daten: C:\Users\And\LOCALS~1\Temp\mswaqq.exe -> Löschen bei Neustart. Infizierte Dateiobjekte der Registrierung: 8 HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Search Page (Hijack.SearchPage) -> Bösartig: (hxxp://search.certified-toolbar.com?si=46364&tid=3869&ver=3.7&ts=1375623323278.000005&tguid=46364-3869-1375623323278-74C3C9F24FF7F15752B56B2ACC075E52&st=chrome&q=) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Search Bar (Hijack.SearchPage) -> Bösartig: (hxxp://search.certified-toolbar.com?si=46364&tid=3869&ver=3.7&ts=1375623323278.000005&tguid=46364-3869-1375623323278-74C3C9F24FF7F15752B56B2ACC075E52&st=chrome&q=) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Default_Search_URL (Hijack.SearchPage) -> Bösartig: (hxxp://search.certified-toolbar.com?si=46364&tid=3869&ver=3.7&ts=1375623323278.000005&tguid=46364-3869-1375623323278-74C3C9F24FF7F15752B56B2ACC075E52&st=chrome&q=) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Internet Explorer\Search|Default_Search_URL (Hijack.SearchPage) -> Bösartig: (hxxp://search.certified-toolbar.com?si=46364&tid=3869&ver=3.7&ts=1375623323278.000005&tguid=46364-3869-1375623323278-74C3C9F24FF7F15752B56B2ACC075E52&st=chrome&q=) Gut: (hxxp://www.google.com/) -> Erfolgreich ersetzt und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Default_Search_URL (Hijack.SearchPage) -> Bösartig: (hxxp://search.certified-toolbar.com?si=46364&tid=3869&ver=3.7&ts=1375623323278.000005&tguid=46364-3869-1375623323278-74C3C9F24FF7F15752B56B2ACC075E52&st=chrome&q=) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Search Page (Hijack.SearchPage) -> Bösartig: (hxxp://search.certified-toolbar.com?si=46364&tid=3869&ver=3.7&ts=1375623323278.000005&tguid=46364-3869-1375623323278-74C3C9F24FF7F15752B56B2ACC075E52&st=chrome&q=) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Search Bar (Hijack.SearchPage) -> Bösartig: (hxxp://search.certified-toolbar.com?si=46364&tid=3869&ver=3.7&ts=1375623323278.000005&tguid=46364-3869-1375623323278-74C3C9F24FF7F15752B56B2ACC075E52&st=chrome&q=) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Internet Explorer\Search|Default_Search_URL (Hijack.SearchPage) -> Bösartig: (hxxp://search.certified-toolbar.com?si=46364&tid=3869&ver=3.7&ts=1375623323278.000005&tguid=46364-3869-1375623323278-74C3C9F24FF7F15752B56B2ACC075E52&st=chrome&q=) Gut: (hxxp://www.google.com/) -> Erfolgreich ersetzt und in Quarantäne gestellt. Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) hier der Scan mit FRST (FRST.txt): FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-08-2013
Ran by And (administrator) on 06-08-2013 13:59:35
Running from C:\Users\And\Downloads
Windows 7 Home Premium (X64) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\system32\atiesrxx.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
(Acer) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(4G Systems GmbH & Co. KG) C:\Windows\service4g.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(AlcorMicro Co., Ltd.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(SlySoft, Inc.) C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
(Dropbox, Inc.) C:\Users\And\AppData\Roaming\Dropbox\bin\Dropbox.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apntex.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\HidFind.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Windows Net) C:\Users\And\AppData\Roaming\Windows Net Data\net.exe
() C:\Program Files (x86)\SlySoft\AnyDVD\ADvdDiscHlp64.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
((주)마크애니) C:\Program Files (x86)\MarkAny\ContentSAFER\MAAgent.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Farbar) C:\Users\And\Downloads\FRST64(1).exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [AmIcoSinglun64] - C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [323072 2009-07-23] (AlcorMicro Co., Ltd.)
HKLM\...\Run: [IAAnotif] - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-05] (Intel Corporation)
HKLM\...\Run: [mwlDaemon] - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe [349480 2009-09-11] (Egis Technology Inc.)
HKLM\...\Run: [Apoint] - C:\Program Files\Apoint2K\Apoint.exe [295936 2009-05-22] (Alps Electric Co., Ltd.)
HKLM\...\Run: [Acer ePower Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [823840 2009-09-30] (Acer Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKCU\...\Run: [msnmsgr] - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [3883840 2009-07-26] (Microsoft Corporation)
HKCU\...\Run: [uTorrent] - "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED [x]
HKCU\...\Run: [MRDaemon.exe] - C:\Program Files (x86)\Mnet\QuickManager2\MRDaemon.exe [x]
HKCU\...\Run: [AnyDVD] - C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe [6377120 2012-09-20] (SlySoft, Inc.)
HKCU\...\Run: [AdobeBridge] - [x]
HKCU\...\Run: [Eqxooqba] - C:\Users\And\AppData\Roaming\Toic\ytxoe.exe [x]
HKCU\...\Command Processor: "C:\Users\And\AppData\Local\Temp\lfxnbcwskkgdaillt.exe" <======= ATTENTION
HKCU\...\CurrentVersion\Windows: [Load] C:\Users\And\LOCALS~1\Temp\mswaqq.exe <===== ATTENTION!
MountPoints2: E - E:\HTC_Sync_Manager_PC.exe
MountPoints2: {0c0ac175-8f27-11e2-8d85-00262d83320a} - F:\HTC_Sync_Manager_PC.exe
MountPoints2: {23528b06-18fe-11df-b718-00262d83320a} - F:\LaunchU3.exe -a
MountPoints2: {6aba0b8d-5d6d-11e2-8da9-00262d83320a} - E:\HTC_Sync_Manager_PC.exe
MountPoints2: {b81641a4-6317-11e2-a7e1-00262d83320a} - E:\HTC_Sync_Manager_PC.exe
MountPoints2: {c7fe51d9-177d-11df-9573-00262d83320a} - E:\autorun.exe
MountPoints2: {ef840aab-4246-11e2-94d7-00262d83320a} - E:\HTC_Sync_Manager_PC.exe
HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [261888 2009-09-25] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [EgisTecLiveUpdate] - C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe [199464 2009-08-04] (Egis Technology Inc.)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-12-10] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [1094736 2009-11-02] (Dritek System Inc.)
HKLM-x32\...\Run: [ArcadeDeluxeAgent] - C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [419112 2009-10-29] (CyberLink Corp.)
HKLM-x32\...\Run: [IVM] - C:\Program Files (x86)\NCH Swift Sound\IVM\ivm.exe [1514500 2011-01-03] (NCH Software)
HKLM-x32\...\Run: [MAAgent] - C:\Program Files (x86)\MarkAny\ContentSAFER\MAAgent.exe [61440 2008-09-19] ((주)마크애니)
HKLM-x32\...\Run: [PDFPrint] - C:\Program Files (x86)\PDF24\pdf24.exe [162408 2012-09-06] (Geek Software GmbH)
HKLM-x32\...\Run: [TkBellExe] - C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [296096 2012-11-01] (RealNetworks, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [345144 2013-08-04] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162336 2009-07-08] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
Startup: C:\Users\And\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\And\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\And\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\net.lnk
ShortcutTarget: net.lnk -> C:\Users\And\AppData\Roaming\Windows Net Data\net.exe (Windows Net)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7740&r=27360210d006l0458z1h5t4471e56q
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7740&r=27360210d006l0458z1h5t4471e56q
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7740&r=27360210d006l0458z1h5t4471e56q
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7740&r=27360210d006l0458z1h5t4471e56q
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL =
SearchScopes: HKCU - ToolbarSearchProviderProgress {96bd48dd-741b-41ae-ac4a-aff96ba00f7e}
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: HomeTab - {ba696155-d96e-4281-b467-0367a0456474} - C:\Users\And\AppData\Roaming\HomeTab\HomeTab.dll No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - HomeTab - {ba696155-d96e-4281-b467-0367a0456474} - C:\Users\And\AppData\Roaming\HomeTab\HomeTab.dll No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKCU - No Name - {37483B40-C254-4A72-BDA4-22EE90182C1E} - No File
Handler: ipp - No CLSID Value -
Handler: msdaipp - No CLSID Value -
Handler-x32: ipp - No CLSID Value -
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler-x32: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler-x32: msdaipp - No CLSID Value -
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Acer\Acer VCM\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks-x32: ShellHook Class - {88485281-8b4b-4f8d-9ede-82e29a064277} - C:\PROGRA~2\MarkAny\CONTEN~1\MACSMA~1.DLL [192512 2004-11-23] (MarkAny Cooperation.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\And\AppData\Roaming\Mozilla\Firefox\Profiles\c4ua26qo.default
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.9.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.9.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=15.0.6.14 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=15.0.6.14 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.448 - C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=15.0.6.14 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [{0153E448-190B-4987-BDE1-F256CADA672F}] C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF HKCU\...\Firefox\Extensions: [{9A207F60-3F1C-4ED0-972D-0A4CDFBFF803}] C:\Users\And\AppData\Roaming\13001.023
FF Extension: Java Link Helper - C:\Users\And\AppData\Roaming\13001.023
FF StartMenuInternet: FIREFOX.EXE - firefox.exe
Chrome:
=======
CHR Extension: (Google Docs) - C:\Users\And\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\And\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (Freemake Video Downloader) - C:\Users\And\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpegkgagfojjbcpkihigfmkojdmmimdf\1.0.0_0
CHR Extension: (Freemake Youtube Download Button) - C:\Users\And\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehgldbbpchgpcfagfpfjgoomddhccfgh\1.0.0_0
CHR Extension: () - C:\Users\And\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmlgoencnlndpglbocajlimaikjohmab\background.html
CHR Extension: (Hedgehog in the fog) - C:\Users\And\AppData\Local\Google\Chrome\User Data\Default\Extensions\haocganpkafanhkfldbbmhcpaelmkejg\3_0
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\And\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0
CHR Extension: (Gmail) - C:\Users\And\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [fgibjgmnimooanbagcfpnkmngejcojaf] - C:\Program Files (x86)\HomeTab\chrome\HomeTab.crx
CHR HKLM-x32\...\Chrome\Extension: [hempmfkijmahkaddljkmchcmjbojoedl] - C:\Users\And\AppData\Local\Temp\ccex.crx
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx
CHR HKLM-x32\...\Chrome\Extension: [mbcjjdjanpccmehilicphhmeobiljcpk] - C:\Program Files (x86)\FTDownloader.com\FTDownloader10.crx
CHR StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-08-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-08-04] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [589368 2013-08-04] (Avira Operations GmbH & Co. KG)
R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [101888 2013-07-17] (Freemake)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [109352 2013-08-06] (SurfRight B.V.)
S2 IVMService; C:\Program Files (x86)\NCH Swift Sound\IVM\ivm.exe [1514500 2011-01-03] (NCH Software)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MWLService; C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [305448 2009-09-11] (Egis Technology Inc.)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2012-10-08] ()
R2 RS_Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [253952 2009-07-10] (Acer Incorporated)
S3 SXDS10; C:\Program Files (x86)\Common Files\soft Xpansion\sxds10.exe [234096 2013-08-04] (soft Xpansion)
R2 XS Stick Service; C:\Windows\service4g.exe [125200 2009-06-17] (4G Systems GmbH & Co. KG)
==================== Drivers (Whitelisted) ====================
R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [138400 2012-08-26] (SlySoft, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-08-04] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-08-04] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-08-04] (Avira Operations GmbH & Co. KG)
S3 cmnsusbser; C:\Windows\System32\DRIVERS\cmnsusbser.sys [117888 2010-02-13] (Mobile Connector)
R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115600 2010-01-29] (EZB Systems, Inc.)
R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115600 2010-01-29] (EZB Systems, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [871408 2013-02-28] ()
R2 WinisoCDBus; C:\Windows\System32\drivers\WinisoCDBus.sys [204032 2012-06-27] (WinISO.com)
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-08-06 13:57 - 2013-08-06 13:57 - 01788685 _____ (Farbar) C:\Users\And\Downloads\FRST64(1).exe
2013-08-06 10:45 - 2013-08-06 10:45 - 00000818 _____ C:\Windows\PFRO.log
2013-08-06 10:20 - 2013-08-06 10:21 - 00001652 _____ C:\Users\And\Desktop\adwcleanert.txt
2013-08-06 10:12 - 2013-08-06 10:16 - 00001652 _____ C:\AdwCleaner[S5].txt
2013-08-06 02:55 - 2013-08-06 02:59 - 00004638 _____ C:\Windows\IE9_main.log
2013-08-06 01:17 - 2013-08-06 01:17 - 00000000 ____D C:\Windows\ERUNT
2013-08-06 01:16 - 2013-08-06 01:16 - 00003098 _____ C:\Windows\System32\Tasks\{3B137DB0-EE93-4304-A1D5-E1245BE95ABB}
2013-08-06 01:15 - 2013-08-06 01:15 - 00562008 _____ (Oleg N. Scherbakov) C:\Users\And\Desktop\JRT.exe
2013-08-06 01:11 - 2013-08-06 01:12 - 00026563 _____ C:\Users\And\Downloads\Addition.txt
2013-08-06 01:10 - 2013-08-06 01:10 - 00000000 ____D C:\FRST
2013-08-06 01:09 - 2013-08-06 01:09 - 01788685 _____ (Farbar) C:\Users\And\Downloads\FRST64.exe
2013-08-06 01:02 - 2013-08-06 01:02 - 00001326 _____ C:\Windows\system32\.crusader
2013-08-06 00:49 - 2013-08-06 00:49 - 00001869 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2013-08-06 00:49 - 2013-08-06 00:49 - 00000000 ____D C:\Program Files\HitmanPro
2013-08-06 00:48 - 2013-08-06 01:03 - 00000000 ____D C:\ProgramData\HitmanPro
2013-08-06 00:47 - 2013-08-06 00:48 - 09853928 _____ (SurfRight B.V.) C:\Users\And\Downloads\HitmanPro_x64.exe
2013-08-06 00:35 - 2013-08-06 00:38 - 00001757 _____ C:\AdwCleaner[S4].txt
2013-08-06 00:29 - 2013-08-06 13:30 - 00000392 _____ C:\Windows\setupact.log
2013-08-06 00:29 - 2013-08-06 00:29 - 00000000 _____ C:\Windows\setuperr.log
2013-08-06 00:10 - 2013-08-06 00:10 - 01093032 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll
2013-08-06 00:10 - 2013-08-06 00:10 - 00972712 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll
2013-08-06 00:10 - 2013-08-06 00:10 - 00312232 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-08-06 00:10 - 2013-08-06 00:10 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-08-06 00:10 - 2013-08-06 00:10 - 00188840 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-08-06 00:10 - 2013-08-06 00:10 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-08-06 00:10 - 2013-08-06 00:10 - 00000000 ____D C:\Program Files\Java
2013-08-06 00:08 - 2013-08-06 00:09 - 33150376 _____ (Oracle Corporation) C:\Users\And\Downloads\jre-7u25-windows-x64.exe
2013-08-05 23:59 - 2013-08-05 23:59 - 00001983 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-08-05 23:53 - 2013-08-05 23:55 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-08-05 23:53 - 2013-08-05 23:55 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-08-05 23:52 - 2011-04-09 08:58 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2013-08-05 23:52 - 2011-04-09 07:56 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2013-08-05 23:18 - 2011-11-19 17:07 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2013-08-05 23:18 - 2011-11-19 16:06 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2013-08-05 23:00 - 2013-08-05 23:00 - 00002768 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2013-08-05 23:00 - 2013-08-05 23:00 - 00000786 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-08-05 23:00 - 2013-08-05 23:00 - 00000000 ____D C:\Program Files\CCleaner
2013-08-05 22:58 - 2013-08-05 22:58 - 04429440 _____ (Piriform Ltd) C:\Users\And\Downloads\ccsetup404.exe
2013-08-05 22:40 - 2012-06-03 00:19 - 02428952 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2013-08-05 22:40 - 2012-06-03 00:19 - 00057880 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2013-08-05 22:40 - 2012-06-03 00:19 - 00044056 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2013-08-05 22:40 - 2012-06-03 00:15 - 02622464 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2013-08-05 22:39 - 2012-06-02 15:19 - 00186752 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2013-08-05 22:39 - 2012-06-02 15:15 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2013-08-05 16:22 - 2013-08-05 16:23 - 00000000 ____D C:\Windows\8AE3CFB678B24F55A7BE618FCFF43A03.TMP
2013-08-05 15:14 - 2013-08-05 15:14 - 00000000 _____ C:\autoexec.bat
2013-08-05 14:33 - 2013-08-05 14:33 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-08-05 14:25 - 2013-08-05 14:25 - 05799944 _____ (ParetoLogic, Inc.) C:\Users\And\Downloads\RegCureProSetup_RW.exe
2013-08-05 14:25 - 2013-08-05 14:25 - 00726464 _____ (Enigma Software Group USA, LLC.) C:\Users\And\Downloads\SpyHunter-Installer.exe
2013-08-05 14:25 - 2013-08-05 14:25 - 00001205 _____ C:\Users\And\Downloads\FixNCR.reg
2013-08-05 11:10 - 2013-08-05 11:10 - 00001545 _____ C:\AdwCleaner[S3].txt
2013-08-05 11:07 - 2013-08-05 11:09 - 00001483 _____ C:\AdwCleaner[R3].txt
2013-08-04 22:19 - 2013-08-06 00:18 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-08-04 22:19 - 2013-08-04 23:00 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-08-04 22:19 - 2013-08-04 22:19 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2013-08-04 22:17 - 2013-08-04 22:18 - 37672592 _____ (Safer-Networking Ltd. ) C:\Users\And\Downloads\spybotsd-2.1.21-SR2.exe
2013-08-04 20:09 - 2013-08-04 20:09 - 00001951 _____ C:\AdwCleaner[S2].txt
2013-08-04 20:07 - 2013-08-04 20:09 - 00001883 _____ C:\AdwCleaner[R2].txt
2013-08-04 20:02 - 2013-08-04 20:02 - 00052900 _____ C:\AdwCleaner[S1].txt
2013-08-04 20:01 - 2013-08-04 19:59 - 00666633 _____ C:\Users\And\Desktop\adwcleaner06.exe
2013-08-04 20:00 - 2013-08-04 20:01 - 00193497 _____ C:\AdwCleaner[R1].txt
2013-08-04 19:59 - 2013-08-04 19:59 - 00666633 _____ C:\Users\And\Downloads\adwcleaner06.exe
2013-08-04 16:04 - 2013-08-04 16:04 - 00000116 _____ C:\Users\And\AppData\Roaming\wklnhst.dat
2013-08-04 16:04 - 2013-08-04 16:04 - 00000000 ____D C:\Users\And\AppData\Roaming\Template
2013-08-04 15:38 - 2013-08-04 15:38 - 00010464 _____ C:\Windows\SysWOW64\sx_p2d.tlb
2013-08-04 15:38 - 2013-08-04 15:38 - 00000000 ____D C:\Users\And\Downloads\freepdf
2013-08-04 15:38 - 2013-08-04 15:38 - 00000000 ____D C:\SoftwareUpdater
2013-08-04 15:36 - 2013-08-05 01:58 - 00000000 ____D C:\Windows\System32\Tasks\Browser Updater
2013-08-04 15:36 - 2013-08-01 03:08 - 00032328 _____ C:\Windows\Launcher.exe
2013-08-04 15:35 - 2013-08-04 15:47 - 00000000 ____D C:\Users\And\AppData\Roaming\Windows Net Data
2013-08-04 15:32 - 2013-08-04 15:32 - 00444400 _____ C:\Users\And\Downloads\DLG_free-pdf-perfect_chip_de-DE10.exe
2013-08-04 10:25 - 2013-08-04 10:25 - 00000000 ____D C:\Users\And\AppData\Roaming\Avira
2013-08-04 10:20 - 2013-08-04 10:20 - 00083672 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-08-04 10:19 - 2013-08-04 10:19 - 00001998 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-08-04 10:18 - 2013-08-04 10:18 - 00000000 ____D C:\Program Files (x86)\Avira
2013-08-04 10:18 - 2013-08-04 10:10 - 00130016 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-08-04 10:18 - 2013-08-04 10:10 - 00100712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-08-04 10:18 - 2013-08-04 10:10 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-07-30 20:39 - 2013-07-30 20:39 - 00003436 _____ C:\Windows\System32\Tasks\BrowserDefendert
2013-07-30 20:26 - 2013-07-30 20:26 - 00000000 ____D C:\Users\TigerBlade\AppData\Roaming\Malwarebytes
2013-07-30 12:56 - 2013-07-30 12:56 - 00000000 ____D C:\Users\And\AppData\Roaming\www.rene-zeidler.de
2013-07-30 12:56 - 2013-07-30 12:56 - 00000000 ____D C:\Users\And\AppData\Local\www.rene-zeidler.de
2013-07-30 12:56 - 2013-07-30 12:56 - 00000000 ____D C:\ProgramData\www.rene-zeidler.de
2013-07-29 21:48 - 2013-07-29 21:48 - 00003376 _____ C:\Windows\System32\Tasks\EPUpdater
2013-07-29 21:47 - 2013-07-29 21:47 - 00001324 _____ C:\Users\Public\Desktop\Freemake Audio Converter.lnk
2013-07-29 21:46 - 2013-07-29 21:46 - 01264816 _____ (Ellora Assets Corporation ) C:\Users\And\Downloads\FreemakeAudioConverterSetup(1).exe
2013-07-29 21:28 - 2013-07-29 21:28 - 01111837 _____ (PolySoft Solutions ) C:\Users\And\Downloads\FreeFLACToMP3Converter.exe
2013-07-29 21:22 - 2013-07-29 21:25 - 93548569 _____ C:\Users\And\Downloads\Rabentour2.zip
2013-07-29 18:55 - 2013-07-29 19:02 - 38760251 _____ C:\Users\And\Downloads\ffactory3_install [1].exe
2013-07-29 18:54 - 2013-07-29 18:54 - 00620896 _____ C:\Users\And\Downloads\ffactory3_install.exe
2013-07-29 18:34 - 2013-07-29 18:34 - 00001297 _____ C:\Users\And\Desktop\AVS4YOU Software Navigator.lnk
2013-07-29 18:32 - 2013-07-29 18:33 - 46406640 _____ (Online Media Technologies Ltd. ) C:\Users\And\Downloads\avs-audio-converter_19024.exe
2013-07-26 09:10 - 2013-07-26 09:10 - 00033692 _____ C:\Users\And\Downloads\masterplan_soulburn.gp4
2013-07-26 08:09 - 2013-07-26 08:10 - 00000000 ____D C:\Users\And\Desktop\Mastering
2013-07-24 11:47 - 2013-07-24 11:47 - 00408697 _____ C:\Users\And\Downloads\Outlook.zip
2013-07-23 22:05 - 2013-07-23 22:05 - 00000000 ____D C:\Users\And\Documents\My Stationery
2013-07-23 22:03 - 2013-07-23 22:03 - 00009258 _____ C:\Users\And\Downloads\Delivery Status Notification (Failure).zip
2013-07-21 20:09 - 2013-07-22 21:17 - 95023320 ____T C:\ProgramData\ininolej.pad
2013-07-21 20:09 - 2013-07-22 21:17 - 00000000 _____ C:\ProgramData\g252qs.txt
2013-07-21 20:09 - 2013-07-21 20:09 - 00002731 _____ C:\ProgramData\ininolej.js
2013-07-21 20:09 - 2013-07-21 20:09 - 00001011 _____ C:\ProgramData\sdaksda.txt
2013-07-21 20:09 - 2013-07-21 20:09 - 00000154 _____ C:\ProgramData\ininolej.reg
2013-07-21 20:09 - 2013-07-21 20:09 - 00000059 _____ C:\ProgramData\ininolej.bat
2013-07-12 18:50 - 2013-07-12 18:50 - 00614400 _____ C:\Users\And\Downloads\The_xx-Coexist-2012-pLAN9(1).rar.part
2013-07-12 18:50 - 2013-07-12 18:50 - 00000000 _____ C:\Users\And\Downloads\The_xx-Coexist-2012-pLAN9(1).rar
2013-07-11 13:48 - 2013-07-11 14:08 - 60423352 _____ C:\Users\And\Downloads\The_xx-Coexist-2012-pLAN9.rar
2013-07-09 15:49 - 2013-07-09 15:49 - 00000162 _____ C:\ProgramData\wavav0bdtzbtb43b.reg
2013-07-09 15:49 - 2013-07-09 15:49 - 00000067 _____ C:\ProgramData\wavav0bdtzbtb43b.bat
124
==================== One Month Modified Files and Folders =======
2013-08-06 13:58 - 2012-10-11 15:21 - 00000193 _____ C:\Windows\WORDPAD.INI
2013-08-06 13:57 - 2013-08-06 13:57 - 01788685 _____ (Farbar) C:\Users\And\Downloads\FRST64(1).exe
2013-08-06 13:40 - 2011-01-03 00:44 - 00000000 ____D C:\Windows\System32\Tasks\NCH Swift Sound
2013-08-06 13:39 - 2013-04-12 14:29 - 00000000 ____D C:\Users\And\AppData\Roaming\Dropbox
2013-08-06 13:38 - 2010-02-28 16:16 - 00000125 ___SH C:\ProgramData\.zreglib
2013-08-06 13:38 - 2009-07-14 06:45 - 00017376 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-06 13:38 - 2009-07-14 06:45 - 00017376 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-06 13:37 - 2013-03-16 19:55 - 00000412 ____H C:\Windows\Tasks\schedule!3036567561.job
2013-08-06 13:37 - 2013-02-23 10:21 - 00001100 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-06 13:30 - 2013-08-06 00:29 - 00000392 _____ C:\Windows\setupact.log
2013-08-06 13:30 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-06 12:22 - 2010-01-24 08:37 - 01788763 _____ C:\Windows\WindowsUpdate.log
2013-08-06 12:06 - 2013-02-23 10:21 - 00001104 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-06 10:45 - 2013-08-06 10:45 - 00000818 _____ C:\Windows\PFRO.log
2013-08-06 10:21 - 2013-08-06 10:20 - 00001652 _____ C:\Users\And\Desktop\adwcleanert.txt
2013-08-06 10:16 - 2013-08-06 10:12 - 00001652 _____ C:\AdwCleaner[S5].txt
2013-08-06 09:50 - 2012-11-01 10:26 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-08-06 09:50 - 2012-11-01 10:26 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-08-06 04:17 - 2010-01-24 17:29 - 00663842 _____ C:\Windows\system32\perfh007.dat
2013-08-06 04:17 - 2010-01-24 17:29 - 00135078 _____ C:\Windows\system32\perfc007.dat
2013-08-06 04:17 - 2009-07-14 07:13 - 01547226 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-06 03:59 - 2009-11-05 05:21 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-08-06 02:59 - 2013-08-06 02:55 - 00004638 _____ C:\Windows\IE9_main.log
2013-08-06 02:42 - 2009-11-05 05:23 - 00000000 ____D C:\Program Files (x86)\Microsoft Works
2013-08-06 02:21 - 2009-07-14 04:34 - 00000510 _____ C:\Windows\win.ini
2013-08-06 01:17 - 2013-08-06 01:17 - 00000000 ____D C:\Windows\ERUNT
2013-08-06 01:16 - 2013-08-06 01:16 - 00003098 _____ C:\Windows\System32\Tasks\{3B137DB0-EE93-4304-A1D5-E1245BE95ABB}
2013-08-06 01:15 - 2013-08-06 01:15 - 00562008 _____ (Oleg N. Scherbakov) C:\Users\And\Desktop\JRT.exe
2013-08-06 01:12 - 2013-08-06 01:11 - 00026563 _____ C:\Users\And\Downloads\Addition.txt
2013-08-06 01:10 - 2013-08-06 01:10 - 00000000 ____D C:\FRST
2013-08-06 01:09 - 2013-08-06 01:09 - 01788685 _____ (Farbar) C:\Users\And\Downloads\FRST64.exe
2013-08-06 01:03 - 2013-08-06 00:48 - 00000000 ____D C:\ProgramData\HitmanPro
2013-08-06 01:02 - 2013-08-06 01:02 - 00001326 _____ C:\Windows\system32\.crusader
2013-08-06 00:49 - 2013-08-06 00:49 - 00001869 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2013-08-06 00:49 - 2013-08-06 00:49 - 00000000 ____D C:\Program Files\HitmanPro
2013-08-06 00:48 - 2013-08-06 00:47 - 09853928 _____ (SurfRight B.V.) C:\Users\And\Downloads\HitmanPro_x64.exe
2013-08-06 00:38 - 2013-08-06 00:35 - 00001757 _____ C:\AdwCleaner[S4].txt
2013-08-06 00:29 - 2013-08-06 00:29 - 00000000 _____ C:\Windows\setuperr.log
2013-08-06 00:18 - 2013-08-04 22:19 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-08-06 00:16 - 2010-04-01 03:10 - 00001768 _____ C:\Windows\wininit.ini
2013-08-06 00:10 - 2013-08-06 00:10 - 01093032 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll
2013-08-06 00:10 - 2013-08-06 00:10 - 00972712 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll
2013-08-06 00:10 - 2013-08-06 00:10 - 00312232 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-08-06 00:10 - 2013-08-06 00:10 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-08-06 00:10 - 2013-08-06 00:10 - 00188840 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-08-06 00:10 - 2013-08-06 00:10 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-08-06 00:10 - 2013-08-06 00:10 - 00000000 ____D C:\Program Files\Java
2013-08-06 00:09 - 2013-08-06 00:08 - 33150376 _____ (Oracle Corporation) C:\Users\And\Downloads\jre-7u25-windows-x64.exe
2013-08-06 00:00 - 2010-03-24 16:00 - 00000000 ____D C:\Users\And\AppData\Local\Adobe
2013-08-05 23:59 - 2013-08-05 23:59 - 00001983 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-08-05 23:59 - 2009-11-05 02:38 - 00000000 ____D C:\ProgramData\Adobe
2013-08-05 23:59 - 2009-11-05 02:38 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-08-05 23:55 - 2013-08-05 23:53 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-08-05 23:55 - 2013-08-05 23:53 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-08-05 23:32 - 2013-02-25 00:02 - 00482816 ___SH C:\Users\And\Desktop\Thumbs.db
2013-08-05 23:17 - 2011-10-16 02:41 - 00000000 ____D C:\Users\And\AppData\Roaming\Vso
2013-08-05 23:17 - 2010-09-02 01:53 - 00000000 ____D C:\Users\And\AppData\Roaming\Media Player Classic
2013-08-05 23:17 - 2010-02-18 12:22 - 00000000 ____D C:\Users\And\Tracing
2013-08-05 23:10 - 2012-12-13 14:44 - 00000000 ____D C:\Users\And\AppData\Local\CrashDumps
2013-08-05 23:10 - 2009-07-27 22:41 - 00000000 ____D C:\Windows\Panther
2013-08-05 23:00 - 2013-08-05 23:00 - 00002768 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2013-08-05 23:00 - 2013-08-05 23:00 - 00000786 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-08-05 23:00 - 2013-08-05 23:00 - 00000000 ____D C:\Program Files\CCleaner
2013-08-05 22:58 - 2013-08-05 22:58 - 04429440 _____ (Piriform Ltd) C:\Users\And\Downloads\ccsetup404.exe
2013-08-05 16:23 - 2013-08-05 16:22 - 00000000 ____D C:\Windows\8AE3CFB678B24F55A7BE618FCFF43A03.TMP
2013-08-05 15:14 - 2013-08-05 15:14 - 00000000 _____ C:\autoexec.bat
2013-08-05 14:33 - 2013-08-05 14:33 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-08-05 14:25 - 2013-08-05 14:25 - 05799944 _____ (ParetoLogic, Inc.) C:\Users\And\Downloads\RegCureProSetup_RW.exe
2013-08-05 14:25 - 2013-08-05 14:25 - 00726464 _____ (Enigma Software Group USA, LLC.) C:\Users\And\Downloads\SpyHunter-Installer.exe
2013-08-05 14:25 - 2013-08-05 14:25 - 00001205 _____ C:\Users\And\Downloads\FixNCR.reg
2013-08-05 11:10 - 2013-08-05 11:10 - 00001545 _____ C:\AdwCleaner[S3].txt
2013-08-05 11:09 - 2013-08-05 11:07 - 00001483 _____ C:\AdwCleaner[R3].txt
2013-08-05 09:13 - 2010-02-15 13:11 - 00000000 ____D C:\Users\And\AppData\Roaming\U3
2013-08-05 01:58 - 2013-08-04 15:36 - 00000000 ____D C:\Windows\System32\Tasks\Browser Updater
2013-08-04 23:00 - 2013-08-04 22:19 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-08-04 23:00 - 2013-03-16 19:54 - 00000000 ____D C:\ProgramData\InstallMate
2013-08-04 22:19 - 2013-08-04 22:19 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2013-08-04 22:18 - 2013-08-04 22:17 - 37672592 _____ (Safer-Networking Ltd. ) C:\Users\And\Downloads\spybotsd-2.1.21-SR2.exe
2013-08-04 20:09 - 2013-08-04 20:09 - 00001951 _____ C:\AdwCleaner[S2].txt
2013-08-04 20:09 - 2013-08-04 20:07 - 00001883 _____ C:\AdwCleaner[R2].txt
2013-08-04 20:02 - 2013-08-04 20:02 - 00052900 _____ C:\AdwCleaner[S1].txt
2013-08-04 20:01 - 2013-08-04 20:00 - 00193497 _____ C:\AdwCleaner[R1].txt
2013-08-04 19:59 - 2013-08-04 20:01 - 00666633 _____ C:\Users\And\Desktop\adwcleaner06.exe
2013-08-04 19:59 - 2013-08-04 19:59 - 00666633 _____ C:\Users\And\Downloads\adwcleaner06.exe
2013-08-04 18:30 - 2009-11-05 05:32 - 00000000 ____D C:\Program Files (x86)\Acer GameZone
2013-08-04 18:10 - 2009-11-05 02:36 - 00000000 ____D C:\Program Files (x86)\InstallShield Installation Information
2013-08-04 17:56 - 2012-10-19 09:50 - 00000000 ____D C:\Users\And\AppData\Roaming\Amazon
2013-08-04 17:56 - 2012-10-19 09:50 - 00000000 ____D C:\Program Files (x86)\Amazon
2013-08-04 17:19 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2013-08-04 16:04 - 2013-08-04 16:04 - 00000116 _____ C:\Users\And\AppData\Roaming\wklnhst.dat
2013-08-04 16:04 - 2013-08-04 16:04 - 00000000 ____D C:\Users\And\AppData\Roaming\Template
2013-08-04 16:04 - 2009-07-14 07:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2013-08-04 15:47 - 2013-08-04 15:35 - 00000000 ____D C:\Users\And\AppData\Roaming\Windows Net Data
2013-08-04 15:42 - 2009-07-14 06:45 - 05082032 _____ C:\Windows\system32\FNTCACHE.DAT
2013-08-04 15:38 - 2013-08-04 15:38 - 00010464 _____ C:\Windows\SysWOW64\sx_p2d.tlb
2013-08-04 15:38 - 2013-08-04 15:38 - 00000000 ____D C:\Users\And\Downloads\freepdf
2013-08-04 15:38 - 2013-08-04 15:38 - 00000000 ____D C:\SoftwareUpdater
2013-08-04 15:36 - 2010-02-12 21:31 - 00139336 _____ C:\Users\And\AppData\Local\GDIPFONTCACHEV1.DAT
2013-08-04 15:35 - 2010-02-12 21:32 - 00000000 ____D C:\Users\And\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-08-04 15:32 - 2013-08-04 15:32 - 00444400 _____ C:\Users\And\Downloads\DLG_free-pdf-perfect_chip_de-DE10.exe
2013-08-04 11:34 - 2011-10-07 09:26 - 00000000 ____D C:\Users\And\Desktop\Andy Fotoordner
2013-08-04 10:25 - 2013-08-04 10:25 - 00000000 ____D C:\Users\And\AppData\Roaming\Avira
2013-08-04 10:20 - 2013-08-04 10:20 - 00083672 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-08-04 10:19 - 2013-08-04 10:19 - 00001998 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-08-04 10:18 - 2013-08-04 10:18 - 00000000 ____D C:\Program Files (x86)\Avira
2013-08-04 10:18 - 2011-03-25 23:27 - 00000000 ____D C:\ProgramData\Avira
2013-08-04 10:10 - 2013-08-04 10:18 - 00130016 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-08-04 10:10 - 2013-08-04 10:18 - 00100712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-08-04 10:10 - 2013-08-04 10:18 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-08-03 02:19 - 2013-04-09 12:38 - 00000000 ____D C:\Users\And\AppData\Roaming\vlc
2013-08-02 02:39 - 2012-04-11 12:13 - 00000000 ____D C:\Windows\System32\Tasks\NCH Software
2013-08-01 03:08 - 2013-08-04 15:36 - 00032328 _____ C:\Windows\Launcher.exe
2013-08-01 01:10 - 2013-02-23 10:22 - 00002187 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-07-31 16:54 - 2012-11-01 10:23 - 00003332 _____ C:\Windows\System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2466762564-940141292-4185495133-1000
2013-07-31 16:54 - 2012-11-01 10:23 - 00003194 _____ C:\Windows\System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2466762564-940141292-4185495133-1000
2013-07-30 20:39 - 2013-07-30 20:39 - 00003436 _____ C:\Windows\System32\Tasks\BrowserDefendert
2013-07-30 20:26 - 2013-07-30 20:26 - 00000000 ____D C:\Users\TigerBlade\AppData\Roaming\Malwarebytes
2013-07-30 20:25 - 2012-12-12 23:07 - 00139336 _____ C:\Users\TigerBlade\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-30 15:31 - 2013-06-16 21:43 - 00000000 ____D C:\Users\And\Desktop\NEW PROG PROJECT
2013-07-30 12:57 - 2012-07-26 23:40 - 00000000 ____D C:\Users\And\Desktop\DIVERSES
2013-07-30 12:56 - 2013-07-30 12:56 - 00000000 ____D C:\Users\And\AppData\Roaming\www.rene-zeidler.de
2013-07-30 12:56 - 2013-07-30 12:56 - 00000000 ____D C:\Users\And\AppData\Local\www.rene-zeidler.de
2013-07-30 12:56 - 2013-07-30 12:56 - 00000000 ____D C:\ProgramData\www.rene-zeidler.de
2013-07-29 22:42 - 2011-07-21 06:44 - 00000000 ____D C:\Users\And\Desktop\Doros Welt
2013-07-29 21:48 - 2013-07-29 21:48 - 00003376 _____ C:\Windows\System32\Tasks\EPUpdater
2013-07-29 21:47 - 2013-07-29 21:47 - 00001324 _____ C:\Users\Public\Desktop\Freemake Audio Converter.lnk
2013-07-29 21:47 - 2012-11-24 02:35 - 00000000 ____D C:\ProgramData\Freemake
2013-07-29 21:46 - 2013-07-29 21:46 - 01264816 _____ (Ellora Assets Corporation ) C:\Users\And\Downloads\FreemakeAudioConverterSetup(1).exe
2013-07-29 21:28 - 2013-07-29 21:28 - 01111837 _____ (PolySoft Solutions ) C:\Users\And\Downloads\FreeFLACToMP3Converter.exe
2013-07-29 21:25 - 2013-07-29 21:22 - 93548569 _____ C:\Users\And\Downloads\Rabentour2.zip
2013-07-29 19:02 - 2013-07-29 18:55 - 38760251 _____ C:\Users\And\Downloads\ffactory3_install [1].exe
2013-07-29 18:54 - 2013-07-29 18:54 - 00620896 _____ C:\Users\And\Downloads\ffactory3_install.exe
2013-07-29 18:34 - 2013-07-29 18:34 - 00001297 _____ C:\Users\And\Desktop\AVS4YOU Software Navigator.lnk
2013-07-29 18:34 - 2011-11-04 13:22 - 00000000 ____D C:\Users\And\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AVS4YOU
2013-07-29 18:34 - 2011-11-04 13:21 - 00000000 ____D C:\Program Files (x86)\AVS4YOU
2013-07-29 18:33 - 2013-07-29 18:32 - 46406640 _____ (Online Media Technologies Ltd. ) C:\Users\And\Downloads\avs-audio-converter_19024.exe
2013-07-29 16:27 - 2011-10-07 09:26 - 00000000 ____D C:\Users\And\Desktop\Andy neue Daten - WICHTIG
2013-07-29 12:49 - 2013-02-27 13:42 - 00000000 ____D C:\Users\And\Desktop\SOULSEEK-FILES
2013-07-29 11:20 - 2010-02-13 15:32 - 00000000 ____D C:\Program Files (x86)\JDownloader
2013-07-26 09:10 - 2013-07-26 09:10 - 00033692 _____ C:\Users\And\Downloads\masterplan_soulburn.gp4
2013-07-26 08:10 - 2013-07-26 08:09 - 00000000 ____D C:\Users\And\Desktop\Mastering
2013-07-24 11:47 - 2013-07-24 11:47 - 00408697 _____ C:\Users\And\Downloads\Outlook.zip
2013-07-23 23:57 - 2012-01-08 20:43 - 00001057 _____ C:\Users\And\AppData\Roaming\vso_ts_preview.xml
2013-07-23 22:05 - 2013-07-23 22:05 - 00000000 ____D C:\Users\And\Documents\My Stationery
2013-07-23 22:03 - 2013-07-23 22:03 - 00009258 _____ C:\Users\And\Downloads\Delivery Status Notification (Failure).zip
2013-07-22 21:17 - 2013-07-21 20:09 - 95023320 ____T C:\ProgramData\ininolej.pad
2013-07-22 21:17 - 2013-07-21 20:09 - 00000000 _____ C:\ProgramData\g252qs.txt
2013-07-21 20:09 - 2013-07-21 20:09 - 00002731 _____ C:\ProgramData\ininolej.js
2013-07-21 20:09 - 2013-07-21 20:09 - 00001011 _____ C:\ProgramData\sdaksda.txt
2013-07-21 20:09 - 2013-07-21 20:09 - 00000154 _____ C:\ProgramData\ininolej.reg
2013-07-21 20:09 - 2013-07-21 20:09 - 00000059 _____ C:\ProgramData\ininolej.bat
2013-07-15 12:41 - 2012-04-25 00:03 - 00000000 ____D C:\Users\And\AppData\Roaming\Mp3tag
2013-07-14 21:55 - 2009-07-14 07:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-13 00:01 - 2013-02-23 10:21 - 00004100 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-13 00:01 - 2013-02-23 10:21 - 00003848 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-12 18:50 - 2013-07-12 18:50 - 00614400 _____ C:\Users\And\Downloads\The_xx-Coexist-2012-pLAN9(1).rar.part
2013-07-12 18:50 - 2013-07-12 18:50 - 00000000 _____ C:\Users\And\Downloads\The_xx-Coexist-2012-pLAN9(1).rar
2013-07-11 14:08 - 2013-07-11 13:48 - 60423352 _____ C:\Users\And\Downloads\The_xx-Coexist-2012-pLAN9.rar
2013-07-09 15:49 - 2013-07-09 15:49 - 00000162 _____ C:\ProgramData\wavav0bdtzbtb43b.reg
2013-07-09 15:49 - 2013-07-09 15:49 - 00000067 _____ C:\ProgramData\wavav0bdtzbtb43b.bat
2013-07-07 12:55 - 2012-06-14 21:55 - 00000156 _____ C:\Windows\Twunk001.MTX
2013-07-07 12:55 - 2012-06-14 21:55 - 00000004 _____ C:\Windows\Twain001.Mtx
Files to move or delete:
====================
C:\ProgramData\ininolej.bat
C:\ProgramData\ininolej.pad
C:\ProgramData\ininolej.reg
C:\ProgramData\wavav0bdtzbtb43b.bat
C:\ProgramData\wavav0bdtzbtb43b.reg
C:\ProgramData\z7_0ytr.pad
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-08-05 14:16
==================== End Of Log ============================
--- --- --- --- --- --- die Addition.txt kann ich irgendwie nicht finden ok ich hab die Addition.txt gefunden: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-08-2013 Ran by And at 2013-08-06 14:12:43 Running from C:\Users\And\Downloads Boot Mode: Normal ========================================================== ==================== Installed Programs ======================= Acer Arcade Deluxe (x32 Version: 3.0.7112) Acer Backup Manager (x32 Version: 2.0.0.29) Acer Crystal Eye Webcam (x32 Version: 5.2.9.3) Acer ePower Management (x32 Version: 4.05.3004) Acer eRecovery Management (x32 Version: 4.05.3005) Acer GameZone Console (x32 Version: 5.1.0.2) Acer GridVista (x32 Version: 3.01.0730) Acer Registration (x32 Version: 1.02.3006) Acer ScreenSaver (x32 Version: 1.7.0715) Acer Updater (x32 Version: 1.01.3017) Acer VCM (x32 Version: 4.05.3000) Acrobat.com (x32 Version: 1.6.65) Adobe After Effects CS6 (x32 Version: 11) Adobe AIR (x32 Version: 3.2.0.2070) Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94) Adobe Help Manager (x32 Version: 4.0.244) Adobe Photoshop 7.0 (x32 Version: 7.0) Adobe Photoshop Lightroom 4 64-bit (Version: 4.0.1) Adobe Reader XI (11.0.03) - Deutsch (x32 Version: 11.0.03) Alcor Micro USB Card Reader (x32 Version: 1.4.17.35005) ALPS Touch Pad Driver (Version: 7.105.2015.1105) Antares Auto-Tune v4.39 (x32) AnyDVD (x32 Version: 7.0.9.0) Apple Application Support (x32 Version: 2.3) ARAX Disk Doctor Data Recovery (x32) ATI Catalyst Install Manager (Version: 3.0.754.0) AutoFriend (x32 Version: 4.00.0449) Avira Free Antivirus (x32 Version: 13.0.0.3885) AviSynth 2.5 (x32) AVS Update Manager 1.0 (x32) AVS Video Converter 8 (x32) AVS4YOU Software Navigator 1.4 (x32) AVStoDVD 2.4.1 (x32 Version: 2.4.1) Backup Manager Basic (x32 Version: 2.0.0.29) Battle.net (x32) Broadcom Gigabit NetLink Controller (Version: 12.33.03) BrowseToSave (Version: 1.0) Camtasia Studio 8 (x32 Version: 8.0.2.961) Catalyst Control Center - Branding (x32 Version: 1.00.0000) Catalyst Control Center Core Implementation (x32 Version: 2009.1209.2335.42329) Catalyst Control Center Graphics Full Existing (x32 Version: 2009.1209.2335.42329) Catalyst Control Center Graphics Full New (x32 Version: 2009.1209.2335.42329) Catalyst Control Center Graphics Light (x32 Version: 2009.1209.2335.42329) Catalyst Control Center Graphics Previews Vista (x32 Version: 2009.1209.2335.42329) Catalyst Control Center InstallProxy (x32 Version: 2009.1209.2335.42329) Catalyst Control Center Localization All (x32 Version: 2009.1209.2335.42329) CCC Help Chinese Standard (x32 Version: 2009.1209.2334.42329) CCC Help Chinese Traditional (x32 Version: 2009.1209.2334.42329) CCC Help Czech (x32 Version: 2009.1209.2334.42329) CCC Help Danish (x32 Version: 2009.1209.2334.42329) CCC Help Dutch (x32 Version: 2009.1209.2334.42329) CCC Help English (x32 Version: 2009.1209.2334.42329) CCC Help Finnish (x32 Version: 2009.1209.2334.42329) CCC Help French (x32 Version: 2009.1209.2334.42329) CCC Help German (x32 Version: 2009.1209.2334.42329) CCC Help Greek (x32 Version: 2009.1209.2334.42329) CCC Help Hungarian (x32 Version: 2009.1209.2334.42329) CCC Help Italian (x32 Version: 2009.1209.2334.42329) CCC Help Japanese (x32 Version: 2009.1209.2334.42329) CCC Help Korean (x32 Version: 2009.1209.2334.42329) CCC Help Norwegian (x32 Version: 2009.1209.2334.42329) CCC Help Polish (x32 Version: 2009.1209.2334.42329) CCC Help Portuguese (x32 Version: 2009.1209.2334.42329) CCC Help Russian (x32 Version: 2009.1209.2334.42329) CCC Help Spanish (x32 Version: 2009.1209.2334.42329) CCC Help Swedish (x32 Version: 2009.1209.2334.42329) CCC Help Thai (x32 Version: 2009.1209.2334.42329) CCC Help Turkish (x32 Version: 2009.1209.2334.42329) ccc-core-static (x32 Version: 2009.1209.2335.42329) ccc-utility64 (Version: 2009.1209.2335.42329) CDBurnerXP (Version: 4.3.8.2631) CDisplay 1.8 (x32) CloneDVD 4.1.0.23 (x32) CloneDVD2 (x32) Compatibility Pack für 2007 Office System (x32 Version: 12.0.6612.1000) ContentSAFER (x32) ConvertXtoDVD 4.1.2.336 (x32 Version: 4.1.2.336) Doxillion Document Converter (x32) Dream Day First Home (x32) Dropbox (HKCU Version: 2.0.22) DVD Decrypter (Remove Only) (x32) DVDFab 8.2.1.5 (10/10/2012) Qt eaner (Version: 4.04) eBay Worldwide (x32 Version: 2.1.0901) Free CD to MP3 Converter (x32) Free DVD Decrypter version 1.5.6.908 (x32 Version: 1.5.6.908) Free M4a to MP3 Converter 7.1 (x32) Free MKV Video2Dvd 3.30 (x32) Free Video Converter V 2.7 (x32 Version: 2.7.0.0) Free WAV to MP3 Converter (x32 Version: 1.0) Freemake Audio Converter Version 1.1.0 (x32 Version: 1.1.0) GoforFiles (HKCU Version: 1.6.0) Google Chrome (x32 Version: 28.0.1500.95) Google Update Helper (x32 Version: 1.3.21.153) Guitar Pro 5.1 (x32) Guitar Pro 6 (x32) Haali Media Splitter (x32) Heroes of Hellas (x32) High-Logic FontCreator 6.0 (x32) HitmanPro 3.7 (Version: 3.7.7.203) HomeTab 3.7 (x32 Version: 3.7) Identity Card (x32 Version: 1.00.3003) ImgBurn (x32 Version: 2.5.5.0) Intel(R) Management Engine Components (x32 Version: 6.0.0.1179) Intel® Matrix Storage Manager IPTInstaller (x32 Version: 4.0.4) IVM Answering Attendant (x32) Java 7 Update 25 (64-bit) (Version: 7.0.250) Java 7 Update 9 (x32 Version: 7.0.90) Java Auto Updater (x32 Version: 2.1.9.0) Java(TM) 6 Update 37 (x32 Version: 6.0.370) JDownloader (x32 Version: 0.89) Junk Mail filter update (x32 Version: 14.0.8089.726) kikin Plugin (NO23 Edition) 1.11 (x32 Version: 1.11) Launch Manager (x32 Version: 3.0.05) Linkury Smartbar (x32 Version: 1.6.1.835) LSI HDA Modem (Version: 2.2.98) Magic Bullet Suite 64-bit (Version: 11.4.1) Magic Bullet Suite 64-bit (x32 Version: 11.4.1) Magic ISO Maker v5.5 (build 0281) (x32) MAGIX Foto Clinic 4.5 (D) (x32 Version: 4.5.8.1) Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300) Messer v0.992 (x32) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft Application Error Reporting (Version: 12.0.6015.5000) Microsoft Choice Guard (x32 Version: 2.0.48.0) Microsoft Office 2007 Service Pack 3 (SP3) (x32) Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000) Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Language Pack 2007 - German/Deutsch (x32 Version: 12.0.6612.1000) Microsoft Office O MUI (German) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000) Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office PowerPoint Viewer 2007 (German) (x32 Version: 12.0.6612.1000) Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014) Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014) Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32) Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000) Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000) Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000) Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3) (x32) Microsoft Office SharePoint Designer MUI (German) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Suite Activation Assistant (x32 Version: 2.9) Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office X MUI (German) 2007 (x32 Version: 12.0.6612.1000) Microsoft Silverlight (Version: 5.1.20513.0) Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000) Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219) Microsoft Word 2000 (x32 Version: 9.00.2816) Microsoft Works (x32 Version: 9.7.0621) MixMeister BPM Analyzer 1.0 (x32) MKVtoolnix 4.9.1 (x32 Version: 4.9.1) Monkey's Audio (x32) Mozilla Firefox 22.0 (x86 de) (x32 Version: 22.0) Mozilla Maintenance Service (x32 Version: 22.0) Mp3tag v2.51 (x32 Version: v2.51) MSVCRT (x32 Version: 14.0.1468.721) MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0) MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0) MyVideoConverter 2.405 (x32 Version: 2.405) MyWinLocker (x32 Version: 3.1.76.0) Nero 7 Ultra Edition (x32 Version: 7.02.0936) NJStar Chinese WP (x32 Version: 5.30) No23 Recorder (x32 Version: 2.1.0.3) Norton Online Backup (x32 Version: 1.2.0.36) NTI Backup Now 5 (x32 Version: 5.1.2.627) NTI Backup Now Standard (x32 Version: 5.1.2.627) NTI Media Maker 8 (x32 Version: 8.0.12.6623) Opera 11.51 (x32 Version: 11.51) Paint.NET v3.5.10 (Version: 3.60.0) PandoraRecovery (Remove Only) (x32) PC Inspector File Recovery (x32 Version: 4.0) PCSX2 - Playstation 2 Emulator (x32) PDF24 Creator 4.9.0 (x32) PhotoScape (x32) PrimaScan 2400U (x32) Project64 1.6 (x32 Version: 1.6) QuickTime (x32 Version: 7.73.80.64) Real Alternative 2.0.2 (x32 Version: 2.0.2) RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0) RealPlayer (x32 Version: 15.0.6) Realtek High Definition Audio Driver (x32 Version: 6.0.1.5969) RealUpgrade 1.1 (x32 Version: 1.1.0) Recuva (Version: 1.39) Redtube Video Downloader 3.27 (x32) Revo Uninstaller 1.94 (x32 Version: 1.94) Roadkil's Unstoppable Copier Version 5.2 (x32) Sony Ericsson PC Companion 1.60.13 (x32 Version: 1.60.13) Sony Ericsson Update Service (x32 Version: 2.11.7.13) SoulSeek 157 NS 13e (x32) Stamp ID3 Tag Editor (x32) StuffIt Expander 2011 (Version: 15.0.1.17) Super Luigi (x32) Super Mario Combat (x32) SWFPlayer 2.6.2.0 (x32 Version: 2.6.2.0) Ultimate Sonic (x32) UltraISO Premium V9.53 (x32) Uninstall 1.0.0.1 (x32) Update for 2007 Microsoft Office System (KB967642) (x32) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1) Update for Microsoft Office 2007 Help for Common Features (KB963673) (x32) Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition (x32) Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition (x32) Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32) Update for Microsoft Office Excel 2007 Help (KB963678) (x32) Update for Microsoft Office OneNote 2007 Help (KB963670) (x32) Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (x32) Update for Microsoft Office Powerpoint 2007 Help (KB963669) (x32) Update for Microsoft Office Script Editor Help (KB963671) (x32) Update for Microsoft Office Word 2007 Help (KB963665) (x32) Update für Microsoft Office Excel 2007 Help (KB963678) (x32) Update für Microsoft Office Outlook 2007 Help (KB963677) (x32) Update für Microsoft Office Powerpoint 2007 Help (KB963669) (x32) Update für Microsoft Office Word 2007 Help (KB963665) (x32) Visual C++ 9.0 CRT (x86) WinSXS MSM (x32 Version: 9.0) VLC media player 2.0.5 (Version: 2.0.5) WaveLab 6 (x32 Version: 6.1.1.353) Welcome Center (x32 Version: 1.00.3008) Western Railway 3D Screensaver 1.0 (x32 Version: 1.0) Windows Live Anmelde-Assistent (x32 Version: 5.000.818.5) Windows Live Call (x32 Version: 14.0.8064.0206) Windows Live Communications Platform (x32 Version: 14.0.8064.206) Windows Live Essentials (x32 Version: 14.0.8089.0726) Windows Live Essentials (x32 Version: 14.0.8089.726) Windows Live Fotogalerie (x32 Version: 14.0.8081.709) Windows Live Mail (x32 Version: 14.0.8089.0726) Windows Live Messenger (x32 Version: 14.0.8089.0726) Windows Live Movie Maker (x32 Version: 14.0.8091.0730) Windows Live Sync (x32 Version: 14.0.8089.726) Windows Live Writer (x32 Version: 14.0.8089.0726) Windows Live-Uploadtool (x32 Version: 14.0.8014.1029) Windows Utils (x32) WinISO (x32 Version: 6.2.0.4561) WinPcap 4.1.2 (x32 Version: 4.1.0.2001) WinRAR XSManager (x32 Version: 3.0) ==================== Restore Points ========================= 06-08-2013 09:31:41 Windows Update ==================== Hosts content: ========================== 2009-07-14 04:34 - 2013-02-07 16:31 - 00000944 ____N C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 activation.cloud.techsmith.com 127.0.0.1 lmlicenses.wip4.adobe.com ==================== Scheduled Tasks (whitelisted) ============= Task: {1CD23554-B33D-46FF-916C-325F9F27F1CA} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2466762564-940141292-4185495133-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-07-27] (RealNetworks, Inc.) Task: {26185D45-5F8C-4C0D-B0BB-63D41852AF5D} - System32\Tasks\AdobeFlashPlayerUpdate => C:\Windows\SysWOW64\FlashPlayerUpdateService.exe No File Task: {26F55283-5C09-489E-BB12-4E7B20EAA129} - System32\Tasks\NCH Swift Sound\ivmShakeIcon => C:\Program Files (x86)\NCH Swift Sound\IVM\IVM.exe [2011-01-03] (NCH Software) Task: {2A2C732F-C72B-4977-BC8C-ED4D3B8B0DF0} - System32\Tasks\Red Giant Link => C:\Program Files (x86)\Red Giant Link\Common\Red Giant Link.exe [2012-06-25] () Task: {463FC5CA-DEBB-44CD-BB16-5F371308683D} - System32\Tasks\GoforFilesUpdate => C:\Program Files (x86)\GoforFiles\GFFUpdater.exe No File Task: {58855AB7-D989-4402-B41C-906C98816BAC} - System32\Tasks\BrowserDefendert => C:\Windows\system32\sc.exe [2009-07-14] (Microsoft Corporation) Task: {63C53241-09EA-4F28-AE0F-A4396E9440FA} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2466762564-940141292-4185495133-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-07-27] (RealNetworks, Inc.) Task: {6A7F103C-4524-4BC0-8764-3D7A5A14F726} - System32\Tasks\DealPlyUpdate => C:\Program Files (x86)\DealPly\DealPlyUpdate.exe No File Task: {78D09616-92E4-4F01-A244-1760B79B081C} - System32\Tasks\AdobeAAMUpdater-1.0-And-PC-And => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04] (Adobe Systems Incorporated) Task: {97644A33-D20B-4900-B503-56C6D96752BF} - System32\Tasks\EPUpdater => C:\Users\And\AppData\Roaming\BABSOL~1\Shared\BabMaint.exe No File Task: {A238C6CC-6F3B-4D21-866B-38FC99EAE2BF} - System32\Tasks\DealPly => C:\Users\And\AppData\Roaming\DealPly\UPDATE~1\UPDATE~1.EXE No File Task: {A4342C0D-B7D6-4CEE-9621-9B6CEC5279C0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-23] (Google Inc.) Task: {AAE87F3E-E936-47FF-AFBA-F50BFB764974} - System32\Tasks\schedule!3036567561 => C:\ProgramData\BetterSoft\OptimizerPro\OptimizerPro.exe No File Task: {ABDF708E-3A66-4B3F-A63C-383F08C48EB5} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-07-22] (Piriform Ltd) Task: {AD4643DF-A225-4F86-8E54-0DB89C6426DA} - System32\Tasks\AdobeFlashPlayerUpdate 2 => C:\Windows\SysWOW64\FlashPlayerUpdateService.exe No File Task: {AF61EF2A-880F-4659-8AA3-7D11152B6A37} - System32\Tasks\NCH Software\StampReminder => C:\Program Files (x86)\NCH Software\Stamp\Stamp.exe [2012-06-02] (NCH Software) Task: {B25AA450-1194-4CFA-95C8-91284517A395} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-23] (Microsoft Corporation) Task: {B2EC01C0-68F2-4523-8374-84CBEC6E8AE6} - \Browser Updater\Browser Updater No Task File Task: {C7D66695-B35A-40CB-A5F0-09540CBA3B53} - System32\Tasks\Express FilesUpdate => C:\Program Files (x86)\ExpressFiles\EFUpdater.exe No File Task: {D2998863-EAE5-4B9E-9913-B17B7FAA996F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-23] (Google Inc.) Task: {E3C4397C-658D-45B8-8BA6-434F5065DC97} - System32\Tasks\Go for FilesUpdate => C:\Program Files (x86)\GoforFiles\GFFUpdater.exe No File Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\schedule!3036567561.job => C:\ProgramData\BetterSoft\OptimizerPro\OptimizerPro.exe ==================== Faulty Device Manager Devices ============= Name: pcouffin device ... Description: pcouffin device ... Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (08/06/2013 11:59:14 AM) (Source: MsiInstaller) (User: NT-AUTORITÄT) Description: Product: Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 -- Error 1935.An error occurred during the installation of assembly 'Microsoft.VC90.MFC,version="9.0.30729.6161",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="amd64",type="win32"'. Please refer to Help and Support for more information. HRESULT: 0x80070BC9. assembly interface: IAssemblyCacheItem, function: Commit, component: {66D3DCA5-4396-3023-BB22-E980C88CBE12} Error: (08/06/2013 10:33:57 AM) (Source: Microsoft-Windows-CAPI2) (User: ) Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error: (08/06/2013 10:33:29 AM) (Source: Microsoft-Windows-CAPI2) (User: ) Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error: (08/06/2013 10:33:24 AM) (Source: Microsoft-Windows-CAPI2) (User: ) Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error: (08/06/2013 10:33:20 AM) (Source: Microsoft-Windows-CAPI2) (User: ) Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error: (08/06/2013 10:32:29 AM) (Source: Microsoft-Windows-CAPI2) (User: ) Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error: (08/06/2013 10:32:25 AM) (Source: Microsoft-Windows-CAPI2) (User: ) Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error: (08/06/2013 10:32:20 AM) (Source: Microsoft-Windows-CAPI2) (User: ) Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error: (08/06/2013 10:31:39 AM) (Source: Microsoft-Windows-CAPI2) (User: ) Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error: (08/06/2013 03:59:20 AM) (Source: Windows Search Service) (User: ) Description: Die Leistungsüberwachung für den Gatherer-Dienst kann nicht initialisiert werden, da die Datenquellen nicht geladen sind oder das freigegebene Speicherobjekt nicht geöffnet werden konnte. Dies beeinträchtigt lediglich die Verfügbarkeit der Leistungsindikatoren. Starten Sie den Computer erneut. Kontext: Anwendung, SystemIndex Katalog System errors: ============= Error: (08/06/2013 01:56:30 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT) Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x800705b4 fehlgeschlagen: Update für Windows 7 für x64-Systeme (KB2661254) Error: (08/06/2013 01:38:26 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT) Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x800705b4 fehlgeschlagen: Sicherheitsupdate für Microsoft .NET Framework 3.5.1 unter Windows 7 und Windows Server 2008 R2 für x64-basierte Systeme (KB2742598) Error: (08/06/2013 01:38:26 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT) Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x800705b4 fehlgeschlagen: Update für Windows 7 für x64-Systeme (KB2647753) Error: (08/06/2013 01:38:26 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT) Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x800705b4 fehlgeschlagen: Sicherheitsupdate für Windows 7 für x64-basierte Systeme (KB2644615) Error: (08/06/2013 01:38:25 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT) Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x800705b4 fehlgeschlagen: Sicherheitsupdate für Windows 7 für x64-Systeme (KB2698365) Error: (08/06/2013 01:38:25 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT) Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x800705b4 fehlgeschlagen: Sicherheitsupdate für Windows 7 für x64-basierte Systeme (KB2813170) Error: (08/06/2013 01:38:25 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT) Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x800705b4 fehlgeschlagen: Sicherheitsupdate für Windows 7 für x64-basierte Systeme (KB2660649) Error: (08/06/2013 01:38:25 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT) Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x800705b4 fehlgeschlagen: Sicherheitsupdate für Windows 7 für x64-basierte Systeme (KB2619339) Error: (08/06/2013 01:38:25 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT) Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x800705b4 fehlgeschlagen: Sicherheitsupdate für Windows 7 für x64-basierte Systeme (KB2564958) Error: (08/06/2013 01:38:25 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT) Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x800705b4 fehlgeschlagen: Sicherheitsupdate für Windows 7 für x64-basierte Systeme (KB2511455) Microsoft Office Sessions: ========================= ==================== Memory info =========================== Percentage of memory in use: 49% Total physical RAM: 3956.5 MB Available physical RAM: 2009.52 MB Total Pagefile: 6379.97 MB Available Pagefile: 4155.43 MB Total Virtual: 8192 MB Available Virtual: 8191.82 MB ==================== Drives ================================ Drive c: (ACER) (Fixed) (Total:286.27 GB) (Free:4.68 GB) NTFS (Disk=0 Partition=3) ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298 GB) (Disk ID: 5CCE5CCE) Partition 1: (Not Active) - (Size=12 GB) - (Type=27) Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=286 GB) - (Type=07 NTFS) ==================== End Of Log ============================ |
|
06.08.2013, 13:39
| #4 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Malware http://www_getwindowinfo/ läßt sich nicht entfernenZitat:
Aus welcher Quelle stammt dein Adobe CS6?
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
06.08.2013, 14:15
| #5 |
| | Malware http://www_getwindowinfo/ läßt sich nicht entfernen das habe ich mal von einem Bekannten zur Bild und Videobearbeitung bekommen |
|
06.08.2013, 14:18
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Malware http://www_getwindowinfo/ läßt sich nicht entfernen Also ne illegale/gecrackte Geschichte. Bitte lesen => http://www.trojaner-board.de/95393-c...-software.html Es geht weiter wenn du alles Illegale entfernt hast. Bei wiederholten Crack/Keygen Verstößen behalte ich es mir vor, den Support einzustellen, d.h. Hilfe nur noch bei der Datensicherung und Neuinstallation des Betriebssystems.
__________________ --> Malware http://www_getwindowinfo/ läßt sich nicht entfernen |
|
06.08.2013, 14:41
| #7 |
| | Malware http://www_getwindowinfo/ läßt sich nicht entfernen ok habe alles runtergeschmissen.Soll ich nochmal nen scan machen? |
|
06.08.2013, 14:42
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Malware http://www_getwindowinfo/ läßt sich nicht entfernen ja, neues Log mit FRST bittre
__________________ Logfiles bitte immer in CODE-Tags posten |
|
06.08.2013, 14:50
| #9 |
| | Malware http://www_getwindowinfo/ läßt sich nicht entfernen FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-08-2013
Ran by And (administrator) on 06-08-2013 15:45:39
Running from C:\Users\And\Downloads
Windows 7 Home Premium (X64) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\system32\atiesrxx.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
(Acer) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(4G Systems GmbH & Co. KG) C:\Windows\service4g.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(AlcorMicro Co., Ltd.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apntex.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\HidFind.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
(Dropbox, Inc.) C:\Users\And\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Windows Net) C:\Users\And\AppData\Roaming\Windows Net Data\net.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
((주)마크애니) C:\Program Files (x86)\MarkAny\ContentSAFER\MAAgent.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
(Farbar) C:\Users\And\Downloads\FRST64(1).exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [AmIcoSinglun64] - C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [323072 2009-07-23] (AlcorMicro Co., Ltd.)
HKLM\...\Run: [IAAnotif] - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-05] (Intel Corporation)
HKLM\...\Run: [mwlDaemon] - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe [349480 2009-09-11] (Egis Technology Inc.)
HKLM\...\Run: [Apoint] - C:\Program Files\Apoint2K\Apoint.exe [295936 2009-05-22] (Alps Electric Co., Ltd.)
HKLM\...\Run: [Acer ePower Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [823840 2009-09-30] (Acer Incorporated)
HKCU\...\Run: [msnmsgr] - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [3883840 2009-07-26] (Microsoft Corporation)
HKCU\...\Run: [uTorrent] - "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED [x]
HKCU\...\Run: [MRDaemon.exe] - C:\Program Files (x86)\Mnet\QuickManager2\MRDaemon.exe [x]
HKCU\...\Run: [AdobeBridge] - [x]
HKCU\...\Run: [Eqxooqba] - C:\Users\And\AppData\Roaming\Toic\ytxoe.exe [x]
HKCU\...\Command Processor: "C:\Users\And\AppData\Local\Temp\lfxnbcwskkgdaillt.exe" <======= ATTENTION
HKCU\...\CurrentVersion\Windows: [Load] C:\Users\And\LOCALS~1\Temp\mswaqq.exe <===== ATTENTION!
MountPoints2: E - E:\HTC_Sync_Manager_PC.exe
MountPoints2: {0c0ac175-8f27-11e2-8d85-00262d83320a} - F:\HTC_Sync_Manager_PC.exe
MountPoints2: {23528b06-18fe-11df-b718-00262d83320a} - F:\LaunchU3.exe -a
MountPoints2: {6aba0b8d-5d6d-11e2-8da9-00262d83320a} - E:\HTC_Sync_Manager_PC.exe
MountPoints2: {b81641a4-6317-11e2-a7e1-00262d83320a} - E:\HTC_Sync_Manager_PC.exe
MountPoints2: {c7fe51d9-177d-11df-9573-00262d83320a} - E:\autorun.exe
MountPoints2: {ef840aab-4246-11e2-94d7-00262d83320a} - E:\HTC_Sync_Manager_PC.exe
HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [261888 2009-09-25] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [EgisTecLiveUpdate] - C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe [199464 2009-08-04] (Egis Technology Inc.)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-12-10] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [1094736 2009-11-02] (Dritek System Inc.)
HKLM-x32\...\Run: [ArcadeDeluxeAgent] - C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [419112 2009-10-29] (CyberLink Corp.)
HKLM-x32\...\Run: [IVM] - C:\Program Files (x86)\NCH Swift Sound\IVM\ivm.exe [1514500 2011-01-03] (NCH Software)
HKLM-x32\...\Run: [MAAgent] - C:\Program Files (x86)\MarkAny\ContentSAFER\MAAgent.exe [61440 2008-09-19] ((주)마크애니)
HKLM-x32\...\Run: [PDFPrint] - C:\Program Files (x86)\PDF24\pdf24.exe [162408 2012-09-06] (Geek Software GmbH)
HKLM-x32\...\Run: [TkBellExe] - C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [296096 2012-11-01] (RealNetworks, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [345144 2013-08-04] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162336 2009-07-08] ()
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162336 2009-07-08] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
Startup: C:\Users\And\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\And\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\And\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\net.lnk
ShortcutTarget: net.lnk -> C:\Users\And\AppData\Roaming\Windows Net Data\net.exe (Windows Net)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7740&r=27360210d006l0458z1h5t4471e56q
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7740&r=27360210d006l0458z1h5t4471e56q
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7740&r=27360210d006l0458z1h5t4471e56q
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7740&r=27360210d006l0458z1h5t4471e56q
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL =
SearchScopes: HKCU - ToolbarSearchProviderProgress {96bd48dd-741b-41ae-ac4a-aff96ba00f7e}
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: HomeTab - {ba696155-d96e-4281-b467-0367a0456474} - C:\Users\And\AppData\Roaming\HomeTab\HomeTab.dll No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - HomeTab - {ba696155-d96e-4281-b467-0367a0456474} - C:\Users\And\AppData\Roaming\HomeTab\HomeTab.dll No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKCU - No Name - {37483B40-C254-4A72-BDA4-22EE90182C1E} - No File
Handler: ipp - No CLSID Value -
Handler: msdaipp - No CLSID Value -
Handler-x32: ipp - No CLSID Value -
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler-x32: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler-x32: msdaipp - No CLSID Value -
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Acer\Acer VCM\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks-x32: ShellHook Class - {88485281-8b4b-4f8d-9ede-82e29a064277} - C:\PROGRA~2\MarkAny\CONTEN~1\MACSMA~1.DLL [192512 2004-11-23] (MarkAny Cooperation.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\And\AppData\Roaming\Mozilla\Firefox\Profiles\c4ua26qo.default
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.9.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.9.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=15.0.6.14 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=15.0.6.14 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.448 - C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=15.0.6.14 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [{0153E448-190B-4987-BDE1-F256CADA672F}] C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF HKCU\...\Firefox\Extensions: [{9A207F60-3F1C-4ED0-972D-0A4CDFBFF803}] C:\Users\And\AppData\Roaming\13001.023
FF Extension: Java Link Helper - C:\Users\And\AppData\Roaming\13001.023
FF StartMenuInternet: FIREFOX.EXE - firefox.exe
Chrome:
=======
CHR Extension: (Google Docs) - C:\Users\And\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\And\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (Freemake Video Downloader) - C:\Users\And\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpegkgagfojjbcpkihigfmkojdmmimdf\1.0.0_0
CHR Extension: (Freemake Youtube Download Button) - C:\Users\And\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehgldbbpchgpcfagfpfjgoomddhccfgh\1.0.0_0
CHR Extension: () - C:\Users\And\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmlgoencnlndpglbocajlimaikjohmab\background.html
CHR Extension: (Hedgehog in the fog) - C:\Users\And\AppData\Local\Google\Chrome\User Data\Default\Extensions\haocganpkafanhkfldbbmhcpaelmkejg\3_0
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\And\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0
CHR Extension: (Gmail) - C:\Users\And\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [fgibjgmnimooanbagcfpnkmngejcojaf] - C:\Program Files (x86)\HomeTab\chrome\HomeTab.crx
CHR HKLM-x32\...\Chrome\Extension: [hempmfkijmahkaddljkmchcmjbojoedl] - C:\Users\And\AppData\Local\Temp\ccex.crx
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx
CHR HKLM-x32\...\Chrome\Extension: [mbcjjdjanpccmehilicphhmeobiljcpk] - C:\Program Files (x86)\FTDownloader.com\FTDownloader10.crx
CHR StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-08-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-08-04] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [589368 2013-08-04] (Avira Operations GmbH & Co. KG)
R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [101888 2013-07-17] (Freemake)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [109352 2013-08-06] (SurfRight B.V.)
S2 IVMService; C:\Program Files (x86)\NCH Swift Sound\IVM\ivm.exe [1514500 2011-01-03] (NCH Software)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MWLService; C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [305448 2009-09-11] (Egis Technology Inc.)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2012-10-08] ()
R2 RS_Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [253952 2009-07-10] (Acer Incorporated)
S3 SXDS10; C:\Program Files (x86)\Common Files\soft Xpansion\sxds10.exe [234096 2013-08-04] (soft Xpansion)
R2 XS Stick Service; C:\Windows\service4g.exe [125200 2009-06-17] (4G Systems GmbH & Co. KG)
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-08-04] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-08-04] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-08-04] (Avira Operations GmbH & Co. KG)
S3 cmnsusbser; C:\Windows\System32\DRIVERS\cmnsusbser.sys [117888 2010-02-13] (Mobile Connector)
R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115600 2010-01-29] (EZB Systems, Inc.)
R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115600 2010-01-29] (EZB Systems, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [871408 2013-02-28] ()
R2 WinisoCDBus; C:\Windows\System32\drivers\WinisoCDBus.sys [204032 2012-06-27] (WinISO.com)
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-08-06 13:57 - 2013-08-06 13:57 - 01788685 _____ (Farbar) C:\Users\And\Downloads\FRST64(1).exe
2013-08-06 10:45 - 2013-08-06 10:45 - 00000818 _____ C:\Windows\PFRO.log
2013-08-06 10:20 - 2013-08-06 10:21 - 00001652 _____ C:\Users\And\Desktop\adwcleanert.txt
2013-08-06 10:12 - 2013-08-06 10:16 - 00001652 _____ C:\AdwCleaner[S5].txt
2013-08-06 02:55 - 2013-08-06 02:59 - 00004638 _____ C:\Windows\IE9_main.log
2013-08-06 01:17 - 2013-08-06 01:17 - 00000000 ____D C:\Windows\ERUNT
2013-08-06 01:16 - 2013-08-06 01:16 - 00003098 _____ C:\Windows\System32\Tasks\{3B137DB0-EE93-4304-A1D5-E1245BE95ABB}
2013-08-06 01:15 - 2013-08-06 01:15 - 00562008 _____ (Oleg N. Scherbakov) C:\Users\And\Desktop\JRT.exe
2013-08-06 01:11 - 2013-08-06 14:13 - 00027371 _____ C:\Users\And\Downloads\Addition.txt
2013-08-06 01:10 - 2013-08-06 01:10 - 00000000 ____D C:\FRST
2013-08-06 01:09 - 2013-08-06 01:09 - 01788685 _____ (Farbar) C:\Users\And\Downloads\FRST64.exe
2013-08-06 01:02 - 2013-08-06 01:02 - 00001326 _____ C:\Windows\system32\.crusader
2013-08-06 00:49 - 2013-08-06 00:49 - 00001869 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2013-08-06 00:49 - 2013-08-06 00:49 - 00000000 ____D C:\Program Files\HitmanPro
2013-08-06 00:48 - 2013-08-06 01:03 - 00000000 ____D C:\ProgramData\HitmanPro
2013-08-06 00:47 - 2013-08-06 00:48 - 09853928 _____ (SurfRight B.V.) C:\Users\And\Downloads\HitmanPro_x64.exe
2013-08-06 00:35 - 2013-08-06 00:38 - 00001757 _____ C:\AdwCleaner[S4].txt
2013-08-06 00:29 - 2013-08-06 15:03 - 00000448 _____ C:\Windows\setupact.log
2013-08-06 00:29 - 2013-08-06 00:29 - 00000000 _____ C:\Windows\setuperr.log
2013-08-06 00:10 - 2013-08-06 00:10 - 01093032 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll
2013-08-06 00:10 - 2013-08-06 00:10 - 00972712 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll
2013-08-06 00:10 - 2013-08-06 00:10 - 00312232 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-08-06 00:10 - 2013-08-06 00:10 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-08-06 00:10 - 2013-08-06 00:10 - 00188840 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-08-06 00:10 - 2013-08-06 00:10 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-08-06 00:10 - 2013-08-06 00:10 - 00000000 ____D C:\Program Files\Java
2013-08-06 00:08 - 2013-08-06 00:09 - 33150376 _____ (Oracle Corporation) C:\Users\And\Downloads\jre-7u25-windows-x64.exe
2013-08-05 23:59 - 2013-08-05 23:59 - 00001983 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-08-05 23:53 - 2013-08-05 23:55 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-08-05 23:53 - 2013-08-05 23:55 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-08-05 23:52 - 2011-04-09 08:58 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2013-08-05 23:52 - 2011-04-09 07:56 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2013-08-05 23:20 - 2012-02-11 08:36 - 00751104 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2013-08-05 23:20 - 2012-02-11 08:32 - 00956416 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2013-08-05 23:20 - 2012-02-11 08:29 - 00559104 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe
2013-08-05 23:20 - 2012-02-11 08:29 - 00067584 _____ (Microsoft Corporation) C:\Windows\splwow64.exe
2013-08-05 23:20 - 2012-02-11 07:44 - 00492032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-08-05 23:19 - 2012-06-02 07:25 - 01462784 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-05 23:19 - 2012-06-02 07:25 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-05 23:19 - 2012-06-02 07:25 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-05 23:19 - 2012-06-02 06:45 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-05 23:19 - 2012-06-02 06:45 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-05 23:19 - 2012-06-02 06:45 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-05 23:18 - 2011-11-19 17:07 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2013-08-05 23:18 - 2011-11-19 16:06 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2013-08-05 23:00 - 2013-08-05 23:00 - 00002768 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2013-08-05 23:00 - 2013-08-05 23:00 - 00000786 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-08-05 23:00 - 2013-08-05 23:00 - 00000000 ____D C:\Program Files\CCleaner
2013-08-05 22:58 - 2013-08-05 22:58 - 04429440 _____ (Piriform Ltd) C:\Users\And\Downloads\ccsetup404.exe
2013-08-05 22:40 - 2012-06-03 00:19 - 02428952 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2013-08-05 22:40 - 2012-06-03 00:19 - 00057880 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2013-08-05 22:40 - 2012-06-03 00:19 - 00044056 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2013-08-05 22:40 - 2012-06-03 00:15 - 02622464 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2013-08-05 22:39 - 2012-06-02 15:19 - 00186752 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2013-08-05 22:39 - 2012-06-02 15:15 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2013-08-05 16:22 - 2013-08-05 16:23 - 00000000 ____D C:\Windows\8AE3CFB678B24F55A7BE618FCFF43A03.TMP
2013-08-05 15:14 - 2013-08-05 15:14 - 00000000 _____ C:\autoexec.bat
2013-08-05 14:33 - 2013-08-05 14:33 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-08-05 14:25 - 2013-08-05 14:25 - 05799944 _____ (ParetoLogic, Inc.) C:\Users\And\Downloads\RegCureProSetup_RW.exe
2013-08-05 14:25 - 2013-08-05 14:25 - 00726464 _____ (Enigma Software Group USA, LLC.) C:\Users\And\Downloads\SpyHunter-Installer.exe
2013-08-05 14:25 - 2013-08-05 14:25 - 00001205 _____ C:\Users\And\Downloads\FixNCR.reg
2013-08-05 11:10 - 2013-08-05 11:10 - 00001545 _____ C:\AdwCleaner[S3].txt
2013-08-05 11:07 - 2013-08-05 11:09 - 00001483 _____ C:\AdwCleaner[R3].txt
2013-08-04 22:19 - 2013-08-06 00:18 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-08-04 22:19 - 2013-08-04 23:00 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-08-04 22:19 - 2013-08-04 22:19 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2013-08-04 22:17 - 2013-08-04 22:18 - 37672592 _____ (Safer-Networking Ltd. ) C:\Users\And\Downloads\spybotsd-2.1.21-SR2.exe
2013-08-04 20:09 - 2013-08-04 20:09 - 00001951 _____ C:\AdwCleaner[S2].txt
2013-08-04 20:07 - 2013-08-04 20:09 - 00001883 _____ C:\AdwCleaner[R2].txt
2013-08-04 20:02 - 2013-08-04 20:02 - 00052900 _____ C:\AdwCleaner[S1].txt
2013-08-04 20:01 - 2013-08-04 19:59 - 00666633 _____ C:\Users\And\Desktop\adwcleaner06.exe
2013-08-04 20:00 - 2013-08-04 20:01 - 00193497 _____ C:\AdwCleaner[R1].txt
2013-08-04 19:59 - 2013-08-04 19:59 - 00666633 _____ C:\Users\And\Downloads\adwcleaner06.exe
2013-08-04 16:04 - 2013-08-04 16:04 - 00000116 _____ C:\Users\And\AppData\Roaming\wklnhst.dat
2013-08-04 16:04 - 2013-08-04 16:04 - 00000000 ____D C:\Users\And\AppData\Roaming\Template
2013-08-04 15:38 - 2013-08-04 15:38 - 00010464 _____ C:\Windows\SysWOW64\sx_p2d.tlb
2013-08-04 15:38 - 2013-08-04 15:38 - 00000000 ____D C:\Users\And\Downloads\freepdf
2013-08-04 15:38 - 2013-08-04 15:38 - 00000000 ____D C:\SoftwareUpdater
2013-08-04 15:36 - 2013-08-05 01:58 - 00000000 ____D C:\Windows\System32\Tasks\Browser Updater
2013-08-04 15:36 - 2013-08-01 03:08 - 00032328 _____ C:\Windows\Launcher.exe
2013-08-04 15:35 - 2013-08-04 15:47 - 00000000 ____D C:\Users\And\AppData\Roaming\Windows Net Data
2013-08-04 15:32 - 2013-08-04 15:32 - 00444400 _____ C:\Users\And\Downloads\DLG_free-pdf-perfect_chip_de-DE10.exe
2013-08-04 10:25 - 2013-08-04 10:25 - 00000000 ____D C:\Users\And\AppData\Roaming\Avira
2013-08-04 10:20 - 2013-08-04 10:20 - 00083672 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-08-04 10:19 - 2013-08-04 10:19 - 00001998 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-08-04 10:18 - 2013-08-04 10:18 - 00000000 ____D C:\Program Files (x86)\Avira
2013-08-04 10:18 - 2013-08-04 10:10 - 00130016 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-08-04 10:18 - 2013-08-04 10:10 - 00100712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-08-04 10:18 - 2013-08-04 10:10 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-07-30 20:39 - 2013-07-30 20:39 - 00003436 _____ C:\Windows\System32\Tasks\BrowserDefendert
2013-07-30 20:26 - 2013-07-30 20:26 - 00000000 ____D C:\Users\TigerBlade\AppData\Roaming\Malwarebytes
2013-07-30 12:56 - 2013-07-30 12:56 - 00000000 ____D C:\Users\And\AppData\Roaming\www.rene-zeidler.de
2013-07-30 12:56 - 2013-07-30 12:56 - 00000000 ____D C:\Users\And\AppData\Local\www.rene-zeidler.de
2013-07-30 12:56 - 2013-07-30 12:56 - 00000000 ____D C:\ProgramData\www.rene-zeidler.de
2013-07-29 21:48 - 2013-07-29 21:48 - 00003376 _____ C:\Windows\System32\Tasks\EPUpdater
2013-07-29 21:47 - 2013-07-29 21:47 - 00001324 _____ C:\Users\Public\Desktop\Freemake Audio Converter.lnk
2013-07-29 21:46 - 2013-07-29 21:46 - 01264816 _____ (Ellora Assets Corporation ) C:\Users\And\Downloads\FreemakeAudioConverterSetup(1).exe
2013-07-29 21:28 - 2013-07-29 21:28 - 01111837 _____ (PolySoft Solutions ) C:\Users\And\Downloads\FreeFLACToMP3Converter.exe
2013-07-29 21:22 - 2013-07-29 21:25 - 93548569 _____ C:\Users\And\Downloads\Rabentour2.zip
2013-07-29 18:55 - 2013-07-29 19:02 - 38760251 _____ C:\Users\And\Downloads\ffactory3_install [1].exe
2013-07-29 18:54 - 2013-07-29 18:54 - 00620896 _____ C:\Users\And\Downloads\ffactory3_install.exe
2013-07-29 18:34 - 2013-07-29 18:34 - 00001297 _____ C:\Users\And\Desktop\AVS4YOU Software Navigator.lnk
2013-07-29 18:32 - 2013-07-29 18:33 - 46406640 _____ (Online Media Technologies Ltd. ) C:\Users\And\Downloads\avs-audio-converter_19024.exe
2013-07-26 09:10 - 2013-07-26 09:10 - 00033692 _____ C:\Users\And\Downloads\masterplan_soulburn.gp4
2013-07-26 08:09 - 2013-07-26 08:10 - 00000000 ____D C:\Users\And\Desktop\Mastering
2013-07-24 11:47 - 2013-07-24 11:47 - 00408697 _____ C:\Users\And\Downloads\Outlook.zip
2013-07-23 22:05 - 2013-07-23 22:05 - 00000000 ____D C:\Users\And\Documents\My Stationery
2013-07-23 22:03 - 2013-07-23 22:03 - 00009258 _____ C:\Users\And\Downloads\Delivery Status Notification (Failure).zip
2013-07-21 20:09 - 2013-07-22 21:17 - 95023320 ____T C:\ProgramData\ininolej.pad
2013-07-21 20:09 - 2013-07-22 21:17 - 00000000 _____ C:\ProgramData\g252qs.txt
2013-07-21 20:09 - 2013-07-21 20:09 - 00002731 _____ C:\ProgramData\ininolej.js
2013-07-21 20:09 - 2013-07-21 20:09 - 00001011 _____ C:\ProgramData\sdaksda.txt
2013-07-21 20:09 - 2013-07-21 20:09 - 00000154 _____ C:\ProgramData\ininolej.reg
2013-07-21 20:09 - 2013-07-21 20:09 - 00000059 _____ C:\ProgramData\ininolej.bat
2013-07-12 18:50 - 2013-07-12 18:50 - 00614400 _____ C:\Users\And\Downloads\The_xx-Coexist-2012-pLAN9(1).rar.part
2013-07-12 18:50 - 2013-07-12 18:50 - 00000000 _____ C:\Users\And\Downloads\The_xx-Coexist-2012-pLAN9(1).rar
2013-07-11 13:48 - 2013-07-11 14:08 - 60423352 _____ C:\Users\And\Downloads\The_xx-Coexist-2012-pLAN9.rar
2013-07-09 15:49 - 2013-07-09 15:49 - 00000162 _____ C:\ProgramData\wavav0bdtzbtb43b.reg
2013-07-09 15:49 - 2013-07-09 15:49 - 00000067 _____ C:\ProgramData\wavav0bdtzbtb43b.bat
140
==================== One Month Modified Files and Folders =======
2013-08-06 15:45 - 2009-07-14 05:20 - 00000000 ____D C:\Users\Default
2013-08-06 15:36 - 2009-11-05 05:32 - 00000000 ____D C:\Program Files (x86)\Acer GameZone
2013-08-06 15:35 - 2011-03-01 15:42 - 00000000 ____D C:\Users\And\AppData\Roaming\Guitar Pro 6
2013-08-06 15:34 - 2012-12-12 22:52 - 00000000 ____D C:\Users\TigerBlade
2013-08-06 15:34 - 2011-03-25 23:15 - 00000000 ____D C:\Users\Andicore
2013-08-06 15:33 - 2012-12-12 23:22 - 00000000 ____D C:\Program Files (x86)\QuickTime
2013-08-06 15:26 - 2012-05-24 18:43 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-08-06 15:26 - 2012-05-24 18:41 - 00000000 ____D C:\Program Files\Adobe
2013-08-06 15:25 - 2009-11-05 02:38 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-08-06 15:14 - 2009-07-14 06:45 - 00017376 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-06 15:14 - 2009-07-14 06:45 - 00017376 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-06 15:08 - 2011-01-03 00:44 - 00000000 ____D C:\Windows\System32\Tasks\NCH Swift Sound
2013-08-06 15:07 - 2013-04-12 14:29 - 00000000 ____D C:\Users\And\AppData\Roaming\Dropbox
2013-08-06 15:06 - 2013-03-16 19:55 - 00000412 ____H C:\Windows\Tasks\schedule!3036567561.job
2013-08-06 15:06 - 2013-02-23 10:21 - 00001104 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-06 15:06 - 2013-02-23 10:21 - 00001100 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-06 15:06 - 2010-02-28 16:16 - 00000125 ___SH C:\ProgramData\.zreglib
2013-08-06 15:04 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-06 15:03 - 2013-08-06 00:29 - 00000448 _____ C:\Windows\setupact.log
2013-08-06 15:02 - 2010-01-24 08:37 - 01931339 _____ C:\Windows\WindowsUpdate.log
2013-08-06 14:13 - 2013-08-06 01:11 - 00027371 _____ C:\Users\And\Downloads\Addition.txt
2013-08-06 13:58 - 2012-10-11 15:21 - 00000193 _____ C:\Windows\WORDPAD.INI
2013-08-06 13:57 - 2013-08-06 13:57 - 01788685 _____ (Farbar) C:\Users\And\Downloads\FRST64(1).exe
2013-08-06 10:45 - 2013-08-06 10:45 - 00000818 _____ C:\Windows\PFRO.log
2013-08-06 10:21 - 2013-08-06 10:20 - 00001652 _____ C:\Users\And\Desktop\adwcleanert.txt
2013-08-06 10:16 - 2013-08-06 10:12 - 00001652 _____ C:\AdwCleaner[S5].txt
2013-08-06 09:50 - 2012-11-01 10:26 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-08-06 09:50 - 2012-11-01 10:26 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-08-06 04:17 - 2010-01-24 17:29 - 00663842 _____ C:\Windows\system32\perfh007.dat
2013-08-06 04:17 - 2010-01-24 17:29 - 00135078 _____ C:\Windows\system32\perfc007.dat
2013-08-06 04:17 - 2009-07-14 07:13 - 01547226 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-06 03:59 - 2009-11-05 05:21 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-08-06 02:59 - 2013-08-06 02:55 - 00004638 _____ C:\Windows\IE9_main.log
2013-08-06 02:42 - 2009-11-05 05:23 - 00000000 ____D C:\Program Files (x86)\Microsoft Works
2013-08-06 02:21 - 2009-07-14 04:34 - 00000510 _____ C:\Windows\win.ini
2013-08-06 01:17 - 2013-08-06 01:17 - 00000000 ____D C:\Windows\ERUNT
2013-08-06 01:16 - 2013-08-06 01:16 - 00003098 _____ C:\Windows\System32\Tasks\{3B137DB0-EE93-4304-A1D5-E1245BE95ABB}
2013-08-06 01:15 - 2013-08-06 01:15 - 00562008 _____ (Oleg N. Scherbakov) C:\Users\And\Desktop\JRT.exe
2013-08-06 01:10 - 2013-08-06 01:10 - 00000000 ____D C:\FRST
2013-08-06 01:09 - 2013-08-06 01:09 - 01788685 _____ (Farbar) C:\Users\And\Downloads\FRST64.exe
2013-08-06 01:03 - 2013-08-06 00:48 - 00000000 ____D C:\ProgramData\HitmanPro
2013-08-06 01:02 - 2013-08-06 01:02 - 00001326 _____ C:\Windows\system32\.crusader
2013-08-06 00:49 - 2013-08-06 00:49 - 00001869 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2013-08-06 00:49 - 2013-08-06 00:49 - 00000000 ____D C:\Program Files\HitmanPro
2013-08-06 00:48 - 2013-08-06 00:47 - 09853928 _____ (SurfRight B.V.) C:\Users\And\Downloads\HitmanPro_x64.exe
2013-08-06 00:38 - 2013-08-06 00:35 - 00001757 _____ C:\AdwCleaner[S4].txt
2013-08-06 00:29 - 2013-08-06 00:29 - 00000000 _____ C:\Windows\setuperr.log
2013-08-06 00:18 - 2013-08-04 22:19 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-08-06 00:16 - 2010-04-01 03:10 - 00001768 _____ C:\Windows\wininit.ini
2013-08-06 00:10 - 2013-08-06 00:10 - 01093032 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll
2013-08-06 00:10 - 2013-08-06 00:10 - 00972712 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll
2013-08-06 00:10 - 2013-08-06 00:10 - 00312232 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-08-06 00:10 - 2013-08-06 00:10 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-08-06 00:10 - 2013-08-06 00:10 - 00188840 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-08-06 00:10 - 2013-08-06 00:10 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-08-06 00:10 - 2013-08-06 00:10 - 00000000 ____D C:\Program Files\Java
2013-08-06 00:09 - 2013-08-06 00:08 - 33150376 _____ (Oracle Corporation) C:\Users\And\Downloads\jre-7u25-windows-x64.exe
2013-08-06 00:00 - 2010-03-24 16:00 - 00000000 ____D C:\Users\And\AppData\Local\Adobe
2013-08-05 23:59 - 2013-08-05 23:59 - 00001983 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-08-05 23:59 - 2009-11-05 02:38 - 00000000 ____D C:\ProgramData\Adobe
2013-08-05 23:55 - 2013-08-05 23:53 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-08-05 23:55 - 2013-08-05 23:53 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-08-05 23:32 - 2013-02-25 00:02 - 00482816 ___SH C:\Users\And\Desktop\Thumbs.db
2013-08-05 23:17 - 2011-10-16 02:41 - 00000000 ____D C:\Users\And\AppData\Roaming\Vso
2013-08-05 23:17 - 2010-09-02 01:53 - 00000000 ____D C:\Users\And\AppData\Roaming\Media Player Classic
2013-08-05 23:17 - 2010-02-18 12:22 - 00000000 ____D C:\Users\And\Tracing
2013-08-05 23:10 - 2012-12-13 14:44 - 00000000 ____D C:\Users\And\AppData\Local\CrashDumps
2013-08-05 23:10 - 2009-07-27 22:41 - 00000000 ____D C:\Windows\Panther
2013-08-05 23:00 - 2013-08-05 23:00 - 00002768 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2013-08-05 23:00 - 2013-08-05 23:00 - 00000786 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-08-05 23:00 - 2013-08-05 23:00 - 00000000 ____D C:\Program Files\CCleaner
2013-08-05 22:58 - 2013-08-05 22:58 - 04429440 _____ (Piriform Ltd) C:\Users\And\Downloads\ccsetup404.exe
2013-08-05 16:23 - 2013-08-05 16:22 - 00000000 ____D C:\Windows\8AE3CFB678B24F55A7BE618FCFF43A03.TMP
2013-08-05 15:14 - 2013-08-05 15:14 - 00000000 _____ C:\autoexec.bat
2013-08-05 14:33 - 2013-08-05 14:33 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-08-05 14:25 - 2013-08-05 14:25 - 05799944 _____ (ParetoLogic, Inc.) C:\Users\And\Downloads\RegCureProSetup_RW.exe
2013-08-05 14:25 - 2013-08-05 14:25 - 00726464 _____ (Enigma Software Group USA, LLC.) C:\Users\And\Downloads\SpyHunter-Installer.exe
2013-08-05 14:25 - 2013-08-05 14:25 - 00001205 _____ C:\Users\And\Downloads\FixNCR.reg
2013-08-05 11:10 - 2013-08-05 11:10 - 00001545 _____ C:\AdwCleaner[S3].txt
2013-08-05 11:09 - 2013-08-05 11:07 - 00001483 _____ C:\AdwCleaner[R3].txt
2013-08-05 09:13 - 2010-02-15 13:11 - 00000000 ____D C:\Users\And\AppData\Roaming\U3
2013-08-05 01:58 - 2013-08-04 15:36 - 00000000 ____D C:\Windows\System32\Tasks\Browser Updater
2013-08-04 23:00 - 2013-08-04 22:19 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-08-04 23:00 - 2013-03-16 19:54 - 00000000 ____D C:\ProgramData\InstallMate
2013-08-04 22:19 - 2013-08-04 22:19 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2013-08-04 22:18 - 2013-08-04 22:17 - 37672592 _____ (Safer-Networking Ltd. ) C:\Users\And\Downloads\spybotsd-2.1.21-SR2.exe
2013-08-04 20:09 - 2013-08-04 20:09 - 00001951 _____ C:\AdwCleaner[S2].txt
2013-08-04 20:09 - 2013-08-04 20:07 - 00001883 _____ C:\AdwCleaner[R2].txt
2013-08-04 20:02 - 2013-08-04 20:02 - 00052900 _____ C:\AdwCleaner[S1].txt
2013-08-04 20:01 - 2013-08-04 20:00 - 00193497 _____ C:\AdwCleaner[R1].txt
2013-08-04 19:59 - 2013-08-04 20:01 - 00666633 _____ C:\Users\And\Desktop\adwcleaner06.exe
2013-08-04 19:59 - 2013-08-04 19:59 - 00666633 _____ C:\Users\And\Downloads\adwcleaner06.exe
2013-08-04 18:10 - 2009-11-05 02:36 - 00000000 ____D C:\Program Files (x86)\InstallShield Installation Information
2013-08-04 17:56 - 2012-10-19 09:50 - 00000000 ____D C:\Users\And\AppData\Roaming\Amazon
2013-08-04 17:56 - 2012-10-19 09:50 - 00000000 ____D C:\Program Files (x86)\Amazon
2013-08-04 17:19 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2013-08-04 16:04 - 2013-08-04 16:04 - 00000116 _____ C:\Users\And\AppData\Roaming\wklnhst.dat
2013-08-04 16:04 - 2013-08-04 16:04 - 00000000 ____D C:\Users\And\AppData\Roaming\Template
2013-08-04 16:04 - 2009-07-14 07:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2013-08-04 15:47 - 2013-08-04 15:35 - 00000000 ____D C:\Users\And\AppData\Roaming\Windows Net Data
2013-08-04 15:42 - 2009-07-14 06:45 - 05082032 _____ C:\Windows\system32\FNTCACHE.DAT
2013-08-04 15:38 - 2013-08-04 15:38 - 00010464 _____ C:\Windows\SysWOW64\sx_p2d.tlb
2013-08-04 15:38 - 2013-08-04 15:38 - 00000000 ____D C:\Users\And\Downloads\freepdf
2013-08-04 15:38 - 2013-08-04 15:38 - 00000000 ____D C:\SoftwareUpdater
2013-08-04 15:36 - 2010-02-12 21:31 - 00139336 _____ C:\Users\And\AppData\Local\GDIPFONTCACHEV1.DAT
2013-08-04 15:35 - 2010-02-12 21:32 - 00000000 ____D C:\Users\And\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-08-04 15:32 - 2013-08-04 15:32 - 00444400 _____ C:\Users\And\Downloads\DLG_free-pdf-perfect_chip_de-DE10.exe
2013-08-04 11:34 - 2011-10-07 09:26 - 00000000 ____D C:\Users\And\Desktop\Andy Fotoordner
2013-08-04 10:25 - 2013-08-04 10:25 - 00000000 ____D C:\Users\And\AppData\Roaming\Avira
2013-08-04 10:20 - 2013-08-04 10:20 - 00083672 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-08-04 10:19 - 2013-08-04 10:19 - 00001998 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-08-04 10:18 - 2013-08-04 10:18 - 00000000 ____D C:\Program Files (x86)\Avira
2013-08-04 10:18 - 2011-03-25 23:27 - 00000000 ____D C:\ProgramData\Avira
2013-08-04 10:10 - 2013-08-04 10:18 - 00130016 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-08-04 10:10 - 2013-08-04 10:18 - 00100712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-08-04 10:10 - 2013-08-04 10:18 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-08-03 02:19 - 2013-04-09 12:38 - 00000000 ____D C:\Users\And\AppData\Roaming\vlc
2013-08-02 02:39 - 2012-04-11 12:13 - 00000000 ____D C:\Windows\System32\Tasks\NCH Software
2013-08-01 03:08 - 2013-08-04 15:36 - 00032328 _____ C:\Windows\Launcher.exe
2013-08-01 01:10 - 2013-02-23 10:22 - 00002187 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-07-31 16:54 - 2012-11-01 10:23 - 00003332 _____ C:\Windows\System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2466762564-940141292-4185495133-1000
2013-07-31 16:54 - 2012-11-01 10:23 - 00003194 _____ C:\Windows\System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2466762564-940141292-4185495133-1000
2013-07-30 20:39 - 2013-07-30 20:39 - 00003436 _____ C:\Windows\System32\Tasks\BrowserDefendert
2013-07-30 20:26 - 2013-07-30 20:26 - 00000000 ____D C:\Users\TigerBlade\AppData\Roaming\Malwarebytes
2013-07-30 20:25 - 2012-12-12 23:07 - 00139336 _____ C:\Users\TigerBlade\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-30 15:31 - 2013-06-16 21:43 - 00000000 ____D C:\Users\And\Desktop\NEW PROG PROJECT
2013-07-30 12:57 - 2012-07-26 23:40 - 00000000 ____D C:\Users\And\Desktop\DIVERSES
2013-07-30 12:56 - 2013-07-30 12:56 - 00000000 ____D C:\Users\And\AppData\Roaming\www.rene-zeidler.de
2013-07-30 12:56 - 2013-07-30 12:56 - 00000000 ____D C:\Users\And\AppData\Local\www.rene-zeidler.de
2013-07-30 12:56 - 2013-07-30 12:56 - 00000000 ____D C:\ProgramData\www.rene-zeidler.de
2013-07-29 22:42 - 2011-07-21 06:44 - 00000000 ____D C:\Users\And\Desktop\Doros Welt
2013-07-29 21:48 - 2013-07-29 21:48 - 00003376 _____ C:\Windows\System32\Tasks\EPUpdater
2013-07-29 21:47 - 2013-07-29 21:47 - 00001324 _____ C:\Users\Public\Desktop\Freemake Audio Converter.lnk
2013-07-29 21:47 - 2012-11-24 02:35 - 00000000 ____D C:\ProgramData\Freemake
2013-07-29 21:46 - 2013-07-29 21:46 - 01264816 _____ (Ellora Assets Corporation ) C:\Users\And\Downloads\FreemakeAudioConverterSetup(1).exe
2013-07-29 21:28 - 2013-07-29 21:28 - 01111837 _____ (PolySoft Solutions ) C:\Users\And\Downloads\FreeFLACToMP3Converter.exe
2013-07-29 21:25 - 2013-07-29 21:22 - 93548569 _____ C:\Users\And\Downloads\Rabentour2.zip
2013-07-29 19:02 - 2013-07-29 18:55 - 38760251 _____ C:\Users\And\Downloads\ffactory3_install [1].exe
2013-07-29 18:54 - 2013-07-29 18:54 - 00620896 _____ C:\Users\And\Downloads\ffactory3_install.exe
2013-07-29 18:34 - 2013-07-29 18:34 - 00001297 _____ C:\Users\And\Desktop\AVS4YOU Software Navigator.lnk
2013-07-29 18:34 - 2011-11-04 13:22 - 00000000 ____D C:\Users\And\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AVS4YOU
2013-07-29 18:34 - 2011-11-04 13:21 - 00000000 ____D C:\Program Files (x86)\AVS4YOU
2013-07-29 18:33 - 2013-07-29 18:32 - 46406640 _____ (Online Media Technologies Ltd. ) C:\Users\And\Downloads\avs-audio-converter_19024.exe
2013-07-29 16:27 - 2011-10-07 09:26 - 00000000 ____D C:\Users\And\Desktop\Andy neue Daten - WICHTIG
2013-07-29 12:49 - 2013-02-27 13:42 - 00000000 ____D C:\Users\And\Desktop\SOULSEEK-FILES
2013-07-29 11:20 - 2010-02-13 15:32 - 00000000 ____D C:\Program Files (x86)\JDownloader
2013-07-26 09:10 - 2013-07-26 09:10 - 00033692 _____ C:\Users\And\Downloads\masterplan_soulburn.gp4
2013-07-26 08:10 - 2013-07-26 08:09 - 00000000 ____D C:\Users\And\Desktop\Mastering
2013-07-24 11:47 - 2013-07-24 11:47 - 00408697 _____ C:\Users\And\Downloads\Outlook.zip
2013-07-23 23:57 - 2012-01-08 20:43 - 00001057 _____ C:\Users\And\AppData\Roaming\vso_ts_preview.xml
2013-07-23 22:05 - 2013-07-23 22:05 - 00000000 ____D C:\Users\And\Documents\My Stationery
2013-07-23 22:03 - 2013-07-23 22:03 - 00009258 _____ C:\Users\And\Downloads\Delivery Status Notification (Failure).zip
2013-07-22 21:17 - 2013-07-21 20:09 - 95023320 ____T C:\ProgramData\ininolej.pad
2013-07-22 21:17 - 2013-07-21 20:09 - 00000000 _____ C:\ProgramData\g252qs.txt
2013-07-21 20:09 - 2013-07-21 20:09 - 00002731 _____ C:\ProgramData\ininolej.js
2013-07-21 20:09 - 2013-07-21 20:09 - 00001011 _____ C:\ProgramData\sdaksda.txt
2013-07-21 20:09 - 2013-07-21 20:09 - 00000154 _____ C:\ProgramData\ininolej.reg
2013-07-21 20:09 - 2013-07-21 20:09 - 00000059 _____ C:\ProgramData\ininolej.bat
2013-07-15 12:41 - 2012-04-25 00:03 - 00000000 ____D C:\Users\And\AppData\Roaming\Mp3tag
2013-07-14 21:55 - 2009-07-14 07:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-13 00:01 - 2013-02-23 10:21 - 00004100 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-13 00:01 - 2013-02-23 10:21 - 00003848 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-12 18:50 - 2013-07-12 18:50 - 00614400 _____ C:\Users\And\Downloads\The_xx-Coexist-2012-pLAN9(1).rar.part
2013-07-12 18:50 - 2013-07-12 18:50 - 00000000 _____ C:\Users\And\Downloads\The_xx-Coexist-2012-pLAN9(1).rar
2013-07-11 14:08 - 2013-07-11 13:48 - 60423352 _____ C:\Users\And\Downloads\The_xx-Coexist-2012-pLAN9.rar
2013-07-09 15:49 - 2013-07-09 15:49 - 00000162 _____ C:\ProgramData\wavav0bdtzbtb43b.reg
2013-07-09 15:49 - 2013-07-09 15:49 - 00000067 _____ C:\ProgramData\wavav0bdtzbtb43b.bat
2013-07-07 12:55 - 2012-06-14 21:55 - 00000156 _____ C:\Windows\Twunk001.MTX
2013-07-07 12:55 - 2012-06-14 21:55 - 00000004 _____ C:\Windows\Twain001.Mtx
Files to move or delete:
====================
C:\ProgramData\ininolej.bat
C:\ProgramData\ininolej.pad
C:\ProgramData\ininolej.reg
C:\ProgramData\wavav0bdtzbtb43b.bat
C:\ProgramData\wavav0bdtzbtb43b.reg
C:\ProgramData\z7_0ytr.pad
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-08-05 14:16
==================== End Of Log ============================
--- --- --- FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-08-2013
Ran by And (administrator) on 06-08-2013 15:45:39
Running from C:\Users\And\Downloads
Windows 7 Home Premium (X64) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\system32\atiesrxx.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
(Acer) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(4G Systems GmbH & Co. KG) C:\Windows\service4g.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(AlcorMicro Co., Ltd.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apntex.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\HidFind.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
(Dropbox, Inc.) C:\Users\And\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Windows Net) C:\Users\And\AppData\Roaming\Windows Net Data\net.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
((주)마크애니) C:\Program Files (x86)\MarkAny\ContentSAFER\MAAgent.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
(Farbar) C:\Users\And\Downloads\FRST64(1).exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [AmIcoSinglun64] - C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [323072 2009-07-23] (AlcorMicro Co., Ltd.)
HKLM\...\Run: [IAAnotif] - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-05] (Intel Corporation)
HKLM\...\Run: [mwlDaemon] - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe [349480 2009-09-11] (Egis Technology Inc.)
HKLM\...\Run: [Apoint] - C:\Program Files\Apoint2K\Apoint.exe [295936 2009-05-22] (Alps Electric Co., Ltd.)
HKLM\...\Run: [Acer ePower Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [823840 2009-09-30] (Acer Incorporated)
HKCU\...\Run: [msnmsgr] - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [3883840 2009-07-26] (Microsoft Corporation)
HKCU\...\Run: [uTorrent] - "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED [x]
HKCU\...\Run: [MRDaemon.exe] - C:\Program Files (x86)\Mnet\QuickManager2\MRDaemon.exe [x]
HKCU\...\Run: [AdobeBridge] - [x]
HKCU\...\Run: [Eqxooqba] - C:\Users\And\AppData\Roaming\Toic\ytxoe.exe [x]
HKCU\...\Command Processor: "C:\Users\And\AppData\Local\Temp\lfxnbcwskkgdaillt.exe" <======= ATTENTION
HKCU\...\CurrentVersion\Windows: [Load] C:\Users\And\LOCALS~1\Temp\mswaqq.exe <===== ATTENTION!
MountPoints2: E - E:\HTC_Sync_Manager_PC.exe
MountPoints2: {0c0ac175-8f27-11e2-8d85-00262d83320a} - F:\HTC_Sync_Manager_PC.exe
MountPoints2: {23528b06-18fe-11df-b718-00262d83320a} - F:\LaunchU3.exe -a
MountPoints2: {6aba0b8d-5d6d-11e2-8da9-00262d83320a} - E:\HTC_Sync_Manager_PC.exe
MountPoints2: {b81641a4-6317-11e2-a7e1-00262d83320a} - E:\HTC_Sync_Manager_PC.exe
MountPoints2: {c7fe51d9-177d-11df-9573-00262d83320a} - E:\autorun.exe
MountPoints2: {ef840aab-4246-11e2-94d7-00262d83320a} - E:\HTC_Sync_Manager_PC.exe
HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [261888 2009-09-25] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [EgisTecLiveUpdate] - C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe [199464 2009-08-04] (Egis Technology Inc.)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-12-10] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [1094736 2009-11-02] (Dritek System Inc.)
HKLM-x32\...\Run: [ArcadeDeluxeAgent] - C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [419112 2009-10-29] (CyberLink Corp.)
HKLM-x32\...\Run: [IVM] - C:\Program Files (x86)\NCH Swift Sound\IVM\ivm.exe [1514500 2011-01-03] (NCH Software)
HKLM-x32\...\Run: [MAAgent] - C:\Program Files (x86)\MarkAny\ContentSAFER\MAAgent.exe [61440 2008-09-19] ((주)마크애니)
HKLM-x32\...\Run: [PDFPrint] - C:\Program Files (x86)\PDF24\pdf24.exe [162408 2012-09-06] (Geek Software GmbH)
HKLM-x32\...\Run: [TkBellExe] - C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [296096 2012-11-01] (RealNetworks, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [345144 2013-08-04] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162336 2009-07-08] ()
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162336 2009-07-08] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
Startup: C:\Users\And\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\And\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\And\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\net.lnk
ShortcutTarget: net.lnk -> C:\Users\And\AppData\Roaming\Windows Net Data\net.exe (Windows Net)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7740&r=27360210d006l0458z1h5t4471e56q
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7740&r=27360210d006l0458z1h5t4471e56q
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7740&r=27360210d006l0458z1h5t4471e56q
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7740&r=27360210d006l0458z1h5t4471e56q
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL =
SearchScopes: HKCU - ToolbarSearchProviderProgress {96bd48dd-741b-41ae-ac4a-aff96ba00f7e}
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: HomeTab - {ba696155-d96e-4281-b467-0367a0456474} - C:\Users\And\AppData\Roaming\HomeTab\HomeTab.dll No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - HomeTab - {ba696155-d96e-4281-b467-0367a0456474} - C:\Users\And\AppData\Roaming\HomeTab\HomeTab.dll No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKCU - No Name - {37483B40-C254-4A72-BDA4-22EE90182C1E} - No File
Handler: ipp - No CLSID Value -
Handler: msdaipp - No CLSID Value -
Handler-x32: ipp - No CLSID Value -
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler-x32: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler-x32: msdaipp - No CLSID Value -
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Acer\Acer VCM\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks-x32: ShellHook Class - {88485281-8b4b-4f8d-9ede-82e29a064277} - C:\PROGRA~2\MarkAny\CONTEN~1\MACSMA~1.DLL [192512 2004-11-23] (MarkAny Cooperation.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\And\AppData\Roaming\Mozilla\Firefox\Profiles\c4ua26qo.default
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.9.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.9.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=15.0.6.14 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=15.0.6.14 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.448 - C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=15.0.6.14 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [{0153E448-190B-4987-BDE1-F256CADA672F}] C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF HKCU\...\Firefox\Extensions: [{9A207F60-3F1C-4ED0-972D-0A4CDFBFF803}] C:\Users\And\AppData\Roaming\13001.023
FF Extension: Java Link Helper - C:\Users\And\AppData\Roaming\13001.023
FF StartMenuInternet: FIREFOX.EXE - firefox.exe
Chrome:
=======
CHR Extension: (Google Docs) - C:\Users\And\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\And\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (Freemake Video Downloader) - C:\Users\And\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpegkgagfojjbcpkihigfmkojdmmimdf\1.0.0_0
CHR Extension: (Freemake Youtube Download Button) - C:\Users\And\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehgldbbpchgpcfagfpfjgoomddhccfgh\1.0.0_0
CHR Extension: () - C:\Users\And\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmlgoencnlndpglbocajlimaikjohmab\background.html
CHR Extension: (Hedgehog in the fog) - C:\Users\And\AppData\Local\Google\Chrome\User Data\Default\Extensions\haocganpkafanhkfldbbmhcpaelmkejg\3_0
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\And\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0
CHR Extension: (Gmail) - C:\Users\And\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [fgibjgmnimooanbagcfpnkmngejcojaf] - C:\Program Files (x86)\HomeTab\chrome\HomeTab.crx
CHR HKLM-x32\...\Chrome\Extension: [hempmfkijmahkaddljkmchcmjbojoedl] - C:\Users\And\AppData\Local\Temp\ccex.crx
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx
CHR HKLM-x32\...\Chrome\Extension: [mbcjjdjanpccmehilicphhmeobiljcpk] - C:\Program Files (x86)\FTDownloader.com\FTDownloader10.crx
CHR StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-08-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-08-04] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [589368 2013-08-04] (Avira Operations GmbH & Co. KG)
R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [101888 2013-07-17] (Freemake)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [109352 2013-08-06] (SurfRight B.V.)
S2 IVMService; C:\Program Files (x86)\NCH Swift Sound\IVM\ivm.exe [1514500 2011-01-03] (NCH Software)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MWLService; C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [305448 2009-09-11] (Egis Technology Inc.)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2012-10-08] ()
R2 RS_Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [253952 2009-07-10] (Acer Incorporated)
S3 SXDS10; C:\Program Files (x86)\Common Files\soft Xpansion\sxds10.exe [234096 2013-08-04] (soft Xpansion)
R2 XS Stick Service; C:\Windows\service4g.exe [125200 2009-06-17] (4G Systems GmbH & Co. KG)
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-08-04] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-08-04] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-08-04] (Avira Operations GmbH & Co. KG)
S3 cmnsusbser; C:\Windows\System32\DRIVERS\cmnsusbser.sys [117888 2010-02-13] (Mobile Connector)
R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115600 2010-01-29] (EZB Systems, Inc.)
R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115600 2010-01-29] (EZB Systems, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [871408 2013-02-28] ()
R2 WinisoCDBus; C:\Windows\System32\drivers\WinisoCDBus.sys [204032 2012-06-27] (WinISO.com)
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-08-06 13:57 - 2013-08-06 13:57 - 01788685 _____ (Farbar) C:\Users\And\Downloads\FRST64(1).exe
2013-08-06 10:45 - 2013-08-06 10:45 - 00000818 _____ C:\Windows\PFRO.log
2013-08-06 10:20 - 2013-08-06 10:21 - 00001652 _____ C:\Users\And\Desktop\adwcleanert.txt
2013-08-06 10:12 - 2013-08-06 10:16 - 00001652 _____ C:\AdwCleaner[S5].txt
2013-08-06 02:55 - 2013-08-06 02:59 - 00004638 _____ C:\Windows\IE9_main.log
2013-08-06 01:17 - 2013-08-06 01:17 - 00000000 ____D C:\Windows\ERUNT
2013-08-06 01:16 - 2013-08-06 01:16 - 00003098 _____ C:\Windows\System32\Tasks\{3B137DB0-EE93-4304-A1D5-E1245BE95ABB}
2013-08-06 01:15 - 2013-08-06 01:15 - 00562008 _____ (Oleg N. Scherbakov) C:\Users\And\Desktop\JRT.exe
2013-08-06 01:11 - 2013-08-06 14:13 - 00027371 _____ C:\Users\And\Downloads\Addition.txt
2013-08-06 01:10 - 2013-08-06 01:10 - 00000000 ____D C:\FRST
2013-08-06 01:09 - 2013-08-06 01:09 - 01788685 _____ (Farbar) C:\Users\And\Downloads\FRST64.exe
2013-08-06 01:02 - 2013-08-06 01:02 - 00001326 _____ C:\Windows\system32\.crusader
2013-08-06 00:49 - 2013-08-06 00:49 - 00001869 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2013-08-06 00:49 - 2013-08-06 00:49 - 00000000 ____D C:\Program Files\HitmanPro
2013-08-06 00:48 - 2013-08-06 01:03 - 00000000 ____D C:\ProgramData\HitmanPro
2013-08-06 00:47 - 2013-08-06 00:48 - 09853928 _____ (SurfRight B.V.) C:\Users\And\Downloads\HitmanPro_x64.exe
2013-08-06 00:35 - 2013-08-06 00:38 - 00001757 _____ C:\AdwCleaner[S4].txt
2013-08-06 00:29 - 2013-08-06 15:03 - 00000448 _____ C:\Windows\setupact.log
2013-08-06 00:29 - 2013-08-06 00:29 - 00000000 _____ C:\Windows\setuperr.log
2013-08-06 00:10 - 2013-08-06 00:10 - 01093032 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll
2013-08-06 00:10 - 2013-08-06 00:10 - 00972712 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll
2013-08-06 00:10 - 2013-08-06 00:10 - 00312232 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-08-06 00:10 - 2013-08-06 00:10 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-08-06 00:10 - 2013-08-06 00:10 - 00188840 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-08-06 00:10 - 2013-08-06 00:10 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-08-06 00:10 - 2013-08-06 00:10 - 00000000 ____D C:\Program Files\Java
2013-08-06 00:08 - 2013-08-06 00:09 - 33150376 _____ (Oracle Corporation) C:\Users\And\Downloads\jre-7u25-windows-x64.exe
2013-08-05 23:59 - 2013-08-05 23:59 - 00001983 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-08-05 23:53 - 2013-08-05 23:55 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-08-05 23:53 - 2013-08-05 23:55 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-08-05 23:52 - 2011-04-09 08:58 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2013-08-05 23:52 - 2011-04-09 07:56 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2013-08-05 23:20 - 2012-02-11 08:36 - 00751104 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2013-08-05 23:20 - 2012-02-11 08:32 - 00956416 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2013-08-05 23:20 - 2012-02-11 08:29 - 00559104 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe
2013-08-05 23:20 - 2012-02-11 08:29 - 00067584 _____ (Microsoft Corporation) C:\Windows\splwow64.exe
2013-08-05 23:20 - 2012-02-11 07:44 - 00492032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-08-05 23:19 - 2012-06-02 07:25 - 01462784 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-05 23:19 - 2012-06-02 07:25 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-05 23:19 - 2012-06-02 07:25 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-05 23:19 - 2012-06-02 06:45 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-05 23:19 - 2012-06-02 06:45 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-05 23:19 - 2012-06-02 06:45 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-05 23:18 - 2011-11-19 17:07 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2013-08-05 23:18 - 2011-11-19 16:06 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2013-08-05 23:00 - 2013-08-05 23:00 - 00002768 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2013-08-05 23:00 - 2013-08-05 23:00 - 00000786 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-08-05 23:00 - 2013-08-05 23:00 - 00000000 ____D C:\Program Files\CCleaner
2013-08-05 22:58 - 2013-08-05 22:58 - 04429440 _____ (Piriform Ltd) C:\Users\And\Downloads\ccsetup404.exe
2013-08-05 22:40 - 2012-06-03 00:19 - 02428952 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2013-08-05 22:40 - 2012-06-03 00:19 - 00057880 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2013-08-05 22:40 - 2012-06-03 00:19 - 00044056 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2013-08-05 22:40 - 2012-06-03 00:15 - 02622464 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2013-08-05 22:39 - 2012-06-02 15:19 - 00186752 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2013-08-05 22:39 - 2012-06-02 15:15 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2013-08-05 16:22 - 2013-08-05 16:23 - 00000000 ____D C:\Windows\8AE3CFB678B24F55A7BE618FCFF43A03.TMP
2013-08-05 15:14 - 2013-08-05 15:14 - 00000000 _____ C:\autoexec.bat
2013-08-05 14:33 - 2013-08-05 14:33 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-08-05 14:25 - 2013-08-05 14:25 - 05799944 _____ (ParetoLogic, Inc.) C:\Users\And\Downloads\RegCureProSetup_RW.exe
2013-08-05 14:25 - 2013-08-05 14:25 - 00726464 _____ (Enigma Software Group USA, LLC.) C:\Users\And\Downloads\SpyHunter-Installer.exe
2013-08-05 14:25 - 2013-08-05 14:25 - 00001205 _____ C:\Users\And\Downloads\FixNCR.reg
2013-08-05 11:10 - 2013-08-05 11:10 - 00001545 _____ C:\AdwCleaner[S3].txt
2013-08-05 11:07 - 2013-08-05 11:09 - 00001483 _____ C:\AdwCleaner[R3].txt
2013-08-04 22:19 - 2013-08-06 00:18 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-08-04 22:19 - 2013-08-04 23:00 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-08-04 22:19 - 2013-08-04 22:19 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2013-08-04 22:17 - 2013-08-04 22:18 - 37672592 _____ (Safer-Networking Ltd. ) C:\Users\And\Downloads\spybotsd-2.1.21-SR2.exe
2013-08-04 20:09 - 2013-08-04 20:09 - 00001951 _____ C:\AdwCleaner[S2].txt
2013-08-04 20:07 - 2013-08-04 20:09 - 00001883 _____ C:\AdwCleaner[R2].txt
2013-08-04 20:02 - 2013-08-04 20:02 - 00052900 _____ C:\AdwCleaner[S1].txt
2013-08-04 20:01 - 2013-08-04 19:59 - 00666633 _____ C:\Users\And\Desktop\adwcleaner06.exe
2013-08-04 20:00 - 2013-08-04 20:01 - 00193497 _____ C:\AdwCleaner[R1].txt
2013-08-04 19:59 - 2013-08-04 19:59 - 00666633 _____ C:\Users\And\Downloads\adwcleaner06.exe
2013-08-04 16:04 - 2013-08-04 16:04 - 00000116 _____ C:\Users\And\AppData\Roaming\wklnhst.dat
2013-08-04 16:04 - 2013-08-04 16:04 - 00000000 ____D C:\Users\And\AppData\Roaming\Template
2013-08-04 15:38 - 2013-08-04 15:38 - 00010464 _____ C:\Windows\SysWOW64\sx_p2d.tlb
2013-08-04 15:38 - 2013-08-04 15:38 - 00000000 ____D C:\Users\And\Downloads\freepdf
2013-08-04 15:38 - 2013-08-04 15:38 - 00000000 ____D C:\SoftwareUpdater
2013-08-04 15:36 - 2013-08-05 01:58 - 00000000 ____D C:\Windows\System32\Tasks\Browser Updater
2013-08-04 15:36 - 2013-08-01 03:08 - 00032328 _____ C:\Windows\Launcher.exe
2013-08-04 15:35 - 2013-08-04 15:47 - 00000000 ____D C:\Users\And\AppData\Roaming\Windows Net Data
2013-08-04 15:32 - 2013-08-04 15:32 - 00444400 _____ C:\Users\And\Downloads\DLG_free-pdf-perfect_chip_de-DE10.exe
2013-08-04 10:25 - 2013-08-04 10:25 - 00000000 ____D C:\Users\And\AppData\Roaming\Avira
2013-08-04 10:20 - 2013-08-04 10:20 - 00083672 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-08-04 10:19 - 2013-08-04 10:19 - 00001998 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-08-04 10:18 - 2013-08-04 10:18 - 00000000 ____D C:\Program Files (x86)\Avira
2013-08-04 10:18 - 2013-08-04 10:10 - 00130016 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-08-04 10:18 - 2013-08-04 10:10 - 00100712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-08-04 10:18 - 2013-08-04 10:10 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-07-30 20:39 - 2013-07-30 20:39 - 00003436 _____ C:\Windows\System32\Tasks\BrowserDefendert
2013-07-30 20:26 - 2013-07-30 20:26 - 00000000 ____D C:\Users\TigerBlade\AppData\Roaming\Malwarebytes
2013-07-30 12:56 - 2013-07-30 12:56 - 00000000 ____D C:\Users\And\AppData\Roaming\www.rene-zeidler.de
2013-07-30 12:56 - 2013-07-30 12:56 - 00000000 ____D C:\Users\And\AppData\Local\www.rene-zeidler.de
2013-07-30 12:56 - 2013-07-30 12:56 - 00000000 ____D C:\ProgramData\www.rene-zeidler.de
2013-07-29 21:48 - 2013-07-29 21:48 - 00003376 _____ C:\Windows\System32\Tasks\EPUpdater
2013-07-29 21:47 - 2013-07-29 21:47 - 00001324 _____ C:\Users\Public\Desktop\Freemake Audio Converter.lnk
2013-07-29 21:46 - 2013-07-29 21:46 - 01264816 _____ (Ellora Assets Corporation ) C:\Users\And\Downloads\FreemakeAudioConverterSetup(1).exe
2013-07-29 21:28 - 2013-07-29 21:28 - 01111837 _____ (PolySoft Solutions ) C:\Users\And\Downloads\FreeFLACToMP3Converter.exe
2013-07-29 21:22 - 2013-07-29 21:25 - 93548569 _____ C:\Users\And\Downloads\Rabentour2.zip
2013-07-29 18:55 - 2013-07-29 19:02 - 38760251 _____ C:\Users\And\Downloads\ffactory3_install [1].exe
2013-07-29 18:54 - 2013-07-29 18:54 - 00620896 _____ C:\Users\And\Downloads\ffactory3_install.exe
2013-07-29 18:34 - 2013-07-29 18:34 - 00001297 _____ C:\Users\And\Desktop\AVS4YOU Software Navigator.lnk
2013-07-29 18:32 - 2013-07-29 18:33 - 46406640 _____ (Online Media Technologies Ltd. ) C:\Users\And\Downloads\avs-audio-converter_19024.exe
2013-07-26 09:10 - 2013-07-26 09:10 - 00033692 _____ C:\Users\And\Downloads\masterplan_soulburn.gp4
2013-07-26 08:09 - 2013-07-26 08:10 - 00000000 ____D C:\Users\And\Desktop\Mastering
2013-07-24 11:47 - 2013-07-24 11:47 - 00408697 _____ C:\Users\And\Downloads\Outlook.zip
2013-07-23 22:05 - 2013-07-23 22:05 - 00000000 ____D C:\Users\And\Documents\My Stationery
2013-07-23 22:03 - 2013-07-23 22:03 - 00009258 _____ C:\Users\And\Downloads\Delivery Status Notification (Failure).zip
2013-07-21 20:09 - 2013-07-22 21:17 - 95023320 ____T C:\ProgramData\ininolej.pad
2013-07-21 20:09 - 2013-07-22 21:17 - 00000000 _____ C:\ProgramData\g252qs.txt
2013-07-21 20:09 - 2013-07-21 20:09 - 00002731 _____ C:\ProgramData\ininolej.js
2013-07-21 20:09 - 2013-07-21 20:09 - 00001011 _____ C:\ProgramData\sdaksda.txt
2013-07-21 20:09 - 2013-07-21 20:09 - 00000154 _____ C:\ProgramData\ininolej.reg
2013-07-21 20:09 - 2013-07-21 20:09 - 00000059 _____ C:\ProgramData\ininolej.bat
2013-07-12 18:50 - 2013-07-12 18:50 - 00614400 _____ C:\Users\And\Downloads\The_xx-Coexist-2012-pLAN9(1).rar.part
2013-07-12 18:50 - 2013-07-12 18:50 - 00000000 _____ C:\Users\And\Downloads\The_xx-Coexist-2012-pLAN9(1).rar
2013-07-11 13:48 - 2013-07-11 14:08 - 60423352 _____ C:\Users\And\Downloads\The_xx-Coexist-2012-pLAN9.rar
2013-07-09 15:49 - 2013-07-09 15:49 - 00000162 _____ C:\ProgramData\wavav0bdtzbtb43b.reg
2013-07-09 15:49 - 2013-07-09 15:49 - 00000067 _____ C:\ProgramData\wavav0bdtzbtb43b.bat
140
==================== One Month Modified Files and Folders =======
2013-08-06 15:45 - 2009-07-14 05:20 - 00000000 ____D C:\Users\Default
2013-08-06 15:36 - 2009-11-05 05:32 - 00000000 ____D C:\Program Files (x86)\Acer GameZone
2013-08-06 15:35 - 2011-03-01 15:42 - 00000000 ____D C:\Users\And\AppData\Roaming\Guitar Pro 6
2013-08-06 15:34 - 2012-12-12 22:52 - 00000000 ____D C:\Users\TigerBlade
2013-08-06 15:34 - 2011-03-25 23:15 - 00000000 ____D C:\Users\Andicore
2013-08-06 15:33 - 2012-12-12 23:22 - 00000000 ____D C:\Program Files (x86)\QuickTime
2013-08-06 15:26 - 2012-05-24 18:43 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-08-06 15:26 - 2012-05-24 18:41 - 00000000 ____D C:\Program Files\Adobe
2013-08-06 15:25 - 2009-11-05 02:38 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-08-06 15:14 - 2009-07-14 06:45 - 00017376 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-06 15:14 - 2009-07-14 06:45 - 00017376 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-06 15:08 - 2011-01-03 00:44 - 00000000 ____D C:\Windows\System32\Tasks\NCH Swift Sound
2013-08-06 15:07 - 2013-04-12 14:29 - 00000000 ____D C:\Users\And\AppData\Roaming\Dropbox
2013-08-06 15:06 - 2013-03-16 19:55 - 00000412 ____H C:\Windows\Tasks\schedule!3036567561.job
2013-08-06 15:06 - 2013-02-23 10:21 - 00001104 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-06 15:06 - 2013-02-23 10:21 - 00001100 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-06 15:06 - 2010-02-28 16:16 - 00000125 ___SH C:\ProgramData\.zreglib
2013-08-06 15:04 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-06 15:03 - 2013-08-06 00:29 - 00000448 _____ C:\Windows\setupact.log
2013-08-06 15:02 - 2010-01-24 08:37 - 01931339 _____ C:\Windows\WindowsUpdate.log
2013-08-06 14:13 - 2013-08-06 01:11 - 00027371 _____ C:\Users\And\Downloads\Addition.txt
2013-08-06 13:58 - 2012-10-11 15:21 - 00000193 _____ C:\Windows\WORDPAD.INI
2013-08-06 13:57 - 2013-08-06 13:57 - 01788685 _____ (Farbar) C:\Users\And\Downloads\FRST64(1).exe
2013-08-06 10:45 - 2013-08-06 10:45 - 00000818 _____ C:\Windows\PFRO.log
2013-08-06 10:21 - 2013-08-06 10:20 - 00001652 _____ C:\Users\And\Desktop\adwcleanert.txt
2013-08-06 10:16 - 2013-08-06 10:12 - 00001652 _____ C:\AdwCleaner[S5].txt
2013-08-06 09:50 - 2012-11-01 10:26 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-08-06 09:50 - 2012-11-01 10:26 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-08-06 04:17 - 2010-01-24 17:29 - 00663842 _____ C:\Windows\system32\perfh007.dat
2013-08-06 04:17 - 2010-01-24 17:29 - 00135078 _____ C:\Windows\system32\perfc007.dat
2013-08-06 04:17 - 2009-07-14 07:13 - 01547226 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-06 03:59 - 2009-11-05 05:21 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-08-06 02:59 - 2013-08-06 02:55 - 00004638 _____ C:\Windows\IE9_main.log
2013-08-06 02:42 - 2009-11-05 05:23 - 00000000 ____D C:\Program Files (x86)\Microsoft Works
2013-08-06 02:21 - 2009-07-14 04:34 - 00000510 _____ C:\Windows\win.ini
2013-08-06 01:17 - 2013-08-06 01:17 - 00000000 ____D C:\Windows\ERUNT
2013-08-06 01:16 - 2013-08-06 01:16 - 00003098 _____ C:\Windows\System32\Tasks\{3B137DB0-EE93-4304-A1D5-E1245BE95ABB}
2013-08-06 01:15 - 2013-08-06 01:15 - 00562008 _____ (Oleg N. Scherbakov) C:\Users\And\Desktop\JRT.exe
2013-08-06 01:10 - 2013-08-06 01:10 - 00000000 ____D C:\FRST
2013-08-06 01:09 - 2013-08-06 01:09 - 01788685 _____ (Farbar) C:\Users\And\Downloads\FRST64.exe
2013-08-06 01:03 - 2013-08-06 00:48 - 00000000 ____D C:\ProgramData\HitmanPro
2013-08-06 01:02 - 2013-08-06 01:02 - 00001326 _____ C:\Windows\system32\.crusader
2013-08-06 00:49 - 2013-08-06 00:49 - 00001869 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2013-08-06 00:49 - 2013-08-06 00:49 - 00000000 ____D C:\Program Files\HitmanPro
2013-08-06 00:48 - 2013-08-06 00:47 - 09853928 _____ (SurfRight B.V.) C:\Users\And\Downloads\HitmanPro_x64.exe
2013-08-06 00:38 - 2013-08-06 00:35 - 00001757 _____ C:\AdwCleaner[S4].txt
2013-08-06 00:29 - 2013-08-06 00:29 - 00000000 _____ C:\Windows\setuperr.log
2013-08-06 00:18 - 2013-08-04 22:19 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-08-06 00:16 - 2010-04-01 03:10 - 00001768 _____ C:\Windows\wininit.ini
2013-08-06 00:10 - 2013-08-06 00:10 - 01093032 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll
2013-08-06 00:10 - 2013-08-06 00:10 - 00972712 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll
2013-08-06 00:10 - 2013-08-06 00:10 - 00312232 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-08-06 00:10 - 2013-08-06 00:10 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-08-06 00:10 - 2013-08-06 00:10 - 00188840 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-08-06 00:10 - 2013-08-06 00:10 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-08-06 00:10 - 2013-08-06 00:10 - 00000000 ____D C:\Program Files\Java
2013-08-06 00:09 - 2013-08-06 00:08 - 33150376 _____ (Oracle Corporation) C:\Users\And\Downloads\jre-7u25-windows-x64.exe
2013-08-06 00:00 - 2010-03-24 16:00 - 00000000 ____D C:\Users\And\AppData\Local\Adobe
2013-08-05 23:59 - 2013-08-05 23:59 - 00001983 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-08-05 23:59 - 2009-11-05 02:38 - 00000000 ____D C:\ProgramData\Adobe
2013-08-05 23:55 - 2013-08-05 23:53 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-08-05 23:55 - 2013-08-05 23:53 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-08-05 23:32 - 2013-02-25 00:02 - 00482816 ___SH C:\Users\And\Desktop\Thumbs.db
2013-08-05 23:17 - 2011-10-16 02:41 - 00000000 ____D C:\Users\And\AppData\Roaming\Vso
2013-08-05 23:17 - 2010-09-02 01:53 - 00000000 ____D C:\Users\And\AppData\Roaming\Media Player Classic
2013-08-05 23:17 - 2010-02-18 12:22 - 00000000 ____D C:\Users\And\Tracing
2013-08-05 23:10 - 2012-12-13 14:44 - 00000000 ____D C:\Users\And\AppData\Local\CrashDumps
2013-08-05 23:10 - 2009-07-27 22:41 - 00000000 ____D C:\Windows\Panther
2013-08-05 23:00 - 2013-08-05 23:00 - 00002768 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2013-08-05 23:00 - 2013-08-05 23:00 - 00000786 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-08-05 23:00 - 2013-08-05 23:00 - 00000000 ____D C:\Program Files\CCleaner
2013-08-05 22:58 - 2013-08-05 22:58 - 04429440 _____ (Piriform Ltd) C:\Users\And\Downloads\ccsetup404.exe
2013-08-05 16:23 - 2013-08-05 16:22 - 00000000 ____D C:\Windows\8AE3CFB678B24F55A7BE618FCFF43A03.TMP
2013-08-05 15:14 - 2013-08-05 15:14 - 00000000 _____ C:\autoexec.bat
2013-08-05 14:33 - 2013-08-05 14:33 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-08-05 14:25 - 2013-08-05 14:25 - 05799944 _____ (ParetoLogic, Inc.) C:\Users\And\Downloads\RegCureProSetup_RW.exe
2013-08-05 14:25 - 2013-08-05 14:25 - 00726464 _____ (Enigma Software Group USA, LLC.) C:\Users\And\Downloads\SpyHunter-Installer.exe
2013-08-05 14:25 - 2013-08-05 14:25 - 00001205 _____ C:\Users\And\Downloads\FixNCR.reg
2013-08-05 11:10 - 2013-08-05 11:10 - 00001545 _____ C:\AdwCleaner[S3].txt
2013-08-05 11:09 - 2013-08-05 11:07 - 00001483 _____ C:\AdwCleaner[R3].txt
2013-08-05 09:13 - 2010-02-15 13:11 - 00000000 ____D C:\Users\And\AppData\Roaming\U3
2013-08-05 01:58 - 2013-08-04 15:36 - 00000000 ____D C:\Windows\System32\Tasks\Browser Updater
2013-08-04 23:00 - 2013-08-04 22:19 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-08-04 23:00 - 2013-03-16 19:54 - 00000000 ____D C:\ProgramData\InstallMate
2013-08-04 22:19 - 2013-08-04 22:19 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2013-08-04 22:18 - 2013-08-04 22:17 - 37672592 _____ (Safer-Networking Ltd. ) C:\Users\And\Downloads\spybotsd-2.1.21-SR2.exe
2013-08-04 20:09 - 2013-08-04 20:09 - 00001951 _____ C:\AdwCleaner[S2].txt
2013-08-04 20:09 - 2013-08-04 20:07 - 00001883 _____ C:\AdwCleaner[R2].txt
2013-08-04 20:02 - 2013-08-04 20:02 - 00052900 _____ C:\AdwCleaner[S1].txt
2013-08-04 20:01 - 2013-08-04 20:00 - 00193497 _____ C:\AdwCleaner[R1].txt
2013-08-04 19:59 - 2013-08-04 20:01 - 00666633 _____ C:\Users\And\Desktop\adwcleaner06.exe
2013-08-04 19:59 - 2013-08-04 19:59 - 00666633 _____ C:\Users\And\Downloads\adwcleaner06.exe
2013-08-04 18:10 - 2009-11-05 02:36 - 00000000 ____D C:\Program Files (x86)\InstallShield Installation Information
2013-08-04 17:56 - 2012-10-19 09:50 - 00000000 ____D C:\Users\And\AppData\Roaming\Amazon
2013-08-04 17:56 - 2012-10-19 09:50 - 00000000 ____D C:\Program Files (x86)\Amazon
2013-08-04 17:19 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2013-08-04 16:04 - 2013-08-04 16:04 - 00000116 _____ C:\Users\And\AppData\Roaming\wklnhst.dat
2013-08-04 16:04 - 2013-08-04 16:04 - 00000000 ____D C:\Users\And\AppData\Roaming\Template
2013-08-04 16:04 - 2009-07-14 07:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2013-08-04 15:47 - 2013-08-04 15:35 - 00000000 ____D C:\Users\And\AppData\Roaming\Windows Net Data
2013-08-04 15:42 - 2009-07-14 06:45 - 05082032 _____ C:\Windows\system32\FNTCACHE.DAT
2013-08-04 15:38 - 2013-08-04 15:38 - 00010464 _____ C:\Windows\SysWOW64\sx_p2d.tlb
2013-08-04 15:38 - 2013-08-04 15:38 - 00000000 ____D C:\Users\And\Downloads\freepdf
2013-08-04 15:38 - 2013-08-04 15:38 - 00000000 ____D C:\SoftwareUpdater
2013-08-04 15:36 - 2010-02-12 21:31 - 00139336 _____ C:\Users\And\AppData\Local\GDIPFONTCACHEV1.DAT
2013-08-04 15:35 - 2010-02-12 21:32 - 00000000 ____D C:\Users\And\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-08-04 15:32 - 2013-08-04 15:32 - 00444400 _____ C:\Users\And\Downloads\DLG_free-pdf-perfect_chip_de-DE10.exe
2013-08-04 11:34 - 2011-10-07 09:26 - 00000000 ____D C:\Users\And\Desktop\Andy Fotoordner
2013-08-04 10:25 - 2013-08-04 10:25 - 00000000 ____D C:\Users\And\AppData\Roaming\Avira
2013-08-04 10:20 - 2013-08-04 10:20 - 00083672 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-08-04 10:19 - 2013-08-04 10:19 - 00001998 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-08-04 10:18 - 2013-08-04 10:18 - 00000000 ____D C:\Program Files (x86)\Avira
2013-08-04 10:18 - 2011-03-25 23:27 - 00000000 ____D C:\ProgramData\Avira
2013-08-04 10:10 - 2013-08-04 10:18 - 00130016 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-08-04 10:10 - 2013-08-04 10:18 - 00100712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-08-04 10:10 - 2013-08-04 10:18 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-08-03 02:19 - 2013-04-09 12:38 - 00000000 ____D C:\Users\And\AppData\Roaming\vlc
2013-08-02 02:39 - 2012-04-11 12:13 - 00000000 ____D C:\Windows\System32\Tasks\NCH Software
2013-08-01 03:08 - 2013-08-04 15:36 - 00032328 _____ C:\Windows\Launcher.exe
2013-08-01 01:10 - 2013-02-23 10:22 - 00002187 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-07-31 16:54 - 2012-11-01 10:23 - 00003332 _____ C:\Windows\System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2466762564-940141292-4185495133-1000
2013-07-31 16:54 - 2012-11-01 10:23 - 00003194 _____ C:\Windows\System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2466762564-940141292-4185495133-1000
2013-07-30 20:39 - 2013-07-30 20:39 - 00003436 _____ C:\Windows\System32\Tasks\BrowserDefendert
2013-07-30 20:26 - 2013-07-30 20:26 - 00000000 ____D C:\Users\TigerBlade\AppData\Roaming\Malwarebytes
2013-07-30 20:25 - 2012-12-12 23:07 - 00139336 _____ C:\Users\TigerBlade\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-30 15:31 - 2013-06-16 21:43 - 00000000 ____D C:\Users\And\Desktop\NEW PROG PROJECT
2013-07-30 12:57 - 2012-07-26 23:40 - 00000000 ____D C:\Users\And\Desktop\DIVERSES
2013-07-30 12:56 - 2013-07-30 12:56 - 00000000 ____D C:\Users\And\AppData\Roaming\www.rene-zeidler.de
2013-07-30 12:56 - 2013-07-30 12:56 - 00000000 ____D C:\Users\And\AppData\Local\www.rene-zeidler.de
2013-07-30 12:56 - 2013-07-30 12:56 - 00000000 ____D C:\ProgramData\www.rene-zeidler.de
2013-07-29 22:42 - 2011-07-21 06:44 - 00000000 ____D C:\Users\And\Desktop\Doros Welt
2013-07-29 21:48 - 2013-07-29 21:48 - 00003376 _____ C:\Windows\System32\Tasks\EPUpdater
2013-07-29 21:47 - 2013-07-29 21:47 - 00001324 _____ C:\Users\Public\Desktop\Freemake Audio Converter.lnk
2013-07-29 21:47 - 2012-11-24 02:35 - 00000000 ____D C:\ProgramData\Freemake
2013-07-29 21:46 - 2013-07-29 21:46 - 01264816 _____ (Ellora Assets Corporation ) C:\Users\And\Downloads\FreemakeAudioConverterSetup(1).exe
2013-07-29 21:28 - 2013-07-29 21:28 - 01111837 _____ (PolySoft Solutions ) C:\Users\And\Downloads\FreeFLACToMP3Converter.exe
2013-07-29 21:25 - 2013-07-29 21:22 - 93548569 _____ C:\Users\And\Downloads\Rabentour2.zip
2013-07-29 19:02 - 2013-07-29 18:55 - 38760251 _____ C:\Users\And\Downloads\ffactory3_install [1].exe
2013-07-29 18:54 - 2013-07-29 18:54 - 00620896 _____ C:\Users\And\Downloads\ffactory3_install.exe
2013-07-29 18:34 - 2013-07-29 18:34 - 00001297 _____ C:\Users\And\Desktop\AVS4YOU Software Navigator.lnk
2013-07-29 18:34 - 2011-11-04 13:22 - 00000000 ____D C:\Users\And\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AVS4YOU
2013-07-29 18:34 - 2011-11-04 13:21 - 00000000 ____D C:\Program Files (x86)\AVS4YOU
2013-07-29 18:33 - 2013-07-29 18:32 - 46406640 _____ (Online Media Technologies Ltd. ) C:\Users\And\Downloads\avs-audio-converter_19024.exe
2013-07-29 16:27 - 2011-10-07 09:26 - 00000000 ____D C:\Users\And\Desktop\Andy neue Daten - WICHTIG
2013-07-29 12:49 - 2013-02-27 13:42 - 00000000 ____D C:\Users\And\Desktop\SOULSEEK-FILES
2013-07-29 11:20 - 2010-02-13 15:32 - 00000000 ____D C:\Program Files (x86)\JDownloader
2013-07-26 09:10 - 2013-07-26 09:10 - 00033692 _____ C:\Users\And\Downloads\masterplan_soulburn.gp4
2013-07-26 08:10 - 2013-07-26 08:09 - 00000000 ____D C:\Users\And\Desktop\Mastering
2013-07-24 11:47 - 2013-07-24 11:47 - 00408697 _____ C:\Users\And\Downloads\Outlook.zip
2013-07-23 23:57 - 2012-01-08 20:43 - 00001057 _____ C:\Users\And\AppData\Roaming\vso_ts_preview.xml
2013-07-23 22:05 - 2013-07-23 22:05 - 00000000 ____D C:\Users\And\Documents\My Stationery
2013-07-23 22:03 - 2013-07-23 22:03 - 00009258 _____ C:\Users\And\Downloads\Delivery Status Notification (Failure).zip
2013-07-22 21:17 - 2013-07-21 20:09 - 95023320 ____T C:\ProgramData\ininolej.pad
2013-07-22 21:17 - 2013-07-21 20:09 - 00000000 _____ C:\ProgramData\g252qs.txt
2013-07-21 20:09 - 2013-07-21 20:09 - 00002731 _____ C:\ProgramData\ininolej.js
2013-07-21 20:09 - 2013-07-21 20:09 - 00001011 _____ C:\ProgramData\sdaksda.txt
2013-07-21 20:09 - 2013-07-21 20:09 - 00000154 _____ C:\ProgramData\ininolej.reg
2013-07-21 20:09 - 2013-07-21 20:09 - 00000059 _____ C:\ProgramData\ininolej.bat
2013-07-15 12:41 - 2012-04-25 00:03 - 00000000 ____D C:\Users\And\AppData\Roaming\Mp3tag
2013-07-14 21:55 - 2009-07-14 07:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-13 00:01 - 2013-02-23 10:21 - 00004100 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-13 00:01 - 2013-02-23 10:21 - 00003848 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-12 18:50 - 2013-07-12 18:50 - 00614400 _____ C:\Users\And\Downloads\The_xx-Coexist-2012-pLAN9(1).rar.part
2013-07-12 18:50 - 2013-07-12 18:50 - 00000000 _____ C:\Users\And\Downloads\The_xx-Coexist-2012-pLAN9(1).rar
2013-07-11 14:08 - 2013-07-11 13:48 - 60423352 _____ C:\Users\And\Downloads\The_xx-Coexist-2012-pLAN9.rar
2013-07-09 15:49 - 2013-07-09 15:49 - 00000162 _____ C:\ProgramData\wavav0bdtzbtb43b.reg
2013-07-09 15:49 - 2013-07-09 15:49 - 00000067 _____ C:\ProgramData\wavav0bdtzbtb43b.bat
2013-07-07 12:55 - 2012-06-14 21:55 - 00000156 _____ C:\Windows\Twunk001.MTX
2013-07-07 12:55 - 2012-06-14 21:55 - 00000004 _____ C:\Windows\Twain001.Mtx
Files to move or delete:
====================
C:\ProgramData\ininolej.bat
C:\ProgramData\ininolej.pad
C:\ProgramData\ininolej.reg
C:\ProgramData\wavav0bdtzbtb43b.bat
C:\ProgramData\wavav0bdtzbtb43b.reg
C:\ProgramData\z7_0ytr.pad
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-08-05 14:16
==================== End Of Log ============================
--- --- --- |
|
06.08.2013, 15:00
| #10 |
| | Malware http://www_getwindowinfo/ läßt sich nicht entfernenCode:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-08-2013 Ran by And at 2013-08-06 15:48:43 Running from C:\Users\And\Downloads Boot Mode: Normal ========================================================== ==================== Installed Programs ======================= Acer Arcade Deluxe (x32 Version: 3.0.7112) Acer Backup Manager (x32 Version: 2.0.0.29) Acer Crystal Eye Webcam (x32 Version: 5.2.9.3) Acer ePower Management (x32 Version: 4.05.3004) Acer eRecovery Management (x32 Version: 4.05.3005) Acer GameZone Console (x32 Version: 5.1.0.2) Acer GridVista (x32 Version: 3.01.0730) Acer Registration (x32 Version: 1.02.3006) Acer ScreenSaver (x32 Version: 1.7.0715) Acer Updater (x32 Version: 1.01.3017) Acer VCM (x32 Version: 4.05.3000) Acrobat.com (x32 Version: 1.6.65) Adobe AIR (x32 Version: 3.2.0.2070) Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94) Adobe Help Manager (x32 Version: 4.0.244) Adobe Photoshop 7.0 (x32 Version: 7.0) Adobe Photoshop Lightroom 4 64-bit (Version: 4.0.1) Adobe Reader XI (11.0.03) - Deutsch (x32 Version: 11.0.03) Alcor Micro USB Card Reader (x32 Version: 1.4.17.35005) ALPS Touch Pad Driver (Version: 7.105.2015.1105) Apple Application Support (x32 Version: 2.3) ARAX Disk Doctor Data Recovery (x32) ATI Catalyst Install Manager (Version: 3.0.754.0) AutoFriend (x32 Version: 4.00.0449) Avira Free Antivirus (x32 Version: 13.0.0.3885) AviSynth 2.5 (x32) AVS Update Manager 1.0 (x32) AVS Video Converter 8 (x32) AVS4YOU Software Navigator 1.4 (x32) AVStoDVD 2.4.1 (x32 Version: 2.4.1) Backup Manager Basic (x32 Version: 2.0.0.29) Battle.net (x32) Broadcom Gigabit NetLink Controller (Version: 12.33.03) BrowseToSave (Version: 1.0) Catalyst Control Center - Branding (x32 Version: 1.00.0000) Catalyst Control Center Core Implementation (x32 Version: 2009.1209.2335.42329) Catalyst Control Center Graphics Full Existing (x32 Version: 2009.1209.2335.42329) Catalyst Control Center Graphics Full New (x32 Version: 2009.1209.2335.42329) Catalyst Control Center Graphics Light (x32 Version: 2009.1209.2335.42329) Catalyst Control Center Graphics Previews Vista (x32 Version: 2009.1209.2335.42329) Catalyst Control Center InstallProxy (x32 Version: 2009.1209.2335.42329) Catalyst Control Center Localization All (x32 Version: 2009.1209.2335.42329) CCC Help Chinese Standard (x32 Version: 2009.1209.2334.42329) CCC Help Chinese Traditional (x32 Version: 2009.1209.2334.42329) CCC Help Czech (x32 Version: 2009.1209.2334.42329) CCC Help Danish (x32 Version: 2009.1209.2334.42329) CCC Help Dutch (x32 Version: 2009.1209.2334.42329) CCC Help English (x32 Version: 2009.1209.2334.42329) CCC Help Finnish (x32 Version: 2009.1209.2334.42329) CCC Help French (x32 Version: 2009.1209.2334.42329) CCC Help German (x32 Version: 2009.1209.2334.42329) CCC Help Greek (x32 Version: 2009.1209.2334.42329) CCC Help Hungarian (x32 Version: 2009.1209.2334.42329) CCC Help Italian (x32 Version: 2009.1209.2334.42329) CCC Help Japanese (x32 Version: 2009.1209.2334.42329) CCC Help Korean (x32 Version: 2009.1209.2334.42329) CCC Help Norwegian (x32 Version: 2009.1209.2334.42329) CCC Help Polish (x32 Version: 2009.1209.2334.42329) CCC Help Portuguese (x32 Version: 2009.1209.2334.42329) CCC Help Russian (x32 Version: 2009.1209.2334.42329) CCC Help Spanish (x32 Version: 2009.1209.2334.42329) CCC Help Swedish (x32 Version: 2009.1209.2334.42329) CCC Help Thai (x32 Version: 2009.1209.2334.42329) CCC Help Turkish (x32 Version: 2009.1209.2334.42329) ccc-core-static (x32 Version: 2009.1209.2335.42329) ccc-utility64 (Version: 2009.1209.2335.42329) CDBurnerXP (Version: 4.3.8.2631) CDisplay 1.8 (x32) CloneDVD 4.1.0.23 (x32) CloneDVD2 (x32) Compatibility Pack für 2007 Office System (x32 Version: 12.0.6612.1000) ContentSAFER (x32) ConvertXtoDVD 4.1.2.336 (x32 Version: 4.1.2.336) Doxillion Document Converter (x32) Dream Day First Home (x32) Dropbox (HKCU Version: 2.0.22) DVD Decrypter (Remove Only) (x32) DVDFab 8.2.1.5 (10/10/2012) Qt eaner (Version: 4.04) eBay Worldwide (x32 Version: 2.1.0901) Free CD to MP3 Converter (x32) Free DVD Decrypter version 1.5.6.908 (x32 Version: 1.5.6.908) Free M4a to MP3 Converter 7.1 (x32) Free MKV Video2Dvd 3.30 (x32) Free Video Converter V 2.7 (x32 Version: 2.7.0.0) Free WAV to MP3 Converter (x32 Version: 1.0) Freemake Audio Converter Version 1.1.0 (x32 Version: 1.1.0) GoforFiles (HKCU Version: 1.6.0) Google Chrome (x32 Version: 28.0.1500.95) Google Update Helper (x32 Version: 1.3.21.153) Haali Media Splitter (x32) High-Logic FontCreator 6.0 (x32) HitmanPro 3.7 (Version: 3.7.7.203) HomeTab 3.7 (x32 Version: 3.7) Identity Card (x32 Version: 1.00.3003) ImgBurn (x32 Version: 2.5.5.0) Intel(R) Management Engine Components (x32 Version: 6.0.0.1179) Intel® Matrix Storage Manager IPTInstaller (x32 Version: 4.0.4) IVM Answering Attendant (x32) Java 7 Update 25 (64-bit) (Version: 7.0.250) Java 7 Update 9 (x32 Version: 7.0.90) Java Auto Updater (x32 Version: 2.1.9.0) Java(TM) 6 Update 37 (x32 Version: 6.0.370) JDownloader (x32 Version: 0.89) Junk Mail filter update (x32 Version: 14.0.8089.726) kikin Plugin (NO23 Edition) 1.11 (x32 Version: 1.11) Launch Manager (x32 Version: 3.0.05) Linkury Smartbar (x32 Version: 1.6.1.835) LSI HDA Modem (Version: 2.2.98) Magic Bullet Suite 64-bit (Version: 11.4.1) Magic Bullet Suite 64-bit (x32 Version: 11.4.1) Magic ISO Maker v5.5 (build 0281) (x32) MAGIX Foto Clinic 4.5 (D) (x32 Version: 4.5.8.1) Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300) Messer v0.992 (x32) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft Application Error Reporting (Version: 12.0.6015.5000) Microsoft Choice Guard (x32 Version: 2.0.48.0) Microsoft Office 2007 Service Pack 3 (SP3) (x32) Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000) Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Language Pack 2007 - German/Deutsch (x32 Version: 12.0.6612.1000) Microsoft Office O MUI (German) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000) Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office PowerPoint Viewer 2007 (German) (x32 Version: 12.0.6612.1000) Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014) Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014) Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32) Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000) Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000) Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000) Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3) (x32) Microsoft Office SharePoint Designer MUI (German) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Suite Activation Assistant (x32 Version: 2.9) Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office X MUI (German) 2007 (x32 Version: 12.0.6612.1000) Microsoft Silverlight (Version: 5.1.20513.0) Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000) Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219) Microsoft Word 2000 (x32 Version: 9.00.2816) Microsoft Works (x32 Version: 9.7.0621) MixMeister BPM Analyzer 1.0 (x32) MKVtoolnix 4.9.1 (x32 Version: 4.9.1) Monkey's Audio (x32) Mozilla Firefox 22.0 (x86 de) (x32 Version: 22.0) Mozilla Maintenance Service (x32 Version: 22.0) Mp3tag v2.51 (x32 Version: v2.51) MSVCRT (x32 Version: 14.0.1468.721) MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0) MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0) MyVideoConverter 2.405 (x32 Version: 2.405) MyWinLocker (x32 Version: 3.1.76.0) Nero 7 Ultra Edition (x32 Version: 7.02.0936) NJStar Chinese WP (x32 Version: 5.30) No23 Recorder (x32 Version: 2.1.0.3) Norton Online Backup (x32 Version: 1.2.0.36) NTI Backup Now 5 (x32 Version: 5.1.2.627) NTI Backup Now Standard (x32 Version: 5.1.2.627) NTI Media Maker 8 (x32 Version: 8.0.12.6623) Opera 11.51 (x32 Version: 11.51) Paint.NET v3.5.10 (Version: 3.60.0) PandoraRecovery (Remove Only) (x32) PC Inspector File Recovery (x32 Version: 4.0) PCSX2 - Playstation 2 Emulator (x32) PDF24 Creator 4.9.0 (x32) PhotoScape (x32) PrimaScan 2400U (x32) Project64 1.6 (x32 Version: 1.6) QuickTime (x32 Version: 7.73.80.64) Real Alternative 2.0.2 (x32 Version: 2.0.2) RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0) RealPlayer (x32 Version: 15.0.6) Realtek High Definition Audio Driver (x32 Version: 6.0.1.5969) RealUpgrade 1.1 (x32 Version: 1.1.0) Recuva (Version: 1.39) Revo Uninstaller 1.94 (x32 Version: 1.94) Roadkil's Unstoppable Copier Version 5.2 (x32) Sony Ericsson PC Companion 1.60.13 (x32 Version: 1.60.13) Sony Ericsson Update Service (x32 Version: 2.11.7.13) SoulSeek 157 NS 13e (x32) Stamp ID3 Tag Editor (x32) StuffIt Expander 2011 (Version: 15.0.1.17) Super Luigi (x32) Super Mario Combat (x32) SWFPlayer 2.6.2.0 (x32 Version: 2.6.2.0) Ultimate Sonic (x32) UltraISO Premium V9.53 (x32) Uninstall 1.0.0.1 (x32) Update for 2007 Microsoft Office System (KB967642) (x32) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1) Update for Microsoft Office 2007 Help for Common Features (KB963673) (x32) Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition (x32) Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition (x32) Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32) Update for Microsoft Office Excel 2007 Help (KB963678) (x32) Update for Microsoft Office OneNote 2007 Help (KB963670) (x32) Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (x32) Update for Microsoft Office Powerpoint 2007 Help (KB963669) (x32) Update for Microsoft Office Script Editor Help (KB963671) (x32) Update for Microsoft Office Word 2007 Help (KB963665) (x32) Update für Microsoft Office Excel 2007 Help (KB963678) (x32) Update für Microsoft Office Outlook 2007 Help (KB963677) (x32) Update für Microsoft Office Powerpoint 2007 Help (KB963669) (x32) Update für Microsoft Office Word 2007 Help (KB963665) (x32) Visual C++ 9.0 CRT (x86) WinSXS MSM (x32 Version: 9.0) VLC media player 2.0.5 (Version: 2.0.5) WaveLab 6 (x32 Version: 6.1.1.353) Welcome Center (x32 Version: 1.00.3008) Western Railway 3D Screensaver 1.0 (x32 Version: 1.0) Windows Live Anmelde-Assistent (x32 Version: 5.000.818.5) Windows Live Call (x32 Version: 14.0.8064.0206) Windows Live Communications Platform (x32 Version: 14.0.8064.206) Windows Live Essentials (x32 Version: 14.0.8089.0726) Windows Live Essentials (x32 Version: 14.0.8089.726) Windows Live Fotogalerie (x32 Version: 14.0.8081.709) Windows Live Mail (x32 Version: 14.0.8089.0726) Windows Live Messenger (x32 Version: 14.0.8089.0726) Windows Live Movie Maker (x32 Version: 14.0.8091.0730) Windows Live Sync (x32 Version: 14.0.8089.726) Windows Live Writer (x32 Version: 14.0.8089.0726) Windows Live-Uploadtool (x32 Version: 14.0.8014.1029) Windows Utils (x32) WinISO (x32 Version: 6.2.0.4561) WinPcap 4.1.2 (x32 Version: 4.1.0.2001) WinRAR XSManager (x32 Version: 3.0) ==================== Restore Points ========================= 06-08-2013 09:31:41 Windows Update 06-08-2013 12:33:08 Windows Update 06-08-2013 13:29:32 Camtasia Studio 8 wird entfernt ==================== Hosts content: ========================== 2009-07-14 04:34 - 2013-02-07 16:31 - 00000944 ____N C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 activation.cloud.techsmith.com 127.0.0.1 lmlicenses.wip4.adobe.com ==================== Scheduled Tasks (whitelisted) ============= Task: {1CD23554-B33D-46FF-916C-325F9F27F1CA} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2466762564-940141292-4185495133-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-07-27] (RealNetworks, Inc.) Task: {26185D45-5F8C-4C0D-B0BB-63D41852AF5D} - System32\Tasks\AdobeFlashPlayerUpdate => C:\Windows\SysWOW64\FlashPlayerUpdateService.exe No File Task: {2A2C732F-C72B-4977-BC8C-ED4D3B8B0DF0} - System32\Tasks\Red Giant Link => C:\Program Files (x86)\Red Giant Link\Common\Red Giant Link.exe [2012-06-25] () Task: {463FC5CA-DEBB-44CD-BB16-5F371308683D} - System32\Tasks\GoforFilesUpdate => C:\Program Files (x86)\GoforFiles\GFFUpdater.exe No File Task: {58855AB7-D989-4402-B41C-906C98816BAC} - System32\Tasks\BrowserDefendert => C:\Windows\system32\sc.exe [2009-07-14] (Microsoft Corporation) Task: {63C53241-09EA-4F28-AE0F-A4396E9440FA} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2466762564-940141292-4185495133-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-07-27] (RealNetworks, Inc.) Task: {6A7F103C-4524-4BC0-8764-3D7A5A14F726} - System32\Tasks\DealPlyUpdate => C:\Program Files (x86)\DealPly\DealPlyUpdate.exe No File Task: {7CCCD295-0B69-4A5C-9AD6-EBBED5C1E5BF} - System32\Tasks\NCH Swift Sound\ivmShakeIcon => C:\Program Files (x86)\NCH Swift Sound\IVM\IVM.exe [2011-01-03] (NCH Software) Task: {97644A33-D20B-4900-B503-56C6D96752BF} - System32\Tasks\EPUpdater => C:\Users\And\AppData\Roaming\BABSOL~1\Shared\BabMaint.exe No File Task: {A238C6CC-6F3B-4D21-866B-38FC99EAE2BF} - System32\Tasks\DealPly => C:\Users\And\AppData\Roaming\DealPly\UPDATE~1\UPDATE~1.EXE No File Task: {A4342C0D-B7D6-4CEE-9621-9B6CEC5279C0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-23] (Google Inc.) Task: {AAE87F3E-E936-47FF-AFBA-F50BFB764974} - System32\Tasks\schedule!3036567561 => C:\ProgramData\BetterSoft\OptimizerPro\OptimizerPro.exe No File Task: {ABDF708E-3A66-4B3F-A63C-383F08C48EB5} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-07-22] (Piriform Ltd) Task: {AD4643DF-A225-4F86-8E54-0DB89C6426DA} - System32\Tasks\AdobeFlashPlayerUpdate 2 => C:\Windows\SysWOW64\FlashPlayerUpdateService.exe No File Task: {AF61EF2A-880F-4659-8AA3-7D11152B6A37} - System32\Tasks\NCH Software\StampReminder => C:\Program Files (x86)\NCH Software\Stamp\Stamp.exe [2012-06-02] (NCH Software) Task: {B25AA450-1194-4CFA-95C8-91284517A395} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-23] (Microsoft Corporation) Task: {B2EC01C0-68F2-4523-8374-84CBEC6E8AE6} - \Browser Updater\Browser Updater No Task File Task: {C7D66695-B35A-40CB-A5F0-09540CBA3B53} - System32\Tasks\Express FilesUpdate => C:\Program Files (x86)\ExpressFiles\EFUpdater.exe No File Task: {D2998863-EAE5-4B9E-9913-B17B7FAA996F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-23] (Google Inc.) Task: {E3C4397C-658D-45B8-8BA6-434F5065DC97} - System32\Tasks\Go for FilesUpdate => C:\Program Files (x86)\GoforFiles\GFFUpdater.exe No File Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\schedule!3036567561.job => C:\ProgramData\BetterSoft\OptimizerPro\OptimizerPro.exe ==================== Faulty Device Manager Devices ============= Name: pcouffin device ... Description: pcouffin device ... Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (08/06/2013 11:59:14 AM) (Source: MsiInstaller) (User: NT-AUTORITÄT) Description: Product: Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 -- Error 1935.An error occurred during the installation of assembly 'Microsoft.VC90.MFC,version="9.0.30729.6161",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="amd64",type="win32"'. Please refer to Help and Support for more information. HRESULT: 0x80070BC9. assembly interface: IAssemblyCacheItem, function: Commit, component: {66D3DCA5-4396-3023-BB22-E980C88CBE12} Error: (08/06/2013 10:33:57 AM) (Source: Microsoft-Windows-CAPI2) (User: ) Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error: (08/06/2013 10:33:29 AM) (Source: Microsoft-Windows-CAPI2) (User: ) Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error: (08/06/2013 10:33:24 AM) (Source: Microsoft-Windows-CAPI2) (User: ) Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error: (08/06/2013 10:33:20 AM) (Source: Microsoft-Windows-CAPI2) (User: ) Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error: (08/06/2013 10:32:29 AM) (Source: Microsoft-Windows-CAPI2) (User: ) Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error: (08/06/2013 10:32:25 AM) (Source: Microsoft-Windows-CAPI2) (User: ) Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error: (08/06/2013 10:32:20 AM) (Source: Microsoft-Windows-CAPI2) (User: ) Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error: (08/06/2013 10:31:39 AM) (Source: Microsoft-Windows-CAPI2) (User: ) Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error: (08/06/2013 03:59:20 AM) (Source: Windows Search Service) (User: ) Description: Die Leistungsüberwachung für den Gatherer-Dienst kann nicht initialisiert werden, da die Datenquellen nicht geladen sind oder das freigegebene Speicherobjekt nicht geöffnet werden konnte. Dies beeinträchtigt lediglich die Verfügbarkeit der Leistungsindikatoren. Starten Sie den Computer erneut. Kontext: Anwendung, SystemIndex Katalog System errors: ============= Error: (08/06/2013 03:08:27 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (08/06/2013 03:08:27 PM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Media Player-Netzwerkfreigabedienst erreicht. Error: (08/06/2013 03:04:06 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "PPDevice" wurde aufgrund folgenden Fehlers nicht gestartet: %%1275 Error: (08/06/2013 03:04:06 PM) (Source: Application Popup) (User: ) Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\ppsio2.SYS nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten. Error: (08/06/2013 03:03:43 PM) (Source: EventLog) (User: ) Description: Das System wurde zuvor am 06.08.2013 um 15:02:02 unerwartet heruntergefahren. Error: (08/06/2013 01:56:30 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT) Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x800705b4 fehlgeschlagen: Update für Windows 7 für x64-Systeme (KB2661254) Error: (08/06/2013 01:38:26 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT) Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x800705b4 fehlgeschlagen: Sicherheitsupdate für Microsoft .NET Framework 3.5.1 unter Windows 7 und Windows Server 2008 R2 für x64-basierte Systeme (KB2742598) Error: (08/06/2013 01:38:26 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT) Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x800705b4 fehlgeschlagen: Update für Windows 7 für x64-Systeme (KB2647753) Error: (08/06/2013 01:38:26 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT) Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x800705b4 fehlgeschlagen: Sicherheitsupdate für Windows 7 für x64-basierte Systeme (KB2644615) Error: (08/06/2013 01:38:25 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT) Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x800705b4 fehlgeschlagen: Sicherheitsupdate für Windows 7 für x64-Systeme (KB2698365) Microsoft Office Sessions: ========================= ==================== Memory info =========================== Percentage of memory in use: 46% Total physical RAM: 3956.5 MB Available physical RAM: 2097.43 MB Total Pagefile: 7712.04 MB Available Pagefile: 5577.57 MB Total Virtual: 8192 MB Available Virtual: 8191.82 MB ==================== Drives ================================ Drive c: (ACER) (Fixed) (Total:286.27 GB) (Free:7.25 GB) NTFS (Disk=0 Partition=3) ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298 GB) (Disk ID: 5CCE5CCE) Partition 1: (Not Active) - (Size=12 GB) - (Type=27) Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=286 GB) - (Type=07 NTFS) ==================== End Of Log ============================ |
|
06.08.2013, 15:04
| #11 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Malware http://www_getwindowinfo/ läßt sich nicht entfernen Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Dann bitte jetzt Combofix ausführen: Scan mit Combofix
__________________ Logfiles bitte immer in CODE-Tags posten |
|
06.08.2013, 15:44
| #12 |
| | Malware http://www_getwindowinfo/ läßt sich nicht entfernen alles klar hier ist die Combofix.txt : Code:
ATTFilter ComboFix 13-08-05.03 - And 06.08.2013 16:17:58.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.49.1031.18.3956.2191 [GMT 2:00]
ausgeführt von:: c:\users\And\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
ADS - Windows: deleted 48 bytes in 1 streams.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\program files (x86)\Common Files\Acer GameZone online.ico
c:\programdata\46980872
c:\programdata\ininolej.pad
c:\programdata\wavav0bdtzbtb43b.bat
c:\programdata\z7_0ytr.pad
c:\users\And\AppData\Local\lame_enc.dll
c:\users\And\AppData\Local\no23xwrapper.dll
c:\users\And\AppData\Local\ogg.dll
c:\users\And\AppData\Local\vorbisenc.dll
c:\users\And\AppData\Local\vorbisfile.dll
c:\users\And\AppData\Roaming\13001.021
c:\users\And\AppData\Roaming\13001.021\chrome.manifest
c:\users\And\AppData\Roaming\13001.021\components\AcroFF.txt
c:\users\And\AppData\Roaming\13001.021\install.rdf
c:\users\And\AppData\Roaming\13001.022
c:\users\And\AppData\Roaming\13001.022\chrome.manifest
c:\users\And\AppData\Roaming\13001.022\components\AcroFF.txt
c:\users\And\AppData\Roaming\13001.022\install.rdf
c:\users\And\AppData\Roaming\13001.023
c:\users\And\AppData\Roaming\13001.023\chrome.manifest
c:\users\And\AppData\Roaming\13001.023\components\AcroFF.txt
c:\users\And\AppData\Roaming\13001.023\install.rdf
c:\users\And\AppData\Roaming\Acna
c:\users\And\AppData\Roaming\Acna\usnya.kal
c:\users\And\AppData\Roaming\AcroIEHelpe.txt
c:\users\And\AppData\Roaming\Hyazlu
c:\users\And\AppData\Roaming\Hyazlu\iriq.xuq
c:\users\And\AppData\Roaming\Iqwapo
c:\users\And\AppData\Roaming\Iqwapo\pyum.ylc
c:\users\And\AppData\Roaming\Kayt
c:\users\And\AppData\Roaming\Kayt\veaka.uta
c:\users\And\AppData\Roaming\srvblck5.tmp
c:\users\And\AppData\Roaming\Syizka
c:\users\And\AppData\Roaming\Syizka\meidt.agd
c:\windows\IsUn0407.exe
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\wpcap.dll
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_npf
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-07-06 bis 2013-08-06 ))))))))))))))))))))))))))))))
.
.
2013-08-06 14:27 . 2013-08-06 14:27 -------- d-----w- c:\users\TigerBlade\AppData\Local\temp
2013-08-06 14:27 . 2013-08-06 14:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-08-06 14:27 . 2013-08-06 14:27 -------- d-----w- c:\users\Andicore\AppData\Local\temp
2013-08-05 23:17 . 2013-08-05 23:17 -------- d-----w- c:\windows\ERUNT
2013-08-05 23:10 . 2013-08-05 23:10 -------- d-----w- C:\FRST
2013-08-05 22:49 . 2013-08-05 22:49 -------- d-----w- c:\program files\HitmanPro
2013-08-05 22:48 . 2013-08-05 23:03 -------- d-----w- c:\programdata\HitmanPro
2013-08-05 22:10 . 2013-08-05 22:10 972712 ----a-w- c:\windows\system32\deployJava1.dll
2013-08-05 22:10 . 2013-08-05 22:10 312232 ----a-w- c:\windows\system32\javaws.exe
2013-08-05 22:10 . 2013-08-05 22:10 1093032 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-08-05 22:10 . 2013-08-05 22:10 108968 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2013-08-05 22:10 . 2013-08-05 22:10 189352 ----a-w- c:\windows\system32\javaw.exe
2013-08-05 22:10 . 2013-08-05 22:10 188840 ----a-w- c:\windows\system32\java.exe
2013-08-05 22:10 . 2013-08-05 22:10 -------- d-----w- c:\program files\Java
2013-08-05 21:53 . 2013-08-05 21:55 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-08-05 21:53 . 2013-08-05 21:55 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-08-05 21:52 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe
2013-08-05 21:52 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
2013-08-05 21:20 . 2012-02-11 06:32 956416 ----a-w- c:\windows\system32\localspl.dll
2013-08-05 21:20 . 2012-02-11 06:36 751104 ----a-w- c:\windows\system32\win32spl.dll
2013-08-05 21:20 . 2012-02-11 06:29 559104 ----a-w- c:\windows\system32\spoolsv.exe
2013-08-05 21:20 . 2012-02-11 06:29 67584 ----a-w- c:\windows\splwow64.exe
2013-08-05 21:20 . 2012-02-11 05:44 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-08-05 21:19 . 2012-06-02 05:25 1462784 ----a-w- c:\windows\system32\crypt32.dll
2013-08-05 21:19 . 2012-06-02 05:25 182272 ----a-w- c:\windows\system32\cryptsvc.dll
2013-08-05 21:19 . 2012-06-02 05:25 140288 ----a-w- c:\windows\system32\cryptnet.dll
2013-08-05 21:19 . 2012-06-02 04:45 139264 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-08-05 21:19 . 2012-06-02 04:45 1157632 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-08-05 21:19 . 2012-06-02 04:45 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-08-05 21:18 . 2011-11-19 15:07 77312 ----a-w- c:\windows\system32\packager.dll
2013-08-05 21:18 . 2011-11-19 14:06 67072 ----a-w- c:\windows\SysWow64\packager.dll
2013-08-05 21:00 . 2013-08-05 21:00 -------- d-----w- c:\program files\CCleaner
2013-08-05 20:40 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2013-08-05 20:40 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2013-08-05 20:40 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2013-08-05 20:40 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2013-08-05 20:39 . 2012-06-02 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2013-08-05 20:39 . 2012-06-02 13:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2013-08-05 14:22 . 2013-08-05 14:23 -------- d-----w- c:\windows\8AE3CFB678B24F55A7BE618FCFF43A03.TMP
2013-08-05 12:33 . 2013-08-05 12:33 -------- d-----w- c:\program files\Enigma Software Group
2013-08-05 12:31 . 2013-08-05 12:31 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2013-08-04 20:19 . 2013-08-04 21:00 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2013-08-04 20:19 . 2013-08-05 22:18 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
2013-08-04 14:04 . 2013-08-04 14:04 -------- d-----w- c:\users\And\AppData\Roaming\Template
2013-08-04 13:39 . 2013-08-04 13:39 -------- d-----w- c:\program files (x86)\Common Files\soft Xpansion
2013-08-04 13:38 . 2013-08-04 13:38 -------- d-----w- C:\SoftwareUpdater
2013-08-04 13:36 . 2013-08-01 01:08 32328 ----a-w- c:\windows\Launcher.exe
2013-08-04 13:35 . 2013-08-04 13:47 -------- d-----w- c:\users\And\AppData\Roaming\Windows Net Data
2013-08-04 08:25 . 2013-08-04 08:25 -------- d-----w- c:\users\And\AppData\Roaming\Avira
2013-08-04 08:20 . 2013-08-04 08:20 83672 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2013-08-04 08:18 . 2013-08-04 08:10 28600 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2013-08-04 08:18 . 2013-08-04 08:10 130016 ----a-w- c:\windows\system32\drivers\avipbb.sys
2013-08-04 08:18 . 2013-08-04 08:10 100712 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-08-04 08:18 . 2013-08-04 08:18 -------- d-----w- c:\program files (x86)\Avira
2013-07-30 18:26 . 2013-07-30 18:26 -------- d-----w- c:\users\TigerBlade\AppData\Roaming\Malwarebytes
2013-07-30 10:56 . 2013-07-30 10:56 -------- d-----w- c:\users\And\AppData\Local\www.rene-zeidler.de
2013-07-30 10:56 . 2013-07-30 10:56 -------- d-----w- c:\users\And\AppData\Roaming\www.rene-zeidler.de
2013-07-30 10:56 . 2013-07-30 10:56 -------- d-----w- c:\programdata\www.rene-zeidler.de
2013-07-21 18:09 . 2013-07-21 18:09 59 ----a-w- c:\programdata\ininolej.bat
2013-07-21 18:09 . 2013-07-21 18:09 2731 ----a-w- c:\programdata\ininolej.js
2013-07-21 18:09 . 2013-07-21 18:09 154 ----a-w- c:\programdata\ininolej.reg
2013-07-09 13:49 . 2013-07-09 13:49 162 ----a-w- c:\programdata\wavav0bdtzbtb43b.reg
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-06 14:34 . 2013-08-06 14:34 32000 ----a-w- c:\windows\system32\drivers\hitmanpro37.sys
2013-08-03 11:57 . 2013-08-03 11:57 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9B9C1BC9-A7B9-4BC2-BF19-382EC5C548E8}\offreg.dll
2013-07-02 08:34 . 2013-07-18 04:15 9460976 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9B9C1BC9-A7B9-4BC2-BF19-382EC5C548E8}\mpengine.dll
2013-06-23 22:41 . 2010-02-19 11:37 78185248 ----a-w- c:\windows\system32\MRT.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-09-11 05:41 120104 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-09-24 261888]
"EgisTecLiveUpdate"="c:\program files (x86)\EgisTec Egis Software Update\EgisUpdate.exe" [2009-08-04 199464]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-12-09 98304]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-11-01 1094736]
"ArcadeDeluxeAgent"="c:\program files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-10-29 419112]
"IVM"="c:\program files (x86)\NCH Swift Sound\IVM\ivm.exe" [2011-01-02 1514500]
"MAAgent"="c:\program files (x86)\MarkAny\ContentSAFER\MAAgent.exe" [2008-09-19 61440]
"PDFPrint"="c:\program files (x86)\PDF24\pdf24.exe" [2012-09-06 162408]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\Update\realsched.exe" [2012-11-01 296096]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-08-04 345144]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576]
.
c:\users\And\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\And\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-25 27776968]
net.lnk - c:\users\And\AppData\Roaming\Windows Net Data\net.exe [2013-8-4 709120]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office\OSA9.EXE -b -l [1999-2-17 65588]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
R2 gupdate;Google Update-Dienst (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe;c:\program files (x86)\Google\Update\GoogleUpdate.exe [x]
R2 IVMService;IVM Answering Attendant;c:\program files (x86)\NCH Swift Sound\IVM\ivm.exe;c:\program files (x86)\NCH Swift Sound\IVM\ivm.exe [x]
R2 ppsio2;PPDevice; [x]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]
R3 cmnsusbser;Mobile Connector USB Device for Legacy Serial Communication LCT2053s;c:\windows\system32\DRIVERS\cmnsusbser.sys;c:\windows\SYSNATIVE\DRIVERS\cmnsusbser.sys [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys;c:\windows\SYSNATIVE\DRIVERS\ggflt.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe;c:\program files (x86)\Google\Update\GoogleUpdate.exe [x]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys;c:\windows\SYSNATIVE\Drivers\ANDROIDUSB.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys;c:\windows\SYSNATIVE\DRIVERS\htcnprot.sys [x]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [x]
R3 SXDS10;soft Xpansion Dispatch Service;c:\program files (x86)\Common Files\soft Xpansion\sxds10.exe \Service;c:\program files (x86)\Common Files\soft Xpansion\sxds10.exe \Service [x]
R4 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x]
S2 Freemake Improver;Freemake Improver;c:\programdata\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe;c:\programdata\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [x]
S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe;c:\program files (x86)\Acer\Registration\GregHSRW.exe [x]
S2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\HitmanPro\hmpsched.exe;c:\program files\HitmanPro\hmpsched.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [x]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [x]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [x]
S2 RS_Service;Raw Socket Service;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
S2 WinisoCDBus;WinISO Virtual CD Drive;c:\windows\system32\drivers\WinisoCDBus.sys;c:\windows\SYSNATIVE\drivers\WinisoCDBus.sys [x]
S2 XS Stick Service;XS Stick Service;c:\windows\service4g.exe;c:\windows\service4g.exe [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys;c:\windows\SYSNATIVE\drivers\hitmanpro37.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - HITMANPRO37
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-07-31 23:08 1173456 ----a-w- c:\program files (x86)\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-08-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-23 08:21]
.
2013-08-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-23 08:21]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-09-11 05:44 137512 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-07-22 323072]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"mwlDaemon"="c:\program files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-09-11 349480]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-05-22 295936]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-09-30 823840]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = hxxp://www.google.com
mDefault_Search_URL = hxxp://www.google.com
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7740&r=27360210d006l0458z1h5t4471e56q
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.google.com
mSearch Bar = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - {E601996F-E400-41CA-804B-CD6373A7EEE2} -
IE: {{92808042-fb78-4fa0-bb4f-c9a95e0e9c10} - {ba696155-d96e-4281-b467-0367a0456474} - c:\users\And\AppData\Roaming\HomeTab\HomeTab.dll
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\And\AppData\Roaming\Mozilla\Firefox\Profiles\c4ua26qo.default\
FF - prefs.js: browser.startup.homepage - about:home
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{ba696155-d96e-4281-b467-0367a0456474} - c:\users\And\AppData\Roaming\HomeTab\HomeTab.dll
Toolbar-{ba696155-d96e-4281-b467-0367a0456474} - c:\users\And\AppData\Roaming\HomeTab\HomeTab.dll
Wow6432Node-HKCU-Run-uTorrent - c:\program files (x86)\uTorrent\uTorrent.exe
Wow6432Node-HKCU-Run-MRDaemon.exe - c:\program files (x86)\Mnet\QuickManager2\MRDaemon.exe
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKCU-Run-Eqxooqba - c:\users\And\AppData\Roaming\Toic\ytxoe.exe
SafeBoot-mcmscsvc
SafeBoot-MCODS
WebBrowser-{37483B40-C254-4A72-BDA4-22EE90182C1E} - (no file)
AddRemove-Adobe Photoshop 7.0 - c:\windows\ISUN0407.EXE
AddRemove-Free DVD Decrypter_is1 - c:\program files (x86)\Common Files\DVDVideoSoft\Uninstall.exe
AddRemove-kikin Plugin (NO23 Edition) - c:\program files (x86)\kikin\uninst.exe
AddRemove-SP_f2a323db - c:\program files (x86)\BrowseToSave\uninstall.exe
AddRemove-Uninstall_is1 - c:\program files (x86)\Common Files\DVDVideoSoft\unins000.exe
AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\programdata\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}\bm_installer.exe
AddRemove-{3a4935b3-b7a0-4065-8ccc-0030471b33f1}_is1 - c:\program files (x86)\HomeTab\unins000.exe
AddRemove-GoforFiles - c:\program files (x86)\GoforFiles\uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\windows\starter4g.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\users\And\AppData\Roaming\Dropbox\bin\Dropbox.exe
c:\program files (x86)\Internet Explorer\iexplore.exe
c:\program files (x86)\Internet Explorer\iexplore.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-08-06 16:40:51 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2013-08-06 14:40
.
Vor Suchlauf: 6.898.270.208 Bytes frei
Nach Suchlauf: 6.283.636.736 Bytes frei
.
- - End Of File - - 087D8695E5E44887D28A750A5DAB6729
5C616939100B85E558DA92B899A0FC36
|
|
06.08.2013, 16:13
| #13 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Malware http://www_getwindowinfo/ läßt sich nicht entfernen JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Im Anschluss: adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Danach eine Kontrolle mit Farbars Tool bitte: Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ Logfiles bitte immer in CODE-Tags posten |
|
06.08.2013, 21:32
| #14 |
| | Malware http://www_getwindowinfo/ läßt sich nicht entfernen okay hier die JRT.txt : Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.3.3 (08.04.2013:1)
OS: Windows 7 Home Premium x64
Ran by And on 06.08.2013 at 21:48:13,86
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 06.08.2013 at 21:56:26,17
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter # AdwCleaner v2.306 - Datei am 06/08/2013 um 22:05:19 erstellt
# Aktualisiert am 19/07/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium (64 bits)
# Benutzer : And - AND-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\And\Desktop\adwcleaner06.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
***** [Registrierungsdatenbank] *****
***** [Internet Browser] *****
-\\ Internet Explorer v8.0.7600.16722
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v22.0 (de)
Datei : C:\Users\And\AppData\Roaming\Mozilla\Firefox\Profiles\c4ua26qo.default\prefs.js
[OK] Die Datei ist sauber.
Datei : C:\Users\Andicore\AppData\Roaming\Mozilla\Firefox\Profiles\toomd3re.default\prefs.js
[OK] Die Datei ist sauber.
-\\ Google Chrome v28.0.1500.95
Datei : C:\Users\And\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
-\\ Opera v11.51.1087.0
Datei : C:\Users\And\AppData\Roaming\Opera\Opera\operaprefs.ini
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [193497 octets] - [04/08/2013 20:00:00]
AdwCleaner[R2].txt - [1883 octets] - [04/08/2013 20:07:03]
AdwCleaner[R3].txt - [1483 octets] - [05/08/2013 11:07:51]
AdwCleaner[S1].txt - [52900 octets] - [04/08/2013 20:02:21]
AdwCleaner[S2].txt - [1951 octets] - [04/08/2013 20:09:33]
AdwCleaner[S3].txt - [1545 octets] - [05/08/2013 11:10:22]
AdwCleaner[S4].txt - [1757 octets] - [06/08/2013 00:35:47]
AdwCleaner[S5].txt - [1652 octets] - [06/08/2013 10:12:39]
AdwCleaner[S6].txt - [1583 octets] - [06/08/2013 22:05:19]
########## EOF - C:\AdwCleaner[S6].txt - [1643 octets] ##########
FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-08-2013
Ran by And (administrator) on 06-08-2013 22:26:18
Running from C:\Users\And\Downloads
Windows 7 Home Premium (X64) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\system32\atiesrxx.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
(Acer) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(4G Systems GmbH & Co. KG) C:\Windows\service4g.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(AlcorMicro Co., Ltd.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Dropbox, Inc.) C:\Users\And\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Windows Net) C:\Users\And\AppData\Roaming\Windows Net Data\net.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\HidFind.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apntex.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
((주)마크애니) C:\Program Files (x86)\MarkAny\ContentSAFER\MAAgent.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Farbar) C:\Users\And\Downloads\FRST64(1).exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [AmIcoSinglun64] - C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [323072 2009-07-23] (AlcorMicro Co., Ltd.)
HKLM\...\Run: [IAAnotif] - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-05] (Intel Corporation)
HKLM\...\Run: [mwlDaemon] - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe [349480 2009-09-11] (Egis Technology Inc.)
HKLM\...\Run: [Apoint] - C:\Program Files\Apoint2K\Apoint.exe [295936 2009-05-22] (Alps Electric Co., Ltd.)
HKLM\...\Run: [Acer ePower Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [823840 2009-09-30] (Acer Incorporated)
HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [261888 2009-09-25] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [EgisTecLiveUpdate] - C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe [199464 2009-08-04] (Egis Technology Inc.)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-12-10] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [1094736 2009-11-02] (Dritek System Inc.)
HKLM-x32\...\Run: [ArcadeDeluxeAgent] - C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [419112 2009-10-29] (CyberLink Corp.)
HKLM-x32\...\Run: [IVM] - C:\Program Files (x86)\NCH Swift Sound\IVM\ivm.exe [1514500 2011-01-03] (NCH Software)
HKLM-x32\...\Run: [MAAgent] - C:\Program Files (x86)\MarkAny\ContentSAFER\MAAgent.exe [61440 2008-09-19] ((주)마크애니)
HKLM-x32\...\Run: [PDFPrint] - C:\Program Files (x86)\PDF24\pdf24.exe [162408 2012-09-06] (Geek Software GmbH)
HKLM-x32\...\Run: [TkBellExe] - C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [296096 2012-11-01] (RealNetworks, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [345144 2013-08-04] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162336 2009-07-08] ()
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162336 2009-07-08] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
Startup: C:\Users\And\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\And\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\And\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\net.lnk
ShortcutTarget: net.lnk -> C:\Users\And\AppData\Roaming\Windows Net Data\net.exe (Windows Net)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7740&r=27360210d006l0458z1h5t4471e56q
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7740&r=27360210d006l0458z1h5t4471e56q
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL =
SearchScopes: HKCU - ToolbarSearchProviderProgress {96bd48dd-741b-41ae-ac4a-aff96ba00f7e}
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: HomeTab - {ba696155-d96e-4281-b467-0367a0456474} - C:\Users\And\AppData\Roaming\HomeTab\HomeTab.dll No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - HomeTab - {ba696155-d96e-4281-b467-0367a0456474} - C:\Users\And\AppData\Roaming\HomeTab\HomeTab.dll No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKCU - No Name - {37483B40-C254-4A72-BDA4-22EE90182C1E} - No File
Handler: ipp - No CLSID Value -
Handler: msdaipp - No CLSID Value -
Handler-x32: ipp - No CLSID Value -
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler-x32: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler-x32: msdaipp - No CLSID Value -
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Acer\Acer VCM\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks-x32: ShellHook Class - {88485281-8b4b-4f8d-9ede-82e29a064277} - C:\PROGRA~2\MarkAny\CONTEN~1\MACSMA~1.DLL [192512 2004-11-23] (MarkAny Cooperation.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\And\AppData\Roaming\Mozilla\Firefox\Profiles\c4ua26qo.default
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.9.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.9.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=15.0.6.14 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=15.0.6.14 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.448 - C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=15.0.6.14 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [{0153E448-190B-4987-BDE1-F256CADA672F}] C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF HKCU\...\Firefox\Extensions: [{9A207F60-3F1C-4ED0-972D-0A4CDFBFF803}] C:\Users\And\AppData\Roaming\13001.023
FF StartMenuInternet: FIREFOX.EXE - firefox.exe
Chrome:
=======
CHR Extension: (Google Docs) - C:\Users\And\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\And\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (Freemake Video Downloader) - C:\Users\And\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpegkgagfojjbcpkihigfmkojdmmimdf\1.0.0_0
CHR Extension: (Freemake Youtube Download Button) - C:\Users\And\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehgldbbpchgpcfagfpfjgoomddhccfgh\1.0.0_0
CHR Extension: () - C:\Users\And\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmlgoencnlndpglbocajlimaikjohmab\background.html
CHR Extension: (Hedgehog in the fog) - C:\Users\And\AppData\Local\Google\Chrome\User Data\Default\Extensions\haocganpkafanhkfldbbmhcpaelmkejg\3_0
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\And\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0
CHR Extension: (Gmail) - C:\Users\And\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [fgibjgmnimooanbagcfpnkmngejcojaf] - C:\Program Files (x86)\HomeTab\chrome\HomeTab.crx
CHR HKLM-x32\...\Chrome\Extension: [hempmfkijmahkaddljkmchcmjbojoedl] - C:\Users\And\AppData\Local\Temp\ccex.crx
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx
CHR HKLM-x32\...\Chrome\Extension: [mbcjjdjanpccmehilicphhmeobiljcpk] - C:\Program Files (x86)\FTDownloader.com\FTDownloader10.crx
CHR StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-08-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-08-04] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [589368 2013-08-04] (Avira Operations GmbH & Co. KG)
R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [101888 2013-07-17] (Freemake)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [109352 2013-08-06] (SurfRight B.V.)
S2 IVMService; C:\Program Files (x86)\NCH Swift Sound\IVM\ivm.exe [1514500 2011-01-03] (NCH Software)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MWLService; C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [305448 2009-09-11] (Egis Technology Inc.)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2012-10-08] ()
R2 RS_Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [253952 2009-07-10] (Acer Incorporated)
S3 SXDS10; C:\Program Files (x86)\Common Files\soft Xpansion\sxds10.exe [234096 2013-08-04] (soft Xpansion)
R2 XS Stick Service; C:\Windows\service4g.exe [125200 2009-06-17] (4G Systems GmbH & Co. KG)
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-08-04] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-08-04] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-08-04] (Avira Operations GmbH & Co. KG)
S3 cmnsusbser; C:\Windows\System32\DRIVERS\cmnsusbser.sys [117888 2010-02-13] (Mobile Connector)
R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115600 2010-01-29] (EZB Systems, Inc.)
R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115600 2010-01-29] (EZB Systems, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [871408 2013-02-28] ()
R2 WinisoCDBus; C:\Windows\System32\drivers\WinisoCDBus.sys [204032 2012-06-27] (WinISO.com)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-08-06 21:56 - 2013-08-06 21:56 - 00000623 _____ C:\Users\And\Desktop\JRT.txt
2013-08-06 21:45 - 2013-08-06 21:45 - 00563461 _____ (Oleg N. Scherbakov) C:\Users\And\Downloads\JRT.exe
2013-08-06 16:40 - 2013-08-06 16:40 - 00024054 _____ C:\ComboFix.txt
2013-08-06 16:13 - 2013-08-06 16:11 - 05100695 ____R (Swearware) C:\Users\And\Desktop\ComboFix.exe
2013-08-06 16:12 - 2013-08-06 16:40 - 00000000 ____D C:\Qoobox
2013-08-06 16:12 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-08-06 16:12 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-08-06 16:12 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-08-06 16:12 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-08-06 16:12 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-08-06 16:12 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-08-06 16:12 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-08-06 16:12 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-08-06 16:11 - 2013-08-06 16:38 - 00000000 ____D C:\Windows\erdnt
2013-08-06 16:11 - 2013-08-06 16:11 - 05100695 ____R (Swearware) C:\Users\And\Downloads\ComboFix.exe
2013-08-06 13:57 - 2013-08-06 13:57 - 01788685 _____ (Farbar) C:\Users\And\Downloads\FRST64(1).exe
2013-08-06 10:45 - 2013-08-06 16:30 - 00002260 _____ C:\Windows\PFRO.log
2013-08-06 10:20 - 2013-08-06 10:21 - 00001652 _____ C:\Users\And\Desktop\adwcleanert.txt
2013-08-06 10:12 - 2013-08-06 10:16 - 00001652 _____ C:\AdwCleaner[S5].txt
2013-08-06 02:55 - 2013-08-06 02:59 - 00004638 _____ C:\Windows\IE9_main.log
2013-08-06 01:17 - 2013-08-06 01:17 - 00000000 ____D C:\Windows\ERUNT
2013-08-06 01:16 - 2013-08-06 01:16 - 00003098 _____ C:\Windows\System32\Tasks\{3B137DB0-EE93-4304-A1D5-E1245BE95ABB}
2013-08-06 01:15 - 2013-08-06 01:15 - 00562008 _____ (Oleg N. Scherbakov) C:\Users\And\Desktop\JRT.exe
2013-08-06 01:11 - 2013-08-06 15:49 - 00026579 _____ C:\Users\And\Downloads\Addition.txt
2013-08-06 01:10 - 2013-08-06 01:10 - 00000000 ____D C:\FRST
2013-08-06 01:09 - 2013-08-06 01:09 - 01788685 _____ (Farbar) C:\Users\And\Downloads\FRST64.exe
2013-08-06 01:02 - 2013-08-06 01:02 - 00001326 _____ C:\Windows\system32\.crusader
2013-08-06 00:49 - 2013-08-06 00:49 - 00001869 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2013-08-06 00:49 - 2013-08-06 00:49 - 00000000 ____D C:\Program Files\HitmanPro
2013-08-06 00:48 - 2013-08-06 01:03 - 00000000 ____D C:\ProgramData\HitmanPro
2013-08-06 00:47 - 2013-08-06 00:48 - 09853928 _____ (SurfRight B.V.) C:\Users\And\Downloads\HitmanPro_x64.exe
2013-08-06 00:35 - 2013-08-06 00:38 - 00001757 _____ C:\AdwCleaner[S4].txt
2013-08-06 00:29 - 2013-08-06 22:15 - 00000616 _____ C:\Windows\setupact.log
2013-08-06 00:29 - 2013-08-06 00:29 - 00000000 _____ C:\Windows\setuperr.log
2013-08-06 00:10 - 2013-08-06 00:10 - 01093032 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll
2013-08-06 00:10 - 2013-08-06 00:10 - 00972712 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll
2013-08-06 00:10 - 2013-08-06 00:10 - 00312232 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-08-06 00:10 - 2013-08-06 00:10 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-08-06 00:10 - 2013-08-06 00:10 - 00188840 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-08-06 00:10 - 2013-08-06 00:10 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-08-06 00:10 - 2013-08-06 00:10 - 00000000 ____D C:\Program Files\Java
2013-08-06 00:08 - 2013-08-06 00:09 - 33150376 _____ (Oracle Corporation) C:\Users\And\Downloads\jre-7u25-windows-x64.exe
2013-08-05 23:59 - 2013-08-05 23:59 - 00001983 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-08-05 23:53 - 2013-08-05 23:55 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-08-05 23:53 - 2013-08-05 23:55 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-08-05 23:52 - 2011-04-09 08:58 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2013-08-05 23:52 - 2011-04-09 07:56 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2013-08-05 23:20 - 2012-02-11 08:36 - 00751104 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2013-08-05 23:20 - 2012-02-11 08:32 - 00956416 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2013-08-05 23:20 - 2012-02-11 08:29 - 00559104 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe
2013-08-05 23:20 - 2012-02-11 08:29 - 00067584 _____ (Microsoft Corporation) C:\Windows\splwow64.exe
2013-08-05 23:20 - 2012-02-11 07:44 - 00492032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-08-05 23:19 - 2012-06-02 07:25 - 01462784 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-05 23:19 - 2012-06-02 07:25 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-05 23:19 - 2012-06-02 07:25 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-05 23:19 - 2012-06-02 06:45 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-05 23:19 - 2012-06-02 06:45 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-05 23:19 - 2012-06-02 06:45 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-05 23:18 - 2011-11-19 17:07 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2013-08-05 23:18 - 2011-11-19 16:06 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2013-08-05 23:00 - 2013-08-05 23:00 - 00002768 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2013-08-05 23:00 - 2013-08-05 23:00 - 00000786 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-08-05 23:00 - 2013-08-05 23:00 - 00000000 ____D C:\Program Files\CCleaner
2013-08-05 22:58 - 2013-08-05 22:58 - 04429440 _____ (Piriform Ltd) C:\Users\And\Downloads\ccsetup404.exe
2013-08-05 22:40 - 2012-06-03 00:19 - 02428952 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2013-08-05 22:40 - 2012-06-03 00:19 - 00057880 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2013-08-05 22:40 - 2012-06-03 00:19 - 00044056 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2013-08-05 22:40 - 2012-06-03 00:15 - 02622464 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2013-08-05 22:39 - 2012-06-02 15:19 - 00186752 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2013-08-05 22:39 - 2012-06-02 15:15 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2013-08-05 16:22 - 2013-08-05 16:23 - 00000000 ____D C:\Windows\8AE3CFB678B24F55A7BE618FCFF43A03.TMP
2013-08-05 15:14 - 2013-08-05 15:14 - 00000000 _____ C:\autoexec.bat
2013-08-05 14:33 - 2013-08-05 14:33 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-08-05 14:25 - 2013-08-05 14:25 - 05799944 _____ (ParetoLogic, Inc.) C:\Users\And\Downloads\RegCureProSetup_RW.exe
2013-08-05 14:25 - 2013-08-05 14:25 - 00726464 _____ (Enigma Software Group USA, LLC.) C:\Users\And\Downloads\SpyHunter-Installer.exe
2013-08-05 14:25 - 2013-08-05 14:25 - 00001205 _____ C:\Users\And\Downloads\FixNCR.reg
2013-08-05 11:10 - 2013-08-05 11:10 - 00001545 _____ C:\AdwCleaner[S3].txt
2013-08-05 11:07 - 2013-08-05 11:09 - 00001483 _____ C:\AdwCleaner[R3].txt
2013-08-04 22:19 - 2013-08-06 00:18 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-08-04 22:19 - 2013-08-04 23:00 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-08-04 22:19 - 2013-08-04 22:19 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2013-08-04 22:17 - 2013-08-04 22:18 - 37672592 _____ (Safer-Networking Ltd. ) C:\Users\And\Downloads\spybotsd-2.1.21-SR2.exe
2013-08-04 20:09 - 2013-08-04 20:09 - 00001951 _____ C:\AdwCleaner[S2].txt
2013-08-04 20:07 - 2013-08-04 20:09 - 00001883 _____ C:\AdwCleaner[R2].txt
2013-08-04 20:02 - 2013-08-04 20:02 - 00052900 _____ C:\AdwCleaner[S1].txt
2013-08-04 20:01 - 2013-08-04 19:59 - 00666633 _____ C:\Users\And\Desktop\adwcleaner06.exe
2013-08-04 20:00 - 2013-08-04 20:01 - 00193497 _____ C:\AdwCleaner[R1].txt
2013-08-04 19:59 - 2013-08-04 19:59 - 00666633 _____ C:\Users\And\Downloads\adwcleaner06.exe
2013-08-04 16:04 - 2013-08-04 16:04 - 00000116 _____ C:\Users\And\AppData\Roaming\wklnhst.dat
2013-08-04 16:04 - 2013-08-04 16:04 - 00000000 ____D C:\Users\And\AppData\Roaming\Template
2013-08-04 15:38 - 2013-08-04 15:38 - 00010464 _____ C:\Windows\SysWOW64\sx_p2d.tlb
2013-08-04 15:38 - 2013-08-04 15:38 - 00000000 ____D C:\Users\And\Downloads\freepdf
2013-08-04 15:38 - 2013-08-04 15:38 - 00000000 ____D C:\SoftwareUpdater
2013-08-04 15:36 - 2013-08-05 01:58 - 00000000 ____D C:\Windows\System32\Tasks\Browser Updater
2013-08-04 15:36 - 2013-08-01 03:08 - 00032328 _____ C:\Windows\Launcher.exe
2013-08-04 15:35 - 2013-08-04 15:47 - 00000000 ____D C:\Users\And\AppData\Roaming\Windows Net Data
2013-08-04 15:32 - 2013-08-04 15:32 - 00444400 _____ C:\Users\And\Downloads\DLG_free-pdf-perfect_chip_de-DE10.exe
2013-08-04 10:25 - 2013-08-04 10:25 - 00000000 ____D C:\Users\And\AppData\Roaming\Avira
2013-08-04 10:20 - 2013-08-04 10:20 - 00083672 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-08-04 10:19 - 2013-08-04 10:19 - 00001998 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-08-04 10:18 - 2013-08-04 10:18 - 00000000 ____D C:\Program Files (x86)\Avira
2013-08-04 10:18 - 2013-08-04 10:10 - 00130016 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-08-04 10:18 - 2013-08-04 10:10 - 00100712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-08-04 10:18 - 2013-08-04 10:10 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-07-30 20:39 - 2013-07-30 20:39 - 00003436 _____ C:\Windows\System32\Tasks\BrowserDefendert
2013-07-30 20:26 - 2013-07-30 20:26 - 00000000 ____D C:\Users\TigerBlade\AppData\Roaming\Malwarebytes
2013-07-30 12:56 - 2013-07-30 12:56 - 00000000 ____D C:\Users\And\AppData\Roaming\www.rene-zeidler.de
2013-07-30 12:56 - 2013-07-30 12:56 - 00000000 ____D C:\Users\And\AppData\Local\www.rene-zeidler.de
2013-07-30 12:56 - 2013-07-30 12:56 - 00000000 ____D C:\ProgramData\www.rene-zeidler.de
2013-07-29 21:48 - 2013-07-29 21:48 - 00003376 _____ C:\Windows\System32\Tasks\EPUpdater
2013-07-29 21:47 - 2013-07-29 21:47 - 00001324 _____ C:\Users\Public\Desktop\Freemake Audio Converter.lnk
2013-07-29 21:46 - 2013-07-29 21:46 - 01264816 _____ (Ellora Assets Corporation ) C:\Users\And\Downloads\FreemakeAudioConverterSetup(1).exe
2013-07-29 21:28 - 2013-07-29 21:28 - 01111837 _____ (PolySoft Solutions ) C:\Users\And\Downloads\FreeFLACToMP3Converter.exe
2013-07-29 21:22 - 2013-07-29 21:25 - 93548569 _____ C:\Users\And\Downloads\Rabentour2.zip
2013-07-29 18:55 - 2013-07-29 19:02 - 38760251 _____ C:\Users\And\Downloads\ffactory3_install [1].exe
2013-07-29 18:54 - 2013-07-29 18:54 - 00620896 _____ C:\Users\And\Downloads\ffactory3_install.exe
2013-07-29 18:34 - 2013-07-29 18:34 - 00001297 _____ C:\Users\And\Desktop\AVS4YOU Software Navigator.lnk
2013-07-29 18:32 - 2013-07-29 18:33 - 46406640 _____ (Online Media Technologies Ltd. ) C:\Users\And\Downloads\avs-audio-converter_19024.exe
2013-07-26 09:10 - 2013-07-26 09:10 - 00033692 _____ C:\Users\And\Downloads\masterplan_soulburn.gp4
2013-07-26 08:09 - 2013-07-26 08:10 - 00000000 ____D C:\Users\And\Desktop\Mastering
2013-07-24 11:47 - 2013-07-24 11:47 - 00408697 _____ C:\Users\And\Downloads\Outlook.zip
2013-07-23 22:05 - 2013-07-23 22:05 - 00000000 ____D C:\Users\And\Documents\My Stationery
2013-07-23 22:03 - 2013-07-23 22:03 - 00009258 _____ C:\Users\And\Downloads\Delivery Status Notification (Failure).zip
2013-07-21 20:09 - 2013-07-22 21:17 - 00000000 _____ C:\ProgramData\g252qs.txt
2013-07-21 20:09 - 2013-07-21 20:09 - 00002731 _____ C:\ProgramData\ininolej.js
2013-07-21 20:09 - 2013-07-21 20:09 - 00001011 _____ C:\ProgramData\sdaksda.txt
2013-07-21 20:09 - 2013-07-21 20:09 - 00000154 _____ C:\ProgramData\ininolej.reg
2013-07-21 20:09 - 2013-07-21 20:09 - 00000059 _____ C:\ProgramData\ininolej.bat
2013-07-12 18:50 - 2013-07-12 18:50 - 00614400 _____ C:\Users\And\Downloads\The_xx-Coexist-2012-pLAN9(1).rar.part
2013-07-12 18:50 - 2013-07-12 18:50 - 00000000 _____ C:\Users\And\Downloads\The_xx-Coexist-2012-pLAN9(1).rar
2013-07-11 13:48 - 2013-07-11 14:08 - 60423352 _____ C:\Users\And\Downloads\The_xx-Coexist-2012-pLAN9.rar
2013-07-09 15:49 - 2013-07-09 15:49 - 00000162 _____ C:\ProgramData\wavav0bdtzbtb43b.reg
177
==================== One Month Modified Files and Folders =======
2013-08-06 22:25 - 2009-07-14 06:45 - 00017376 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-06 22:25 - 2009-07-14 06:45 - 00017376 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-06 22:22 - 2010-01-24 08:37 - 01608805 _____ C:\Windows\WindowsUpdate.log
2013-08-06 22:19 - 2011-01-03 00:44 - 00000000 ____D C:\Windows\System32\Tasks\NCH Swift Sound
2013-08-06 22:18 - 2013-04-12 14:29 - 00000000 ____D C:\Users\And\AppData\Roaming\Dropbox
2013-08-06 22:17 - 2013-02-23 10:21 - 00001100 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-06 22:15 - 2013-08-06 00:29 - 00000616 _____ C:\Windows\setupact.log
2013-08-06 22:15 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-06 22:08 - 2013-08-06 22:05 - 00001712 _____ C:\AdwCleaner[S6].txt
2013-08-06 22:07 - 2013-02-23 10:21 - 00001104 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-06 21:56 - 2013-08-06 21:56 - 00000623 _____ C:\Users\And\Desktop\JRT.txt
2013-08-06 21:45 - 2013-08-06 21:45 - 00563461 _____ (Oleg N. Scherbakov) C:\Users\And\Downloads\JRT.exe
2013-08-06 16:40 - 2013-08-06 16:40 - 00024054 _____ C:\ComboFix.txt
2013-08-06 16:40 - 2013-08-06 16:12 - 00000000 ____D C:\Qoobox
2013-08-06 16:40 - 2009-07-14 05:20 - 00000000 ____D C:\Users\Default
2013-08-06 16:38 - 2013-08-06 16:11 - 00000000 ____D C:\Windows\erdnt
2013-08-06 16:31 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2013-08-06 16:30 - 2013-08-06 10:45 - 00002260 _____ C:\Windows\PFRO.log
2013-08-06 16:29 - 2009-07-14 04:34 - 76283904 _____ C:\Windows\system32\config\SOFTWARE.bak
2013-08-06 16:29 - 2009-07-14 04:34 - 22282240 _____ C:\Windows\system32\config\SYSTEM.bak
2013-08-06 16:29 - 2009-07-14 04:34 - 00262144 _____ C:\Windows\system32\config\SECURITY.bak
2013-08-06 16:29 - 2009-07-14 04:34 - 00262144 _____ C:\Windows\system32\config\SAM.bak
2013-08-06 16:29 - 2009-07-14 04:34 - 00262144 _____ C:\Windows\system32\config\DEFAULT.bak
2013-08-06 16:11 - 2013-08-06 16:13 - 05100695 ____R (Swearware) C:\Users\And\Desktop\ComboFix.exe
2013-08-06 16:11 - 2013-08-06 16:11 - 05100695 ____R (Swearware) C:\Users\And\Downloads\ComboFix.exe
2013-08-06 15:56 - 2010-02-28 16:16 - 00000125 ___SH C:\ProgramData\.zreglib
2013-08-06 15:49 - 2013-08-06 01:11 - 00026579 _____ C:\Users\And\Downloads\Addition.txt
2013-08-06 15:36 - 2009-11-05 05:32 - 00000000 ____D C:\Program Files (x86)\Acer GameZone
2013-08-06 15:35 - 2011-03-01 15:42 - 00000000 ____D C:\Users\And\AppData\Roaming\Guitar Pro 6
2013-08-06 15:34 - 2012-12-12 22:52 - 00000000 ____D C:\Users\TigerBlade
2013-08-06 15:34 - 2011-03-25 23:15 - 00000000 ____D C:\Users\Andicore
2013-08-06 15:33 - 2012-12-12 23:22 - 00000000 ____D C:\Program Files (x86)\QuickTime
2013-08-06 15:26 - 2012-05-24 18:43 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-08-06 15:26 - 2012-05-24 18:41 - 00000000 ____D C:\Program Files\Adobe
2013-08-06 15:25 - 2009-11-05 02:38 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-08-06 15:23 - 2013-02-07 15:00 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2013-08-06 13:58 - 2012-10-11 15:21 - 00000193 _____ C:\Windows\WORDPAD.INI
2013-08-06 13:57 - 2013-08-06 13:57 - 01788685 _____ (Farbar) C:\Users\And\Downloads\FRST64(1).exe
2013-08-06 10:21 - 2013-08-06 10:20 - 00001652 _____ C:\Users\And\Desktop\adwcleanert.txt
2013-08-06 10:16 - 2013-08-06 10:12 - 00001652 _____ C:\AdwCleaner[S5].txt
2013-08-06 09:50 - 2012-11-01 10:26 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-08-06 09:50 - 2012-11-01 10:26 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-08-06 04:17 - 2010-01-24 17:29 - 00663842 _____ C:\Windows\system32\perfh007.dat
2013-08-06 04:17 - 2010-01-24 17:29 - 00135078 _____ C:\Windows\system32\perfc007.dat
2013-08-06 04:17 - 2009-07-14 07:13 - 01547226 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-06 03:59 - 2009-11-05 05:21 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-08-06 02:59 - 2013-08-06 02:55 - 00004638 _____ C:\Windows\IE9_main.log
2013-08-06 02:42 - 2009-11-05 05:23 - 00000000 ____D C:\Program Files (x86)\Microsoft Works
2013-08-06 02:21 - 2009-07-14 04:34 - 00000510 _____ C:\Windows\win.ini
2013-08-06 01:17 - 2013-08-06 01:17 - 00000000 ____D C:\Windows\ERUNT
2013-08-06 01:16 - 2013-08-06 01:16 - 00003098 _____ C:\Windows\System32\Tasks\{3B137DB0-EE93-4304-A1D5-E1245BE95ABB}
2013-08-06 01:15 - 2013-08-06 01:15 - 00562008 _____ (Oleg N. Scherbakov) C:\Users\And\Desktop\JRT.exe
2013-08-06 01:10 - 2013-08-06 01:10 - 00000000 ____D C:\FRST
2013-08-06 01:09 - 2013-08-06 01:09 - 01788685 _____ (Farbar) C:\Users\And\Downloads\FRST64.exe
2013-08-06 01:03 - 2013-08-06 00:48 - 00000000 ____D C:\ProgramData\HitmanPro
2013-08-06 01:02 - 2013-08-06 01:02 - 00001326 _____ C:\Windows\system32\.crusader
2013-08-06 00:49 - 2013-08-06 00:49 - 00001869 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2013-08-06 00:49 - 2013-08-06 00:49 - 00000000 ____D C:\Program Files\HitmanPro
2013-08-06 00:48 - 2013-08-06 00:47 - 09853928 _____ (SurfRight B.V.) C:\Users\And\Downloads\HitmanPro_x64.exe
2013-08-06 00:38 - 2013-08-06 00:35 - 00001757 _____ C:\AdwCleaner[S4].txt
2013-08-06 00:29 - 2013-08-06 00:29 - 00000000 _____ C:\Windows\setuperr.log
2013-08-06 00:18 - 2013-08-04 22:19 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-08-06 00:16 - 2010-04-01 03:10 - 00001768 _____ C:\Windows\wininit.ini
2013-08-06 00:10 - 2013-08-06 00:10 - 01093032 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll
2013-08-06 00:10 - 2013-08-06 00:10 - 00972712 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll
2013-08-06 00:10 - 2013-08-06 00:10 - 00312232 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-08-06 00:10 - 2013-08-06 00:10 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-08-06 00:10 - 2013-08-06 00:10 - 00188840 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-08-06 00:10 - 2013-08-06 00:10 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-08-06 00:10 - 2013-08-06 00:10 - 00000000 ____D C:\Program Files\Java
2013-08-06 00:09 - 2013-08-06 00:08 - 33150376 _____ (Oracle Corporation) C:\Users\And\Downloads\jre-7u25-windows-x64.exe
2013-08-06 00:00 - 2010-03-24 16:00 - 00000000 ____D C:\Users\And\AppData\Local\Adobe
2013-08-05 23:59 - 2013-08-05 23:59 - 00001983 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-08-05 23:59 - 2009-11-05 02:38 - 00000000 ____D C:\ProgramData\Adobe
2013-08-05 23:55 - 2013-08-05 23:53 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-08-05 23:55 - 2013-08-05 23:53 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-08-05 23:32 - 2013-02-25 00:02 - 00482816 ___SH C:\Users\And\Desktop\Thumbs.db
2013-08-05 23:17 - 2011-10-16 02:41 - 00000000 ____D C:\Users\And\AppData\Roaming\Vso
2013-08-05 23:17 - 2010-09-02 01:53 - 00000000 ____D C:\Users\And\AppData\Roaming\Media Player Classic
2013-08-05 23:17 - 2010-02-18 12:22 - 00000000 ____D C:\Users\And\Tracing
2013-08-05 23:10 - 2012-12-13 14:44 - 00000000 ____D C:\Users\And\AppData\Local\CrashDumps
2013-08-05 23:10 - 2009-07-27 22:41 - 00000000 ____D C:\Windows\Panther
2013-08-05 23:00 - 2013-08-05 23:00 - 00002768 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2013-08-05 23:00 - 2013-08-05 23:00 - 00000786 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-08-05 23:00 - 2013-08-05 23:00 - 00000000 ____D C:\Program Files\CCleaner
2013-08-05 22:58 - 2013-08-05 22:58 - 04429440 _____ (Piriform Ltd) C:\Users\And\Downloads\ccsetup404.exe
2013-08-05 16:23 - 2013-08-05 16:22 - 00000000 ____D C:\Windows\8AE3CFB678B24F55A7BE618FCFF43A03.TMP
2013-08-05 15:14 - 2013-08-05 15:14 - 00000000 _____ C:\autoexec.bat
2013-08-05 14:33 - 2013-08-05 14:33 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-08-05 14:25 - 2013-08-05 14:25 - 05799944 _____ (ParetoLogic, Inc.) C:\Users\And\Downloads\RegCureProSetup_RW.exe
2013-08-05 14:25 - 2013-08-05 14:25 - 00726464 _____ (Enigma Software Group USA, LLC.) C:\Users\And\Downloads\SpyHunter-Installer.exe
2013-08-05 14:25 - 2013-08-05 14:25 - 00001205 _____ C:\Users\And\Downloads\FixNCR.reg
2013-08-05 11:10 - 2013-08-05 11:10 - 00001545 _____ C:\AdwCleaner[S3].txt
2013-08-05 11:09 - 2013-08-05 11:07 - 00001483 _____ C:\AdwCleaner[R3].txt
2013-08-05 09:13 - 2010-02-15 13:11 - 00000000 ____D C:\Users\And\AppData\Roaming\U3
2013-08-05 01:58 - 2013-08-04 15:36 - 00000000 ____D C:\Windows\System32\Tasks\Browser Updater
2013-08-04 23:00 - 2013-08-04 22:19 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-08-04 23:00 - 2013-03-16 19:54 - 00000000 ____D C:\ProgramData\InstallMate
2013-08-04 22:19 - 2013-08-04 22:19 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2013-08-04 22:18 - 2013-08-04 22:17 - 37672592 _____ (Safer-Networking Ltd. ) C:\Users\And\Downloads\spybotsd-2.1.21-SR2.exe
2013-08-04 20:09 - 2013-08-04 20:09 - 00001951 _____ C:\AdwCleaner[S2].txt
2013-08-04 20:09 - 2013-08-04 20:07 - 00001883 _____ C:\AdwCleaner[R2].txt
2013-08-04 20:02 - 2013-08-04 20:02 - 00052900 _____ C:\AdwCleaner[S1].txt
2013-08-04 20:01 - 2013-08-04 20:00 - 00193497 _____ C:\AdwCleaner[R1].txt
2013-08-04 19:59 - 2013-08-04 20:01 - 00666633 _____ C:\Users\And\Desktop\adwcleaner06.exe
2013-08-04 19:59 - 2013-08-04 19:59 - 00666633 _____ C:\Users\And\Downloads\adwcleaner06.exe
2013-08-04 18:10 - 2009-11-05 02:36 - 00000000 ____D C:\Program Files (x86)\InstallShield Installation Information
2013-08-04 17:56 - 2012-10-19 09:50 - 00000000 ____D C:\Users\And\AppData\Roaming\Amazon
2013-08-04 17:56 - 2012-10-19 09:50 - 00000000 ____D C:\Program Files (x86)\Amazon
2013-08-04 17:19 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2013-08-04 16:04 - 2013-08-04 16:04 - 00000116 _____ C:\Users\And\AppData\Roaming\wklnhst.dat
2013-08-04 16:04 - 2013-08-04 16:04 - 00000000 ____D C:\Users\And\AppData\Roaming\Template
2013-08-04 16:04 - 2009-07-14 07:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2013-08-04 15:47 - 2013-08-04 15:35 - 00000000 ____D C:\Users\And\AppData\Roaming\Windows Net Data
2013-08-04 15:42 - 2009-07-14 06:45 - 05082032 _____ C:\Windows\system32\FNTCACHE.DAT
2013-08-04 15:38 - 2013-08-04 15:38 - 00010464 _____ C:\Windows\SysWOW64\sx_p2d.tlb
2013-08-04 15:38 - 2013-08-04 15:38 - 00000000 ____D C:\Users\And\Downloads\freepdf
2013-08-04 15:38 - 2013-08-04 15:38 - 00000000 ____D C:\SoftwareUpdater
2013-08-04 15:36 - 2010-02-12 21:31 - 00139336 _____ C:\Users\And\AppData\Local\GDIPFONTCACHEV1.DAT
2013-08-04 15:35 - 2010-02-12 21:32 - 00000000 ____D C:\Users\And\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-08-04 15:32 - 2013-08-04 15:32 - 00444400 _____ C:\Users\And\Downloads\DLG_free-pdf-perfect_chip_de-DE10.exe
2013-08-04 11:34 - 2011-10-07 09:26 - 00000000 ____D C:\Users\And\Desktop\Andy Fotoordner
2013-08-04 10:25 - 2013-08-04 10:25 - 00000000 ____D C:\Users\And\AppData\Roaming\Avira
2013-08-04 10:20 - 2013-08-04 10:20 - 00083672 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-08-04 10:19 - 2013-08-04 10:19 - 00001998 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-08-04 10:18 - 2013-08-04 10:18 - 00000000 ____D C:\Program Files (x86)\Avira
2013-08-04 10:18 - 2011-03-25 23:27 - 00000000 ____D C:\ProgramData\Avira
2013-08-04 10:10 - 2013-08-04 10:18 - 00130016 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-08-04 10:10 - 2013-08-04 10:18 - 00100712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-08-04 10:10 - 2013-08-04 10:18 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-08-03 02:19 - 2013-04-09 12:38 - 00000000 ____D C:\Users\And\AppData\Roaming\vlc
2013-08-02 02:39 - 2012-04-11 12:13 - 00000000 ____D C:\Windows\System32\Tasks\NCH Software
2013-08-01 03:08 - 2013-08-04 15:36 - 00032328 _____ C:\Windows\Launcher.exe
2013-08-01 01:10 - 2013-02-23 10:22 - 00002187 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-07-31 16:54 - 2012-11-01 10:23 - 00003332 _____ C:\Windows\System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2466762564-940141292-4185495133-1000
2013-07-31 16:54 - 2012-11-01 10:23 - 00003194 _____ C:\Windows\System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2466762564-940141292-4185495133-1000
2013-07-30 20:39 - 2013-07-30 20:39 - 00003436 _____ C:\Windows\System32\Tasks\BrowserDefendert
2013-07-30 20:26 - 2013-07-30 20:26 - 00000000 ____D C:\Users\TigerBlade\AppData\Roaming\Malwarebytes
2013-07-30 20:25 - 2012-12-12 23:07 - 00139336 _____ C:\Users\TigerBlade\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-30 15:31 - 2013-06-16 21:43 - 00000000 ____D C:\Users\And\Desktop\NEW PROG PROJECT
2013-07-30 12:57 - 2012-07-26 23:40 - 00000000 ____D C:\Users\And\Desktop\DIVERSES
2013-07-30 12:56 - 2013-07-30 12:56 - 00000000 ____D C:\Users\And\AppData\Roaming\www.rene-zeidler.de
2013-07-30 12:56 - 2013-07-30 12:56 - 00000000 ____D C:\Users\And\AppData\Local\www.rene-zeidler.de
2013-07-30 12:56 - 2013-07-30 12:56 - 00000000 ____D C:\ProgramData\www.rene-zeidler.de
2013-07-29 22:42 - 2011-07-21 06:44 - 00000000 ____D C:\Users\And\Desktop\Doros Welt
2013-07-29 21:48 - 2013-07-29 21:48 - 00003376 _____ C:\Windows\System32\Tasks\EPUpdater
2013-07-29 21:47 - 2013-07-29 21:47 - 00001324 _____ C:\Users\Public\Desktop\Freemake Audio Converter.lnk
2013-07-29 21:47 - 2012-11-24 02:35 - 00000000 ____D C:\ProgramData\Freemake
2013-07-29 21:46 - 2013-07-29 21:46 - 01264816 _____ (Ellora Assets Corporation ) C:\Users\And\Downloads\FreemakeAudioConverterSetup(1).exe
2013-07-29 21:28 - 2013-07-29 21:28 - 01111837 _____ (PolySoft Solutions ) C:\Users\And\Downloads\FreeFLACToMP3Converter.exe
2013-07-29 21:25 - 2013-07-29 21:22 - 93548569 _____ C:\Users\And\Downloads\Rabentour2.zip
2013-07-29 19:02 - 2013-07-29 18:55 - 38760251 _____ C:\Users\And\Downloads\ffactory3_install [1].exe
2013-07-29 18:54 - 2013-07-29 18:54 - 00620896 _____ C:\Users\And\Downloads\ffactory3_install.exe
2013-07-29 18:34 - 2013-07-29 18:34 - 00001297 _____ C:\Users\And\Desktop\AVS4YOU Software Navigator.lnk
2013-07-29 18:34 - 2011-11-04 13:22 - 00000000 ____D C:\Users\And\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AVS4YOU
2013-07-29 18:34 - 2011-11-04 13:21 - 00000000 ____D C:\Program Files (x86)\AVS4YOU
2013-07-29 18:33 - 2013-07-29 18:32 - 46406640 _____ (Online Media Technologies Ltd. ) C:\Users\And\Downloads\avs-audio-converter_19024.exe
2013-07-29 16:27 - 2011-10-07 09:26 - 00000000 ____D C:\Users\And\Desktop\Andy neue Daten - WICHTIG
2013-07-29 12:49 - 2013-02-27 13:42 - 00000000 ____D C:\Users\And\Desktop\SOULSEEK-FILES
2013-07-29 11:20 - 2010-02-13 15:32 - 00000000 ____D C:\Program Files (x86)\JDownloader
2013-07-26 09:10 - 2013-07-26 09:10 - 00033692 _____ C:\Users\And\Downloads\masterplan_soulburn.gp4
2013-07-26 08:10 - 2013-07-26 08:09 - 00000000 ____D C:\Users\And\Desktop\Mastering
2013-07-24 11:47 - 2013-07-24 11:47 - 00408697 _____ C:\Users\And\Downloads\Outlook.zip
2013-07-23 23:57 - 2012-01-08 20:43 - 00001057 _____ C:\Users\And\AppData\Roaming\vso_ts_preview.xml
2013-07-23 22:05 - 2013-07-23 22:05 - 00000000 ____D C:\Users\And\Documents\My Stationery
2013-07-23 22:03 - 2013-07-23 22:03 - 00009258 _____ C:\Users\And\Downloads\Delivery Status Notification (Failure).zip
2013-07-22 21:17 - 2013-07-21 20:09 - 00000000 _____ C:\ProgramData\g252qs.txt
2013-07-21 20:09 - 2013-07-21 20:09 - 00002731 _____ C:\ProgramData\ininolej.js
2013-07-21 20:09 - 2013-07-21 20:09 - 00001011 _____ C:\ProgramData\sdaksda.txt
2013-07-21 20:09 - 2013-07-21 20:09 - 00000154 _____ C:\ProgramData\ininolej.reg
2013-07-21 20:09 - 2013-07-21 20:09 - 00000059 _____ C:\ProgramData\ininolej.bat
2013-07-15 12:41 - 2012-04-25 00:03 - 00000000 ____D C:\Users\And\AppData\Roaming\Mp3tag
2013-07-14 21:55 - 2009-07-14 07:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-13 00:01 - 2013-02-23 10:21 - 00004100 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-13 00:01 - 2013-02-23 10:21 - 00003848 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-12 18:50 - 2013-07-12 18:50 - 00614400 _____ C:\Users\And\Downloads\The_xx-Coexist-2012-pLAN9(1).rar.part
2013-07-12 18:50 - 2013-07-12 18:50 - 00000000 _____ C:\Users\And\Downloads\The_xx-Coexist-2012-pLAN9(1).rar
2013-07-11 14:08 - 2013-07-11 13:48 - 60423352 _____ C:\Users\And\Downloads\The_xx-Coexist-2012-pLAN9.rar
2013-07-09 15:49 - 2013-07-09 15:49 - 00000162 _____ C:\ProgramData\wavav0bdtzbtb43b.reg
2013-07-07 12:55 - 2012-06-14 21:55 - 00000156 _____ C:\Windows\Twunk001.MTX
2013-07-07 12:55 - 2012-06-14 21:55 - 00000004 _____ C:\Windows\Twain001.Mtx
Files to move or delete:
====================
C:\ProgramData\ininolej.bat
C:\ProgramData\ininolej.reg
C:\ProgramData\wavav0bdtzbtb43b.reg
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-08-05 14:16
==================== End Of Log ============================
--- --- --- --- --- --- Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-08-2013 Ran by And at 2013-08-06 22:26:51 Running from C:\Users\And\Downloads Boot Mode: Normal ========================================================== ==================== Installed Programs ======================= Acer Arcade Deluxe (x32 Version: 3.0.7112) Acer Backup Manager (x32 Version: 2.0.0.29) Acer Crystal Eye Webcam (x32 Version: 5.2.9.3) Acer ePower Management (x32 Version: 4.05.3004) Acer eRecovery Management (x32 Version: 4.05.3005) Acer GameZone Console (x32 Version: 5.1.0.2) Acer GridVista (x32 Version: 3.01.0730) Acer Registration (x32 Version: 1.02.3006) Acer ScreenSaver (x32 Version: 1.7.0715) Acer Updater (x32 Version: 1.01.3017) Acer VCM (x32 Version: 4.05.3000) Acrobat.com (x32 Version: 1.6.65) Adobe AIR (x32 Version: 3.2.0.2070) Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94) Adobe Help Manager (x32 Version: 4.0.244) Adobe Photoshop 7.0 (x32 Version: 7.0) Adobe Photoshop Lightroom 4 64-bit (Version: 4.0.1) Adobe Reader XI (11.0.03) - Deutsch (x32 Version: 11.0.03) Alcor Micro USB Card Reader (x32 Version: 1.4.17.35005) ALPS Touch Pad Driver (Version: 7.105.2015.1105) Apple Application Support (x32 Version: 2.3) ARAX Disk Doctor Data Recovery (x32) ATI Catalyst Install Manager (Version: 3.0.754.0) AutoFriend (x32 Version: 4.00.0449) Avira Free Antivirus (x32 Version: 13.0.0.3885) AviSynth 2.5 (x32) AVS Update Manager 1.0 (x32) AVS Video Converter 8 (x32) AVS4YOU Software Navigator 1.4 (x32) AVStoDVD 2.4.1 (x32 Version: 2.4.1) Backup Manager Basic (x32 Version: 2.0.0.29) Battle.net (x32) Broadcom Gigabit NetLink Controller (Version: 12.33.03) BrowseToSave (Version: 1.0) Catalyst Control Center - Branding (x32 Version: 1.00.0000) Catalyst Control Center Core Implementation (x32 Version: 2009.1209.2335.42329) Catalyst Control Center Graphics Full Existing (x32 Version: 2009.1209.2335.42329) Catalyst Control Center Graphics Full New (x32 Version: 2009.1209.2335.42329) Catalyst Control Center Graphics Light (x32 Version: 2009.1209.2335.42329) Catalyst Control Center Graphics Previews Vista (x32 Version: 2009.1209.2335.42329) Catalyst Control Center InstallProxy (x32 Version: 2009.1209.2335.42329) Catalyst Control Center Localization All (x32 Version: 2009.1209.2335.42329) CCC Help Chinese Standard (x32 Version: 2009.1209.2334.42329) CCC Help Chinese Traditional (x32 Version: 2009.1209.2334.42329) CCC Help Czech (x32 Version: 2009.1209.2334.42329) CCC Help Danish (x32 Version: 2009.1209.2334.42329) CCC Help Dutch (x32 Version: 2009.1209.2334.42329) CCC Help English (x32 Version: 2009.1209.2334.42329) CCC Help Finnish (x32 Version: 2009.1209.2334.42329) CCC Help French (x32 Version: 2009.1209.2334.42329) CCC Help German (x32 Version: 2009.1209.2334.42329) CCC Help Greek (x32 Version: 2009.1209.2334.42329) CCC Help Hungarian (x32 Version: 2009.1209.2334.42329) CCC Help Italian (x32 Version: 2009.1209.2334.42329) CCC Help Japanese (x32 Version: 2009.1209.2334.42329) CCC Help Korean (x32 Version: 2009.1209.2334.42329) CCC Help Norwegian (x32 Version: 2009.1209.2334.42329) CCC Help Polish (x32 Version: 2009.1209.2334.42329) CCC Help Portuguese (x32 Version: 2009.1209.2334.42329) CCC Help Russian (x32 Version: 2009.1209.2334.42329) CCC Help Spanish (x32 Version: 2009.1209.2334.42329) CCC Help Swedish (x32 Version: 2009.1209.2334.42329) CCC Help Thai (x32 Version: 2009.1209.2334.42329) CCC Help Turkish (x32 Version: 2009.1209.2334.42329) ccc-core-static (x32 Version: 2009.1209.2335.42329) ccc-utility64 (Version: 2009.1209.2335.42329) CDBurnerXP (Version: 4.3.8.2631) CDisplay 1.8 (x32) CloneDVD 4.1.0.23 (x32) CloneDVD2 (x32) Compatibility Pack für 2007 Office System (x32 Version: 12.0.6612.1000) ContentSAFER (x32) ConvertXtoDVD 4.1.2.336 (x32 Version: 4.1.2.336) Doxillion Document Converter (x32) Dream Day First Home (x32) Dropbox (HKCU Version: 2.0.22) DVD Decrypter (Remove Only) (x32) DVDFab 8.2.1.5 (10/10/2012) Qt eaner (Version: 4.04) eBay Worldwide (x32 Version: 2.1.0901) Free CD to MP3 Converter (x32) Free DVD Decrypter version 1.5.6.908 (x32 Version: 1.5.6.908) Free M4a to MP3 Converter 7.1 (x32) Free MKV Video2Dvd 3.30 (x32) Free Video Converter V 2.7 (x32 Version: 2.7.0.0) Free WAV to MP3 Converter (x32 Version: 1.0) Freemake Audio Converter Version 1.1.0 (x32 Version: 1.1.0) Google Chrome (x32 Version: 28.0.1500.95) Google Update Helper (x32 Version: 1.3.21.153) Haali Media Splitter (x32) High-Logic FontCreator 6.0 (x32) HitmanPro 3.7 (Version: 3.7.7.203) HomeTab 3.7 (x32 Version: 3.7) Identity Card (x32 Version: 1.00.3003) ImgBurn (x32 Version: 2.5.5.0) Intel(R) Management Engine Components (x32 Version: 6.0.0.1179) Intel® Matrix Storage Manager IPTInstaller (x32 Version: 4.0.4) IVM Answering Attendant (x32) Java 7 Update 25 (64-bit) (Version: 7.0.250) Java 7 Update 9 (x32 Version: 7.0.90) Java Auto Updater (x32 Version: 2.1.9.0) Java(TM) 6 Update 37 (x32 Version: 6.0.370) JDownloader (x32 Version: 0.89) Junk Mail filter update (x32 Version: 14.0.8089.726) kikin Plugin (NO23 Edition) 1.11 (x32 Version: 1.11) Launch Manager (x32 Version: 3.0.05) Linkury Smartbar (x32 Version: 1.6.1.835) LSI HDA Modem (Version: 2.2.98) Magic Bullet Suite 64-bit (Version: 11.4.1) Magic Bullet Suite 64-bit (x32 Version: 11.4.1) Magic ISO Maker v5.5 (build 0281) (x32) MAGIX Foto Clinic 4.5 (D) (x32 Version: 4.5.8.1) Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300) Messer v0.992 (x32) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft Application Error Reporting (Version: 12.0.6015.5000) Microsoft Choice Guard (x32 Version: 2.0.48.0) Microsoft Office 2007 Service Pack 3 (SP3) (x32) Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000) Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Language Pack 2007 - German/Deutsch (x32 Version: 12.0.6612.1000) Microsoft Office O MUI (German) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000) Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office PowerPoint Viewer 2007 (German) (x32 Version: 12.0.6612.1000) Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014) Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014) Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32) Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000) Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000) Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000) Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3) (x32) Microsoft Office SharePoint Designer MUI (German) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Suite Activation Assistant (x32 Version: 2.9) Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office X MUI (German) 2007 (x32 Version: 12.0.6612.1000) Microsoft Silverlight (Version: 5.1.20513.0) Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000) Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219) Microsoft Word 2000 (x32 Version: 9.00.2816) Microsoft Works (x32 Version: 9.7.0621) MixMeister BPM Analyzer 1.0 (x32) MKVtoolnix 4.9.1 (x32 Version: 4.9.1) Monkey's Audio (x32) Mozilla Firefox 22.0 (x86 de) (x32 Version: 22.0) Mozilla Maintenance Service (x32 Version: 22.0) Mp3tag v2.51 (x32 Version: v2.51) MSVCRT (x32 Version: 14.0.1468.721) MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0) MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0) MyVideoConverter 2.405 (x32 Version: 2.405) MyWinLocker (x32 Version: 3.1.76.0) Nero 7 Ultra Edition (x32 Version: 7.02.0936) NJStar Chinese WP (x32 Version: 5.30) No23 Recorder (x32 Version: 2.1.0.3) Norton Online Backup (x32 Version: 1.2.0.36) NTI Backup Now 5 (x32 Version: 5.1.2.627) NTI Backup Now Standard (x32 Version: 5.1.2.627) NTI Media Maker 8 (x32 Version: 8.0.12.6623) Opera 11.51 (x32 Version: 11.51) Paint.NET v3.5.10 (Version: 3.60.0) PandoraRecovery (Remove Only) (x32) PC Inspector File Recovery (x32 Version: 4.0) PCSX2 - Playstation 2 Emulator (x32) PDF24 Creator 4.9.0 (x32) PhotoScape (x32) PrimaScan 2400U (x32) Project64 1.6 (x32 Version: 1.6) QuickTime (x32 Version: 7.73.80.64) Real Alternative 2.0.2 (x32 Version: 2.0.2) RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0) RealPlayer (x32 Version: 15.0.6) Realtek High Definition Audio Driver (x32 Version: 6.0.1.5969) RealUpgrade 1.1 (x32 Version: 1.1.0) Recuva (Version: 1.39) Revo Uninstaller 1.94 (x32 Version: 1.94) Roadkil's Unstoppable Copier Version 5.2 (x32) Sony Ericsson PC Companion 1.60.13 (x32 Version: 1.60.13) Sony Ericsson Update Service (x32 Version: 2.11.7.13) SoulSeek 157 NS 13e (x32) Stamp ID3 Tag Editor (x32) StuffIt Expander 2011 (Version: 15.0.1.17) Super Luigi (x32) Super Mario Combat (x32) SWFPlayer 2.6.2.0 (x32 Version: 2.6.2.0) Ultimate Sonic (x32) UltraISO Premium V9.53 (x32) Uninstall 1.0.0.1 (x32) Update for 2007 Microsoft Office System (KB967642) (x32) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1) Update for Microsoft Office 2007 Help for Common Features (KB963673) (x32) Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition (x32) Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition (x32) Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32) Update for Microsoft Office Excel 2007 Help (KB963678) (x32) Update for Microsoft Office OneNote 2007 Help (KB963670) (x32) Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (x32) Update for Microsoft Office Powerpoint 2007 Help (KB963669) (x32) Update for Microsoft Office Script Editor Help (KB963671) (x32) Update for Microsoft Office Word 2007 Help (KB963665) (x32) Update für Microsoft Office Excel 2007 Help (KB963678) (x32) Update für Microsoft Office Outlook 2007 Help (KB963677) (x32) Update für Microsoft Office Powerpoint 2007 Help (KB963669) (x32) Update für Microsoft Office Word 2007 Help (KB963665) (x32) Visual C++ 9.0 CRT (x86) WinSXS MSM (x32 Version: 9.0) VLC media player 2.0.5 (Version: 2.0.5) WaveLab 6 (x32 Version: 6.1.1.353) Welcome Center (x32 Version: 1.00.3008) Western Railway 3D Screensaver 1.0 (x32 Version: 1.0) Windows Live Anmelde-Assistent (x32 Version: 5.000.818.5) Windows Live Call (x32 Version: 14.0.8064.0206) Windows Live Communications Platform (x32 Version: 14.0.8064.206) Windows Live Essentials (x32 Version: 14.0.8089.0726) Windows Live Essentials (x32 Version: 14.0.8089.726) Windows Live Fotogalerie (x32 Version: 14.0.8081.709) Windows Live Mail (x32 Version: 14.0.8089.0726) Windows Live Messenger (x32 Version: 14.0.8089.0726) Windows Live Movie Maker (x32 Version: 14.0.8091.0730) Windows Live Sync (x32 Version: 14.0.8089.726) Windows Live Writer (x32 Version: 14.0.8089.0726) Windows Live-Uploadtool (x32 Version: 14.0.8014.1029) Windows Utils (x32) WinISO (x32 Version: 6.2.0.4561) WinPcap 4.1.2 (x32 Version: 4.1.0.2001) WinRAR XSManager (x32 Version: 3.0) ==================== Restore Points ========================= 06-08-2013 14:46:26 Windows Update ==================== Hosts content: ========================== 2009-07-14 04:34 - 2013-02-07 16:31 - 00000944 ____N C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 activation.cloud.techsmith.com 127.0.0.1 lmlicenses.wip4.adobe.com ==================== Scheduled Tasks (whitelisted) ============= Task: {1CD23554-B33D-46FF-916C-325F9F27F1CA} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2466762564-940141292-4185495133-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-07-27] (RealNetworks, Inc.) Task: {26185D45-5F8C-4C0D-B0BB-63D41852AF5D} - System32\Tasks\AdobeFlashPlayerUpdate => C:\Windows\SysWOW64\FlashPlayerUpdateService.exe No File Task: {2A2C732F-C72B-4977-BC8C-ED4D3B8B0DF0} - System32\Tasks\Red Giant Link => C:\Program Files (x86)\Red Giant Link\Common\Red Giant Link.exe [2012-06-25] () Task: {45714E99-785A-432C-A713-6842350135FD} - System32\Tasks\NCH Swift Sound\ivmShakeIcon => C:\Program Files (x86)\NCH Swift Sound\IVM\IVM.exe [2011-01-03] (NCH Software) Task: {463FC5CA-DEBB-44CD-BB16-5F371308683D} - System32\Tasks\GoforFilesUpdate => C:\Program Files (x86)\GoforFiles\GFFUpdater.exe No File Task: {58855AB7-D989-4402-B41C-906C98816BAC} - System32\Tasks\BrowserDefendert => C:\Windows\system32\sc.exe [2009-07-14] (Microsoft Corporation) Task: {63C53241-09EA-4F28-AE0F-A4396E9440FA} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2466762564-940141292-4185495133-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-07-27] (RealNetworks, Inc.) Task: {6A7F103C-4524-4BC0-8764-3D7A5A14F726} - System32\Tasks\DealPlyUpdate => C:\Program Files (x86)\DealPly\DealPlyUpdate.exe No File Task: {97644A33-D20B-4900-B503-56C6D96752BF} - System32\Tasks\EPUpdater => C:\Users\And\AppData\Roaming\BABSOL~1\Shared\BabMaint.exe No File Task: {A238C6CC-6F3B-4D21-866B-38FC99EAE2BF} - System32\Tasks\DealPly => C:\Users\And\AppData\Roaming\DealPly\UPDATE~1\UPDATE~1.EXE No File Task: {A4342C0D-B7D6-4CEE-9621-9B6CEC5279C0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-23] (Google Inc.) Task: {ABDF708E-3A66-4B3F-A63C-383F08C48EB5} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-07-22] (Piriform Ltd) Task: {AD4643DF-A225-4F86-8E54-0DB89C6426DA} - System32\Tasks\AdobeFlashPlayerUpdate 2 => C:\Windows\SysWOW64\FlashPlayerUpdateService.exe No File Task: {AF61EF2A-880F-4659-8AA3-7D11152B6A37} - System32\Tasks\NCH Software\StampReminder => C:\Program Files (x86)\NCH Software\Stamp\Stamp.exe [2012-06-02] (NCH Software) Task: {B25AA450-1194-4CFA-95C8-91284517A395} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-23] (Microsoft Corporation) Task: {B2EC01C0-68F2-4523-8374-84CBEC6E8AE6} - \Browser Updater\Browser Updater No Task File Task: {C7D66695-B35A-40CB-A5F0-09540CBA3B53} - System32\Tasks\Express FilesUpdate => C:\Program Files (x86)\ExpressFiles\EFUpdater.exe No File Task: {D2998863-EAE5-4B9E-9913-B17B7FAA996F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-23] (Google Inc.) Task: {E3C4397C-658D-45B8-8BA6-434F5065DC97} - System32\Tasks\Go for FilesUpdate => C:\Program Files (x86)\GoforFiles\GFFUpdater.exe No File Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Faulty Device Manager Devices ============= Name: pcouffin device ... Description: pcouffin device ... Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== System errors: ============= Error: (08/06/2013 10:18:56 PM) (Source: WMPNetworkSvc) (User: ) Description: WMPNetworkSvc0x80004005 Error: (08/06/2013 10:16:02 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "PPDevice" wurde aufgrund folgenden Fehlers nicht gestartet: %%1275 Error: (08/06/2013 10:16:02 PM) (Source: Application Popup) (User: ) Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\ppsio2.SYS nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten. Error: (08/06/2013 10:15:48 PM) (Source: EventLog) (User: ) Description: Das System wurde zuvor am 06.08.2013 um 22:14:09 unerwartet heruntergefahren. Error: (08/06/2013 09:58:20 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT) Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x800705b4 fehlgeschlagen: Sicherheitsupdate für Windows 7 für x64-basierte Systeme (KB2644615) Microsoft Office Sessions: ========================= CodeIntegrity Errors: =================================== Date: 2013-08-06 16:27:02.535 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-08-06 16:27:02.488 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. ==================== Memory info =========================== Percentage of memory in use: 60% Total physical RAM: 3956.5 MB Available physical RAM: 1562.5 MB Total Pagefile: 7911.15 MB Available Pagefile: 5478.02 MB Total Virtual: 8192 MB Available Virtual: 8191.83 MB ==================== Drives ================================ Drive c: (ACER) (Fixed) (Total:286.27 GB) (Free:5.65 GB) NTFS (Disk=0 Partition=3) ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298 GB) (Disk ID: 5CCE5CCE) Partition 1: (Not Active) - (Size=12 GB) - (Type=27) Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=286 GB) - (Type=07 NTFS) ==================== End Of Log ============================ |
|
06.08.2013, 23:33
| #15 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Malware http://www_getwindowinfo/ läßt sich nicht entfernen Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter ShortcutTarget: net.lnk -> C:\Users\And\AppData\Roaming\Windows Net Data\net.exe (Windows Net)
Toolbar: HKLM-x32 - HomeTab - {ba696155-d96e-4281-b467-0367a0456474} - C:\Users\And\AppData\Roaming\HomeTab\HomeTab.dll No File
FF HKCU\...\Firefox\Extensions: [{9A207F60-3F1C-4ED0-972D-0A4CDFBFF803}] C:\Users\And\AppData\Roaming\13001.023
C:\ProgramData\ininolej.bat
C:\ProgramData\ininolej.reg
C:\ProgramData\wavav0bdtzbtb43b.reg
C:\ProgramData\g252qs.txt
C:\ProgramData\ininolej.js
C:\ProgramData\sdaksda.txt
C:\ProgramData\ininolej.reg
C:\ProgramData\ininolej.bat
C:\Users\And\AppData\Roaming\13001.023
C:\Users\And\AppData\Roaming\HomeTab
C:\Users\And\AppData\Roaming\Windows Net Data
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Malware http://www_getwindowinfo/ läßt sich nicht entfernen |
| administrator, adobe flashplayer, chip.de, desktop, entfernen, firefox, hijack.searchpage, http://www_getwindowinfo/, internet browser, internet explorer, löschen, malware, microsoft, opera, problem, pum.userwload, pup.optional.installex, pup.optional.somoto, pup.optional.sweetim, pup.optional.wajam.a, registrierungsdatenbank, schließen, spyhunter, spyhunter entfernen, trojan.agent, öffnet |
Linear-Darstellung
