| |
| |||||||
Log-Analyse und Auswertung: Angeblich Zero Access - außerdem PUP.Optional.Iminent.AWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
29.09.2013, 13:42
| #1 |
 |  Angeblich Zero Access - außerdem PUP.Optional.Iminent.A Die Telekom hat uns mitgeteilt, dass wir uns den Zero Access Trojaner eingefangen hätten. Diverse Antivirenscanner (MBAM, Avast, EU Avira Cleaner) haben in der Richtung nichts gefunden. MBAM hat allerdings die Browser-Erweiterung Iminent gefunden, die ich nicht loswerde. Ich hatte mir die schonmal eingefangen und bin sie mit Eurer Hilfe losgeworden. Vielleicht klappt es ja nochmal. Interessanter wäre allerdings, ob ich tatsächlich einen Trojaner habe. Hier meine Logs: FRST.txt Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-09-2013 02
Ran by XXXXX (ATTENTION: The logged in user is not administrator) on YYYYY on 28-09-2013 19:17:37
Running from C:\Users\XXXXX\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(HP) C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
(HP) C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
(Jumping Bytes) C:\Program Files (x86)\PureSync\PureSyncTray.exe
(Google Inc.) C:\Users\XXXXX\AppData\Local\Google\Chrome\Application\chrome.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Users\XXXXX\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\XXXXX\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\XXXXX\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\XXXXX\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\XXXXX\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\XXXXX\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\XXXXX\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\XXXXX\AppData\Local\Google\Chrome\Application\chrome.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
==================== Registry (Whitelisted) ==================
HKLM-x32\...\Runonce: [Del4923313] - cmd.exe /Q /D /c del "C:\Users\ZZZZZ\AppData\Local\Temp\0.del" [x]
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKLM\...\Policies\Explorer: [NoBandCustomize] 0
HKLM\...\Policies\Explorer: [NoToolbarCustomize] 0
HKCU\...\Run: [Google Update] - C:\Users\XXXXX\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-12-21] (Google Inc.)
HKCU\...\Run: [PureSync] - C:\Program Files (x86)\PureSync\PureSyncTray.exe [907808 2013-04-29] (Jumping Bytes)
HKCU\...\Run: [GoogleChromeAutoLaunch_50EA6731804A0FA2B2DE051BEA45E463] - C:\Users\XXXXX\AppData\Local\Google\Chrome\Application\chrome.exe [829392 2013-09-17] (Google Inc.)
HKCU\...\Run: [LogitechSoftwareUpdate] - "C:\Program Files (x86)\Logitech\Video\ManifestEngine.exe" boot
HKCU\...\Policies\system: [DisableLockWorkstation] 0
HKCU\...\Policies\system: [DisableChangePassword] 0
MountPoints2: {3e6ca5cc-2c10-11e1-b9d1-2c4138a5e006} - F:\pushinst.exe
HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-05-09] (AVAST Software)
HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [462408 2012-04-04] (Malwarebytes Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated)
AppInit_DLLs: [0 ] ()
Startup: C:\Users\XXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet 6100 (Kopie 1).lnk
ShortcutTarget: Tintenwarnungen überwachen - HP Officejet 6100 (Kopie 1).lnk -> C:\Program Files\HP\HP Officejet 6100\bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\XXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet 6100 (Netzwerk).lnk
ShortcutTarget: Tintenwarnungen überwachen - HP Officejet 6100 (Netzwerk).lnk -> C:\Program Files\HP\HP Officejet 6100\bin\HPStatusBL.dll (Hewlett-Packard Co.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.iminent.com/?appId=1191462C-82DA-4248-B777-5D728D511BD3
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x4B7642743061CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {BFFED5CA-8BDF-47CC-AED0-23F4E6D77732} URL = hxxp://start.iminent.com/?appId=1191462C-82DA-4248-B777-5D728D511BD3&ref=toolbox&q={searchTerms}
SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL =
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2414} URL =
SearchScopes: HKCU - {BFFED5CA-8BDF-47CC-AED0-23F4E6D77732} URL = hxxp://start.iminent.com/?appId=1191462C-82DA-4248-B777-5D728D511BD3&ref=toolbox&q={searchTerms}
BHO: avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: TrueSuite Website Log On - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll (HP)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: SwissAcademic.Citavi.Picker.IEPicker - {609D670F-B735-4da7-AC6D-F3BD358E325E} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: TrueSuite Website Log On - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll (HP)
BHO-x32: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{C8EA58FA-945C-4046-BE67-E4ECE452CFCD}: [NameServer]139.7.30.125 139.7.30.126
Tcpip\..\Interfaces\{DEEC3FF6-3BBC-43FA-8FE5-89649718BB32}: [NameServer]139.7.30.125 139.7.30.126
FireFox:
========
FF ProfilePath: C:\Users\XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\homkrllr.default
FF DefaultSearchEngine: Google
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: StartWeb
FF Homepage: about:home
FF Keyword.URL: hxxp://google.de
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.40.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.40.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\XXXXX\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\XXXXX\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
FF Extension: rssicon - C:\Users\XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\homkrllr.default\Extensions\rssicon@jasnapaka.com.xpi
FF Extension: TrueSuite Website Logon - C:\Program Files (x86)\Mozilla Firefox\extensions\websitelogon@truesuite.com
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: SmartPrintButton - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension
FF HKLM-x32\...\Firefox\Extensions: [ff-bmboc@bytemobile.com] - C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Optimization Client\addon\
FF Extension: Bytemobile Optimization Client - C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Optimization Client\addon\
Chrome:
=======
CHR RestoreOnStartup: "hxxp://start.iminent.com/?appId=1191462C-82DA-4248-B777-5D728D511BD3", "hxxp://www.google.com/"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\XXXXX\AppData\Local\Google\Chrome\Application\29.0.1547.76\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\XXXXX\AppData\Local\Google\Chrome\Application\29.0.1547.76\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\XXXXX\AppData\Local\Google\Chrome\Application\29.0.1547.76\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll No File
CHR Plugin: (Simple Pass 2011) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpgfhihjicjofdejkbjgnjlaglaciobe\1.0_0\npwebsitelogon.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Microsoft\u00AE Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (WildTangent Games App Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (PDF-XChange Viewer) - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
CHR Plugin: (Google Update) - C:\Users\XXXXX\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Extension: (Awesome Screenshot: Capture & Annotate) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce\3.4.5_0
CHR Extension: (YouTube) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Add to Amazon Wish List) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0
CHR Extension: (Google Search) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (FacebookBlocker) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnnaablhmcfdhiadamaoojjcdjhckcb\1.2.3_0
CHR Extension: (Bubble Shooter - Deluxe) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehebfpjkmkfjlfffcmnejglggpmpgclb\1.5_0
CHR Extension: (Facebook Disconnect) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpepffjfmamnambagiibghpglaidiec\1.3.0_0
CHR Extension: (Facebook Ads Blocker) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\eommhojjeeaapcofdjleiamnokcfdnna\1.1.0_0
CHR Extension: (AdBlock) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.8_0
CHR Extension: (Cut the Rope) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkddaofiamhgfjmaccfcfpfolpgbeomj\16_0
CHR Extension: (avast! Online Security) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\8.0.8_0
CHR Extension: (Keep My Opt-Outs) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhnjdplhmcnkiecampfdgfjilccfpfoe\1.0.15_0
CHR Extension: (Flood-It!) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\hidcjhphimkfnacedjcnajpmlaegnddp\1.11_0
CHR Extension: (Feedly - News, Blogs and Youtube) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipbfijinpcgfogaopmgehiegacbhmob\18.1_0
CHR Extension: (Disconnect) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo\5.9.0_0
CHR Extension: (Analytics Blocker) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmcpbefnpobogldglnlikgojpaddibgb\1.0.1_0
CHR Extension: (Super Stacker 2) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\klemmckdcnieolllgjgbniaeehggmano\3.0_0
CHR Extension: (Bejeweled 2 Deluxe) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnoibnffbjdogihagbnommnbibljledh\1.8_0
CHR Extension: (RSS Subscription Extension (by Google)) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbjncdgjeocebhnmkbbbdekmmmcbfjd\2.2.2_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR Extension: (Doodle Jump) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\nojaabckpfdijgbnlhdlhjheiappijbp\2.3.1_0
CHR Extension: (Psykopaint) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgjchkcfmigkkhedgjedmffdepgmpfil\0.0.0.10_0
CHR Extension: (Gmail) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKLM-x32\...\Chrome\Extension: [jpgfhihjicjofdejkbjgnjlaglaciobe] - C:\Program Files (x86)\HP SimplePass 2011\tschrome.crx
CHR HKLM-x32\...\Chrome\Extension: [lgnbhdnimikkoodkogjlcllngimhlapp] - C:\Program Files (x86)\FTDownloader.com\FTDownloader10.crx
CHR StartMenuInternet: Google Chrome - C:\Users\ZZZZZ\AppData\Local\Google\Chrome\Application\chrome.exe
==================== Services (Whitelisted) =================
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
R2 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [376832 2010-10-22] (AVM Berlin)
R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [654408 2012-04-04] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 ServiceLayer; C:\Program Files (x86)\Common Files\PCSuite\Services\ServiceLayer.exe [174080 2006-06-05] (Nokia.)
==================== Drivers (Whitelisted) ====================
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-06-27] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-06-27] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-06-27] ()
R0 BMLoad; C:\Windows\System32\drivers\BMLoad.sys [16512 2013-09-15] ()
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [413696 2011-04-18] (Huawei Technologies Co., Ltd.)
R3 fwlanusb4; C:\Windows\System32\DRIVERS\fwlanusb4.sys [1293824 2010-10-04] (AVM GmbH)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [24904 2012-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [24904 2012-04-04] (Malwarebytes Corporation)
S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2011-12-09] ()
S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2011-12-09] ()
R1 tcpipBM; C:\Windows\system32\drivers\tcpipBM.sys [39552 2013-09-15] ()
R1 tcpipBM; C:\Windows\system32\drivers\tcpipBM.sys [39552 2013-09-15] ()
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation)
U2 wuaserv;
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-09-28 19:17 - 2013-09-28 19:17 - 00000000 ____D C:\FRST
2013-09-28 19:16 - 2013-09-28 19:16 - 01953880 _____ (Farbar) C:\Users\XXXXX\Downloads\FRST64.exe
2013-09-28 19:13 - 2013-09-28 19:13 - 00000476 _____ C:\Users\XXXXX\Downloads\defogger_disable.log
2013-09-28 19:12 - 2013-09-28 19:12 - 00050477 _____ C:\Users\XXXXX\Downloads\Defogger.exe
2013-09-28 19:09 - 2013-09-28 19:09 - 00000000 ____D C:\Program Files (x86)\OpenIt
2013-09-28 19:06 - 2013-09-28 19:06 - 00749248 _____ C:\Users\XXXXX\Downloads\ZipExtractorSetup(1).exe
2013-09-28 14:56 - 2013-08-10 07:22 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-28 14:56 - 2013-08-10 07:21 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-28 14:56 - 2013-08-10 07:20 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-28 14:56 - 2013-08-10 07:20 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-28 14:56 - 2013-08-10 07:20 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-28 14:56 - 2013-08-10 07:20 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-28 14:56 - 2013-08-10 07:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-28 14:56 - 2013-08-10 07:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-28 14:56 - 2013-08-10 05:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-28 14:56 - 2013-08-10 05:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-28 14:56 - 2013-08-10 05:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-28 14:56 - 2013-08-10 05:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-28 14:56 - 2013-08-10 05:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-28 14:56 - 2013-08-10 05:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-28 14:56 - 2013-08-10 05:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-28 14:56 - 2013-08-10 05:17 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-28 14:56 - 2013-08-10 05:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-28 14:56 - 2013-08-10 04:27 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-28 14:56 - 2013-08-10 04:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-09-28 14:55 - 2013-08-10 07:22 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-28 14:55 - 2013-08-10 07:22 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-28 14:55 - 2013-08-10 07:21 - 19246592 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-28 14:55 - 2013-08-10 07:21 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-28 14:55 - 2013-08-10 07:20 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-28 14:55 - 2013-08-10 07:20 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-28 14:55 - 2013-08-10 05:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-28 14:55 - 2013-08-10 05:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-28 14:55 - 2013-08-10 05:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-28 14:55 - 2013-08-10 05:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-28 14:55 - 2013-08-10 05:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-28 14:55 - 2013-08-10 05:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-28 14:17 - 2013-09-28 14:17 - 00001981 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-09-28 13:29 - 2013-09-28 13:29 - 00001807 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2013-09-28 13:29 - 2013-09-28 13:29 - 00000000 ____D C:\Program Files (x86)\QuickTime
2013-09-28 13:27 - 2013-09-28 13:27 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2013-09-28 13:19 - 2013-09-28 13:19 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-09-28 13:19 - 2013-09-28 13:19 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-09-28 13:19 - 2013-09-28 13:19 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-09-28 13:19 - 2013-09-28 13:19 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-09-28 13:19 - 2013-09-28 13:19 - 00000000 ____D C:\ProgramData\Oracle
2013-09-28 12:59 - 2013-09-28 12:59 - 02209056 _____ C:\Users\XXXXX\Downloads\avira-eu-cleaner_de (1).exe
2013-09-28 12:56 - 2013-08-05 04:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-09-28 12:55 - 2013-09-28 12:55 - 00000000 ____D C:\Users\ZZZZZ\AppData\Local\avgchrome
2013-09-28 12:53 - 2013-08-02 04:23 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-09-28 12:53 - 2013-08-02 04:15 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-09-28 12:53 - 2013-08-02 04:15 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2013-09-28 12:53 - 2013-08-02 04:15 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-09-28 12:53 - 2013-08-02 04:15 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2013-09-28 12:53 - 2013-08-02 04:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-28 12:53 - 2013-08-02 04:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2013-09-28 12:53 - 2013-08-02 04:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-28 12:53 - 2013-08-02 04:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 03:59 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-09-28 12:53 - 2013-08-02 03:59 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-09-28 12:53 - 2013-08-02 03:51 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-09-28 12:53 - 2013-08-02 03:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-09-28 12:53 - 2013-08-02 03:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-09-28 12:53 - 2013-08-02 03:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-09-28 12:53 - 2013-08-02 03:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-09-28 12:53 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 03:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-28 12:53 - 2013-08-02 02:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2013-09-28 12:53 - 2013-08-02 02:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-09-28 12:53 - 2013-08-02 02:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-09-28 12:53 - 2013-08-02 02:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-09-28 12:53 - 2013-08-02 02:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-09-28 12:53 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-09-28 12:50 - 2013-09-28 12:50 - 00000000 ____D C:\Users\ZZZZZ\AppData\Roaming\0D0S1L2Z1P1B
2013-09-28 12:49 - 2013-09-28 19:09 - 00000300 _____ C:\Windows\Tasks\DigitalSite.job
2013-09-28 12:49 - 2013-09-28 12:49 - 00001880 _____ C:\Users\ZZZZZ\Desktop\Search.lnk
2013-09-28 12:49 - 2013-09-28 12:49 - 00000000 ____D C:\Users\ZZZZZ\AppData\Roaming\DigitalSite
2013-09-28 12:49 - 2013-09-28 12:49 - 00000000 ____D C:\ProgramData\Babylon
2013-09-28 12:49 - 2013-08-08 03:20 - 03155456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-28 12:49 - 2013-07-26 04:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-28 12:49 - 2013-07-26 04:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-28 12:49 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-09-28 12:49 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-09-28 12:43 - 2013-09-28 12:43 - 00749248 _____ C:\Users\XXXXX\Downloads\ZipExtractorSetup.exe
2013-09-28 12:39 - 2013-09-28 13:24 - 00001986 _____ C:\Users\XXXXX\Desktop\Entfernen des Avira EU-Cleaners.lnk
2013-09-28 12:39 - 2013-09-28 13:24 - 00001930 _____ C:\Users\XXXXX\Desktop\Avira EU-Cleaner.lnk
2013-09-28 12:39 - 2013-09-28 12:39 - 02209056 _____ C:\Users\XXXXX\Downloads\avira-eu-cleaner_de.exe
2013-09-28 11:38 - 2013-09-28 11:38 - 00000166 _____ C:\Windows\SysWOW64\DOErrors.log
2013-09-25 22:58 - 2013-09-25 22:58 - 00000000 ____D C:\Users\XXXXX\Documents\Designer Files
2013-09-25 22:58 - 2013-09-25 22:58 - 00000000 ____D C:\Users\XXXXX\AppData\Roaming\fotobuch.de AG
2013-09-25 22:56 - 2013-09-25 22:56 - 00002037 _____ C:\Users\ZZZZZ\Desktop\Designer 2.0.lnk
2013-09-25 22:56 - 2013-09-25 22:56 - 00002037 _____ C:\Users\XXXXX\Desktop\Designer 2.0.lnk
2013-09-25 22:56 - 2013-09-25 22:56 - 00000000 ____D C:\Users\ZZZZZ\Documents\Designer Files
2013-09-25 22:56 - 2013-09-25 22:56 - 00000000 ____D C:\Users\ZZZZZ\AppData\Roaming\fotobuch.de AG
2013-09-25 22:56 - 2013-09-25 22:56 - 00000000 ____D C:\ProgramData\fotobuch.de AG
2013-09-25 22:54 - 2013-09-25 22:55 - 00000000 ____D C:\Program Files (x86)\fotobuch.de
2013-09-25 22:54 - 2013-09-25 22:54 - 00000000 ____D C:\Windows\SysWOW64\artworks
2013-09-17 20:42 - 2013-09-17 20:42 - 00000000 ____D C:\Users\XXXXX\AppData\Roaming\FLEXnet
2013-09-17 20:32 - 2013-09-17 20:32 - 00000000 ____D C:\Users\XXXXX\AppData\Roaming\hpqLog
2013-09-15 16:29 - 2013-09-15 16:29 - 00000000 ____D C:\Users\XXXXX\AppData\Roaming\Vodafone
2013-09-15 15:51 - 2013-09-15 15:51 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ew_jubusenum_01007.Wdf
2013-09-15 15:51 - 2011-04-18 15:43 - 01490656 _____ (Microsoft Corporation) C:\Windows\system32\wdfcoinstaller01007.dll
2013-09-15 15:51 - 2011-04-18 15:43 - 00413696 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ewusbnet.sys
2013-09-15 15:51 - 2011-04-18 15:43 - 00219008 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ewusbmdm.sys
2013-09-15 15:51 - 2011-04-18 15:43 - 00117248 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_hwusbdev.sys
2013-09-15 15:51 - 2011-04-18 15:43 - 00085504 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_jubusenum.sys
2013-09-15 15:51 - 2011-04-18 15:43 - 00013952 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_usbenumfilter.sys
2013-09-15 15:50 - 2013-09-15 15:50 - 00039552 _____ C:\Windows\system32\Drivers\tcpipBM.sys
2013-09-15 15:50 - 2013-09-15 15:50 - 00016512 _____ C:\Windows\system32\Drivers\BMLoad.sys
2013-09-15 15:50 - 2013-09-15 15:50 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_vodafone_K3805-z_dc_enum_01009.Wdf
2013-09-15 15:49 - 2013-09-15 15:49 - 00002747 _____ C:\Users\Public\Desktop\SMS.lnk
2013-09-15 15:49 - 2013-09-15 15:49 - 00002158 _____ C:\Users\Public\Desktop\Vodafone Mobile Broadband.lnk
2013-09-15 15:48 - 2013-09-17 20:32 - 00000000 ____D C:\ProgramData\Vodafone
2013-09-15 15:48 - 2013-09-15 15:48 - 00000000 ____D C:\ProgramData\FLEXnet
2013-09-15 15:48 - 2013-09-15 15:48 - 00000000 ____D C:\Program Files (x86)\Vodafone
2013-09-15 15:47 - 2013-09-15 15:47 - 00000000 ____D C:\Users\ZZZZZ\AppData\Local\Downloaded Installations
2013-09-02 21:09 - 2013-09-25 22:33 - 00002323 _____ C:\Users\XXXXX\Desktop\Google Chrome.lnk
2013-09-02 20:57 - 2013-09-15 16:56 - 00000000 ____D C:\Users\XXXXX\AppData\Roaming\Iminent
2013-09-02 20:57 - 2013-09-02 21:02 - 00000866 _____ C:\Windows\SysWOW64\InstallUtil.InstallLog
2013-09-02 20:53 - 2013-09-02 20:53 - 00000866 _____ C:\Users\ZZZZZ\Desktop\FTDownloader.lnk
2013-09-02 20:53 - 2013-09-02 20:53 - 00000000 ____D C:\Users\ZZZZZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FTDownloader.com
2013-09-02 20:53 - 2013-09-02 20:53 - 00000000 ____D C:\Users\ZZZZZ\AppData\Local\Cool_Mirage
==================== One Month Modified Files and Folders =======
2013-09-28 19:17 - 2013-09-28 19:17 - 00000000 ____D C:\FRST
2013-09-28 19:16 - 2013-09-28 19:16 - 01953880 _____ (Farbar) C:\Users\XXXXX\Downloads\FRST64.exe
2013-09-28 19:13 - 2013-09-28 19:13 - 00000476 _____ C:\Users\XXXXX\Downloads\defogger_disable.log
2013-09-28 19:12 - 2013-09-28 19:12 - 00050477 _____ C:\Users\XXXXX\Downloads\Defogger.exe
2013-09-28 19:09 - 2013-09-28 19:09 - 00000000 ____D C:\Program Files (x86)\OpenIt
2013-09-28 19:09 - 2013-09-28 12:49 - 00000300 _____ C:\Windows\Tasks\DigitalSite.job
2013-09-28 19:07 - 2012-08-27 19:36 - 00001112 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-28 19:06 - 2013-09-28 19:06 - 00749248 _____ C:\Users\XXXXX\Downloads\ZipExtractorSetup(1).exe
2013-09-28 19:06 - 2009-07-14 06:45 - 00024400 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-28 19:06 - 2009-07-14 06:45 - 00024400 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-28 19:01 - 2011-12-21 22:13 - 01645224 _____ C:\Windows\WindowsUpdate.log
2013-09-28 18:57 - 2012-08-27 19:35 - 00001108 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-28 18:55 - 2011-12-09 02:35 - 00000000 ____D C:\ProgramData\NVIDIA
2013-09-28 18:55 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-28 18:55 - 2009-07-14 06:51 - 00080023 _____ C:\Windows\setupact.log
2013-09-28 18:50 - 2011-12-09 02:23 - 00697072 _____ C:\Windows\system32\perfh007.dat
2013-09-28 18:50 - 2011-12-09 02:23 - 00148110 _____ C:\Windows\system32\perfc007.dat
2013-09-28 18:50 - 2009-07-14 07:13 - 01614036 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-28 18:48 - 2011-12-21 23:00 - 00001128 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1637889394-955452023-4095234677-1000UA.job
2013-09-28 18:46 - 2011-12-21 22:33 - 00000000 ___RD C:\Users\XXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-28 18:46 - 2011-12-21 22:33 - 00000000 ___RD C:\Users\XXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-28 18:44 - 2009-07-14 06:45 - 00428496 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-28 18:40 - 2010-11-21 05:47 - 00428150 _____ C:\Windows\PFRO.log
2013-09-28 14:55 - 2013-08-03 11:51 - 00000000 ____D C:\Windows\system32\MRT
2013-09-28 14:55 - 2012-10-22 19:43 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-28 14:55 - 2011-12-24 14:19 - 00000000 ____D C:\Program Files (x86)\Microsoft Application Virtualization Client
2013-09-28 14:55 - 2011-02-11 19:15 - 01640718 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-09-28 14:54 - 2012-04-11 11:22 - 79143768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-09-28 14:54 - 2012-01-07 21:17 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-09-28 14:32 - 2011-12-27 15:41 - 00000000 ____D C:\Users\ZZZZZ\AppData\Local\Adobe
2013-09-28 14:29 - 2011-12-21 23:53 - 00001116 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1637889394-955452023-4095234677-1002UA.job
2013-09-28 14:17 - 2013-09-28 14:17 - 00001981 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-09-28 14:16 - 2011-12-09 02:48 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-09-28 13:53 - 2011-12-09 02:46 - 00000000 ____D C:\Program Files (x86)\HP Games
2013-09-28 13:51 - 2011-12-09 02:46 - 00002589 _____ C:\Users\Public\Desktop\WildTangent Games App - hp.lnk
2013-09-28 13:29 - 2013-09-28 13:29 - 00001807 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2013-09-28 13:29 - 2013-09-28 13:29 - 00000000 ____D C:\Program Files (x86)\QuickTime
2013-09-28 13:27 - 2013-09-28 13:27 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2013-09-28 13:24 - 2013-09-28 12:39 - 00001986 _____ C:\Users\XXXXX\Desktop\Entfernen des Avira EU-Cleaners.lnk
2013-09-28 13:24 - 2013-09-28 12:39 - 00001930 _____ C:\Users\XXXXX\Desktop\Avira EU-Cleaner.lnk
2013-09-28 13:19 - 2013-09-28 13:19 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-09-28 13:19 - 2013-09-28 13:19 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-09-28 13:19 - 2013-09-28 13:19 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-09-28 13:19 - 2013-09-28 13:19 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-09-28 13:19 - 2013-09-28 13:19 - 00000000 ____D C:\ProgramData\Oracle
2013-09-28 13:19 - 2012-01-12 21:16 - 00790440 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-09-28 13:11 - 2011-12-21 23:06 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-28 12:59 - 2013-09-28 12:59 - 02209056 _____ C:\Users\XXXXX\Downloads\avira-eu-cleaner_de (1).exe
2013-09-28 12:55 - 2013-09-28 12:55 - 00000000 ____D C:\Users\ZZZZZ\AppData\Local\avgchrome
2013-09-28 12:50 - 2013-09-28 12:50 - 00000000 ____D C:\Users\ZZZZZ\AppData\Roaming\0D0S1L2Z1P1B
2013-09-28 12:49 - 2013-09-28 12:49 - 00001880 _____ C:\Users\ZZZZZ\Desktop\Search.lnk
2013-09-28 12:49 - 2013-09-28 12:49 - 00000000 ____D C:\Users\ZZZZZ\AppData\Roaming\DigitalSite
2013-09-28 12:49 - 2013-09-28 12:49 - 00000000 ____D C:\ProgramData\Babylon
2013-09-28 12:43 - 2013-09-28 12:43 - 00749248 _____ C:\Users\XXXXX\Downloads\ZipExtractorSetup.exe
2013-09-28 12:39 - 2013-09-28 12:39 - 02209056 _____ C:\Users\XXXXX\Downloads\avira-eu-cleaner_de.exe
2013-09-28 11:56 - 2012-04-12 09:02 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-28 11:56 - 2011-12-09 02:45 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-28 11:38 - 2013-09-28 11:38 - 00000166 _____ C:\Windows\SysWOW64\DOErrors.log
2013-09-28 11:34 - 2011-12-21 22:18 - 00001423 _____ C:\Users\ZZZZZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-09-28 11:34 - 2011-12-21 22:18 - 00000000 ___RD C:\Users\ZZZZZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-28 11:34 - 2011-12-21 22:18 - 00000000 ___RD C:\Users\ZZZZZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-28 11:27 - 2011-12-09 02:54 - 00000000 ____D C:\ProgramData\truesuite
2013-09-25 23:21 - 2012-05-21 11:56 - 00000000 ____D C:\Users\XXXXX\AppData\Roaming\vlc
2013-09-25 23:05 - 2011-12-22 00:13 - 00118800 _____ C:\Users\XXXXX\AppData\Local\GDIPFONTCACHEV1.DAT
2013-09-25 22:58 - 2013-09-25 22:58 - 00000000 ____D C:\Users\XXXXX\Documents\Designer Files
2013-09-25 22:58 - 2013-09-25 22:58 - 00000000 ____D C:\Users\XXXXX\AppData\Roaming\fotobuch.de AG
2013-09-25 22:56 - 2013-09-25 22:56 - 00002037 _____ C:\Users\ZZZZZ\Desktop\Designer 2.0.lnk
2013-09-25 22:56 - 2013-09-25 22:56 - 00002037 _____ C:\Users\XXXXX\Desktop\Designer 2.0.lnk
2013-09-25 22:56 - 2013-09-25 22:56 - 00000000 ____D C:\Users\ZZZZZ\Documents\Designer Files
2013-09-25 22:56 - 2013-09-25 22:56 - 00000000 ____D C:\Users\ZZZZZ\AppData\Roaming\fotobuch.de AG
2013-09-25 22:56 - 2013-09-25 22:56 - 00000000 ____D C:\ProgramData\fotobuch.de AG
2013-09-25 22:55 - 2013-09-25 22:54 - 00000000 ____D C:\Program Files (x86)\fotobuch.de
2013-09-25 22:54 - 2013-09-25 22:54 - 00000000 ____D C:\Windows\SysWOW64\artworks
2013-09-25 22:33 - 2013-09-02 21:09 - 00002323 _____ C:\Users\XXXXX\Desktop\Google Chrome.lnk
2013-09-23 22:29 - 2012-02-08 18:07 - 00008704 _____ C:\Users\XXXXX\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-09-23 21:29 - 2011-12-21 23:53 - 00001064 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1637889394-955452023-4095234677-1002Core.job
2013-09-23 20:48 - 2011-12-21 23:00 - 00001076 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1637889394-955452023-4095234677-1000Core.job
2013-09-17 20:42 - 2013-09-17 20:42 - 00000000 ____D C:\Users\XXXXX\AppData\Roaming\FLEXnet
2013-09-17 20:32 - 2013-09-17 20:32 - 00000000 ____D C:\Users\XXXXX\AppData\Roaming\hpqLog
2013-09-17 20:32 - 2013-09-15 15:48 - 00000000 ____D C:\ProgramData\Vodafone
2013-09-17 20:26 - 2009-07-14 07:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-09-15 16:56 - 2013-09-02 20:57 - 00000000 ____D C:\Users\XXXXX\AppData\Roaming\Iminent
2013-09-15 16:29 - 2013-09-15 16:29 - 00000000 ____D C:\Users\XXXXX\AppData\Roaming\Vodafone
2013-09-15 15:51 - 2013-09-15 15:51 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ew_jubusenum_01007.Wdf
2013-09-15 15:50 - 2013-09-15 15:50 - 00039552 _____ C:\Windows\system32\Drivers\tcpipBM.sys
2013-09-15 15:50 - 2013-09-15 15:50 - 00016512 _____ C:\Windows\system32\Drivers\BMLoad.sys
2013-09-15 15:50 - 2013-09-15 15:50 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_vodafone_K3805-z_dc_enum_01009.Wdf
2013-09-15 15:49 - 2013-09-15 15:49 - 00002747 _____ C:\Users\Public\Desktop\SMS.lnk
2013-09-15 15:49 - 2013-09-15 15:49 - 00002158 _____ C:\Users\Public\Desktop\Vodafone Mobile Broadband.lnk
2013-09-15 15:48 - 2013-09-15 15:48 - 00000000 ____D C:\ProgramData\FLEXnet
2013-09-15 15:48 - 2013-09-15 15:48 - 00000000 ____D C:\Program Files (x86)\Vodafone
2013-09-15 15:47 - 2013-09-15 15:47 - 00000000 ____D C:\Users\ZZZZZ\AppData\Local\Downloaded Installations
2013-09-09 07:08 - 2012-04-19 19:51 - 00000000 ____D C:\Users\XXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2013-09-09 07:08 - 2011-12-24 15:56 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2013-09-09 07:08 - 2011-12-24 13:27 - 00000000 ____D C:\Users\WWWWW
2013-09-09 07:08 - 2011-12-23 16:06 - 00000000 ____D C:\Users\XXXXX\AppData\Roaming\IrfanView
2013-09-09 07:08 - 2011-12-21 22:14 - 00000000 ____D C:\Users\ZZZZZ
2013-09-09 07:08 - 2010-11-21 09:16 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-09-09 07:08 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration
2013-09-08 21:10 - 2011-12-21 22:33 - 00000000 ____D C:\Users\XXXXX
2013-09-02 21:02 - 2013-09-02 20:57 - 00000866 _____ C:\Windows\SysWOW64\InstallUtil.InstallLog
2013-09-02 20:53 - 2013-09-02 20:53 - 00000866 _____ C:\Users\ZZZZZ\Desktop\FTDownloader.lnk
2013-09-02 20:53 - 2013-09-02 20:53 - 00000000 ____D C:\Users\ZZZZZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FTDownloader.com
2013-09-02 20:53 - 2013-09-02 20:53 - 00000000 ____D C:\Users\ZZZZZ\AppData\Local\Cool_Mirage
2013-09-02 20:53 - 2011-12-09 02:40 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-09-02 20:48 - 2011-12-09 02:44 - 00000000 ____D C:\ProgramData\CyberLink
2013-09-02 20:43 - 2013-08-25 16:59 - 00000000 ____D C:\Program Files (x86)\Logitech
Some content of TEMP:
====================
C:\Users\XXXXX\AppData\Local\Temp\PureSyncInst.exe
C:\Users\XXXXX\AppData\Local\Temp\SkypeSetup.exe
C:\Users\XXXXX\AppData\Local\Temp\wmpfirefoxplugin.exe
C:\Users\ZZZZZ\AppData\Local\Temp\uninst1.exe
C:\Users\ZZZZZ\AppData\Local\Temp\uninstall.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-09-2013 02
Ran by XXXXX at 2013-09-28 19:18:15
Running from C:\Users\XXXXX\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: avast! Antivirus (Enabled - Up to date) {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AS: avast! Antivirus (Enabled - Up to date) {904CF271-6431-DA47-5FCE-A87D98DFB681}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
Adobe Acrobat 7.0 Professional - English, Français, Deutsch (x32 Version: 7.0.0)
Adobe AIR (x32 Version: 2.6.0.19120)
Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.175)
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.168)
Adobe Photoshop 7.0.1 (x32 Version: 7.0.1)
Adobe Reader XI (11.0.04) - Deutsch (x32 Version: 11.0.04)
Agatha Christie - Peril at End House (x32 Version: 2.2.0.95)
Amazon MP3-Downloader 1.0.17 (x32 Version: 1.0.17)
Amazon Music Importer (x32 Version: 2.1.0)
Apple Application Support (x32 Version: 2.3.4)
Apple Mobile Device Support (Version: 6.0.1.3)
Apple Software Update (x32 Version: 2.1.3.127)
Audacity 2.0 (x32)
AuthenTec TrueAPI (Version: 1.3.0.116)
avast! Free Antivirus (x32 Version: 8.0.1489.0)
AVM FRITZ!WLAN (x32)
Bejeweled 3 (x32 Version: 2.2.0.97)
Blasterball 3 (x32 Version: 2.2.0.97)
Bonjour (Version: 3.0.0.10)
Botanicula (x32 Version: 1.0)
Bounce Symphony (x32 Version: 2.2.0.97)
Browser Hijack Recover(BHR) 3.0 (x32)
Cake Mania (x32 Version: 2.2.0.95)
Chronicles of Albian (x32 Version: 2.2.0.95)
Chuzzle Deluxe (x32 Version: 2.2.0.95)
Citavi (x32 Version: 3.2.0.0)
Cradle of Rome 2 (x32 Version: 2.2.0.95)
D3DX10 (x32 Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)
Designer 2.0 (x32 Version: 7.9.4)
Dropbox (HKCU Version: 1.4.7)
ESET Online Scanner v3 (x32)
Farm Frenzy (x32 Version: 2.2.0.95)
FATE (x32 Version: 2.2.0.97)
FormatFactory 2.80 (x32 Version: 2.80)
Free Video Converter V 3.1 (x32 Version: 3.1.0.0)
Google Chrome (HKCU Version: 29.0.1547.76)
Google Earth (x32 Version: 7.1.1.1888)
Google Update Helper (x32 Version: 1.3.21.153)
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95)
Hewlett-Packard ACLM.NET v1.1.1.0 (x32 Version: 1.00.0000)
HijackThis 2.0.2 (x32 Version: 2.0.2)
HP Auto (Version: 1.0.12935.3667)
HP Client Services (Version: 1.1.12938.3539)
HP Customer Experience Enhancements (x32 Version: 6.0.1.7)
HP Games (x32 Version: 1.0.2.5)
HP LinkUp (x32 Version: 2.01.028)
HP Odometer (x32 Version: 2.10.0000)
HP Officejet 6100 - Grundlegende Software für das Gerät (Version: 25.0.617.0)
HP Officejet 6100 Hilfe (x32 Version: 140.0.2.2)
HP Setup (x32 Version: 8.7.4747.3786)
HP Setup Manager (x32 Version: 1.1.13880.3792)
HP SimplePass PE 2011 (x32 Version: 5.3.0.194)
HP Support Assistant (x32 Version: 6.0.4.1)
HP Support Information (x32 Version: 10.1.1000)
HP Update (x32 Version: 5.003.001.001)
HP Vision Hardware Diagnostics (Version: 2.9.0.0)
Intel(R) Identity Protection Technology 1.1.2.0 (x32 Version: 1.1.2.0)
Intel(R) Management Engine Components (x32 Version: 7.0.0.1144)
IrfanView (remove only) (x32 Version: 4.32)
iTunes (Version: 10.7.0.21)
Java 7 Update 40 (x32 Version: 7.0.400)
Java Auto Updater (x32 Version: 2.1.9.8)
Java(TM) 6 Update 31 (x32 Version: 6.0.310)
Jewel Quest Solitaire (x32 Version: 2.2.0.95)
Jewel Quest: The Sleepless Star - Collector's Edition (x32 Version: 2.2.0.95)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
LAME v3.99.3 (for Windows) (x32)
Malwarebytes Anti-Malware Version 1.61.0.1400 (x32 Version: 1.61.0.1400)
McAfee Security Scan Plus (x32 Version: 3.0.318.3)
Mendeley Desktop 1.3.1 (x32 Version: 1.3.1)
Mesh Runtime (x32 Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Mathematics (x32 Version: 4.0)
Microsoft Office 2010 Service Pack 1 (SP1) (x32)
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000)
Microsoft Office Klick-und-Los 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Professional 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Single Image 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Mozilla Firefox 9.0.1 (x86 de) (x32 Version: 9.0.1)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
No23 Recorder (x32 Version: 2.1.0.3)
Nokia Connectivity Cable Driver (Version: 7.1.32.69)
Nokia Connectivity Cable Driver (x32 Version: 6.81.1.2)
Nokia PC Connectivity Solution (x32 Version: 6.23.9.0)
Nokia PC Suite (x32 Version: 6.81.13.0)
Nokia Phone Browser 64-bit (Version: 6.81.13.0)
NVIDIA 3D Vision Driver 267.95 (Version: 267.95)
NVIDIA Control Panel 267.95 (Version: 267.95)
NVIDIA Graphics Driver 267.95 (Version: 267.95)
NVIDIA Install Application (Version: 2.265.41.0)
NVIDIA PhysX (x32 Version: 9.10.0514)
NVIDIA PhysX System Software 9.10.0514 (Version: 9.10.0514)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.6795)
PC Connectivity Solution 64-bit components (Version: 6.23.9.0)
PDF-Viewer (Version: 2.5.201.0)
Picasa 3 (x32 Version: 3.9)
PlayReady PC Runtime amd64 (Version: 1.3.0)
PureSync (x32 Version: 3.7.6)
PureSync 3.7.6 (x32 Version: 3.7.6)
QuickTime (x32 Version: 7.74.80.86)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6378)
Recovery Manager (x32 Version: 5.5.0.4320)
Remote Graphics Receiver (x32 Version: 5.4.5)
Skype™ 5.10 (x32 Version: 5.10.116)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (x32)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2494150) (x32)
Update for Microsoft Office 2010 (KB2553065) (x32)
Update for Microsoft Office 2010 (KB2553157) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2566458) (x32)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2589370) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760758) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (x32)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (x32)
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (x32)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (x32)
Update Installer for WildTangent Games App (x32)
VIP Access SDK (1.0.1.4) (x32 Version: 1.0.1.4)
VLC media player 2.0.1 (x32 Version: 2.0.1)
Vodafone Mobile Broadband (x32 Version: 10.2.103.31248)
WildTangent Games App (HP Games) (x32 Version: 4.0.5.2)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3538.0513)
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3538.0513)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live Mesh ActiveX control for remote connections (x32 Version: 15.4.5722.2)
Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2)
Windows Live Messenger (x32 Version: 15.4.3538.0513)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
Windows Media Player Firefox Plugin (x32 Version: 1.0.0.8)
Windows Searchqu Toolbar (x32 Version: 3.0.0.115676)
WinRAR 4.20 (32-Bit) (x32 Version: 4.20.0)
WISO Steuer-Sparbuch 2012 (x32 Version: 19.00.7303)
WISO Steuer-Sparbuch 2013 (x32 Version: 20.00.8137)
Zinio Reader 4 (x32 Version: 4.2.4164)
==================== Restore Points =========================
Could not list Restore Points.
==================== Hosts content: ==========================
2009-07-14 04:34 - 2012-04-18 19:02 - 00000098 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => ?
Task: C:\Windows\Tasks\DigitalSite.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1637889394-955452023-4095234677-1000Core.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1637889394-955452023-4095234677-1000UA.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1637889394-955452023-4095234677-1002Core.job => C:\Users\XXXXX\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1637889394-955452023-4095234677-1002UA.job => C:\Users\XXXXX\AppData\Local\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (09/28/2013 01:51:30 PM) (Source: Application Hang) (User: )
Description: Programm Updater.exe, Version 1.0.2.48 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 490
Startzeit: 01cebc40ea06375a
Endzeit: 2
Anwendungspfad: C:\ProgramData\WildTangent\WildTangent Games\App\Update\Updater.exe
Berichts-ID:
Error: (09/28/2013 01:23:21 PM) (Source: Application Hang) (User: )
Description: Programm msiexec.exe, Version 5.0.7601.17514 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1c2c
Startzeit: 01cebc3d058b1779
Endzeit: 2
Anwendungspfad: C:\Windows\SysWOW64\msiexec.exe
Berichts-ID: 5914f079-2830-11e3-b0c6-bc054305c3e5
Error: (09/28/2013 00:01:39 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (09/25/2013 11:05:52 PM) (Source: VmbService) (User: )
Description: GetClient
Error: (09/25/2013 11:03:59 PM) (Source: Application Hang) (User: )
Description: Programm iTunes.exe, Version 10.7.0.21 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 155c
Startzeit: 01ceba293ed02739
Endzeit: 29162
Anwendungspfad: C:\Program Files (x86)\iTunes\iTunes.exe
Berichts-ID:
Error: (09/25/2013 11:02:25 PM) (Source: Application Hang) (User: )
Description: Programm designer.exe, Version 0.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 2380
Startzeit: 01ceba32789067a4
Endzeit: 11
Anwendungspfad: C:\Program Files (x86)\fotobuch.de\Designer 2.0\designer.exe
Berichts-ID: c1caa2dd-2625-11e3-8e2b-001e101f63cf
Error: (09/25/2013 10:58:43 PM) (Source: Application Hang) (User: )
Description: Programm designer.exe, Version 0.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 2030
Startzeit: 01ceba31ed6bedc3
Endzeit: 11
Anwendungspfad: C:\Program Files (x86)\fotobuch.de\Designer 2.0\designer.exe
Berichts-ID: 3ffff178-2625-11e3-8e2b-001e101f63cf
Error: (09/25/2013 10:58:00 PM) (Source: Application Hang) (User: )
Description: Programm designer.exe, Version 0.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 11a0
Startzeit: 01ceba31ad705c3d
Endzeit: 12
Anwendungspfad: C:\Program Files (x86)\fotobuch.de\Designer 2.0\designer.exe
Berichts-ID: 23074a30-2625-11e3-8e2b-001e101f63cf
Error: (09/25/2013 10:41:02 PM) (Source: Application Hang) (User: )
Description: Programm PicasaPhotoViewer.exe, Version 3.9.136.20 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: f88
Startzeit: 01ceba2f7c4fb3c2
Endzeit: 4
Anwendungspfad: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe
Berichts-ID: c82dc8b0-2622-11e3-8e2b-001e101f63cf
Error: (09/25/2013 10:12:29 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 47127
System errors:
=============
Error: (09/28/2013 06:42:53 PM) (Source: Microsoft-Windows-LanguagePackSetup) (User: NT-AUTORITÄT)
Description: Fehler bei der CBS-Clientinitialisierung. Letzter Fehler: 0x8007045b
Error: (09/25/2013 11:05:53 PM) (Source: Application Popup) (User: )
Description: Treiber USB hat eine ungültige ID für das untergeordnete Gerät (09020000000111436600000298) zurückgegeben.
Error: (09/25/2013 10:58:16 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR3 gefunden.
Error: (09/25/2013 10:23:41 PM) (Source: cdrom) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.
Error: (09/25/2013 10:22:11 PM) (Source: cdrom) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.
Error: (09/25/2013 10:21:13 PM) (Source: cdrom) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.
Error: (09/25/2013 10:20:15 PM) (Source: cdrom) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.
Error: (09/25/2013 10:19:16 PM) (Source: cdrom) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.
Error: (09/25/2013 10:18:18 PM) (Source: cdrom) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.
Error: (09/25/2013 10:16:00 PM) (Source: cdrom) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.
Microsoft Office Sessions:
=========================
Error: (09/28/2013 01:51:30 PM) (Source: Application Hang)(User: )
Description: Updater.exe1.0.2.4849001cebc40ea06375a2C:\ProgramData\WildTangent\WildTangent Games\App\Update\Updater.exe
Error: (09/28/2013 01:23:21 PM) (Source: Application Hang)(User: )
Description: msiexec.exe5.0.7601.175141c2c01cebc3d058b17792C:\Windows\SysWOW64\msiexec.exe5914f079-2830-11e3-b0c6-bc054305c3e5
Error: (09/28/2013 00:01:39 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe
Error: (09/25/2013 11:05:52 PM) (Source: VmbService)(User: )
Description: GetClient
Error: (09/25/2013 11:03:59 PM) (Source: Application Hang)(User: )
Description: iTunes.exe10.7.0.21155c01ceba293ed0273929162C:\Program Files (x86)\iTunes\iTunes.exe
Error: (09/25/2013 11:02:25 PM) (Source: Application Hang)(User: )
Description: designer.exe0.0.0.0238001ceba32789067a411C:\Program Files (x86)\fotobuch.de\Designer 2.0\designer.exec1caa2dd-2625-11e3-8e2b-001e101f63cf
Error: (09/25/2013 10:58:43 PM) (Source: Application Hang)(User: )
Description: designer.exe0.0.0.0203001ceba31ed6bedc311C:\Program Files (x86)\fotobuch.de\Designer 2.0\designer.exe3ffff178-2625-11e3-8e2b-001e101f63cf
Error: (09/25/2013 10:58:00 PM) (Source: Application Hang)(User: )
Description: designer.exe0.0.0.011a001ceba31ad705c3d12C:\Program Files (x86)\fotobuch.de\Designer 2.0\designer.exe23074a30-2625-11e3-8e2b-001e101f63cf
Error: (09/25/2013 10:41:02 PM) (Source: Application Hang)(User: )
Description: PicasaPhotoViewer.exe3.9.136.20f8801ceba2f7c4fb3c24C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exec82dc8b0-2622-11e3-8e2b-001e101f63cf
Error: (09/25/2013 10:12:29 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 47127
==================== Memory info ===========================
Percentage of memory in use: 31%
Total physical RAM: 8172.83 MB
Available physical RAM: 5614.92 MB
Total Pagefile: 16343.85 MB
Available Pagefile: 13230.34 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:482.72 GB) (Free:414.49 GB) NTFS
Drive d: (Volume) (Fixed) (Total:1367.19 GB) (Free:274.23 GB) NTFS
Drive r: (HP_RECOVERY) (Fixed) (Total:13.01 GB) (Free:1.6 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-09-28 19:48:41
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.MN6O 1863,02GB
Running: 8n831bpw.exe; Driver: C:\Users\Jolanda\AppData\Local\Temp\fxliqpod.sys
---- Threads - GMER 2.1 ----
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [4928:3852] 0000000074ee7587
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [4928:1916] 0000000066870cb3
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [4928:2100] 0000000076fc2e65
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [4928:6056] 0000000076fc3e85
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [4928:6140] 0000000076fc3e85
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [4928:5800] 0000000076fc3e85
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Type 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Start 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@DisplayName aswFsBlk
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Group FSFilter Activity Monitor
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@DependOnService FltMgr?
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Description avast! mini-filter driver (aswFsBlk)
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Tag 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances@DefaultInstance aswFsBlk Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance@Altitude 388400
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance@Flags 0
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Type 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Start 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@ImagePath \??\C:\Windows\system32\drivers\aswMonFlt.sys
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@DisplayName aswMonFlt
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Group FSFilter Anti-Virus
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@DependOnService FltMgr?
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Description avast! mini-filter driver (aswMonFlt)
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances@DefaultInstance aswMonFlt Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance@Altitude 320700
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance@Flags 0
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@ImagePath \SystemRoot\System32\Drivers\aswrdr2.sys
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Start 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@DisplayName aswRdr
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Group PNP_TDI
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@DependOnService tcpip?
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Description avast! WFP Redirect driver
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters@MSIgnoreLSPDefault
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters@WSIgnoreLSPDefault nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Start 0
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@DisplayName aswRvrt
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Description avast! Revert
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@BootCounter 78
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@TickCounter 717506
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@SystemRoot \Device\Harddisk0\Partition2\Windows
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@ImproperShutdown 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Type 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Start 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@DisplayName aswSnx
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Group FSFilter Virtualization
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@DependOnService FltMgr?
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Description avast! virtualization driver (aswSnx)
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Tag 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances@DefaultInstance aswSnx Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance@Altitude 137600
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance@Flags 0
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Start 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@DisplayName aswSP
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Description avast! Self Protection
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@BehavShield 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@NoWelcomeScreen 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@ProgramFilesFolder \DosDevices\C:\Program Files
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@GadgetFolder \DosDevices\C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Start 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@DisplayName avast! Network Shield Support
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Group PNP_TDI
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@DependOnService tcpip?
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Description avast! Network Shield TDI driver
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Tag 10
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Start 0
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@DisplayName aswVmm
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Description avast! VM Monitor
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Type 32
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Start 2
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ImagePath "C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@DisplayName avast! Antivirus
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Group ShellSvcGroup
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@DependOnService aswMonFlt?RpcSS?
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@WOW64 1
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ObjectName LocalSystem
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ServiceSidType 1
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Description Verwaltet und implementiert avast! Antivirus-Dienste f?r diesen Computer. Dies beinhaltet den Echtzeit-Schutz, den Virus-Container und den Planer.
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001060d03c3c
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Type 2
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Start 2
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@DisplayName aswFsBlk
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Group FSFilter Activity Monitor
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@DependOnService FltMgr?
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Description avast! mini-filter driver (aswFsBlk)
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Tag 2
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances@DefaultInstance aswFsBlk Instance
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance@Altitude 388400
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance@Flags 0
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Type 2
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Start 2
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@ImagePath \??\C:\Windows\system32\drivers\aswMonFlt.sys
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@DisplayName aswMonFlt
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Group FSFilter Anti-Virus
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@DependOnService FltMgr?
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Description avast! mini-filter driver (aswMonFlt)
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances@DefaultInstance aswMonFlt Instance
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance@Altitude 320700
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance@Flags 0
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@ImagePath \SystemRoot\System32\Drivers\aswrdr2.sys
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Type 1
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Start 1
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@DisplayName aswRdr
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Group PNP_TDI
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@DependOnService tcpip?
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Description avast! WFP Redirect driver
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters@MSIgnoreLSPDefault
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters@WSIgnoreLSPDefault nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Type 1
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Start 0
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@DisplayName aswRvrt
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Description avast! Revert
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@BootCounter 78
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@TickCounter 717506
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@SystemRoot \Device\Harddisk0\Partition2\Windows
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@ImproperShutdown 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Type 2
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Start 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@DisplayName aswSnx
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Group FSFilter Virtualization
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@DependOnService FltMgr?
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Description avast! virtualization driver (aswSnx)
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Tag 2
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances@DefaultInstance aswSnx Instance
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance@Altitude 137600
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance@Flags 0
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast
Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Type 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Start 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSP@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSP@DisplayName aswSP
Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Description avast! Self Protection
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@BehavShield 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@NoWelcomeScreen 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@ProgramFilesFolder \DosDevices\C:\Program Files
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@GadgetFolder \DosDevices\C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Type 1
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Start 1
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@DisplayName avast! Network Shield Support
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Group PNP_TDI
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@DependOnService tcpip?
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Description avast! Network Shield TDI driver
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Tag 10
Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Type 1
Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Start 0
Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@DisplayName aswVmm
Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Description avast! VM Monitor
Reg HKLM\SYSTEM\ControlSet002\services\aswVmm\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Type 32
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Start 2
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ImagePath "C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@DisplayName avast! Antivirus
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Group ShellSvcGroup
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@DependOnService aswMonFlt?RpcSS?
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@WOW64 1
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ServiceSidType 1
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Description Verwaltet und implementiert avast! Antivirus-Dienste f?r diesen Computer. Dies beinhaltet den Echtzeit-Schutz, den Virus-Container und den Planer.
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001060d03c3c (not active ControlSet)
---- EOF - GMER 2.1 ----
Code:
ATTFilter Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Database version: v2013.09.08.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.10.9200.16686 XXXX:: YYYY[limited] Protection: Enabled 29.09.2013 14:11:02 mbam-log-2013-09-29 (14-11-02).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 198291 Time elapsed: 2 minute(s), 55 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 3 HKCR\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} (PUP.Optional.Delta.A) -> Delete on reboot. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199} (PUP.Optional.Iminent.A) -> Delete on reboot. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48d2-9061-8BBD4899EB08} (PUP.Optional.Iminent.A) -> Delete on reboot. Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Code:
ATTFilter *
* avast! Bericht
* Diese Berichtdatei wurde automatisch erstellt
*
* Prüfungsname: Schnelle Überprüfung
* Start: Sonntag, 29. September 2013 14:31:08
* VPS: 130928-1, 28.09.2013
*
Infizierte Dateien: 0
Dateien gesamt: 53273
Ordner gesamt: 41931
Gesamtgröße: 30,7 GB
*
* Prüfung beendet: Sonntag, 29. September 2013 14:36:58
* Laufzeit war 5 Minute(n), 50 Sekunde(n)
*
Der EU-Avira Cleaner scheint keine Logfiles zu schreiben. Zumindest habe ich keine gefunden. Danke und Gruß |
|
29.09.2013, 17:27
| #2 |
| /// the machine /// TB-Ausbilder    | Angeblich Zero Access - außerdem PUP.Optional.Iminent.A Hi,
__________________ist das der einzige Rechner in eurem Netz?
__________________ |
|
30.09.2013, 08:45
| #3 |
| | Angeblich Zero Access - außerdem PUP.Optional.Iminent.A Nein, es gibt noch etliche PCs, Telefone, Tablets im Netz.
__________________Allerdings habe ich keinerlei Zugriff auf die anderen Geräte. Hier die Situation: Mein PC ist "Gast" in einem WLAN. Der Besitzer des WLANs hat Post von der Telekom bekommen, dass man Zero Access an seinem Anschluss festgestellt hätte. Sie haben ihm auch Port 25 gesperrt. Was der Besitzer mit seinen Geräten gemacht hat, weiß ich nicht. Ein "Experte" hat alles durchsucht, aber nichts gefunden. Mein PC wurde nicht durchsucht. Mit was der Experte gesucht hat, weiß ich auch nicht. Ich möchte nur jetzt für mich sicherstellen, dass mein PC sauber ist, bevor ich mich wieder ins WLAN dort einlogge. |
|
30.09.2013, 16:41
| #4 | |
| /// the machine /// TB-Ausbilder | Angeblich Zero Access - außerdem PUP.Optional.Iminent.A schaun wir mal genauer: Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!Downloade dir bitte Combofix vom folgenden Downloadspiegel Link 1 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
30.09.2013, 20:25
| #5 |
| | Angeblich Zero Access - außerdem PUP.Optional.Iminent.A Erst mal danke an Dich. Hier die ComboFix.txt Code:
ATTFilter Combofix Logfile: |
|
01.10.2013, 16:32
| #6 |
| /// the machine /// TB-Ausbilder | Angeblich Zero Access - außerdem PUP.Optional.Iminent.A Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ --> Angeblich Zero Access - außerdem PUP.Optional.Iminent.A |
|
06.10.2013, 16:35
| #7 |
| | Angeblich Zero Access - außerdem PUP.Optional.Iminent.A Hallo, war leider die letzten Tage verhindert. Bin endlich dazu gekommen, alles zu machen. Hier die Logs: mbam.log, nachdem ich alle Funde entfernt hatte: Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.10.06.03 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16686 XXXXX :: PC-PC [limited] 06.10.2013 16:39:32 mbam-log-2013-10-06 (16-39-32).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 186001 Time elapsed: 3 minute(s), 47 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) AdwCleaner[R1].txt AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v3.006 - Bericht erstellt am 06/10/2013 um 17:16:09
# Updated 01/10/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : PC - PC-Name
# Gestartet von : C:\Users\XXXXX\Desktop\adwcleaner_3.0.0.6.exe
# Option : Suchen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Datei Gefunden : C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage
Datei Gefunden : C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage-journal
Datei Gefunden : C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage
Datei Gefunden : C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage-journal
Datei Gefunden : C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\r4rblr7n.default\\invalidprefs.js
Datei Gefunden : C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\r4rblr7n.default\searchplugins\Askcom.xml
Datei Gefunden : C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\r4rblr7n.default\searchplugins\iminent.xml
Datei Gefunden : C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\r4rblr7n.default\searchplugins\SearchResults.xml
Datei Gefunden : C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\r4rblr7n.default\user.js
Ordner Gefunden C:\Program Files (x86)\openit
Ordner Gefunden C:\ProgramData\Ask
Ordner Gefunden C:\ProgramData\Babylon
Ordner Gefunden C:\ProgramData\boost_interprocess
Ordner Gefunden C:\Users\XXXXX\AppData\LocalLow\AskToolbar
Ordner Gefunden C:\Users\PC\AppData\Local\cool_mirage
Ordner Gefunden C:\Users\PC\AppData\Roaming\digitalsite
Ordner Gefunden C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FTDownloader.com
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gefunden : HKCU\Software\Delta
Schlüssel Gefunden : HKCU\Software\dsiteproducts
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gefunden : HKCU\Software\SearchCore for Browsers
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : [x64] HKCU\Software\Delta
Schlüssel Gefunden : [x64] HKCU\Software\dsiteproducts
Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gefunden : [x64] HKCU\Software\SearchCore for Browsers
Schlüssel Gefunden : [x64] HKCU\Software\Softonic
Schlüssel Gefunden : HKLM\SOFTWARE\86d88abd6eed17
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\FTDownloader
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Schlüssel Gefunden : HKLM\Software\DataMngr
Schlüssel Gefunden : HKLM\Software\Delta
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\lgnbhdnimikkoodkogjlcllngimhlapp
Schlüssel Gefunden : HKLM\Software\Iminent
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\Searchqu Toolbar uninstall_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\Searchqu Toolbar uninstall_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_pdf-xchange-viewer_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_pdf-xchange-viewer_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_picasa_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_picasa_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\SearchCore for Browsers
***** [ Browser ] *****
-\\ Internet Explorer v10.0.9200.16686
-\\ Mozilla Firefox v9.0.1 (de)
[ Datei : C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\r4rblr7n.default\prefs.js ]
Zeile gefunden : user_pref("extensions.delta.admin", false);
Zeile gefunden : user_pref("extensions.delta.aflt", "babsst");
Zeile gefunden : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Zeile gefunden : user_pref("extensions.delta.autoRvrt", "false");
Zeile gefunden : user_pref("extensions.delta.dfltLng", "de");
Zeile gefunden : user_pref("extensions.delta.excTlbr", false);
Zeile gefunden : user_pref("extensions.delta.ffxUnstlRst", true);
Zeile gefunden : user_pref("extensions.delta.id", "c06c9b1f000000000000bc054305c3e5");
Zeile gefunden : user_pref("extensions.delta.instlDay", "15976");
Zeile gefunden : user_pref("extensions.delta.instlRef", "sst");
Zeile gefunden : user_pref("extensions.delta.newTab", false);
Zeile gefunden : user_pref("extensions.delta.prdct", "delta");
Zeile gefunden : user_pref("extensions.delta.prtnrId", "delta");
Zeile gefunden : user_pref("extensions.delta.rvrt", "false");
Zeile gefunden : user_pref("extensions.delta.smplGrp", "none");
Zeile gefunden : user_pref("extensions.delta.tlbrId", "coupon2");
Zeile gefunden : user_pref("extensions.delta.tlbrSrchUrl", "");
Zeile gefunden : user_pref("extensions.delta.vrsn", "1.8.24.6");
Zeile gefunden : user_pref("extensions.delta.vrsnTs", "1.8.24.612:50:16");
Zeile gefunden : user_pref("extensions.delta.vrsni", "1.8.24.6");
Zeile gefunden : user_pref("extensions.delta_i.babExt", "");
Zeile gefunden : user_pref("extensions.delta_i.babTrack", "affID=119357&tt=250913_cpn2&tsp=5019");
Zeile gefunden : user_pref("extensions.delta_i.srcExt", "ss");
[ Datei : C:\Users\YYYYY\AppData\Roaming\Mozilla\Firefox\Profiles\uoenzsps.default\prefs.js ]
[ Datei : C:\Users\XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\homkrllr.default\prefs.js ]
Zeile gefunden : user_pref("browser.search.order.1", "Ask.com");
-\\ Google Chrome v
[ Datei : C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\preferences ]
[ Datei : C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [15754 octets] - [06/10/2013 16:51:35]
AdwCleaner[R1].txt - [15479 octets] - [06/10/2013 17:16:09]
########## EOF - \AdwCleaner\AdwCleaner[R1].txt - [15540 octets] ##########
[/CODE] JRT.txt Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.1 (09.15.2013:1)
OS: Windows 7 Home Premium x64
Ran by XXXX on 06.10.2013 at 17:22:56,63
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 06.10.2013 at 17:22:56,73
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
PS: beim AdwCleaner habe ich noch nichts gelöscht. Nur erst mal gescannt PPS: das FRST Log hatte ich vergessen FRST.txt FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013 Ran by XXXXX (ATTENTION: The logged in user is not administrator) on PC on 06-10-2013 17:33:18 Running from C:\Users\XXXXX\Downloads Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (HP) C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe (HP) C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe (Greenshot) C:\Program Files\Greenshot\Greenshot.exe (Jumping Bytes) C:\Program Files (x86)\PureSync\PureSyncTray.exe (Google Inc.) C:\Users\XXXXX\AppData\Local\Google\Chrome\Application\chrome.exe (McAfee, Inc.) C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Google Inc.) C:\Users\XXXXX\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\XXXXX\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\XXXXX\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\XXXXX\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\XXXXX\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\XXXXX\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\XXXXX\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\XXXXX\AppData\Local\Google\Chrome\Application\chrome.exe (Don HO don.h@free.fr) C:\Program Files\npp.6.0.bin\unicode\notepad++.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil64_11_8_800_175_ActiveX.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6100\bin\HPNetworkCommunicator.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Greenshot] - C:\Program Files\Greenshot\Greenshot.exe [499712 2013-05-20] (Greenshot) HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware ] - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation) HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware (cleanup)] - rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [1127496 2013-04-04] (Malwarebytes Corporation) HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1 HKLM\...\Policies\Explorer: [NoBandCustomize] 0 HKCU\...\Run: [Google Update] - C:\Users\XXXXX\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-12-21] (Google Inc.) HKCU\...\Run: [PureSync] - C:\Program Files (x86)\PureSync\PureSyncTray.exe [907808 2013-04-29] (Jumping Bytes) HKCU\...\Run: [GoogleChromeAutoLaunch_50EA6731804A0FA2B2DE051BEA45E463] - C:\Users\XXXXX\AppData\Local\Google\Chrome\Application\chrome.exe [829392 2013-09-17] (Google Inc.) HKCU\...\Run: [LogitechSoftwareUpdate] - "C:\Program Files (x86)\Logitech\Video\ManifestEngine.exe" boot HKCU\...\Policies\system: [DisableLockWorkstation] 0 HKCU\...\Policies\system: [DisableChangePassword] 0 MountPoints2: {3e6ca5cc-2c10-11e1-b9d1-2c4138a5e006} - F:\pushinst.exe HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-05-09] (AVAST Software) Startup: C:\Users\XXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet 6100 (Kopie 1).lnk ShortcutTarget: Tintenwarnungen überwachen - HP Officejet 6100 (Kopie 1).lnk -> C:\Program Files\HP\HP Officejet 6100\bin\HPStatusBL.dll (Hewlett-Packard Co.) Startup: C:\Users\XXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet 6100 (Netzwerk).lnk ShortcutTarget: Tintenwarnungen überwachen - HP Officejet 6100 (Netzwerk).lnk -> C:\Program Files\HP\HP Officejet 6100\bin\HPStatusBL.dll (Hewlett-Packard Co.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.iminent.com/?appId=1191462C-82DA-4248-B777-5D728D511BD3 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/ HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x4B7642743061CE01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL = SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2414} URL = SearchScopes: HKCU - {BFFED5CA-8BDF-47CC-AED0-23F4E6D77732} URL = hxxp://start.iminent.com/?appId=1191462C-82DA-4248-B777-5D728D511BD3&ref=toolbox&q={searchTerms} BHO: avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO: TrueSuite Website Log On - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll (HP) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.) BHO-x32: SwissAcademic.Citavi.Picker.IEPicker - {609D670F-B735-4da7-AC6D-F3BD358E325E} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: TrueSuite Website Log On - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll (HP) BHO-x32: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKLM-x32 - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{C8EA58FA-945C-4046-BE67-E4ECE452CFCD}: [NameServer]139.7.30.125 139.7.30.126 Tcpip\..\Interfaces\{DEEC3FF6-3BBC-43FA-8FE5-89649718BB32}: [NameServer]139.7.30.125 139.7.30.126 FireFox: ======== FF ProfilePath: C:\Users\XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\homkrllr.default FF DefaultSearchEngine: Google FF SearchEngineOrder.1: Ask.com FF SelectedSearchEngine: StartWeb FF Homepage: about:home FF Keyword.URL: hxxp://google.de FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll () FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin-x32: @java.com/DTPlugin,version=10.40.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.40.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll () FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\XXXXX\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\XXXXX\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml FF Extension: rssicon - C:\Users\XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\homkrllr.default\Extensions\rssicon@jasnapaka.com.xpi FF Extension: TrueSuite Website Logon - C:\Program Files (x86)\Mozilla Firefox\extensions\websitelogon@truesuite.com FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF FF HKLM-x32\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension FF Extension: SmartPrintButton - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension FF HKLM-x32\...\Firefox\Extensions: [ff-bmboc@bytemobile.com] - C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Optimization Client\addon\ FF Extension: Bytemobile Optimization Client - C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Optimization Client\addon\ Chrome: ======= CHR RestoreOnStartup: "hxxp://start.iminent.com/?appId=1191462C-82DA-4248-B777-5D728D511BD3", "hxxp://www.google.com/" CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding} CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter} CHR Plugin: (Remoting Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Users\XXXXX\AppData\Local\Google\Chrome\Application\29.0.1547.76\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Users\XXXXX\AppData\Local\Google\Chrome\Application\29.0.1547.76\pdf.dll () CHR Plugin: (Shockwave Flash) - C:\Users\XXXXX\AppData\Local\Google\Chrome\Application\29.0.1547.76\gcswf32.dll No File CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll No File CHR Plugin: (Simple Pass 2011) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpgfhihjicjofdejkbjgnjlaglaciobe\1.0_0\npwebsitelogon.dll No File CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File CHR Plugin: (Microsoft\u00AE Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) CHR Plugin: (WildTangent Games App Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll () CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () CHR Plugin: (PDF-XChange Viewer) - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) CHR Plugin: (Google Update) - C:\Users\XXXXX\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File CHR Extension: (Awesome Screenshot: Capture & Annotate) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce\3.4.5_0 CHR Extension: (YouTube) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0 CHR Extension: (Add to Amazon Wish List) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0 CHR Extension: (Google Search) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0 CHR Extension: (FacebookBlocker) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnnaablhmcfdhiadamaoojjcdjhckcb\1.2.3_0 CHR Extension: (Bubble Shooter - Deluxe) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehebfpjkmkfjlfffcmnejglggpmpgclb\1.5_0 CHR Extension: (Facebook Disconnect) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpepffjfmamnambagiibghpglaidiec\1.3.0_0 CHR Extension: (Facebook Ads Blocker) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\eommhojjeeaapcofdjleiamnokcfdnna\1.1.0_0 CHR Extension: (AdBlock) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.8_0 CHR Extension: (Cut the Rope) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkddaofiamhgfjmaccfcfpfolpgbeomj\16_0 CHR Extension: (avast! Online Security) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\8.0.8_0 CHR Extension: (Keep My Opt-Outs) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhnjdplhmcnkiecampfdgfjilccfpfoe\1.0.15_0 CHR Extension: (Flood-It!) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\hidcjhphimkfnacedjcnajpmlaegnddp\1.11_0 CHR Extension: (Feedly - News, Blogs and Youtube) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipbfijinpcgfogaopmgehiegacbhmob\18.1_0 CHR Extension: (Disconnect) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo\5.10.0_0 CHR Extension: (Analytics Blocker) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmcpbefnpobogldglnlikgojpaddibgb\1.0.1_0 CHR Extension: (Super Stacker 2) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\klemmckdcnieolllgjgbniaeehggmano\3.0_0 CHR Extension: (Bejeweled 2 Deluxe) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnoibnffbjdogihagbnommnbibljledh\1.8_0 CHR Extension: (RSS Subscription Extension (by Google)) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbjncdgjeocebhnmkbbbdekmmmcbfjd\2.2.2_0 CHR Extension: (Chrome In-App Payments service) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0 CHR Extension: (Doodle Jump) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\nojaabckpfdijgbnlhdlhjheiappijbp\2.3.1_0 CHR Extension: (Psykopaint) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgjchkcfmigkkhedgjedmffdepgmpfil\0.0.0.10_0 CHR Extension: (Gmail) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1 CHR HKLM-x32\...\Chrome\Extension: [jpgfhihjicjofdejkbjgnjlaglaciobe] - C:\Program Files (x86)\HP SimplePass 2011\tschrome.crx CHR HKLM-x32\...\Chrome\Extension: [lgnbhdnimikkoodkogjlcllngimhlapp] - C:\Program Files (x86)\FTDownloader.com\FTDownloader10.crx CHR StartMenuInternet: Google Chrome - C:\Users\ZZZZZ\AppData\Local\Google\Chrome\Application\chrome.exe ==================== Services (Whitelisted) ================= R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software) R2 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [376832 2010-10-22] (AVM Berlin) R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.) R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) S3 ServiceLayer; C:\Program Files (x86)\Common Files\PCSuite\Services\ServiceLayer.exe [174080 2006-06-05] (Nokia.) ==================== Drivers (Whitelisted) ==================== R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software) R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] () R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-06-27] (AVAST Software) R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-06-27] (AVAST Software) R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-06-27] () R0 BMLoad; C:\Windows\System32\drivers\BMLoad.sys [16512 2013-09-15] () S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [413696 2011-04-18] (Huawei Technologies Co., Ltd.) R3 fwlanusb4; C:\Windows\System32\DRIVERS\fwlanusb4.sys [1293824 2010-10-04] (AVM GmbH) S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2011-12-09] () S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2011-12-09] () R1 tcpipBM; C:\Windows\system32\drivers\tcpipBM.sys [39552 2013-09-15] () R1 tcpipBM; C:\Windows\system32\drivers\tcpipBM.sys [39552 2013-09-15] () U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) S3 catchme; \??\C:\ComboFix\catchme.sys [x] U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation) U2 wuaserv; ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-10-06 17:33 - 2013-10-06 17:33 - 01954124 _____ (Farbar) C:\Users\XXXXX\Downloads\FRST64.exe 2013-10-06 17:22 - 2013-10-06 17:22 - 00000627 _____ C:\Users\ZZZZZ\Desktop\JRT.txt 2013-10-06 16:51 - 2013-10-06 17:21 - 00000000 ____D C:\AdwCleaner 2013-10-06 16:50 - 2013-10-06 16:23 - 01029675 _____ (Thisisu) C:\Users\XXXXX\Desktop\JRT6.1.exe 2013-10-06 16:50 - 2013-10-06 16:21 - 01045226 _____ C:\Users\XXXXX\Desktop\adwcleaner_3.0.0.6.exe 2013-10-06 16:23 - 2013-10-06 16:23 - 01029675 _____ (Thisisu) C:\Users\XXXXX\Downloads\JRT6.1.exe 2013-10-06 16:21 - 2013-10-06 16:21 - 01045226 _____ C:\Users\XXXXX\Downloads\adwcleaner_3.0.0.6.exe 2013-10-06 16:20 - 2013-10-06 16:20 - 00001071 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2013-10-06 16:20 - 2013-10-06 16:20 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-10-06 16:20 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2013-10-06 16:17 - 2013-10-06 16:18 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\XXXXX\Downloads\mbam-setup-1.75.0.1300.exe 2013-10-06 14:21 - 2013-10-06 14:21 - 00000000 ____D C:\Users\ZZZZZ\AppData\Roaming\Greenshot 2013-10-06 14:21 - 2013-10-06 14:21 - 00000000 ____D C:\Users\ZZZZZ\AppData\Local\Greenshot 2013-09-30 21:41 - 2013-09-30 21:41 - 00000000 ____D C:\Users\XXXXX\AppData\Roaming\Greenshot 2013-09-30 21:39 - 2013-09-30 21:39 - 00000000 ____D C:\Program Files\Greenshot 2013-09-30 21:38 - 2013-09-30 21:41 - 00000000 ____D C:\Users\XXXXX\AppData\Local\Greenshot 2013-09-30 21:38 - 2013-09-30 21:38 - 00000000 ____D C:\Users\XXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Greenshot 2013-09-30 21:22 - 2013-09-30 21:22 - 00031795 _____ C:\Users\XXXXX\Desktop\ComboFix.txt 2013-09-30 21:17 - 2013-09-30 21:17 - 00031809 _____ C:\ComboFix.txt 2013-09-30 20:59 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe 2013-09-30 20:59 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe 2013-09-30 20:59 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2013-09-30 20:59 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2013-09-30 20:59 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2013-09-30 20:59 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe 2013-09-30 20:59 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe 2013-09-30 20:59 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe 2013-09-30 20:57 - 2013-09-30 20:58 - 05131234 ____R (Swearware) C:\Users\XXXXX\Desktop\ComboFix.exe 2013-09-30 20:56 - 2013-09-30 21:17 - 00000000 ____D C:\Qoobox 2013-09-30 20:55 - 2013-09-30 21:16 - 00000000 ____D C:\Windows\erdnt 2013-09-29 11:09 - 2013-09-29 11:09 - 00000096 _____ C:\Users\ZZZZZ\AppData\Roaming\WB.CFG 2013-09-29 11:09 - 2013-09-29 11:09 - 00000005 _____ C:\Users\ZZZZZ\AppData\Roaming\WBPU-TTL.DAT 2013-09-28 19:50 - 2013-09-28 19:50 - 00026710 _____ C:\Users\XXXXX\Downloads\gmer.txt 2013-09-28 19:49 - 2013-09-28 19:49 - 00001556 _____ C:\Users\XXXXX\Desktop\notepad++.exe - Verknüpfung.lnk 2013-09-28 19:37 - 2013-09-28 19:37 - 00000130 _____ C:\Users\XXXXX\Desktop\http---www.handy-faq.de-forum-andere_hersteller-148-usb_datenkabel_fuer_siemens_handys_installieren.html ist nicht verfügbar.url 2013-09-28 19:27 - 2013-09-28 19:27 - 00377856 _____ C:\Users\XXXXX\Downloads\8n831bpw.exe 2013-09-28 19:18 - 2013-09-28 19:23 - 00023449 _____ C:\Users\XXXXX\Downloads\Addition.txt 2013-09-28 19:17 - 2013-09-28 19:17 - 00000000 ____D C:\FRST 2013-09-28 19:13 - 2013-09-28 19:13 - 00000476 _____ C:\Users\XXXXX\Downloads\defogger_disable.log 2013-09-28 19:12 - 2013-09-28 19:12 - 00050477 _____ C:\Users\XXXXX\Downloads\Defogger.exe 2013-09-28 19:09 - 2013-09-28 19:09 - 00000000 ____D C:\Program Files (x86)\OpenIt 2013-09-28 14:56 - 2013-08-10 07:22 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2013-09-28 14:56 - 2013-08-10 07:21 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-09-28 14:56 - 2013-08-10 07:20 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-09-28 14:56 - 2013-08-10 07:20 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-09-28 14:56 - 2013-08-10 07:20 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-09-28 14:56 - 2013-08-10 07:20 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2013-09-28 14:56 - 2013-08-10 07:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2013-09-28 14:56 - 2013-08-10 07:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2013-09-28 14:56 - 2013-08-10 05:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-09-28 14:56 - 2013-08-10 05:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-09-28 14:56 - 2013-08-10 05:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-09-28 14:56 - 2013-08-10 05:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-09-28 14:56 - 2013-08-10 05:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-09-28 14:56 - 2013-08-10 05:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-09-28 14:56 - 2013-08-10 05:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-09-28 14:56 - 2013-08-10 05:17 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-09-28 14:56 - 2013-08-10 05:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-09-28 14:56 - 2013-08-10 04:27 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2013-09-28 14:56 - 2013-08-10 04:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-09-28 14:55 - 2013-08-10 07:22 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-09-28 14:55 - 2013-08-10 07:22 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-09-28 14:55 - 2013-08-10 07:21 - 19246592 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-09-28 14:55 - 2013-08-10 07:21 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-09-28 14:55 - 2013-08-10 07:20 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-09-28 14:55 - 2013-08-10 07:20 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-09-28 14:55 - 2013-08-10 05:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-09-28 14:55 - 2013-08-10 05:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-09-28 14:55 - 2013-08-10 05:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-09-28 14:55 - 2013-08-10 05:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-09-28 14:55 - 2013-08-10 05:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-09-28 14:55 - 2013-08-10 05:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-09-28 14:17 - 2013-09-28 14:17 - 00001981 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk 2013-09-28 13:29 - 2013-09-28 13:29 - 00001807 _____ C:\Users\Public\Desktop\QuickTime Player.lnk 2013-09-28 13:29 - 2013-09-28 13:29 - 00000000 ____D C:\Program Files (x86)\QuickTime 2013-09-28 13:27 - 2013-09-28 13:27 - 00000000 ____D C:\Program Files (x86)\Apple Software Update 2013-09-28 13:19 - 2013-09-28 13:19 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2013-09-28 13:19 - 2013-09-28 13:19 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2013-09-28 13:19 - 2013-09-28 13:19 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2013-09-28 13:19 - 2013-09-28 13:19 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2013-09-28 13:19 - 2013-09-28 13:19 - 00000000 ____D C:\ProgramData\Oracle 2013-09-28 12:59 - 2013-09-28 12:59 - 02209056 _____ C:\Users\XXXXX\Downloads\avira-eu-cleaner_de (1).exe 2013-09-28 12:56 - 2013-08-05 04:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys 2013-09-28 12:55 - 2013-09-28 12:55 - 00000000 ____D C:\Users\ZZZZZ\AppData\Local\avgchrome 2013-09-28 12:53 - 2013-08-02 04:23 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2013-09-28 12:53 - 2013-08-02 04:15 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2013-09-28 12:53 - 2013-08-02 04:15 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2013-09-28 12:53 - 2013-08-02 04:15 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2013-09-28 12:53 - 2013-08-02 04:15 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2013-09-28 12:53 - 2013-08-02 04:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2013-09-28 12:53 - 2013-08-02 04:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2013-09-28 12:53 - 2013-08-02 04:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2013-09-28 12:53 - 2013-08-02 04:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2013-09-28 12:53 - 2013-08-02 04:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2013-09-28 12:53 - 2013-08-02 04:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2013-09-28 12:53 - 2013-08-02 04:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 04:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 03:59 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2013-09-28 12:53 - 2013-08-02 03:59 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2013-09-28 12:53 - 2013-08-02 03:51 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2013-09-28 12:53 - 2013-08-02 03:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2013-09-28 12:53 - 2013-08-02 03:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2013-09-28 12:53 - 2013-08-02 03:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2013-09-28 12:53 - 2013-08-02 03:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2013-09-28 12:53 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 03:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2013-09-28 12:53 - 2013-08-02 02:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2013-09-28 12:53 - 2013-08-02 02:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2013-09-28 12:53 - 2013-08-02 02:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2013-09-28 12:53 - 2013-08-02 02:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2013-09-28 12:53 - 2013-08-02 02:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2013-09-28 12:53 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2013-09-28 12:50 - 2013-09-28 12:50 - 00000000 ____D C:\Users\ZZZZZ\AppData\Roaming\0D0S1L2Z1P1B 2013-09-28 12:49 - 2013-10-06 16:33 - 00000000 ____D C:\Users\ZZZZZ\AppData\Roaming\DigitalSite 2013-09-28 12:49 - 2013-09-28 12:49 - 00000000 ____D C:\ProgramData\Babylon 2013-09-28 12:49 - 2013-08-08 03:20 - 03155456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2013-09-28 12:49 - 2013-07-26 04:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2013-09-28 12:49 - 2013-07-26 04:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll 2013-09-28 12:49 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2013-09-28 12:49 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll 2013-09-28 12:39 - 2013-09-28 13:24 - 00001986 _____ C:\Users\XXXXX\Desktop\Entfernen des Avira EU-Cleaners.lnk 2013-09-28 12:39 - 2013-09-28 13:24 - 00001930 _____ C:\Users\XXXXX\Desktop\Avira EU-Cleaner.lnk 2013-09-28 12:39 - 2013-09-28 12:39 - 02209056 _____ C:\Users\XXXXX\Downloads\avira-eu-cleaner_de.exe 2013-09-28 11:38 - 2013-09-28 11:38 - 00000166 _____ C:\Windows\SysWOW64\DOErrors.log 2013-09-25 22:58 - 2013-09-25 22:58 - 00000000 ____D C:\Users\XXXXX\Documents\Designer Files 2013-09-25 22:58 - 2013-09-25 22:58 - 00000000 ____D C:\Users\XXXXX\AppData\Roaming\fotobuch.de AG 2013-09-25 22:56 - 2013-09-25 22:56 - 00002037 _____ C:\Users\ZZZZZ\Desktop\Designer 2.0.lnk 2013-09-25 22:56 - 2013-09-25 22:56 - 00002037 _____ C:\Users\XXXXX\Desktop\Designer 2.0.lnk 2013-09-25 22:56 - 2013-09-25 22:56 - 00000000 ____D C:\Users\ZZZZZ\Documents\Designer Files 2013-09-25 22:56 - 2013-09-25 22:56 - 00000000 ____D C:\Users\ZZZZZ\AppData\Roaming\fotobuch.de AG 2013-09-25 22:56 - 2013-09-25 22:56 - 00000000 ____D C:\ProgramData\fotobuch.de AG 2013-09-25 22:54 - 2013-09-25 22:55 - 00000000 ____D C:\Program Files (x86)\fotobuch.de 2013-09-25 22:54 - 2013-09-25 22:54 - 00000000 ____D C:\Windows\SysWOW64\artworks 2013-09-17 20:42 - 2013-09-17 20:42 - 00000000 ____D C:\Users\XXXXX\AppData\Roaming\FLEXnet 2013-09-17 20:32 - 2013-09-17 20:32 - 00000000 ____D C:\Users\XXXXX\AppData\Roaming\hpqLog 2013-09-15 16:29 - 2013-09-15 16:29 - 00000000 ____D C:\Users\XXXXX\AppData\Roaming\Vodafone 2013-09-15 15:51 - 2013-09-15 15:51 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ew_jubusenum_01007.Wdf 2013-09-15 15:51 - 2011-04-18 15:43 - 01490656 _____ (Microsoft Corporation) C:\Windows\system32\wdfcoinstaller01007.dll 2013-09-15 15:51 - 2011-04-18 15:43 - 00413696 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ewusbnet.sys 2013-09-15 15:51 - 2011-04-18 15:43 - 00219008 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ewusbmdm.sys 2013-09-15 15:51 - 2011-04-18 15:43 - 00117248 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_hwusbdev.sys 2013-09-15 15:51 - 2011-04-18 15:43 - 00085504 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_jubusenum.sys 2013-09-15 15:51 - 2011-04-18 15:43 - 00013952 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_usbenumfilter.sys 2013-09-15 15:50 - 2013-09-15 15:50 - 00039552 _____ C:\Windows\system32\Drivers\tcpipBM.sys 2013-09-15 15:50 - 2013-09-15 15:50 - 00016512 _____ C:\Windows\system32\Drivers\BMLoad.sys 2013-09-15 15:50 - 2013-09-15 15:50 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_vodafone_K3805-z_dc_enum_01009.Wdf 2013-09-15 15:49 - 2013-09-15 15:49 - 00002747 _____ C:\Users\Public\Desktop\SMS.lnk 2013-09-15 15:49 - 2013-09-15 15:49 - 00002158 _____ C:\Users\Public\Desktop\Vodafone Mobile Broadband.lnk 2013-09-15 15:48 - 2013-09-17 20:32 - 00000000 ____D C:\ProgramData\Vodafone 2013-09-15 15:48 - 2013-09-15 15:48 - 00000000 ____D C:\ProgramData\FLEXnet 2013-09-15 15:48 - 2013-09-15 15:48 - 00000000 ____D C:\Program Files (x86)\Vodafone 2013-09-15 15:47 - 2013-09-15 15:47 - 00000000 ____D C:\Users\ZZZZZ\AppData\Local\Downloaded Installations ==================== One Month Modified Files and Folders ======= 2013-10-06 17:33 - 2013-10-06 17:33 - 01954124 _____ (Farbar) C:\Users\XXXXX\Downloads\FRST64.exe 2013-10-06 17:31 - 2013-09-02 21:09 - 00002323 _____ C:\Users\XXXXX\Desktop\Google Chrome.lnk 2013-10-06 17:31 - 2011-12-21 23:53 - 00001116 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1637889394-955452023-4095234677-1002UA.job 2013-10-06 17:22 - 2013-10-06 17:22 - 00000627 _____ C:\Users\ZZZZZ\Desktop\JRT.txt 2013-10-06 17:21 - 2013-10-06 16:51 - 00000000 ____D C:\AdwCleaner 2013-10-06 17:07 - 2012-08-27 19:36 - 00001112 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-10-06 16:55 - 2012-10-22 19:43 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-10-06 16:48 - 2011-12-21 23:00 - 00001128 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1637889394-955452023-4095234677-1000UA.job 2013-10-06 16:42 - 2009-07-14 06:45 - 00024400 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-10-06 16:42 - 2009-07-14 06:45 - 00024400 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-10-06 16:38 - 2011-12-21 22:13 - 02030719 _____ C:\Windows\WindowsUpdate.log 2013-10-06 16:35 - 2012-08-27 19:35 - 00001108 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-10-06 16:34 - 2011-12-09 02:35 - 00000000 ____D C:\ProgramData\NVIDIA 2013-10-06 16:34 - 2010-11-21 05:47 - 00433384 _____ C:\Windows\PFRO.log 2013-10-06 16:34 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-10-06 16:34 - 2009-07-14 06:51 - 00080471 _____ C:\Windows\setupact.log 2013-10-06 16:33 - 2013-09-28 12:49 - 00000000 ____D C:\Users\ZZZZZ\AppData\Roaming\DigitalSite 2013-10-06 16:23 - 2013-10-06 16:50 - 01029675 _____ (Thisisu) C:\Users\XXXXX\Desktop\JRT6.1.exe 2013-10-06 16:23 - 2013-10-06 16:23 - 01029675 _____ (Thisisu) C:\Users\XXXXX\Downloads\JRT6.1.exe 2013-10-06 16:21 - 2013-10-06 16:50 - 01045226 _____ C:\Users\XXXXX\Desktop\adwcleaner_3.0.0.6.exe 2013-10-06 16:21 - 2013-10-06 16:21 - 01045226 _____ C:\Users\XXXXX\Downloads\adwcleaner_3.0.0.6.exe 2013-10-06 16:20 - 2013-10-06 16:20 - 00001071 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2013-10-06 16:20 - 2013-10-06 16:20 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-10-06 16:18 - 2013-10-06 16:17 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\XXXXX\Downloads\mbam-setup-1.75.0.1300.exe 2013-10-06 14:21 - 2013-10-06 14:21 - 00000000 ____D C:\Users\ZZZZZ\AppData\Roaming\Greenshot 2013-10-06 14:21 - 2013-10-06 14:21 - 00000000 ____D C:\Users\ZZZZZ\AppData\Local\Greenshot 2013-10-06 13:30 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache 2013-10-06 12:22 - 2011-12-09 02:54 - 00000000 ____D C:\ProgramData\truesuite 2013-10-05 14:53 - 2011-12-09 02:23 - 00697072 _____ C:\Windows\system32\perfh007.dat 2013-10-05 14:53 - 2011-12-09 02:23 - 00148110 _____ C:\Windows\system32\perfc007.dat 2013-10-05 14:53 - 2009-07-14 07:13 - 01614036 _____ C:\Windows\system32\PerfStringBackup.INI 2013-09-30 21:41 - 2013-09-30 21:41 - 00000000 ____D C:\Users\XXXXX\AppData\Roaming\Greenshot 2013-09-30 21:41 - 2013-09-30 21:38 - 00000000 ____D C:\Users\XXXXX\AppData\Local\Greenshot 2013-09-30 21:39 - 2013-09-30 21:39 - 00000000 ____D C:\Program Files\Greenshot 2013-09-30 21:38 - 2013-09-30 21:38 - 00000000 ____D C:\Users\XXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Greenshot 2013-09-30 21:29 - 2011-12-21 23:53 - 00001064 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1637889394-955452023-4095234677-1002Core.job 2013-09-30 21:28 - 2011-12-21 23:06 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-09-30 21:22 - 2013-09-30 21:22 - 00031795 _____ C:\Users\XXXXX\Desktop\ComboFix.txt 2013-09-30 21:17 - 2013-09-30 21:17 - 00031809 _____ C:\ComboFix.txt 2013-09-30 21:17 - 2013-09-30 20:56 - 00000000 ____D C:\Qoobox 2013-09-30 21:17 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default 2013-09-30 21:16 - 2013-09-30 20:55 - 00000000 ____D C:\Windows\erdnt 2013-09-30 21:13 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini 2013-09-30 20:58 - 2013-09-30 20:57 - 05131234 ____R (Swearware) C:\Users\XXXXX\Desktop\ComboFix.exe 2013-09-30 20:48 - 2011-12-21 23:00 - 00001076 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1637889394-955452023-4095234677-1000Core.job 2013-09-29 11:09 - 2013-09-29 11:09 - 00000096 _____ C:\Users\ZZZZZ\AppData\Roaming\WB.CFG 2013-09-29 11:09 - 2013-09-29 11:09 - 00000005 _____ C:\Users\ZZZZZ\AppData\Roaming\WBPU-TTL.DAT 2013-09-29 11:03 - 2011-12-21 22:17 - 00118800 _____ C:\Users\ZZZZZ\AppData\Local\GDIPFONTCACHEV1.DAT 2013-09-29 10:55 - 2011-12-21 22:18 - 00000000 ___RD C:\Users\ZZZZZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2013-09-29 10:55 - 2011-12-21 22:18 - 00000000 ___RD C:\Users\ZZZZZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2013-09-28 20:02 - 2012-04-17 10:39 - 00000000 ____D C:\Windows\Minidump 2013-09-28 19:50 - 2013-09-28 19:50 - 00026710 _____ C:\Users\XXXXX\Downloads\gmer.txt 2013-09-28 19:49 - 2013-09-28 19:49 - 00001556 _____ C:\Users\XXXXX\Desktop\notepad++.exe - Verknüpfung.lnk 2013-09-28 19:37 - 2013-09-28 19:37 - 00000130 _____ C:\Users\XXXXX\Desktop\http---www.handy-faq.de-forum-andere_hersteller-148-usb_datenkabel_fuer_siemens_handys_installieren.html ist nicht verfügbar.url 2013-09-28 19:27 - 2013-09-28 19:27 - 00377856 _____ C:\Users\XXXXX\Downloads\8n831bpw.exe 2013-09-28 19:23 - 2013-09-28 19:18 - 00023449 _____ C:\Users\XXXXX\Downloads\Addition.txt 2013-09-28 19:17 - 2013-09-28 19:17 - 00000000 ____D C:\FRST 2013-09-28 19:13 - 2013-09-28 19:13 - 00000476 _____ C:\Users\XXXXX\Downloads\defogger_disable.log 2013-09-28 19:12 - 2013-09-28 19:12 - 00050477 _____ C:\Users\XXXXX\Downloads\Defogger.exe 2013-09-28 19:09 - 2013-09-28 19:09 - 00000000 ____D C:\Program Files (x86)\OpenIt 2013-09-28 18:46 - 2011-12-21 22:33 - 00000000 ___RD C:\Users\XXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2013-09-28 18:46 - 2011-12-21 22:33 - 00000000 ___RD C:\Users\XXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2013-09-28 18:44 - 2009-07-14 06:45 - 00428496 _____ C:\Windows\system32\FNTCACHE.DAT 2013-09-28 14:55 - 2013-08-03 11:51 - 00000000 ____D C:\Windows\system32\MRT 2013-09-28 14:55 - 2011-12-24 14:19 - 00000000 ____D C:\Program Files (x86)\Microsoft Application Virtualization Client 2013-09-28 14:55 - 2011-02-11 19:15 - 01640718 _____ C:\Windows\SysWOW64\PerfStringBackup.INI 2013-09-28 14:54 - 2012-04-11 11:22 - 79143768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2013-09-28 14:54 - 2012-01-07 21:17 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-09-28 14:32 - 2011-12-27 15:41 - 00000000 ____D C:\Users\ZZZZZ\AppData\Local\Adobe 2013-09-28 14:17 - 2013-09-28 14:17 - 00001981 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk 2013-09-28 14:16 - 2011-12-09 02:48 - 00000000 ____D C:\Program Files (x86)\Adobe 2013-09-28 13:53 - 2011-12-09 02:46 - 00000000 ____D C:\Program Files (x86)\HP Games 2013-09-28 13:51 - 2011-12-09 02:46 - 00002589 _____ C:\Users\Public\Desktop\WildTangent Games App - hp.lnk 2013-09-28 13:29 - 2013-09-28 13:29 - 00001807 _____ C:\Users\Public\Desktop\QuickTime Player.lnk 2013-09-28 13:29 - 2013-09-28 13:29 - 00000000 ____D C:\Program Files (x86)\QuickTime 2013-09-28 13:27 - 2013-09-28 13:27 - 00000000 ____D C:\Program Files (x86)\Apple Software Update 2013-09-28 13:24 - 2013-09-28 12:39 - 00001986 _____ C:\Users\XXXXX\Desktop\Entfernen des Avira EU-Cleaners.lnk 2013-09-28 13:24 - 2013-09-28 12:39 - 00001930 _____ C:\Users\XXXXX\Desktop\Avira EU-Cleaner.lnk 2013-09-28 13:19 - 2013-09-28 13:19 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2013-09-28 13:19 - 2013-09-28 13:19 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2013-09-28 13:19 - 2013-09-28 13:19 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2013-09-28 13:19 - 2013-09-28 13:19 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2013-09-28 13:19 - 2013-09-28 13:19 - 00000000 ____D C:\ProgramData\Oracle 2013-09-28 13:19 - 2012-01-12 21:16 - 00790440 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll 2013-09-28 12:59 - 2013-09-28 12:59 - 02209056 _____ C:\Users\XXXXX\Downloads\avira-eu-cleaner_de (1).exe 2013-09-28 12:55 - 2013-09-28 12:55 - 00000000 ____D C:\Users\ZZZZZ\AppData\Local\avgchrome 2013-09-28 12:50 - 2013-09-28 12:50 - 00000000 ____D C:\Users\ZZZZZ\AppData\Roaming\0D0S1L2Z1P1B 2013-09-28 12:49 - 2013-09-28 12:49 - 00000000 ____D C:\ProgramData\Babylon 2013-09-28 12:39 - 2013-09-28 12:39 - 02209056 _____ C:\Users\XXXXX\Downloads\avira-eu-cleaner_de.exe 2013-09-28 11:56 - 2012-04-12 09:02 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-09-28 11:56 - 2011-12-09 02:45 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-09-28 11:38 - 2013-09-28 11:38 - 00000166 _____ C:\Windows\SysWOW64\DOErrors.log 2013-09-28 11:34 - 2011-12-21 22:18 - 00001423 _____ C:\Users\ZZZZZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2013-09-25 23:21 - 2012-05-21 11:56 - 00000000 ____D C:\Users\XXXXX\AppData\Roaming\vlc 2013-09-25 23:05 - 2011-12-22 00:13 - 00118800 _____ C:\Users\XXXXX\AppData\Local\GDIPFONTCACHEV1.DAT 2013-09-25 22:58 - 2013-09-25 22:58 - 00000000 ____D C:\Users\XXXXX\Documents\Designer Files 2013-09-25 22:58 - 2013-09-25 22:58 - 00000000 ____D C:\Users\XXXXX\AppData\Roaming\fotobuch.de AG 2013-09-25 22:56 - 2013-09-25 22:56 - 00002037 _____ C:\Users\ZZZZZ\Desktop\Designer 2.0.lnk 2013-09-25 22:56 - 2013-09-25 22:56 - 00002037 _____ C:\Users\XXXXX\Desktop\Designer 2.0.lnk 2013-09-25 22:56 - 2013-09-25 22:56 - 00000000 ____D C:\Users\ZZZZZ\Documents\Designer Files 2013-09-25 22:56 - 2013-09-25 22:56 - 00000000 ____D C:\Users\ZZZZZ\AppData\Roaming\fotobuch.de AG 2013-09-25 22:56 - 2013-09-25 22:56 - 00000000 ____D C:\ProgramData\fotobuch.de AG 2013-09-25 22:55 - 2013-09-25 22:54 - 00000000 ____D C:\Program Files (x86)\fotobuch.de 2013-09-25 22:54 - 2013-09-25 22:54 - 00000000 ____D C:\Windows\SysWOW64\artworks 2013-09-23 22:29 - 2012-02-08 18:07 - 00008704 _____ C:\Users\XXXXX\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2013-09-17 20:42 - 2013-09-17 20:42 - 00000000 ____D C:\Users\XXXXX\AppData\Roaming\FLEXnet 2013-09-17 20:32 - 2013-09-17 20:32 - 00000000 ____D C:\Users\XXXXX\AppData\Roaming\hpqLog 2013-09-17 20:32 - 2013-09-15 15:48 - 00000000 ____D C:\ProgramData\Vodafone 2013-09-17 20:26 - 2009-07-14 07:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2013-09-15 16:29 - 2013-09-15 16:29 - 00000000 ____D C:\Users\XXXXX\AppData\Roaming\Vodafone 2013-09-15 15:51 - 2013-09-15 15:51 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ew_jubusenum_01007.Wdf 2013-09-15 15:50 - 2013-09-15 15:50 - 00039552 _____ C:\Windows\system32\Drivers\tcpipBM.sys 2013-09-15 15:50 - 2013-09-15 15:50 - 00016512 _____ C:\Windows\system32\Drivers\BMLoad.sys 2013-09-15 15:50 - 2013-09-15 15:50 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_vodafone_K3805-z_dc_enum_01009.Wdf 2013-09-15 15:49 - 2013-09-15 15:49 - 00002747 _____ C:\Users\Public\Desktop\SMS.lnk 2013-09-15 15:49 - 2013-09-15 15:49 - 00002158 _____ C:\Users\Public\Desktop\Vodafone Mobile Broadband.lnk 2013-09-15 15:48 - 2013-09-15 15:48 - 00000000 ____D C:\ProgramData\FLEXnet 2013-09-15 15:48 - 2013-09-15 15:48 - 00000000 ____D C:\Program Files (x86)\Vodafone 2013-09-15 15:47 - 2013-09-15 15:47 - 00000000 ____D C:\Users\ZZZZZ\AppData\Local\Downloaded Installations 2013-09-09 07:08 - 2012-04-19 19:51 - 00000000 ____D C:\Users\XXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome 2013-09-09 07:08 - 2011-12-24 15:56 - 00000000 ____D C:\ProgramData\McAfee Security Scan 2013-09-09 07:08 - 2011-12-24 13:27 - 00000000 ____D C:\Users\YYYYY 2013-09-09 07:08 - 2011-12-23 16:06 - 00000000 ____D C:\Users\XXXXX\AppData\Roaming\IrfanView 2013-09-09 07:08 - 2011-12-21 22:14 - 00000000 ____D C:\Users\ZZZZZ 2013-09-09 07:08 - 2010-11-21 09:16 - 00000000 ___RD C:\Users\Public\Recorded TV 2013-09-09 07:08 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration 2013-09-08 21:10 - 2011-12-21 22:33 - 00000000 ____D C:\Users\XXXXX Some content of TEMP: ==================== C:\Users\ZZZZZ\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== End Of Log ============================ --- --- --- |
|
06.10.2013, 17:02
| #8 |
| /// the machine /// TB-Ausbilder | Angeblich Zero Access - außerdem PUP.Optional.Iminent.AESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
06.10.2013, 18:04
| #9 |
| | Angeblich Zero Access - außerdem PUP.Optional.Iminent.A Nö, keine Probleme vorerst ;-) Hier die Logfiles: Eset log: Code:
ATTFilter ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=991042ee22c76a408841a1e5d56e1c8e
# engine=15377
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-10-06 04:51:54
# local_time=2013-10-06 06:51:54 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=774 16777213 85 91 1721573 157791786 0 0
# compatibility_mode=5893 16776573 100 94 9531 132708164 0 0
# scanned=98720
# found=0
# cleaned=0
# scan_time=2396
Code:
ATTFilter Results of screen317's Security Check version 0.99.74 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` avast! Antivirus Antivirus out of date! `````````Anti-malware/Other Utilities Check:````````` Out of date HijackThis installed! Malwarebytes Anti-Malware Version 1.75.0.1300 HijackThis 2.0.2 Java(TM) 6 Update 31 Java 7 Update 40 Adobe Flash Player 11.8.800.168 Adobe Reader XI Mozilla Firefox (9.0.1) Google Chrome 16.0.912.77 Google Chrome 17.0.963.83 ````````Process Check: objlist.exe by Laurent```````` AVAST Software Avast AvastSvc.exe AVAST Software Avast AvastUI.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013 Ran by XXXXX (ATTENTION: The logged in user is not administrator) on PC on 06-10-2013 18:56:40 Running from C:\Users\XXXXX\Downloads Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (HP) C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe (HP) C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe (Greenshot) C:\Program Files\Greenshot\Greenshot.exe (McAfee, Inc.) C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Don HO don.h@free.fr) C:\Program Files\npp.6.0.bin\unicode\notepad++.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6100\bin\HPNetworkCommunicator.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Greenshot] - C:\Program Files\Greenshot\Greenshot.exe [499712 2013-05-20] (Greenshot) HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware ] - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation) HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware (cleanup)] - rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [1127496 2013-04-04] (Malwarebytes Corporation) HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1 HKLM\...\Policies\Explorer: [NoBandCustomize] 0 HKCU\...\Run: [Google Update] - C:\Users\XXXXX\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-12-21] (Google Inc.) HKCU\...\Run: [PureSync] - C:\Program Files (x86)\PureSync\PureSyncTray.exe [907808 2013-04-29] (Jumping Bytes) HKCU\...\Run: [GoogleChromeAutoLaunch_50EA6731804A0FA2B2DE051BEA45E463] - C:\Users\XXXXX\AppData\Local\Google\Chrome\Application\chrome.exe [844752 2013-10-03] (Google Inc.) HKCU\...\Run: [LogitechSoftwareUpdate] - "C:\Program Files (x86)\Logitech\Video\ManifestEngine.exe" boot HKCU\...\Policies\system: [DisableLockWorkstation] 0 HKCU\...\Policies\system: [DisableChangePassword] 0 MountPoints2: {3e6ca5cc-2c10-11e1-b9d1-2c4138a5e006} - F:\pushinst.exe HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-05-09] (AVAST Software) Startup: C:\Users\XXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet 6100 (Kopie 1).lnk ShortcutTarget: Tintenwarnungen überwachen - HP Officejet 6100 (Kopie 1).lnk -> C:\Program Files\HP\HP Officejet 6100\bin\HPStatusBL.dll (Hewlett-Packard Co.) Startup: C:\Users\XXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet 6100 (Netzwerk).lnk ShortcutTarget: Tintenwarnungen überwachen - HP Officejet 6100 (Netzwerk).lnk -> C:\Program Files\HP\HP Officejet 6100\bin\HPStatusBL.dll (Hewlett-Packard Co.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.iminent.com/?appId=1191462C-82DA-4248-B777-5D728D511BD3 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/ HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x4B7642743061CE01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL = SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2414} URL = SearchScopes: HKCU - {BFFED5CA-8BDF-47CC-AED0-23F4E6D77732} URL = hxxp://start.iminent.com/?appId=1191462C-82DA-4248-B777-5D728D511BD3&ref=toolbox&q={searchTerms} BHO: avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO: TrueSuite Website Log On - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll (HP) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.) BHO-x32: SwissAcademic.Citavi.Picker.IEPicker - {609D670F-B735-4da7-AC6D-F3BD358E325E} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: TrueSuite Website Log On - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll (HP) BHO-x32: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKLM-x32 - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{C8EA58FA-945C-4046-BE67-E4ECE452CFCD}: [NameServer]139.7.30.125 139.7.30.126 Tcpip\..\Interfaces\{DEEC3FF6-3BBC-43FA-8FE5-89649718BB32}: [NameServer]139.7.30.125 139.7.30.126 FireFox: ======== FF ProfilePath: C:\Users\XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\homkrllr.default FF DefaultSearchEngine: Google FF SearchEngineOrder.1: Ask.com FF SelectedSearchEngine: StartWeb FF Homepage: about:home FF Keyword.URL: hxxp://google.de FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll () FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin-x32: @java.com/DTPlugin,version=10.40.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.40.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll () FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\XXXXX\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\XXXXX\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml FF Extension: rssicon - C:\Users\XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\homkrllr.default\Extensions\rssicon@jasnapaka.com.xpi FF Extension: TrueSuite Website Logon - C:\Program Files (x86)\Mozilla Firefox\extensions\websitelogon@truesuite.com FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF FF HKLM-x32\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension FF Extension: SmartPrintButton - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension FF HKLM-x32\...\Firefox\Extensions: [ff-bmboc@bytemobile.com] - C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Optimization Client\addon\ FF Extension: Bytemobile Optimization Client - C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Optimization Client\addon\ Chrome: ======= CHR RestoreOnStartup: "hxxp://start.iminent.com/?appId=1191462C-82DA-4248-B777-5D728D511BD3", "hxxp://www.google.com/" CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding} CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter} CHR Plugin: (Remoting Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Users\XXXXX\AppData\Local\Google\Chrome\Application\29.0.1547.76\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Users\XXXXX\AppData\Local\Google\Chrome\Application\29.0.1547.76\pdf.dll () CHR Plugin: (Shockwave Flash) - C:\Users\XXXXX\AppData\Local\Google\Chrome\Application\29.0.1547.76\gcswf32.dll No File CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll No File CHR Plugin: (Simple Pass 2011) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpgfhihjicjofdejkbjgnjlaglaciobe\1.0_0\npwebsitelogon.dll No File CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File CHR Plugin: (Microsoft\u00AE Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) CHR Plugin: (WildTangent Games App Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll () CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () CHR Plugin: (PDF-XChange Viewer) - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) CHR Plugin: (Google Update) - C:\Users\XXXXX\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File CHR Extension: (Awesome Screenshot: Capture & Annotate) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce\3.4.5_0 CHR Extension: (YouTube) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0 CHR Extension: (Add to Amazon Wish List) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0 CHR Extension: (Google Search) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0 CHR Extension: (FacebookBlocker) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnnaablhmcfdhiadamaoojjcdjhckcb\1.2.3_0 CHR Extension: (Bubble Shooter - Deluxe) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehebfpjkmkfjlfffcmnejglggpmpgclb\1.5_0 CHR Extension: (Facebook Disconnect) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpepffjfmamnambagiibghpglaidiec\1.3.0_0 CHR Extension: (Facebook Ads Blocker) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\eommhojjeeaapcofdjleiamnokcfdnna\1.1.0_0 CHR Extension: (AdBlock) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.8_0 CHR Extension: (Cut the Rope) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkddaofiamhgfjmaccfcfpfolpgbeomj\16_0 CHR Extension: (avast! Online Security) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\8.0.8_0 CHR Extension: (Keep My Opt-Outs) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhnjdplhmcnkiecampfdgfjilccfpfoe\1.0.15_0 CHR Extension: (Flood-It!) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\hidcjhphimkfnacedjcnajpmlaegnddp\1.11_0 CHR Extension: (Feedly - News, Blogs and Youtube) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipbfijinpcgfogaopmgehiegacbhmob\18.1_0 CHR Extension: (Disconnect) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo\5.10.0_0 CHR Extension: (Analytics Blocker) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmcpbefnpobogldglnlikgojpaddibgb\1.0.1_0 CHR Extension: (Super Stacker 2) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\klemmckdcnieolllgjgbniaeehggmano\3.0_0 CHR Extension: (Bejeweled 2 Deluxe) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnoibnffbjdogihagbnommnbibljledh\1.8_0 CHR Extension: (RSS Subscription Extension (by Google)) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbjncdgjeocebhnmkbbbdekmmmcbfjd\2.2.2_0 CHR Extension: (Chrome In-App Payments service) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0 CHR Extension: (Doodle Jump) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\nojaabckpfdijgbnlhdlhjheiappijbp\2.3.1_0 CHR Extension: (Psykopaint) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgjchkcfmigkkhedgjedmffdepgmpfil\0.0.0.10_0 CHR Extension: (Gmail) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1 CHR HKLM-x32\...\Chrome\Extension: [jpgfhihjicjofdejkbjgnjlaglaciobe] - C:\Program Files (x86)\HP SimplePass 2011\tschrome.crx CHR HKLM-x32\...\Chrome\Extension: [lgnbhdnimikkoodkogjlcllngimhlapp] - C:\Program Files (x86)\FTDownloader.com\FTDownloader10.crx CHR StartMenuInternet: Google Chrome - C:\Users\ZZZZZ\AppData\Local\Google\Chrome\Application\chrome.exe ==================== Services (Whitelisted) ================= R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software) R2 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [376832 2010-10-22] (AVM Berlin) R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.) R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) S3 ServiceLayer; C:\Program Files (x86)\Common Files\PCSuite\Services\ServiceLayer.exe [174080 2006-06-05] (Nokia.) ==================== Drivers (Whitelisted) ==================== R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software) R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] () R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-06-27] (AVAST Software) R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-06-27] (AVAST Software) R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-06-27] () R0 BMLoad; C:\Windows\System32\drivers\BMLoad.sys [16512 2013-09-15] () S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [413696 2011-04-18] (Huawei Technologies Co., Ltd.) R3 fwlanusb4; C:\Windows\System32\DRIVERS\fwlanusb4.sys [1293824 2010-10-04] (AVM GmbH) S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2011-12-09] () S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2011-12-09] () R1 tcpipBM; C:\Windows\system32\drivers\tcpipBM.sys [39552 2013-09-15] () R1 tcpipBM; C:\Windows\system32\drivers\tcpipBM.sys [39552 2013-09-15] () U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) S3 catchme; \??\C:\ComboFix\catchme.sys [x] U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation) U2 wuaserv; ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-10-06 18:53 - 2013-10-06 18:53 - 00891167 _____ C:\Users\XXXXX\Desktop\SecurityCheck.exe 2013-10-06 18:07 - 2013-10-06 18:07 - 02347384 _____ (ESET) C:\Users\XXXXX\Downloads\esetsmartinstaller_enu.exe 2013-10-06 17:33 - 2013-10-06 17:33 - 01954124 _____ (Farbar) C:\Users\XXXXX\Downloads\FRST64.exe 2013-10-06 17:22 - 2013-10-06 17:22 - 00000627 _____ C:\Users\ZZZZZ\Desktop\JRT.txt 2013-10-06 16:51 - 2013-10-06 17:21 - 00000000 ____D C:\AdwCleaner 2013-10-06 16:50 - 2013-10-06 16:23 - 01029675 _____ (Thisisu) C:\Users\XXXXX\Desktop\JRT6.1.exe 2013-10-06 16:50 - 2013-10-06 16:21 - 01045226 _____ C:\Users\XXXXX\Desktop\adwcleaner_3.0.0.6.exe 2013-10-06 16:23 - 2013-10-06 16:23 - 01029675 _____ (Thisisu) C:\Users\XXXXX\Downloads\JRT6.1.exe 2013-10-06 16:21 - 2013-10-06 16:21 - 01045226 _____ C:\Users\XXXXX\Downloads\adwcleaner_3.0.0.6.exe 2013-10-06 16:20 - 2013-10-06 16:20 - 00001071 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2013-10-06 16:20 - 2013-10-06 16:20 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-10-06 16:20 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2013-10-06 16:17 - 2013-10-06 16:18 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\XXXXX\Downloads\mbam-setup-1.75.0.1300.exe 2013-10-06 14:21 - 2013-10-06 14:21 - 00000000 ____D C:\Users\ZZZZZ\AppData\Roaming\Greenshot 2013-10-06 14:21 - 2013-10-06 14:21 - 00000000 ____D C:\Users\ZZZZZ\AppData\Local\Greenshot 2013-09-30 21:41 - 2013-09-30 21:41 - 00000000 ____D C:\Users\XXXXX\AppData\Roaming\Greenshot 2013-09-30 21:39 - 2013-09-30 21:39 - 00000000 ____D C:\Program Files\Greenshot 2013-09-30 21:38 - 2013-09-30 21:41 - 00000000 ____D C:\Users\XXXXX\AppData\Local\Greenshot 2013-09-30 21:38 - 2013-09-30 21:38 - 00000000 ____D C:\Users\XXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Greenshot 2013-09-30 21:22 - 2013-09-30 21:22 - 00031795 _____ C:\Users\XXXXX\Desktop\ComboFix.txt 2013-09-30 21:17 - 2013-09-30 21:17 - 00031809 _____ C:\ComboFix.txt 2013-09-30 20:59 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe 2013-09-30 20:59 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe 2013-09-30 20:59 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2013-09-30 20:59 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2013-09-30 20:59 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2013-09-30 20:59 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe 2013-09-30 20:59 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe 2013-09-30 20:59 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe 2013-09-30 20:57 - 2013-09-30 20:58 - 05131234 ____R (Swearware) C:\Users\XXXXX\Desktop\ComboFix.exe 2013-09-30 20:56 - 2013-09-30 21:17 - 00000000 ____D C:\Qoobox 2013-09-30 20:55 - 2013-09-30 21:16 - 00000000 ____D C:\Windows\erdnt 2013-09-29 11:09 - 2013-09-29 11:09 - 00000096 _____ C:\Users\ZZZZZ\AppData\Roaming\WB.CFG 2013-09-29 11:09 - 2013-09-29 11:09 - 00000005 _____ C:\Users\ZZZZZ\AppData\Roaming\WBPU-TTL.DAT 2013-09-28 19:50 - 2013-09-28 19:50 - 00026710 _____ C:\Users\XXXXX\Downloads\gmer.txt 2013-09-28 19:49 - 2013-09-28 19:49 - 00001556 _____ C:\Users\XXXXX\Desktop\notepad++.exe - Verknüpfung.lnk 2013-09-28 19:37 - 2013-09-28 19:37 - 00000130 _____ C:\Users\XXXXX\Desktop\http---www.handy-faq.de-forum-andere_hersteller-148-usb_datenkabel_fuer_siemens_handys_installieren.html ist nicht verfügbar.url 2013-09-28 19:27 - 2013-09-28 19:27 - 00377856 _____ C:\Users\XXXXX\Downloads\8n831bpw.exe 2013-09-28 19:18 - 2013-09-28 19:23 - 00023449 _____ C:\Users\XXXXX\Downloads\Addition.txt 2013-09-28 19:17 - 2013-09-28 19:17 - 00000000 ____D C:\FRST 2013-09-28 19:13 - 2013-09-28 19:13 - 00000476 _____ C:\Users\XXXXX\Downloads\defogger_disable.log 2013-09-28 19:12 - 2013-09-28 19:12 - 00050477 _____ C:\Users\XXXXX\Downloads\Defogger.exe 2013-09-28 19:09 - 2013-09-28 19:09 - 00000000 ____D C:\Program Files (x86)\OpenIt 2013-09-28 14:56 - 2013-08-10 07:22 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2013-09-28 14:56 - 2013-08-10 07:21 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-09-28 14:56 - 2013-08-10 07:20 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-09-28 14:56 - 2013-08-10 07:20 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-09-28 14:56 - 2013-08-10 07:20 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-09-28 14:56 - 2013-08-10 07:20 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2013-09-28 14:56 - 2013-08-10 07:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2013-09-28 14:56 - 2013-08-10 07:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2013-09-28 14:56 - 2013-08-10 05:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-09-28 14:56 - 2013-08-10 05:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-09-28 14:56 - 2013-08-10 05:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-09-28 14:56 - 2013-08-10 05:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-09-28 14:56 - 2013-08-10 05:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-09-28 14:56 - 2013-08-10 05:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-09-28 14:56 - 2013-08-10 05:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-09-28 14:56 - 2013-08-10 05:17 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-09-28 14:56 - 2013-08-10 05:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-09-28 14:56 - 2013-08-10 04:27 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2013-09-28 14:56 - 2013-08-10 04:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-09-28 14:55 - 2013-08-10 07:22 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-09-28 14:55 - 2013-08-10 07:22 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-09-28 14:55 - 2013-08-10 07:21 - 19246592 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-09-28 14:55 - 2013-08-10 07:21 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-09-28 14:55 - 2013-08-10 07:20 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-09-28 14:55 - 2013-08-10 07:20 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-09-28 14:55 - 2013-08-10 05:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-09-28 14:55 - 2013-08-10 05:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-09-28 14:55 - 2013-08-10 05:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-09-28 14:55 - 2013-08-10 05:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-09-28 14:55 - 2013-08-10 05:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-09-28 14:55 - 2013-08-10 05:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-09-28 14:17 - 2013-09-28 14:17 - 00001981 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk 2013-09-28 13:29 - 2013-09-28 13:29 - 00001807 _____ C:\Users\Public\Desktop\QuickTime Player.lnk 2013-09-28 13:29 - 2013-09-28 13:29 - 00000000 ____D C:\Program Files (x86)\QuickTime 2013-09-28 13:27 - 2013-09-28 13:27 - 00000000 ____D C:\Program Files (x86)\Apple Software Update 2013-09-28 13:19 - 2013-09-28 13:19 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2013-09-28 13:19 - 2013-09-28 13:19 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2013-09-28 13:19 - 2013-09-28 13:19 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2013-09-28 13:19 - 2013-09-28 13:19 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2013-09-28 13:19 - 2013-09-28 13:19 - 00000000 ____D C:\ProgramData\Oracle 2013-09-28 12:59 - 2013-09-28 12:59 - 02209056 _____ C:\Users\XXXXX\Downloads\avira-eu-cleaner_de (1).exe 2013-09-28 12:56 - 2013-08-05 04:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys 2013-09-28 12:55 - 2013-09-28 12:55 - 00000000 ____D C:\Users\ZZZZZ\AppData\Local\avgchrome 2013-09-28 12:53 - 2013-08-02 04:23 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2013-09-28 12:53 - 2013-08-02 04:15 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2013-09-28 12:53 - 2013-08-02 04:15 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2013-09-28 12:53 - 2013-08-02 04:15 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2013-09-28 12:53 - 2013-08-02 04:15 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2013-09-28 12:53 - 2013-08-02 04:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2013-09-28 12:53 - 2013-08-02 04:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2013-09-28 12:53 - 2013-08-02 04:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2013-09-28 12:53 - 2013-08-02 04:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2013-09-28 12:53 - 2013-08-02 04:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2013-09-28 12:53 - 2013-08-02 04:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2013-09-28 12:53 - 2013-08-02 04:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 04:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 03:59 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2013-09-28 12:53 - 2013-08-02 03:59 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2013-09-28 12:53 - 2013-08-02 03:51 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2013-09-28 12:53 - 2013-08-02 03:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2013-09-28 12:53 - 2013-08-02 03:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2013-09-28 12:53 - 2013-08-02 03:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2013-09-28 12:53 - 2013-08-02 03:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2013-09-28 12:53 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 03:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2013-09-28 12:53 - 2013-08-02 02:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2013-09-28 12:53 - 2013-08-02 02:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2013-09-28 12:53 - 2013-08-02 02:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2013-09-28 12:53 - 2013-08-02 02:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2013-09-28 12:53 - 2013-08-02 02:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2013-09-28 12:53 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2013-09-28 12:50 - 2013-09-28 12:50 - 00000000 ____D C:\Users\ZZZZZ\AppData\Roaming\0D0S1L2Z1P1B 2013-09-28 12:49 - 2013-10-06 16:33 - 00000000 ____D C:\Users\ZZZZZ\AppData\Roaming\DigitalSite 2013-09-28 12:49 - 2013-09-28 12:49 - 00000000 ____D C:\ProgramData\Babylon 2013-09-28 12:49 - 2013-08-08 03:20 - 03155456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2013-09-28 12:49 - 2013-07-26 04:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2013-09-28 12:49 - 2013-07-26 04:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll 2013-09-28 12:49 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2013-09-28 12:49 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll 2013-09-28 12:39 - 2013-09-28 13:24 - 00001986 _____ C:\Users\XXXXX\Desktop\Entfernen des Avira EU-Cleaners.lnk 2013-09-28 12:39 - 2013-09-28 13:24 - 00001930 _____ C:\Users\XXXXX\Desktop\Avira EU-Cleaner.lnk 2013-09-28 12:39 - 2013-09-28 12:39 - 02209056 _____ C:\Users\XXXXX\Downloads\avira-eu-cleaner_de.exe 2013-09-28 11:38 - 2013-09-28 11:38 - 00000166 _____ C:\Windows\SysWOW64\DOErrors.log 2013-09-25 22:58 - 2013-09-25 22:58 - 00000000 ____D C:\Users\XXXXX\Documents\Designer Files 2013-09-25 22:58 - 2013-09-25 22:58 - 00000000 ____D C:\Users\XXXXX\AppData\Roaming\fotobuch.de AG 2013-09-25 22:56 - 2013-09-25 22:56 - 00002037 _____ C:\Users\ZZZZZ\Desktop\Designer 2.0.lnk 2013-09-25 22:56 - 2013-09-25 22:56 - 00002037 _____ C:\Users\XXXXX\Desktop\Designer 2.0.lnk 2013-09-25 22:56 - 2013-09-25 22:56 - 00000000 ____D C:\Users\ZZZZZ\Documents\Designer Files 2013-09-25 22:56 - 2013-09-25 22:56 - 00000000 ____D C:\Users\ZZZZZ\AppData\Roaming\fotobuch.de AG 2013-09-25 22:56 - 2013-09-25 22:56 - 00000000 ____D C:\ProgramData\fotobuch.de AG 2013-09-25 22:54 - 2013-09-25 22:55 - 00000000 ____D C:\Program Files (x86)\fotobuch.de 2013-09-25 22:54 - 2013-09-25 22:54 - 00000000 ____D C:\Windows\SysWOW64\artworks 2013-09-17 20:42 - 2013-09-17 20:42 - 00000000 ____D C:\Users\XXXXX\AppData\Roaming\FLEXnet 2013-09-17 20:32 - 2013-09-17 20:32 - 00000000 ____D C:\Users\XXXXX\AppData\Roaming\hpqLog 2013-09-15 16:29 - 2013-09-15 16:29 - 00000000 ____D C:\Users\XXXXX\AppData\Roaming\Vodafone 2013-09-15 15:51 - 2013-09-15 15:51 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ew_jubusenum_01007.Wdf 2013-09-15 15:51 - 2011-04-18 15:43 - 01490656 _____ (Microsoft Corporation) C:\Windows\system32\wdfcoinstaller01007.dll 2013-09-15 15:51 - 2011-04-18 15:43 - 00413696 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ewusbnet.sys 2013-09-15 15:51 - 2011-04-18 15:43 - 00219008 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ewusbmdm.sys 2013-09-15 15:51 - 2011-04-18 15:43 - 00117248 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_hwusbdev.sys 2013-09-15 15:51 - 2011-04-18 15:43 - 00085504 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_jubusenum.sys 2013-09-15 15:51 - 2011-04-18 15:43 - 00013952 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_usbenumfilter.sys 2013-09-15 15:50 - 2013-09-15 15:50 - 00039552 _____ C:\Windows\system32\Drivers\tcpipBM.sys 2013-09-15 15:50 - 2013-09-15 15:50 - 00016512 _____ C:\Windows\system32\Drivers\BMLoad.sys 2013-09-15 15:50 - 2013-09-15 15:50 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_vodafone_K3805-z_dc_enum_01009.Wdf 2013-09-15 15:49 - 2013-09-15 15:49 - 00002747 _____ C:\Users\Public\Desktop\SMS.lnk 2013-09-15 15:49 - 2013-09-15 15:49 - 00002158 _____ C:\Users\Public\Desktop\Vodafone Mobile Broadband.lnk 2013-09-15 15:48 - 2013-09-17 20:32 - 00000000 ____D C:\ProgramData\Vodafone 2013-09-15 15:48 - 2013-09-15 15:48 - 00000000 ____D C:\ProgramData\FLEXnet 2013-09-15 15:48 - 2013-09-15 15:48 - 00000000 ____D C:\Program Files (x86)\Vodafone 2013-09-15 15:47 - 2013-09-15 15:47 - 00000000 ____D C:\Users\ZZZZZ\AppData\Local\Downloaded Installations ==================== One Month Modified Files and Folders ======= 2013-10-06 18:55 - 2012-10-22 19:43 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-10-06 18:53 - 2013-10-06 18:53 - 00891167 _____ C:\Users\XXXXX\Desktop\SecurityCheck.exe 2013-10-06 18:48 - 2011-12-21 23:00 - 00001128 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1637889394-955452023-4095234677-1000UA.job 2013-10-06 18:29 - 2011-12-21 23:53 - 00001116 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1637889394-955452023-4095234677-1002UA.job 2013-10-06 18:28 - 2011-12-21 22:13 - 02039802 _____ C:\Windows\WindowsUpdate.log 2013-10-06 18:07 - 2013-10-06 18:07 - 02347384 _____ (ESET) C:\Users\XXXXX\Downloads\esetsmartinstaller_enu.exe 2013-10-06 18:07 - 2012-08-27 19:36 - 00001112 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-10-06 18:07 - 2011-12-09 02:23 - 00697072 _____ C:\Windows\system32\perfh007.dat 2013-10-06 18:07 - 2011-12-09 02:23 - 00148110 _____ C:\Windows\system32\perfc007.dat 2013-10-06 18:07 - 2009-07-14 07:13 - 01614036 _____ C:\Windows\system32\PerfStringBackup.INI 2013-10-06 17:33 - 2013-10-06 17:33 - 01954124 _____ (Farbar) C:\Users\XXXXX\Downloads\FRST64.exe 2013-10-06 17:31 - 2013-09-02 21:09 - 00002323 _____ C:\Users\XXXXX\Desktop\Google Chrome.lnk 2013-10-06 17:22 - 2013-10-06 17:22 - 00000627 _____ C:\Users\ZZZZZ\Desktop\JRT.txt 2013-10-06 17:21 - 2013-10-06 16:51 - 00000000 ____D C:\AdwCleaner 2013-10-06 16:42 - 2009-07-14 06:45 - 00024400 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-10-06 16:42 - 2009-07-14 06:45 - 00024400 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-10-06 16:35 - 2012-08-27 19:35 - 00001108 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-10-06 16:34 - 2011-12-09 02:35 - 00000000 ____D C:\ProgramData\NVIDIA 2013-10-06 16:34 - 2010-11-21 05:47 - 00433384 _____ C:\Windows\PFRO.log 2013-10-06 16:34 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-10-06 16:34 - 2009-07-14 06:51 - 00080471 _____ C:\Windows\setupact.log 2013-10-06 16:33 - 2013-09-28 12:49 - 00000000 ____D C:\Users\ZZZZZ\AppData\Roaming\DigitalSite 2013-10-06 16:23 - 2013-10-06 16:50 - 01029675 _____ (Thisisu) C:\Users\XXXXX\Desktop\JRT6.1.exe 2013-10-06 16:23 - 2013-10-06 16:23 - 01029675 _____ (Thisisu) C:\Users\XXXXX\Downloads\JRT6.1.exe 2013-10-06 16:21 - 2013-10-06 16:50 - 01045226 _____ C:\Users\XXXXX\Desktop\adwcleaner_3.0.0.6.exe 2013-10-06 16:21 - 2013-10-06 16:21 - 01045226 _____ C:\Users\XXXXX\Downloads\adwcleaner_3.0.0.6.exe 2013-10-06 16:20 - 2013-10-06 16:20 - 00001071 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2013-10-06 16:20 - 2013-10-06 16:20 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-10-06 16:18 - 2013-10-06 16:17 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\XXXXX\Downloads\mbam-setup-1.75.0.1300.exe 2013-10-06 14:21 - 2013-10-06 14:21 - 00000000 ____D C:\Users\ZZZZZ\AppData\Roaming\Greenshot 2013-10-06 14:21 - 2013-10-06 14:21 - 00000000 ____D C:\Users\ZZZZZ\AppData\Local\Greenshot 2013-10-06 13:30 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache 2013-10-06 12:22 - 2011-12-09 02:54 - 00000000 ____D C:\ProgramData\truesuite 2013-09-30 21:41 - 2013-09-30 21:41 - 00000000 ____D C:\Users\XXXXX\AppData\Roaming\Greenshot 2013-09-30 21:41 - 2013-09-30 21:38 - 00000000 ____D C:\Users\XXXXX\AppData\Local\Greenshot 2013-09-30 21:39 - 2013-09-30 21:39 - 00000000 ____D C:\Program Files\Greenshot 2013-09-30 21:38 - 2013-09-30 21:38 - 00000000 ____D C:\Users\XXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Greenshot 2013-09-30 21:29 - 2011-12-21 23:53 - 00001064 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1637889394-955452023-4095234677-1002Core.job 2013-09-30 21:28 - 2011-12-21 23:06 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-09-30 21:22 - 2013-09-30 21:22 - 00031795 _____ C:\Users\XXXXX\Desktop\ComboFix.txt 2013-09-30 21:17 - 2013-09-30 21:17 - 00031809 _____ C:\ComboFix.txt 2013-09-30 21:17 - 2013-09-30 20:56 - 00000000 ____D C:\Qoobox 2013-09-30 21:17 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default 2013-09-30 21:16 - 2013-09-30 20:55 - 00000000 ____D C:\Windows\erdnt 2013-09-30 21:13 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini 2013-09-30 20:58 - 2013-09-30 20:57 - 05131234 ____R (Swearware) C:\Users\XXXXX\Desktop\ComboFix.exe 2013-09-30 20:48 - 2011-12-21 23:00 - 00001076 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1637889394-955452023-4095234677-1000Core.job 2013-09-29 11:09 - 2013-09-29 11:09 - 00000096 _____ C:\Users\ZZZZZ\AppData\Roaming\WB.CFG 2013-09-29 11:09 - 2013-09-29 11:09 - 00000005 _____ C:\Users\ZZZZZ\AppData\Roaming\WBPU-TTL.DAT 2013-09-29 11:03 - 2011-12-21 22:17 - 00118800 _____ C:\Users\ZZZZZ\AppData\Local\GDIPFONTCACHEV1.DAT 2013-09-29 10:55 - 2011-12-21 22:18 - 00000000 ___RD C:\Users\ZZZZZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2013-09-29 10:55 - 2011-12-21 22:18 - 00000000 ___RD C:\Users\ZZZZZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2013-09-28 20:02 - 2012-04-17 10:39 - 00000000 ____D C:\Windows\Minidump 2013-09-28 19:50 - 2013-09-28 19:50 - 00026710 _____ C:\Users\XXXXX\Downloads\gmer.txt 2013-09-28 19:49 - 2013-09-28 19:49 - 00001556 _____ C:\Users\XXXXX\Desktop\notepad++.exe - Verknüpfung.lnk 2013-09-28 19:37 - 2013-09-28 19:37 - 00000130 _____ C:\Users\XXXXX\Desktop\http---www.handy-faq.de-forum-andere_hersteller-148-usb_datenkabel_fuer_siemens_handys_installieren.html ist nicht verfügbar.url 2013-09-28 19:27 - 2013-09-28 19:27 - 00377856 _____ C:\Users\XXXXX\Downloads\8n831bpw.exe 2013-09-28 19:23 - 2013-09-28 19:18 - 00023449 _____ C:\Users\XXXXX\Downloads\Addition.txt 2013-09-28 19:17 - 2013-09-28 19:17 - 00000000 ____D C:\FRST 2013-09-28 19:13 - 2013-09-28 19:13 - 00000476 _____ C:\Users\XXXXX\Downloads\defogger_disable.log 2013-09-28 19:12 - 2013-09-28 19:12 - 00050477 _____ C:\Users\XXXXX\Downloads\Defogger.exe 2013-09-28 19:09 - 2013-09-28 19:09 - 00000000 ____D C:\Program Files (x86)\OpenIt 2013-09-28 18:46 - 2011-12-21 22:33 - 00000000 ___RD C:\Users\XXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2013-09-28 18:46 - 2011-12-21 22:33 - 00000000 ___RD C:\Users\XXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2013-09-28 18:44 - 2009-07-14 06:45 - 00428496 _____ C:\Windows\system32\FNTCACHE.DAT 2013-09-28 14:55 - 2013-08-03 11:51 - 00000000 ____D C:\Windows\system32\MRT 2013-09-28 14:55 - 2011-12-24 14:19 - 00000000 ____D C:\Program Files (x86)\Microsoft Application Virtualization Client 2013-09-28 14:55 - 2011-02-11 19:15 - 01640718 _____ C:\Windows\SysWOW64\PerfStringBackup.INI 2013-09-28 14:54 - 2012-04-11 11:22 - 79143768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2013-09-28 14:54 - 2012-01-07 21:17 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-09-28 14:32 - 2011-12-27 15:41 - 00000000 ____D C:\Users\ZZZZZ\AppData\Local\Adobe 2013-09-28 14:17 - 2013-09-28 14:17 - 00001981 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk 2013-09-28 14:16 - 2011-12-09 02:48 - 00000000 ____D C:\Program Files (x86)\Adobe 2013-09-28 13:53 - 2011-12-09 02:46 - 00000000 ____D C:\Program Files (x86)\HP Games 2013-09-28 13:51 - 2011-12-09 02:46 - 00002589 _____ C:\Users\Public\Desktop\WildTangent Games App - hp.lnk 2013-09-28 13:29 - 2013-09-28 13:29 - 00001807 _____ C:\Users\Public\Desktop\QuickTime Player.lnk 2013-09-28 13:29 - 2013-09-28 13:29 - 00000000 ____D C:\Program Files (x86)\QuickTime 2013-09-28 13:27 - 2013-09-28 13:27 - 00000000 ____D C:\Program Files (x86)\Apple Software Update 2013-09-28 13:24 - 2013-09-28 12:39 - 00001986 _____ C:\Users\XXXXX\Desktop\Entfernen des Avira EU-Cleaners.lnk 2013-09-28 13:24 - 2013-09-28 12:39 - 00001930 _____ C:\Users\XXXXX\Desktop\Avira EU-Cleaner.lnk 2013-09-28 13:19 - 2013-09-28 13:19 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2013-09-28 13:19 - 2013-09-28 13:19 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2013-09-28 13:19 - 2013-09-28 13:19 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2013-09-28 13:19 - 2013-09-28 13:19 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2013-09-28 13:19 - 2013-09-28 13:19 - 00000000 ____D C:\ProgramData\Oracle 2013-09-28 13:19 - 2012-01-12 21:16 - 00790440 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll 2013-09-28 12:59 - 2013-09-28 12:59 - 02209056 _____ C:\Users\XXXXX\Downloads\avira-eu-cleaner_de (1).exe 2013-09-28 12:55 - 2013-09-28 12:55 - 00000000 ____D C:\Users\ZZZZZ\AppData\Local\avgchrome 2013-09-28 12:50 - 2013-09-28 12:50 - 00000000 ____D C:\Users\ZZZZZ\AppData\Roaming\0D0S1L2Z1P1B 2013-09-28 12:49 - 2013-09-28 12:49 - 00000000 ____D C:\ProgramData\Babylon 2013-09-28 12:39 - 2013-09-28 12:39 - 02209056 _____ C:\Users\XXXXX\Downloads\avira-eu-cleaner_de.exe 2013-09-28 11:56 - 2012-04-12 09:02 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-09-28 11:56 - 2011-12-09 02:45 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-09-28 11:38 - 2013-09-28 11:38 - 00000166 _____ C:\Windows\SysWOW64\DOErrors.log 2013-09-28 11:34 - 2011-12-21 22:18 - 00001423 _____ C:\Users\ZZZZZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2013-09-25 23:21 - 2012-05-21 11:56 - 00000000 ____D C:\Users\XXXXX\AppData\Roaming\vlc 2013-09-25 23:05 - 2011-12-22 00:13 - 00118800 _____ C:\Users\XXXXX\AppData\Local\GDIPFONTCACHEV1.DAT 2013-09-25 22:58 - 2013-09-25 22:58 - 00000000 ____D C:\Users\XXXXX\Documents\Designer Files 2013-09-25 22:58 - 2013-09-25 22:58 - 00000000 ____D C:\Users\XXXXX\AppData\Roaming\fotobuch.de AG 2013-09-25 22:56 - 2013-09-25 22:56 - 00002037 _____ C:\Users\ZZZZZ\Desktop\Designer 2.0.lnk 2013-09-25 22:56 - 2013-09-25 22:56 - 00002037 _____ C:\Users\XXXXX\Desktop\Designer 2.0.lnk 2013-09-25 22:56 - 2013-09-25 22:56 - 00000000 ____D C:\Users\ZZZZZ\Documents\Designer Files 2013-09-25 22:56 - 2013-09-25 22:56 - 00000000 ____D C:\Users\ZZZZZ\AppData\Roaming\fotobuch.de AG 2013-09-25 22:56 - 2013-09-25 22:56 - 00000000 ____D C:\ProgramData\fotobuch.de AG 2013-09-25 22:55 - 2013-09-25 22:54 - 00000000 ____D C:\Program Files (x86)\fotobuch.de 2013-09-25 22:54 - 2013-09-25 22:54 - 00000000 ____D C:\Windows\SysWOW64\artworks 2013-09-23 22:29 - 2012-02-08 18:07 - 00008704 _____ C:\Users\XXXXX\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2013-09-17 20:42 - 2013-09-17 20:42 - 00000000 ____D C:\Users\XXXXX\AppData\Roaming\FLEXnet 2013-09-17 20:32 - 2013-09-17 20:32 - 00000000 ____D C:\Users\XXXXX\AppData\Roaming\hpqLog 2013-09-17 20:32 - 2013-09-15 15:48 - 00000000 ____D C:\ProgramData\Vodafone 2013-09-17 20:26 - 2009-07-14 07:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2013-09-15 16:29 - 2013-09-15 16:29 - 00000000 ____D C:\Users\XXXXX\AppData\Roaming\Vodafone 2013-09-15 15:51 - 2013-09-15 15:51 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ew_jubusenum_01007.Wdf 2013-09-15 15:50 - 2013-09-15 15:50 - 00039552 _____ C:\Windows\system32\Drivers\tcpipBM.sys 2013-09-15 15:50 - 2013-09-15 15:50 - 00016512 _____ C:\Windows\system32\Drivers\BMLoad.sys 2013-09-15 15:50 - 2013-09-15 15:50 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_vodafone_K3805-z_dc_enum_01009.Wdf 2013-09-15 15:49 - 2013-09-15 15:49 - 00002747 _____ C:\Users\Public\Desktop\SMS.lnk 2013-09-15 15:49 - 2013-09-15 15:49 - 00002158 _____ C:\Users\Public\Desktop\Vodafone Mobile Broadband.lnk 2013-09-15 15:48 - 2013-09-15 15:48 - 00000000 ____D C:\ProgramData\FLEXnet 2013-09-15 15:48 - 2013-09-15 15:48 - 00000000 ____D C:\Program Files (x86)\Vodafone 2013-09-15 15:47 - 2013-09-15 15:47 - 00000000 ____D C:\Users\ZZZZZ\AppData\Local\Downloaded Installations 2013-09-09 07:08 - 2012-04-19 19:51 - 00000000 ____D C:\Users\XXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome 2013-09-09 07:08 - 2011-12-24 15:56 - 00000000 ____D C:\ProgramData\McAfee Security Scan 2013-09-09 07:08 - 2011-12-24 13:27 - 00000000 ____D C:\Users\YYYYY 2013-09-09 07:08 - 2011-12-23 16:06 - 00000000 ____D C:\Users\XXXXX\AppData\Roaming\IrfanView 2013-09-09 07:08 - 2011-12-21 22:14 - 00000000 ____D C:\Users\ZZZZZ 2013-09-09 07:08 - 2010-11-21 09:16 - 00000000 ___RD C:\Users\Public\Recorded TV 2013-09-09 07:08 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration 2013-09-08 21:10 - 2011-12-21 22:33 - 00000000 ____D C:\Users\XXXXX Some content of TEMP: ==================== C:\Users\ZZZZZ\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== End Of Log ============================ Noch eine Frage: soll ich irgendwann die von AdwCleaner gefundenen Dateien usw. löschen? |
|
07.10.2013, 08:29
| #10 |
| /// the machine /// TB-Ausbilder | Angeblich Zero Access - außerdem PUP.Optional.Iminent.A Laut Anleitung hättest Du die Funde von AdwCleaner direkt löschen sollen  .Mach das, lösch alles was der Acw findet, poste dann bitte ein frisches FRST log.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
07.10.2013, 20:44
| #11 |
| | Angeblich Zero Access - außerdem PUP.Optional.Iminent.A Hast ja Recht. Wer lesen kann ... Nun. So, ich habe die Funde in AdwCleaner alle gelöscht. Und hier nochmal ein frisches FRST.log FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013 Ran by XXXX (ATTENTION: The logged in user is not administrator) on PC on 07-10-2013 21:39:12 Running from C:\Users\XXXX\Downloads Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (HP) C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe (HP) C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe (Greenshot) C:\Program Files\Greenshot\Greenshot.exe (Jumping Bytes) C:\Program Files (x86)\PureSync\PureSyncTray.exe (McAfee, Inc.) C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6100\bin\HPNetworkCommunicator.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Greenshot] - C:\Program Files\Greenshot\Greenshot.exe [499712 2013-05-20] (Greenshot) HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware ] - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation) HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware (cleanup)] - rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [1127496 2013-04-04] (Malwarebytes Corporation) HKLM-x32\...\RunOnce: [aswAhAScr.dll] - "C:\Program Files\AVAST Software\Avast\aswRegSvr.exe" "C:\Program Files\AVAST Software\Avast\AhAScr.dll" [140544 2013-08-30] (AVAST Software) HKLM-x32\...\RunOnce: [aswasOutExt.dll] - "C:\Program Files\AVAST Software\Avast\aswRegSvr.exe" "C:\Program Files\AVAST Software\Avast\asOutExt.dll" [289888 2013-08-30] (AVAST Software) HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1 HKLM\...\Policies\Explorer: [NoBandCustomize] 0 HKCU\...\Run: [Google Update] - C:\Users\XXXX\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-12-21] (Google Inc.) HKCU\...\Run: [PureSync] - C:\Program Files (x86)\PureSync\PureSyncTray.exe [907808 2013-04-29] (Jumping Bytes) HKCU\...\Run: [GoogleChromeAutoLaunch_50EA6731804A0FA2B2DE051BEA45E463] - C:\Users\XXXX\AppData\Local\Google\Chrome\Application\chrome.exe [844752 2013-10-03] (Google Inc.) HKCU\...\Run: [LogitechSoftwareUpdate] - "C:\Program Files (x86)\Logitech\Video\ManifestEngine.exe" boot HKCU\...\Policies\system: [DisableLockWorkstation] 0 HKCU\...\Policies\system: [DisableChangePassword] 0 MountPoints2: {3e6ca5cc-2c10-11e1-b9d1-2c4138a5e006} - F:\pushinst.exe HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-08-30] (AVAST Software) Startup: C:\Users\XXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet 6100 (Kopie 1).lnk ShortcutTarget: Tintenwarnungen überwachen - HP Officejet 6100 (Kopie 1).lnk -> C:\Program Files\HP\HP Officejet 6100\bin\HPStatusBL.dll (Hewlett-Packard Co.) Startup: C:\Users\XXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet 6100 (Netzwerk).lnk ShortcutTarget: Tintenwarnungen überwachen - HP Officejet 6100 (Netzwerk).lnk -> C:\Program Files\HP\HP Officejet 6100\bin\HPStatusBL.dll (Hewlett-Packard Co.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.iminent.com/?appId=1191462C-82DA-4248-B777-5D728D511BD3 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/ HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x4B7642743061CE01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL = SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2414} URL = SearchScopes: HKCU - {BFFED5CA-8BDF-47CC-AED0-23F4E6D77732} URL = hxxp://start.iminent.com/?appId=1191462C-82DA-4248-B777-5D728D511BD3&ref=toolbox&q={searchTerms} BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO: TrueSuite Website Log On - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll (HP) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.) BHO-x32: SwissAcademic.Citavi.Picker.IEPicker - {609D670F-B735-4da7-AC6D-F3BD358E325E} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: TrueSuite Website Log On - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll (HP) BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{C8EA58FA-945C-4046-BE67-E4ECE452CFCD}: [NameServer]139.7.30.125 139.7.30.126 Tcpip\..\Interfaces\{DEEC3FF6-3BBC-43FA-8FE5-89649718BB32}: [NameServer]139.7.30.125 139.7.30.126 FireFox: ======== FF ProfilePath: C:\Users\XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\homkrllr.default FF DefaultSearchEngine: Google FF SearchEngineOrder.1: Ask.com FF SelectedSearchEngine: StartWeb FF Homepage: about:home FF Keyword.URL: hxxp://google.de FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll () FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin-x32: @java.com/DTPlugin,version=10.40.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.40.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll () FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\XXXX\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\XXXX\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml FF Extension: rssicon - C:\Users\XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\homkrllr.default\Extensions\rssicon@jasnapaka.com.xpi FF Extension: TrueSuite Website Logon - C:\Program Files (x86)\Mozilla Firefox\extensions\websitelogon@truesuite.com FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF FF HKLM-x32\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension FF Extension: SmartPrintButton - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension FF HKLM-x32\...\Firefox\Extensions: [ff-bmboc@bytemobile.com] - C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Optimization Client\addon\ FF Extension: Bytemobile Optimization Client - C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Optimization Client\addon\ Chrome: ======= CHR RestoreOnStartup: "hxxp://start.iminent.com/?appId=1191462C-82DA-4248-B777-5D728D511BD3", "hxxp://www.google.com/" CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding} CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter} CHR Plugin: (Remoting Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Users\XXXX\AppData\Local\Google\Chrome\Application\30.0.1599.69\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Users\XXXX\AppData\Local\Google\Chrome\Application\30.0.1599.69\pdf.dll () CHR Plugin: (Shockwave Flash) - C:\Users\XXXX\AppData\Local\Google\Chrome\Application\30.0.1599.69\gcswf32.dll No File CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll No File CHR Plugin: (Simple Pass 2011) - C:\Users\XXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpgfhihjicjofdejkbjgnjlaglaciobe\1.0_0\npwebsitelogon.dll No File CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File CHR Plugin: (Microsoft\u00AE Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) CHR Plugin: (WildTangent Games App Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll () CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () CHR Plugin: (PDF-XChange Viewer) - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) CHR Plugin: (Google Update) - C:\Users\XXXX\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File CHR Extension: (Awesome Screenshot: Capture & Annotate) - C:\Users\XXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce\3.4.5_0 CHR Extension: (YouTube) - C:\Users\XXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0 CHR Extension: (Add to Amazon Wish List) - C:\Users\XXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0 CHR Extension: (Google Search) - C:\Users\XXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0 CHR Extension: (FacebookBlocker) - C:\Users\XXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnnaablhmcfdhiadamaoojjcdjhckcb\1.2.3_0 CHR Extension: (Bubble Shooter - Deluxe) - C:\Users\XXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehebfpjkmkfjlfffcmnejglggpmpgclb\1.5_0 CHR Extension: (Facebook Disconnect) - C:\Users\XXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpepffjfmamnambagiibghpglaidiec\1.3.0_0 CHR Extension: (Facebook Ads Blocker) - C:\Users\XXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\eommhojjeeaapcofdjleiamnokcfdnna\1.1.0_0 CHR Extension: (AdBlock) - C:\Users\XXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.8_0 CHR Extension: (Cut the Rope) - C:\Users\XXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkddaofiamhgfjmaccfcfpfolpgbeomj\16_0 CHR Extension: (avast! Online Security) - C:\Users\XXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\8.0.8_0 CHR Extension: (Keep My Opt-Outs) - C:\Users\XXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhnjdplhmcnkiecampfdgfjilccfpfoe\1.0.15_0 CHR Extension: (Flood-It!) - C:\Users\XXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\hidcjhphimkfnacedjcnajpmlaegnddp\1.11_0 CHR Extension: (Feedly - News, Blogs and Youtube) - C:\Users\XXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipbfijinpcgfogaopmgehiegacbhmob\18.1_0 CHR Extension: (Disconnect) - C:\Users\XXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo\5.10.0_0 CHR Extension: (Analytics Blocker) - C:\Users\XXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmcpbefnpobogldglnlikgojpaddibgb\1.0.1_0 CHR Extension: (Super Stacker 2) - C:\Users\XXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\klemmckdcnieolllgjgbniaeehggmano\3.0_0 CHR Extension: (Bejeweled 2 Deluxe) - C:\Users\XXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnoibnffbjdogihagbnommnbibljledh\1.8_0 CHR Extension: (RSS Subscription Extension (by Google)) - C:\Users\XXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbjncdgjeocebhnmkbbbdekmmmcbfjd\2.2.2_0 CHR Extension: (Chrome In-App Payments service) - C:\Users\XXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0 CHR Extension: (Doodle Jump) - C:\Users\XXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\nojaabckpfdijgbnlhdlhjheiappijbp\2.3.1_0 CHR Extension: (Psykopaint) - C:\Users\XXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgjchkcfmigkkhedgjedmffdepgmpfil\0.0.0.10_0 CHR Extension: (Gmail) - C:\Users\XXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1 CHR HKLM-x32\...\Chrome\Extension: [jpgfhihjicjofdejkbjgnjlaglaciobe] - C:\Program Files (x86)\HP SimplePass 2011\tschrome.crx CHR StartMenuInternet: Google Chrome - C:\Users\ZZZZ\AppData\Local\Google\Chrome\Application\chrome.exe ==================== Services (Whitelisted) ================= R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-08-30] (AVAST Software) R2 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [376832 2010-10-22] (AVM Berlin) R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.) R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) S3 ServiceLayer; C:\Program Files (x86)\Common Files\PCSuite\Services\ServiceLayer.exe [174080 2006-06-05] (Nokia.) ==================== Drivers (Whitelisted) ==================== R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-08-30] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-08-30] (AVAST Software) R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-08-30] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-08-30] () R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-08-30] (AVAST Software) R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-08-30] (AVAST Software) R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-08-30] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [204880 2013-08-30] () R0 BMLoad; C:\Windows\System32\drivers\BMLoad.sys [16512 2013-09-15] () S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [413696 2011-04-18] (Huawei Technologies Co., Ltd.) R3 fwlanusb4; C:\Windows\System32\DRIVERS\fwlanusb4.sys [1293824 2010-10-04] (AVM GmbH) S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2011-12-09] () S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2011-12-09] () R1 tcpipBM; C:\Windows\system32\drivers\tcpipBM.sys [39552 2013-09-15] () R1 tcpipBM; C:\Windows\system32\drivers\tcpipBM.sys [39552 2013-09-15] () U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) S3 catchme; \??\C:\ComboFix\catchme.sys [x] U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation) U2 wuaserv; ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-10-06 18:53 - 2013-10-06 18:53 - 00891167 _____ C:\Users\XXXX\Desktop\SecurityCheck.exe 2013-10-06 18:07 - 2013-10-06 18:07 - 02347384 _____ (ESET) C:\Users\XXXX\Downloads\esetsmartinstaller_enu.exe 2013-10-06 17:33 - 2013-10-06 17:33 - 01954124 _____ (Farbar) C:\Users\XXXX\Downloads\FRST64.exe 2013-10-06 17:22 - 2013-10-06 17:22 - 00000627 _____ C:\Users\ZZZZ\Desktop\JRT.txt 2013-10-06 16:51 - 2013-10-07 21:25 - 00000000 ____D C:\AdwCleaner 2013-10-06 16:50 - 2013-10-06 16:23 - 01029675 _____ (Thisisu) C:\Users\XXXX\Desktop\JRT6.1.exe 2013-10-06 16:50 - 2013-10-06 16:21 - 01045226 _____ C:\Users\XXXX\Desktop\adwcleaner_3.0.0.6.exe 2013-10-06 16:23 - 2013-10-06 16:23 - 01029675 _____ (Thisisu) C:\Users\XXXX\Downloads\JRT6.1.exe 2013-10-06 16:21 - 2013-10-06 16:21 - 01045226 _____ C:\Users\XXXX\Downloads\adwcleaner_3.0.0.6.exe 2013-10-06 16:20 - 2013-10-06 16:20 - 00001071 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2013-10-06 16:20 - 2013-10-06 16:20 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-10-06 16:20 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2013-10-06 16:17 - 2013-10-06 16:18 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\XXXX\Downloads\mbam-setup-1.75.0.1300.exe 2013-10-06 14:21 - 2013-10-06 14:21 - 00000000 ____D C:\Users\ZZZZ\AppData\Roaming\Greenshot 2013-10-06 14:21 - 2013-10-06 14:21 - 00000000 ____D C:\Users\ZZZZ\AppData\Local\Greenshot 2013-09-30 21:41 - 2013-09-30 21:41 - 00000000 ____D C:\Users\XXXX\AppData\Roaming\Greenshot 2013-09-30 21:39 - 2013-09-30 21:39 - 00000000 ____D C:\Program Files\Greenshot 2013-09-30 21:38 - 2013-09-30 21:41 - 00000000 ____D C:\Users\XXXX\AppData\Local\Greenshot 2013-09-30 21:38 - 2013-09-30 21:38 - 00000000 ____D C:\Users\XXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Greenshot 2013-09-30 21:22 - 2013-09-30 21:22 - 00031795 _____ C:\Users\XXXX\Desktop\ComboFix.txt 2013-09-30 21:17 - 2013-09-30 21:17 - 00031809 _____ C:\ComboFix.txt 2013-09-30 20:59 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe 2013-09-30 20:59 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe 2013-09-30 20:59 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2013-09-30 20:59 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2013-09-30 20:59 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2013-09-30 20:59 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe 2013-09-30 20:59 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe 2013-09-30 20:59 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe 2013-09-30 20:57 - 2013-09-30 20:58 - 05131234 ____R (Swearware) C:\Users\XXXX\Desktop\ComboFix.exe 2013-09-30 20:56 - 2013-09-30 21:17 - 00000000 ____D C:\Qoobox 2013-09-30 20:55 - 2013-09-30 21:16 - 00000000 ____D C:\Windows\erdnt 2013-09-29 11:09 - 2013-09-29 11:09 - 00000096 _____ C:\Users\ZZZZ\AppData\Roaming\WB.CFG 2013-09-29 11:09 - 2013-09-29 11:09 - 00000005 _____ C:\Users\ZZZZ\AppData\Roaming\WBPU-TTL.DAT 2013-09-28 19:50 - 2013-09-28 19:50 - 00026710 _____ C:\Users\XXXX\Downloads\gmer.txt 2013-09-28 19:49 - 2013-09-28 19:49 - 00001556 _____ C:\Users\XXXX\Desktop\notepad++.exe - Verknüpfung.lnk 2013-09-28 19:37 - 2013-09-28 19:37 - 00000130 _____ C:\Users\XXXX\Desktop\http---www.handy-faq.de-forum-andere_hersteller-148-usb_datenkabel_fuer_siemens_handys_installieren.html ist nicht verfügbar.url 2013-09-28 19:27 - 2013-09-28 19:27 - 00377856 _____ C:\Users\XXXX\Downloads\8n831bpw.exe 2013-09-28 19:18 - 2013-09-28 19:23 - 00023449 _____ C:\Users\XXXX\Downloads\Addition.txt 2013-09-28 19:17 - 2013-09-28 19:17 - 00000000 ____D C:\FRST 2013-09-28 19:13 - 2013-09-28 19:13 - 00000476 _____ C:\Users\XXXX\Downloads\defogger_disable.log 2013-09-28 19:12 - 2013-09-28 19:12 - 00050477 _____ C:\Users\XXXX\Downloads\Defogger.exe 2013-09-28 14:56 - 2013-08-10 07:22 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2013-09-28 14:56 - 2013-08-10 07:21 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-09-28 14:56 - 2013-08-10 07:20 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-09-28 14:56 - 2013-08-10 07:20 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-09-28 14:56 - 2013-08-10 07:20 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-09-28 14:56 - 2013-08-10 07:20 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2013-09-28 14:56 - 2013-08-10 07:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2013-09-28 14:56 - 2013-08-10 07:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2013-09-28 14:56 - 2013-08-10 05:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-09-28 14:56 - 2013-08-10 05:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-09-28 14:56 - 2013-08-10 05:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-09-28 14:56 - 2013-08-10 05:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-09-28 14:56 - 2013-08-10 05:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-09-28 14:56 - 2013-08-10 05:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-09-28 14:56 - 2013-08-10 05:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-09-28 14:56 - 2013-08-10 05:17 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-09-28 14:56 - 2013-08-10 05:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-09-28 14:56 - 2013-08-10 04:27 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2013-09-28 14:56 - 2013-08-10 04:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-09-28 14:55 - 2013-08-10 07:22 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-09-28 14:55 - 2013-08-10 07:22 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-09-28 14:55 - 2013-08-10 07:21 - 19246592 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-09-28 14:55 - 2013-08-10 07:21 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-09-28 14:55 - 2013-08-10 07:20 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-09-28 14:55 - 2013-08-10 07:20 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-09-28 14:55 - 2013-08-10 05:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-09-28 14:55 - 2013-08-10 05:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-09-28 14:55 - 2013-08-10 05:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-09-28 14:55 - 2013-08-10 05:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-09-28 14:55 - 2013-08-10 05:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-09-28 14:55 - 2013-08-10 05:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-09-28 14:17 - 2013-09-28 14:17 - 00001981 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk 2013-09-28 13:29 - 2013-09-28 13:29 - 00001807 _____ C:\Users\Public\Desktop\QuickTime Player.lnk 2013-09-28 13:29 - 2013-09-28 13:29 - 00000000 ____D C:\Program Files (x86)\QuickTime 2013-09-28 13:27 - 2013-09-28 13:27 - 00000000 ____D C:\Program Files (x86)\Apple Software Update 2013-09-28 13:19 - 2013-09-28 13:19 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2013-09-28 13:19 - 2013-09-28 13:19 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2013-09-28 13:19 - 2013-09-28 13:19 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2013-09-28 13:19 - 2013-09-28 13:19 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2013-09-28 13:19 - 2013-09-28 13:19 - 00000000 ____D C:\ProgramData\Oracle 2013-09-28 12:59 - 2013-09-28 12:59 - 02209056 _____ C:\Users\XXXX\Downloads\avira-eu-cleaner_de (1).exe 2013-09-28 12:56 - 2013-08-05 04:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys 2013-09-28 12:55 - 2013-09-28 12:55 - 00000000 ____D C:\Users\ZZZZ\AppData\Local\avgchrome 2013-09-28 12:53 - 2013-08-02 04:23 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2013-09-28 12:53 - 2013-08-02 04:15 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2013-09-28 12:53 - 2013-08-02 04:15 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2013-09-28 12:53 - 2013-08-02 04:15 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2013-09-28 12:53 - 2013-08-02 04:15 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2013-09-28 12:53 - 2013-08-02 04:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2013-09-28 12:53 - 2013-08-02 04:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2013-09-28 12:53 - 2013-08-02 04:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2013-09-28 12:53 - 2013-08-02 04:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2013-09-28 12:53 - 2013-08-02 04:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2013-09-28 12:53 - 2013-08-02 04:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2013-09-28 12:53 - 2013-08-02 04:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 04:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 03:59 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2013-09-28 12:53 - 2013-08-02 03:59 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2013-09-28 12:53 - 2013-08-02 03:51 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2013-09-28 12:53 - 2013-08-02 03:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2013-09-28 12:53 - 2013-08-02 03:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2013-09-28 12:53 - 2013-08-02 03:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2013-09-28 12:53 - 2013-08-02 03:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2013-09-28 12:53 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 03:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2013-09-28 12:53 - 2013-08-02 02:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2013-09-28 12:53 - 2013-08-02 02:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2013-09-28 12:53 - 2013-08-02 02:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2013-09-28 12:53 - 2013-08-02 02:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2013-09-28 12:53 - 2013-08-02 02:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2013-09-28 12:53 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2013-09-28 12:50 - 2013-09-28 12:50 - 00000000 ____D C:\Users\ZZZZ\AppData\Roaming\0D0S1L2Z1P1B 2013-09-28 12:49 - 2013-08-08 03:20 - 03155456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2013-09-28 12:49 - 2013-07-26 04:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2013-09-28 12:49 - 2013-07-26 04:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll 2013-09-28 12:49 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2013-09-28 12:49 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll 2013-09-28 12:39 - 2013-09-28 13:24 - 00001986 _____ C:\Users\XXXX\Desktop\Entfernen des Avira EU-Cleaners.lnk 2013-09-28 12:39 - 2013-09-28 13:24 - 00001930 _____ C:\Users\XXXX\Desktop\Avira EU-Cleaner.lnk 2013-09-28 12:39 - 2013-09-28 12:39 - 02209056 _____ C:\Users\XXXX\Downloads\avira-eu-cleaner_de.exe 2013-09-28 11:38 - 2013-09-28 11:38 - 00000166 _____ C:\Windows\SysWOW64\DOErrors.log 2013-09-25 22:58 - 2013-09-25 22:58 - 00000000 ____D C:\Users\XXXX\Documents\Designer Files 2013-09-25 22:58 - 2013-09-25 22:58 - 00000000 ____D C:\Users\XXXX\AppData\Roaming\fotobuch.de AG 2013-09-25 22:56 - 2013-09-25 22:56 - 00002037 _____ C:\Users\ZZZZ\Desktop\Designer 2.0.lnk 2013-09-25 22:56 - 2013-09-25 22:56 - 00002037 _____ C:\Users\XXXX\Desktop\Designer 2.0.lnk 2013-09-25 22:56 - 2013-09-25 22:56 - 00000000 ____D C:\Users\ZZZZ\Documents\Designer Files 2013-09-25 22:56 - 2013-09-25 22:56 - 00000000 ____D C:\Users\ZZZZ\AppData\Roaming\fotobuch.de AG 2013-09-25 22:56 - 2013-09-25 22:56 - 00000000 ____D C:\ProgramData\fotobuch.de AG 2013-09-25 22:54 - 2013-09-25 22:55 - 00000000 ____D C:\Program Files (x86)\fotobuch.de 2013-09-25 22:54 - 2013-09-25 22:54 - 00000000 ____D C:\Windows\SysWOW64\artworks 2013-09-17 20:42 - 2013-09-17 20:42 - 00000000 ____D C:\Users\XXXX\AppData\Roaming\FLEXnet 2013-09-17 20:32 - 2013-09-17 20:32 - 00000000 ____D C:\Users\XXXX\AppData\Roaming\hpqLog 2013-09-15 16:29 - 2013-09-15 16:29 - 00000000 ____D C:\Users\XXXX\AppData\Roaming\Vodafone 2013-09-15 15:51 - 2013-09-15 15:51 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ew_jubusenum_01007.Wdf 2013-09-15 15:51 - 2011-04-18 15:43 - 01490656 _____ (Microsoft Corporation) C:\Windows\system32\wdfcoinstaller01007.dll 2013-09-15 15:51 - 2011-04-18 15:43 - 00413696 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ewusbnet.sys 2013-09-15 15:51 - 2011-04-18 15:43 - 00219008 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ewusbmdm.sys 2013-09-15 15:51 - 2011-04-18 15:43 - 00117248 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_hwusbdev.sys 2013-09-15 15:51 - 2011-04-18 15:43 - 00085504 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_jubusenum.sys 2013-09-15 15:51 - 2011-04-18 15:43 - 00013952 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_usbenumfilter.sys 2013-09-15 15:50 - 2013-09-15 15:50 - 00039552 _____ C:\Windows\system32\Drivers\tcpipBM.sys 2013-09-15 15:50 - 2013-09-15 15:50 - 00016512 _____ C:\Windows\system32\Drivers\BMLoad.sys 2013-09-15 15:50 - 2013-09-15 15:50 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_vodafone_K3805-z_dc_enum_01009.Wdf 2013-09-15 15:49 - 2013-09-15 15:49 - 00002747 _____ C:\Users\Public\Desktop\SMS.lnk 2013-09-15 15:49 - 2013-09-15 15:49 - 00002158 _____ C:\Users\Public\Desktop\Vodafone Mobile Broadband.lnk 2013-09-15 15:48 - 2013-09-17 20:32 - 00000000 ____D C:\ProgramData\Vodafone 2013-09-15 15:48 - 2013-09-15 15:48 - 00000000 ____D C:\ProgramData\FLEXnet 2013-09-15 15:48 - 2013-09-15 15:48 - 00000000 ____D C:\Program Files (x86)\Vodafone 2013-09-15 15:47 - 2013-09-15 15:47 - 00000000 ____D C:\Users\ZZZZ\AppData\Local\Downloaded Installations ==================== One Month Modified Files and Folders ======= 2013-10-07 21:35 - 2009-07-14 06:45 - 00024400 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-10-07 21:35 - 2009-07-14 06:45 - 00024400 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-10-07 21:31 - 2011-12-21 22:13 - 01050612 _____ C:\Windows\WindowsUpdate.log 2013-10-07 21:29 - 2011-12-21 23:53 - 00001116 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1637889394-955452023-4095234677-1002UA.job 2013-10-07 21:29 - 2011-12-21 23:53 - 00001064 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1637889394-955452023-4095234677-1002Core.job 2013-10-07 21:27 - 2012-08-27 19:35 - 00001108 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-10-07 21:27 - 2011-12-09 02:35 - 00000000 ____D C:\ProgramData\NVIDIA 2013-10-07 21:27 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-10-07 21:27 - 2009-07-14 06:51 - 00080583 _____ C:\Windows\setupact.log 2013-10-07 21:25 - 2013-10-06 16:51 - 00000000 ____D C:\AdwCleaner 2013-10-07 21:08 - 2011-12-21 22:14 - 00000000 ____D C:\Users\ZZZZ 2013-10-07 21:08 - 2011-12-09 02:54 - 00000000 ____D C:\ProgramData\truesuite 2013-10-06 20:33 - 2012-10-22 19:43 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-10-06 20:33 - 2012-08-27 19:36 - 00001112 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-10-06 20:33 - 2011-12-21 23:00 - 00001128 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1637889394-955452023-4095234677-1000UA.job 2013-10-06 19:07 - 2012-04-06 15:06 - 00000000 _____ C:\Windows\SysWOW64\config.nt 2013-10-06 18:53 - 2013-10-06 18:53 - 00891167 _____ C:\Users\XXXX\Desktop\SecurityCheck.exe 2013-10-06 18:07 - 2013-10-06 18:07 - 02347384 _____ (ESET) C:\Users\XXXX\Downloads\esetsmartinstaller_enu.exe 2013-10-06 18:07 - 2011-12-09 02:23 - 00697072 _____ C:\Windows\system32\perfh007.dat 2013-10-06 18:07 - 2011-12-09 02:23 - 00148110 _____ C:\Windows\system32\perfc007.dat 2013-10-06 18:07 - 2009-07-14 07:13 - 01614036 _____ C:\Windows\system32\PerfStringBackup.INI 2013-10-06 17:33 - 2013-10-06 17:33 - 01954124 _____ (Farbar) C:\Users\XXXX\Downloads\FRST64.exe 2013-10-06 17:31 - 2013-09-02 21:09 - 00002323 _____ C:\Users\XXXX\Desktop\Google Chrome.lnk 2013-10-06 17:22 - 2013-10-06 17:22 - 00000627 _____ C:\Users\ZZZZ\Desktop\JRT.txt 2013-10-06 16:34 - 2010-11-21 05:47 - 00433384 _____ C:\Windows\PFRO.log 2013-10-06 16:23 - 2013-10-06 16:50 - 01029675 _____ (Thisisu) C:\Users\XXXX\Desktop\JRT6.1.exe 2013-10-06 16:23 - 2013-10-06 16:23 - 01029675 _____ (Thisisu) C:\Users\XXXX\Downloads\JRT6.1.exe 2013-10-06 16:21 - 2013-10-06 16:50 - 01045226 _____ C:\Users\XXXX\Desktop\adwcleaner_3.0.0.6.exe 2013-10-06 16:21 - 2013-10-06 16:21 - 01045226 _____ C:\Users\XXXX\Downloads\adwcleaner_3.0.0.6.exe 2013-10-06 16:20 - 2013-10-06 16:20 - 00001071 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2013-10-06 16:20 - 2013-10-06 16:20 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-10-06 16:18 - 2013-10-06 16:17 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\XXXX\Downloads\mbam-setup-1.75.0.1300.exe 2013-10-06 14:21 - 2013-10-06 14:21 - 00000000 ____D C:\Users\ZZZZ\AppData\Roaming\Greenshot 2013-10-06 14:21 - 2013-10-06 14:21 - 00000000 ____D C:\Users\ZZZZ\AppData\Local\Greenshot 2013-10-06 13:30 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache 2013-09-30 21:41 - 2013-09-30 21:41 - 00000000 ____D C:\Users\XXXX\AppData\Roaming\Greenshot 2013-09-30 21:41 - 2013-09-30 21:38 - 00000000 ____D C:\Users\XXXX\AppData\Local\Greenshot 2013-09-30 21:39 - 2013-09-30 21:39 - 00000000 ____D C:\Program Files\Greenshot 2013-09-30 21:38 - 2013-09-30 21:38 - 00000000 ____D C:\Users\XXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Greenshot 2013-09-30 21:28 - 2011-12-21 23:06 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-09-30 21:22 - 2013-09-30 21:22 - 00031795 _____ C:\Users\XXXX\Desktop\ComboFix.txt 2013-09-30 21:17 - 2013-09-30 21:17 - 00031809 _____ C:\ComboFix.txt 2013-09-30 21:17 - 2013-09-30 20:56 - 00000000 ____D C:\Qoobox 2013-09-30 21:17 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default 2013-09-30 21:16 - 2013-09-30 20:55 - 00000000 ____D C:\Windows\erdnt 2013-09-30 21:13 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini 2013-09-30 20:58 - 2013-09-30 20:57 - 05131234 ____R (Swearware) C:\Users\XXXX\Desktop\ComboFix.exe 2013-09-30 20:48 - 2011-12-21 23:00 - 00001076 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1637889394-955452023-4095234677-1000Core.job 2013-09-29 11:09 - 2013-09-29 11:09 - 00000096 _____ C:\Users\ZZZZ\AppData\Roaming\WB.CFG 2013-09-29 11:09 - 2013-09-29 11:09 - 00000005 _____ C:\Users\ZZZZ\AppData\Roaming\WBPU-TTL.DAT 2013-09-29 11:03 - 2011-12-21 22:17 - 00118800 _____ C:\Users\ZZZZ\AppData\Local\GDIPFONTCACHEV1.DAT 2013-09-29 10:55 - 2011-12-21 22:18 - 00000000 ___RD C:\Users\ZZZZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2013-09-29 10:55 - 2011-12-21 22:18 - 00000000 ___RD C:\Users\ZZZZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2013-09-28 20:02 - 2012-04-17 10:39 - 00000000 ____D C:\Windows\Minidump 2013-09-28 19:50 - 2013-09-28 19:50 - 00026710 _____ C:\Users\XXXX\Downloads\gmer.txt 2013-09-28 19:49 - 2013-09-28 19:49 - 00001556 _____ C:\Users\XXXX\Desktop\notepad++.exe - Verknüpfung.lnk 2013-09-28 19:37 - 2013-09-28 19:37 - 00000130 _____ C:\Users\XXXX\Desktop\http---www.handy-faq.de-forum-andere_hersteller-148-usb_datenkabel_fuer_siemens_handys_installieren.html ist nicht verfügbar.url 2013-09-28 19:27 - 2013-09-28 19:27 - 00377856 _____ C:\Users\XXXX\Downloads\8n831bpw.exe 2013-09-28 19:23 - 2013-09-28 19:18 - 00023449 _____ C:\Users\XXXX\Downloads\Addition.txt 2013-09-28 19:17 - 2013-09-28 19:17 - 00000000 ____D C:\FRST 2013-09-28 19:13 - 2013-09-28 19:13 - 00000476 _____ C:\Users\XXXX\Downloads\defogger_disable.log 2013-09-28 19:12 - 2013-09-28 19:12 - 00050477 _____ C:\Users\XXXX\Downloads\Defogger.exe 2013-09-28 18:46 - 2011-12-21 22:33 - 00000000 ___RD C:\Users\XXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2013-09-28 18:46 - 2011-12-21 22:33 - 00000000 ___RD C:\Users\XXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2013-09-28 18:44 - 2009-07-14 06:45 - 00428496 _____ C:\Windows\system32\FNTCACHE.DAT 2013-09-28 14:55 - 2013-08-03 11:51 - 00000000 ____D C:\Windows\system32\MRT 2013-09-28 14:55 - 2011-12-24 14:19 - 00000000 ____D C:\Program Files (x86)\Microsoft Application Virtualization Client 2013-09-28 14:55 - 2011-02-11 19:15 - 01640718 _____ C:\Windows\SysWOW64\PerfStringBackup.INI 2013-09-28 14:54 - 2012-04-11 11:22 - 79143768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2013-09-28 14:54 - 2012-01-07 21:17 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-09-28 14:32 - 2011-12-27 15:41 - 00000000 ____D C:\Users\ZZZZ\AppData\Local\Adobe 2013-09-28 14:17 - 2013-09-28 14:17 - 00001981 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk 2013-09-28 14:16 - 2011-12-09 02:48 - 00000000 ____D C:\Program Files (x86)\Adobe 2013-09-28 13:53 - 2011-12-09 02:46 - 00000000 ____D C:\Program Files (x86)\HP Games 2013-09-28 13:51 - 2011-12-09 02:46 - 00002589 _____ C:\Users\Public\Desktop\WildTangent Games App - hp.lnk 2013-09-28 13:29 - 2013-09-28 13:29 - 00001807 _____ C:\Users\Public\Desktop\QuickTime Player.lnk 2013-09-28 13:29 - 2013-09-28 13:29 - 00000000 ____D C:\Program Files (x86)\QuickTime 2013-09-28 13:27 - 2013-09-28 13:27 - 00000000 ____D C:\Program Files (x86)\Apple Software Update 2013-09-28 13:24 - 2013-09-28 12:39 - 00001986 _____ C:\Users\XXXX\Desktop\Entfernen des Avira EU-Cleaners.lnk 2013-09-28 13:24 - 2013-09-28 12:39 - 00001930 _____ C:\Users\XXXX\Desktop\Avira EU-Cleaner.lnk 2013-09-28 13:19 - 2013-09-28 13:19 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2013-09-28 13:19 - 2013-09-28 13:19 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2013-09-28 13:19 - 2013-09-28 13:19 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2013-09-28 13:19 - 2013-09-28 13:19 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2013-09-28 13:19 - 2013-09-28 13:19 - 00000000 ____D C:\ProgramData\Oracle 2013-09-28 13:19 - 2012-01-12 21:16 - 00790440 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll 2013-09-28 12:59 - 2013-09-28 12:59 - 02209056 _____ C:\Users\XXXX\Downloads\avira-eu-cleaner_de (1).exe 2013-09-28 12:55 - 2013-09-28 12:55 - 00000000 ____D C:\Users\ZZZZ\AppData\Local\avgchrome 2013-09-28 12:50 - 2013-09-28 12:50 - 00000000 ____D C:\Users\ZZZZ\AppData\Roaming\0D0S1L2Z1P1B 2013-09-28 12:39 - 2013-09-28 12:39 - 02209056 _____ C:\Users\XXXX\Downloads\avira-eu-cleaner_de.exe 2013-09-28 11:56 - 2012-04-12 09:02 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-09-28 11:56 - 2011-12-09 02:45 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-09-28 11:38 - 2013-09-28 11:38 - 00000166 _____ C:\Windows\SysWOW64\DOErrors.log 2013-09-28 11:34 - 2011-12-21 22:18 - 00001423 _____ C:\Users\ZZZZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2013-09-25 23:21 - 2012-05-21 11:56 - 00000000 ____D C:\Users\XXXX\AppData\Roaming\vlc 2013-09-25 23:05 - 2011-12-22 00:13 - 00118800 _____ C:\Users\XXXX\AppData\Local\GDIPFONTCACHEV1.DAT 2013-09-25 22:58 - 2013-09-25 22:58 - 00000000 ____D C:\Users\XXXX\Documents\Designer Files 2013-09-25 22:58 - 2013-09-25 22:58 - 00000000 ____D C:\Users\XXXX\AppData\Roaming\fotobuch.de AG 2013-09-25 22:56 - 2013-09-25 22:56 - 00002037 _____ C:\Users\ZZZZ\Desktop\Designer 2.0.lnk 2013-09-25 22:56 - 2013-09-25 22:56 - 00002037 _____ C:\Users\XXXX\Desktop\Designer 2.0.lnk 2013-09-25 22:56 - 2013-09-25 22:56 - 00000000 ____D C:\Users\ZZZZ\Documents\Designer Files 2013-09-25 22:56 - 2013-09-25 22:56 - 00000000 ____D C:\Users\ZZZZ\AppData\Roaming\fotobuch.de AG 2013-09-25 22:56 - 2013-09-25 22:56 - 00000000 ____D C:\ProgramData\fotobuch.de AG 2013-09-25 22:55 - 2013-09-25 22:54 - 00000000 ____D C:\Program Files (x86)\fotobuch.de 2013-09-25 22:54 - 2013-09-25 22:54 - 00000000 ____D C:\Windows\SysWOW64\artworks 2013-09-23 22:29 - 2012-02-08 18:07 - 00008704 _____ C:\Users\XXXX\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2013-09-17 20:42 - 2013-09-17 20:42 - 00000000 ____D C:\Users\XXXX\AppData\Roaming\FLEXnet 2013-09-17 20:32 - 2013-09-17 20:32 - 00000000 ____D C:\Users\XXXX\AppData\Roaming\hpqLog 2013-09-17 20:32 - 2013-09-15 15:48 - 00000000 ____D C:\ProgramData\Vodafone 2013-09-17 20:26 - 2009-07-14 07:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2013-09-15 16:29 - 2013-09-15 16:29 - 00000000 ____D C:\Users\XXXX\AppData\Roaming\Vodafone 2013-09-15 15:51 - 2013-09-15 15:51 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ew_jubusenum_01007.Wdf 2013-09-15 15:50 - 2013-09-15 15:50 - 00039552 _____ C:\Windows\system32\Drivers\tcpipBM.sys 2013-09-15 15:50 - 2013-09-15 15:50 - 00016512 _____ C:\Windows\system32\Drivers\BMLoad.sys 2013-09-15 15:50 - 2013-09-15 15:50 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_vodafone_K3805-z_dc_enum_01009.Wdf 2013-09-15 15:49 - 2013-09-15 15:49 - 00002747 _____ C:\Users\Public\Desktop\SMS.lnk 2013-09-15 15:49 - 2013-09-15 15:49 - 00002158 _____ C:\Users\Public\Desktop\Vodafone Mobile Broadband.lnk 2013-09-15 15:48 - 2013-09-15 15:48 - 00000000 ____D C:\ProgramData\FLEXnet 2013-09-15 15:48 - 2013-09-15 15:48 - 00000000 ____D C:\Program Files (x86)\Vodafone 2013-09-15 15:47 - 2013-09-15 15:47 - 00000000 ____D C:\Users\ZZZZ\AppData\Local\Downloaded Installations 2013-09-09 07:08 - 2012-04-19 19:51 - 00000000 ____D C:\Users\XXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome 2013-09-09 07:08 - 2011-12-24 15:56 - 00000000 ____D C:\ProgramData\McAfee Security Scan 2013-09-09 07:08 - 2011-12-24 13:27 - 00000000 ____D C:\Users\YYYY 2013-09-09 07:08 - 2011-12-23 16:06 - 00000000 ____D C:\Users\XXXX\AppData\Roaming\IrfanView 2013-09-09 07:08 - 2010-11-21 09:16 - 00000000 ___RD C:\Users\Public\Recorded TV 2013-09-09 07:08 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration 2013-09-08 21:10 - 2011-12-21 22:33 - 00000000 ____D C:\Users\XXXX Some content of TEMP: ==================== C:\Users\ZZZZ\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== End Of Log ============================ --- --- --- Danke nochmal für Deine Geduld [/CODE] Ich sehe im FRST.log folgendes unter "Chrome" Code:
ATTFilter CHR RestoreOnStartup: "hxxp://start.iminent.com/?appId=1191462C-82DA-4248-B777-5D728D511BD3", "hxxp://www.google.com/"
|
|
08.10.2013, 08:56
| #12 |
| /// the machine /// TB-Ausbilder | Angeblich Zero Access - außerdem PUP.Optional.Iminent.A Unter andrem, sind alles Reste. Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.iminent.com/?appId=1191462C-82DA-4248-B777-5D728D511BD3
SearchScopes: HKCU - {BFFED5CA-8BDF-47CC-AED0-23F4E6D77732} URL = hxxp://start.iminent.com/?appId=1191462C-82DA-4248-B777-5D728D511BD3&ref=toolbox&q={searchTerms}
CHR RestoreOnStartup: "hxxp://start.iminent.com/?appId=1191462C-82DA-4248-B777-5D728D511BD3", "hxxp://www.google.com/"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
08.10.2013, 18:44
| #13 |
| | Angeblich Zero Access - außerdem PUP.Optional.Iminent.A So, und hier das fixlog.txt Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-10-2013
Ran by XXXX at 2013-10-08 19:40:34 Run:1
Running from C:\Users\XXXX\Downloads
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.iminent.com/?appId=1191462C-82DA-4248-B777-5D728D511BD3
SearchScopes: HKCU - {BFFED5CA-8BDF-47CC-AED0-23F4E6D77732} URL = hxxp://start.iminent.com/?appId=1191462C-82DA-4248-B777-5D728D511BD3&ref=toolbox&q={searchTerms}
CHR RestoreOnStartup: "hxxp://start.iminent.com/?appId=1191462C-82DA-4248-B777-5D728D511BD3", "hxxp://www.google.com/"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
*****************
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732} => Key deleted successfully.
HKCR\CLSID\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732} => Key not found.
CHR RestoreOnStartup: "hxxp://start.iminent.com/?appId=1191462C-82DA-4248-B777-5D728D511BD3", "hxxp://www.google.com/" ==> The Chrome "Settings" can be used to fix the entry.
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding} ==> The Chrome "Settings" can be used to fix the entry.
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter} ==> The Chrome "Settings" can be used to fix the entry.
==== End of Fixlog ====
Alle Toolbars von dem Imenent-Ding scheinen weg zu sein. Konntest Du irgendeinen Hinweis auf zero access finden? |
|
09.10.2013, 08:29
| #14 |
| /// the machine /// TB-Ausbilder | Angeblich Zero Access - außerdem PUP.Optional.Iminent.A Nö. Poste bitte ein frisches FRST log. Gibt es auch noch andere Rechner im Netz bei euch?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
10.10.2013, 21:09
| #15 |
| | Angeblich Zero Access - außerdem PUP.Optional.Iminent.A Es gibt noch andere PCs im Netzwerk, aber auf die habe ich, wie eingangs erwähnt, keinen Zugriff. Mir ging es nur um meinen eigenen. Aber außer ein paar nervigen Toolbars scheine ich nix ernstes gehabt zu haben, oder? Hier noch mal ein frisches FRST.log Und danke für Deine Hilfe! FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013 Ran by xxxx (ATTENTION: The logged in user is not administrator) on pc on 10-10-2013 22:00:44 Running from C:\Users\xxxx\Downloads Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (HP) C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe (HP) C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe (Greenshot) C:\Program Files\Greenshot\Greenshot.exe (Jumping Bytes) C:\Program Files (x86)\PureSync\PureSyncTray.exe (Google Inc.) C:\Users\xxxx\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\xxxx\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\xxxx\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\xxxx\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\xxxx\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\xxxx\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\xxxx\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\xxxx\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\xxxx\AppData\Local\Google\Chrome\Application\chrome.exe (McAfee, Inc.) C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Google Inc.) C:\Users\xxxx\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\xxxx\AppData\Local\Google\Chrome\Application\chrome.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6100\bin\HPNetworkCommunicator.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Greenshot] - C:\Program Files\Greenshot\Greenshot.exe [499712 2013-05-20] (Greenshot) HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware ] - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation) HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware (cleanup)] - rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [1127496 2013-04-04] (Malwarebytes Corporation) HKLM-x32\...\RunOnce: [aswAhAScr.dll] - "C:\Program Files\AVAST Software\Avast\aswRegSvr.exe" "C:\Program Files\AVAST Software\Avast\AhAScr.dll" [140544 2013-08-30] (AVAST Software) HKLM-x32\...\RunOnce: [aswasOutExt.dll] - "C:\Program Files\AVAST Software\Avast\aswRegSvr.exe" "C:\Program Files\AVAST Software\Avast\asOutExt.dll" [289888 2013-08-30] (AVAST Software) HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1 HKLM\...\Policies\Explorer: [NoBandCustomize] 0 HKCU\...\Run: [Google Update] - C:\Users\xxxx\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-12-21] (Google Inc.) HKCU\...\Run: [PureSync] - C:\Program Files (x86)\PureSync\PureSyncTray.exe [907808 2013-04-29] (Jumping Bytes) HKCU\...\Run: [GoogleChromeAutoLaunch_50EA6731804A0FA2B2DE051BEA45E463] - C:\Users\xxxx\AppData\Local\Google\Chrome\Application\chrome.exe [844752 2013-10-03] (Google Inc.) HKCU\...\Run: [LogitechSoftwareUpdate] - "C:\Program Files (x86)\Logitech\Video\ManifestEngine.exe" boot HKCU\...\Policies\system: [DisableLockWorkstation] 0 HKCU\...\Policies\system: [DisableChangePassword] 0 MountPoints2: {3e6ca5cc-2c10-11e1-b9d1-2c4138a5e006} - F:\pushinst.exe HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-08-30] (AVAST Software) Startup: C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet 6100 (Kopie 1).lnk ShortcutTarget: Tintenwarnungen überwachen - HP Officejet 6100 (Kopie 1).lnk -> C:\Program Files\HP\HP Officejet 6100\bin\HPStatusBL.dll (Hewlett-Packard Co.) Startup: C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet 6100 (Netzwerk).lnk ShortcutTarget: Tintenwarnungen überwachen - HP Officejet 6100 (Netzwerk).lnk -> C:\Program Files\HP\HP Officejet 6100\bin\HPStatusBL.dll (Hewlett-Packard Co.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/ HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x4B7642743061CE01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL = SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2414} URL = BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO: TrueSuite Website Log On - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll (HP) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.) BHO-x32: SwissAcademic.Citavi.Picker.IEPicker - {609D670F-B735-4da7-AC6D-F3BD358E325E} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: TrueSuite Website Log On - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll (HP) BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{C8EA58FA-945C-4046-BE67-E4ECE452CFCD}: [NameServer]139.7.30.125 139.7.30.126 Tcpip\..\Interfaces\{DEEC3FF6-3BBC-43FA-8FE5-89649718BB32}: [NameServer]139.7.30.125 139.7.30.126 FireFox: ======== FF ProfilePath: C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\homkrllr.default FF DefaultSearchEngine: Google FF SearchEngineOrder.1: Ask.com FF SelectedSearchEngine: StartWeb FF Homepage: about:home FF Keyword.URL: hxxp://google.de FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll () FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin-x32: @java.com/DTPlugin,version=10.40.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.40.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll () FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\xxxx\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\xxxx\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml FF Extension: rssicon - C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\homkrllr.default\Extensions\rssicon@jasnapaka.com.xpi FF Extension: TrueSuite Website Logon - C:\Program Files (x86)\Mozilla Firefox\extensions\websitelogon@truesuite.com FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF FF HKLM-x32\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension FF Extension: SmartPrintButton - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension FF HKLM-x32\...\Firefox\Extensions: [ff-bmboc@bytemobile.com] - C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Optimization Client\addon\ FF Extension: Bytemobile Optimization Client - C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Optimization Client\addon\ Chrome: ======= CHR RestoreOnStartup: "hxxp://www.google.com/" CHR Plugin: (Remoting Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Users\xxxx\AppData\Local\Google\Chrome\Application\30.0.1599.69\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Users\xxxx\AppData\Local\Google\Chrome\Application\30.0.1599.69\pdf.dll () CHR Plugin: (Shockwave Flash) - C:\Users\xxxx\AppData\Local\Google\Chrome\Application\30.0.1599.69\gcswf32.dll No File CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll No File CHR Plugin: (Simple Pass 2011) - C:\Users\xxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpgfhihjicjofdejkbjgnjlaglaciobe\1.0_0\npwebsitelogon.dll No File CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File CHR Plugin: (Microsoft\u00AE Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) CHR Plugin: (WildTangent Games App Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll () CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () CHR Plugin: (PDF-XChange Viewer) - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) CHR Plugin: (Google Update) - C:\Users\xxxx\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File CHR Extension: (Awesome Screenshot: Capture & Annotate) - C:\Users\xxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce\3.4.5_0 CHR Extension: (YouTube) - C:\Users\xxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0 CHR Extension: (Add to Amazon Wish List) - C:\Users\xxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0 CHR Extension: (Google Search) - C:\Users\xxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0 CHR Extension: (FacebookBlocker) - C:\Users\xxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnnaablhmcfdhiadamaoojjcdjhckcb\1.2.3_0 CHR Extension: (Bubble Shooter - Deluxe) - C:\Users\xxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehebfpjkmkfjlfffcmnejglggpmpgclb\1.5_0 CHR Extension: (Facebook Disconnect) - C:\Users\xxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpepffjfmamnambagiibghpglaidiec\1.3.0_0 CHR Extension: (Facebook Ads Blocker) - C:\Users\xxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\eommhojjeeaapcofdjleiamnokcfdnna\1.1.0_0 CHR Extension: (AdBlock) - C:\Users\xxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.8_0 CHR Extension: (Cut the Rope) - C:\Users\xxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkddaofiamhgfjmaccfcfpfolpgbeomj\16_0 CHR Extension: (avast! Online Security) - C:\Users\xxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\8.0.8_0 CHR Extension: (Keep My Opt-Outs) - C:\Users\xxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhnjdplhmcnkiecampfdgfjilccfpfoe\1.0.15_0 CHR Extension: (Flood-It!) - C:\Users\xxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\hidcjhphimkfnacedjcnajpmlaegnddp\1.11_0 CHR Extension: (Feedly - News, Blogs and Youtube) - C:\Users\xxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipbfijinpcgfogaopmgehiegacbhmob\18.1_0 CHR Extension: (Disconnect) - C:\Users\xxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo\5.10.0_0 CHR Extension: (Analytics Blocker) - C:\Users\xxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmcpbefnpobogldglnlikgojpaddibgb\1.0.1_0 CHR Extension: (Super Stacker 2) - C:\Users\xxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\klemmckdcnieolllgjgbniaeehggmano\3.0_0 CHR Extension: (Bejeweled 2 Deluxe) - C:\Users\xxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnoibnffbjdogihagbnommnbibljledh\1.8_0 CHR Extension: (RSS Subscription Extension (by Google)) - C:\Users\xxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbjncdgjeocebhnmkbbbdekmmmcbfjd\2.2.2_0 CHR Extension: (Chrome In-App Payments service) - C:\Users\xxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0 CHR Extension: (Doodle Jump) - C:\Users\xxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\nojaabckpfdijgbnlhdlhjheiappijbp\2.3.1_0 CHR Extension: (Psykopaint) - C:\Users\xxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgjchkcfmigkkhedgjedmffdepgmpfil\0.0.0.10_0 CHR Extension: (Gmail) - C:\Users\xxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1 CHR HKLM-x32\...\Chrome\Extension: [jpgfhihjicjofdejkbjgnjlaglaciobe] - C:\Program Files (x86)\HP SimplePass 2011\tschrome.crx CHR StartMenuInternet: Google Chrome - C:\Users\yyy\AppData\Local\Google\Chrome\Application\chrome.exe ==================== Services (Whitelisted) ================= R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-08-30] (AVAST Software) R2 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [376832 2010-10-22] (AVM Berlin) R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.) R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) S3 ServiceLayer; C:\Program Files (x86)\Common Files\PCSuite\Services\ServiceLayer.exe [174080 2006-06-05] (Nokia.) ==================== Drivers (Whitelisted) ==================== R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-08-30] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-08-30] (AVAST Software) R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-08-30] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-08-30] () R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-08-30] (AVAST Software) R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-08-30] (AVAST Software) R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-08-30] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [204880 2013-08-30] () R0 BMLoad; C:\Windows\System32\drivers\BMLoad.sys [16512 2013-09-15] () S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [413696 2011-04-18] (Huawei Technologies Co., Ltd.) R3 fwlanusb4; C:\Windows\System32\DRIVERS\fwlanusb4.sys [1293824 2010-10-04] (AVM GmbH) S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2011-12-09] () S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2011-12-09] () R1 tcpipBM; C:\Windows\system32\drivers\tcpipBM.sys [39552 2013-09-15] () R1 tcpipBM; C:\Windows\system32\drivers\tcpipBM.sys [39552 2013-09-15] () U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) S3 catchme; \??\C:\ComboFix\catchme.sys [x] U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation) U2 wuaserv; ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-10-06 18:53 - 2013-10-06 18:53 - 00891167 _____ C:\Users\xxxx\Desktop\SecurityCheck.exe 2013-10-06 18:07 - 2013-10-06 18:07 - 02347384 _____ (ESET) C:\Users\xxxx\Downloads\esetsmartinstaller_enu.exe 2013-10-06 17:33 - 2013-10-06 17:33 - 01954124 _____ (Farbar) C:\Users\xxxx\Downloads\FRST64.exe 2013-10-06 17:22 - 2013-10-06 17:22 - 00000627 _____ C:\Users\yyy\Desktop\JRT.txt 2013-10-06 16:51 - 2013-10-07 21:25 - 00000000 ____D C:\AdwCleaner 2013-10-06 16:50 - 2013-10-06 16:23 - 01029675 _____ (Thisisu) C:\Users\xxxx\Desktop\JRT6.1.exe 2013-10-06 16:50 - 2013-10-06 16:21 - 01045226 _____ C:\Users\xxxx\Desktop\adwcleaner_3.0.0.6.exe 2013-10-06 16:23 - 2013-10-06 16:23 - 01029675 _____ (Thisisu) C:\Users\xxxx\Downloads\JRT6.1.exe 2013-10-06 16:21 - 2013-10-06 16:21 - 01045226 _____ C:\Users\xxxx\Downloads\adwcleaner_3.0.0.6.exe 2013-10-06 16:20 - 2013-10-06 16:20 - 00001071 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2013-10-06 16:20 - 2013-10-06 16:20 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-10-06 16:20 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2013-10-06 16:17 - 2013-10-06 16:18 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\xxxx\Downloads\mbam-setup-1.75.0.1300.exe 2013-10-06 14:21 - 2013-10-06 14:21 - 00000000 ____D C:\Users\yyy\AppData\Roaming\Greenshot 2013-10-06 14:21 - 2013-10-06 14:21 - 00000000 ____D C:\Users\yyy\AppData\Local\Greenshot 2013-09-30 21:41 - 2013-09-30 21:41 - 00000000 ____D C:\Users\xxxx\AppData\Roaming\Greenshot 2013-09-30 21:39 - 2013-09-30 21:39 - 00000000 ____D C:\Program Files\Greenshot 2013-09-30 21:38 - 2013-09-30 21:41 - 00000000 ____D C:\Users\xxxx\AppData\Local\Greenshot 2013-09-30 21:38 - 2013-09-30 21:38 - 00000000 ____D C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Greenshot 2013-09-30 21:22 - 2013-09-30 21:22 - 00031795 _____ C:\Users\xxxx\Desktop\ComboFix.txt 2013-09-30 21:17 - 2013-09-30 21:17 - 00031809 _____ C:\ComboFix.txt 2013-09-30 20:59 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe 2013-09-30 20:59 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe 2013-09-30 20:59 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2013-09-30 20:59 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2013-09-30 20:59 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2013-09-30 20:59 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe 2013-09-30 20:59 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe 2013-09-30 20:59 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe 2013-09-30 20:57 - 2013-09-30 20:58 - 05131234 ____R (Swearware) C:\Users\xxxx\Desktop\ComboFix.exe 2013-09-30 20:56 - 2013-09-30 21:17 - 00000000 ____D C:\Qoobox 2013-09-30 20:55 - 2013-09-30 21:16 - 00000000 ____D C:\Windows\erdnt 2013-09-29 11:09 - 2013-09-29 11:09 - 00000096 _____ C:\Users\yyy\AppData\Roaming\WB.CFG 2013-09-29 11:09 - 2013-09-29 11:09 - 00000005 _____ C:\Users\yyy\AppData\Roaming\WBPU-TTL.DAT 2013-09-28 19:50 - 2013-09-28 19:50 - 00026710 _____ C:\Users\xxxx\Downloads\gmer.txt 2013-09-28 19:49 - 2013-09-28 19:49 - 00001556 _____ C:\Users\xxxx\Desktop\notepad++.exe - Verknüpfung.lnk 2013-09-28 19:37 - 2013-09-28 19:37 - 00000130 _____ C:\Users\xxxx\Desktop\http---www.handy-faq.de-forum-andere_hersteller-148-usb_datenkabel_fuer_siemens_handys_installieren.html ist nicht verfügbar.url 2013-09-28 19:27 - 2013-09-28 19:27 - 00377856 _____ C:\Users\xxxx\Downloads\8n831bpw.exe 2013-09-28 19:18 - 2013-09-28 19:23 - 00023449 _____ C:\Users\xxxx\Downloads\Addition.txt 2013-09-28 19:17 - 2013-09-28 19:17 - 00000000 ____D C:\FRST 2013-09-28 19:13 - 2013-09-28 19:13 - 00000476 _____ C:\Users\xxxx\Downloads\defogger_disable.log 2013-09-28 19:12 - 2013-09-28 19:12 - 00050477 _____ C:\Users\xxxx\Downloads\Defogger.exe 2013-09-28 14:56 - 2013-08-10 07:22 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2013-09-28 14:56 - 2013-08-10 07:21 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-09-28 14:56 - 2013-08-10 07:20 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-09-28 14:56 - 2013-08-10 07:20 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-09-28 14:56 - 2013-08-10 07:20 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-09-28 14:56 - 2013-08-10 07:20 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2013-09-28 14:56 - 2013-08-10 07:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2013-09-28 14:56 - 2013-08-10 07:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2013-09-28 14:56 - 2013-08-10 05:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-09-28 14:56 - 2013-08-10 05:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-09-28 14:56 - 2013-08-10 05:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-09-28 14:56 - 2013-08-10 05:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-09-28 14:56 - 2013-08-10 05:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-09-28 14:56 - 2013-08-10 05:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-09-28 14:56 - 2013-08-10 05:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-09-28 14:56 - 2013-08-10 05:17 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-09-28 14:56 - 2013-08-10 05:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-09-28 14:56 - 2013-08-10 04:27 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2013-09-28 14:56 - 2013-08-10 04:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-09-28 14:55 - 2013-08-10 07:22 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-09-28 14:55 - 2013-08-10 07:22 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-09-28 14:55 - 2013-08-10 07:21 - 19246592 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-09-28 14:55 - 2013-08-10 07:21 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-09-28 14:55 - 2013-08-10 07:20 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-09-28 14:55 - 2013-08-10 07:20 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-09-28 14:55 - 2013-08-10 05:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-09-28 14:55 - 2013-08-10 05:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-09-28 14:55 - 2013-08-10 05:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-09-28 14:55 - 2013-08-10 05:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-09-28 14:55 - 2013-08-10 05:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-09-28 14:55 - 2013-08-10 05:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-09-28 14:17 - 2013-09-28 14:17 - 00001981 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk 2013-09-28 13:29 - 2013-09-28 13:29 - 00001807 _____ C:\Users\Public\Desktop\QuickTime Player.lnk 2013-09-28 13:29 - 2013-09-28 13:29 - 00000000 ____D C:\Program Files (x86)\QuickTime 2013-09-28 13:27 - 2013-09-28 13:27 - 00000000 ____D C:\Program Files (x86)\Apple Software Update 2013-09-28 13:19 - 2013-09-28 13:19 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2013-09-28 13:19 - 2013-09-28 13:19 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2013-09-28 13:19 - 2013-09-28 13:19 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2013-09-28 13:19 - 2013-09-28 13:19 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2013-09-28 13:19 - 2013-09-28 13:19 - 00000000 ____D C:\ProgramData\Oracle 2013-09-28 12:59 - 2013-09-28 12:59 - 02209056 _____ C:\Users\xxxx\Downloads\avira-eu-cleaner_de (1).exe 2013-09-28 12:56 - 2013-08-05 04:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys 2013-09-28 12:55 - 2013-09-28 12:55 - 00000000 ____D C:\Users\yyy\AppData\Local\avgchrome 2013-09-28 12:53 - 2013-08-02 04:23 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2013-09-28 12:53 - 2013-08-02 04:15 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2013-09-28 12:53 - 2013-08-02 04:15 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2013-09-28 12:53 - 2013-08-02 04:15 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2013-09-28 12:53 - 2013-08-02 04:15 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2013-09-28 12:53 - 2013-08-02 04:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2013-09-28 12:53 - 2013-08-02 04:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2013-09-28 12:53 - 2013-08-02 04:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2013-09-28 12:53 - 2013-08-02 04:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2013-09-28 12:53 - 2013-08-02 04:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2013-09-28 12:53 - 2013-08-02 04:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2013-09-28 12:53 - 2013-08-02 04:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 04:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 03:59 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2013-09-28 12:53 - 2013-08-02 03:59 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2013-09-28 12:53 - 2013-08-02 03:51 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2013-09-28 12:53 - 2013-08-02 03:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2013-09-28 12:53 - 2013-08-02 03:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2013-09-28 12:53 - 2013-08-02 03:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2013-09-28 12:53 - 2013-08-02 03:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2013-09-28 12:53 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 03:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2013-09-28 12:53 - 2013-08-02 02:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2013-09-28 12:53 - 2013-08-02 02:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2013-09-28 12:53 - 2013-08-02 02:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2013-09-28 12:53 - 2013-08-02 02:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2013-09-28 12:53 - 2013-08-02 02:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2013-09-28 12:53 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2013-09-28 12:53 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2013-09-28 12:50 - 2013-09-28 12:50 - 00000000 ____D C:\Users\yyy\AppData\Roaming\0D0S1L2Z1P1B 2013-09-28 12:49 - 2013-08-08 03:20 - 03155456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2013-09-28 12:49 - 2013-07-26 04:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2013-09-28 12:49 - 2013-07-26 04:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll 2013-09-28 12:49 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2013-09-28 12:49 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll 2013-09-28 12:39 - 2013-09-28 13:24 - 00001986 _____ C:\Users\xxxx\Desktop\Entfernen des Avira EU-Cleaners.lnk 2013-09-28 12:39 - 2013-09-28 13:24 - 00001930 _____ C:\Users\xxxx\Desktop\Avira EU-Cleaner.lnk 2013-09-28 12:39 - 2013-09-28 12:39 - 02209056 _____ C:\Users\xxxx\Downloads\avira-eu-cleaner_de.exe 2013-09-28 11:38 - 2013-09-28 11:38 - 00000166 _____ C:\Windows\SysWOW64\DOErrors.log 2013-09-25 22:58 - 2013-09-25 22:58 - 00000000 ____D C:\Users\xxxx\Documents\Designer Files 2013-09-25 22:58 - 2013-09-25 22:58 - 00000000 ____D C:\Users\xxxx\AppData\Roaming\fotobuch.de AG 2013-09-25 22:56 - 2013-09-25 22:56 - 00002037 _____ C:\Users\yyy\Desktop\Designer 2.0.lnk 2013-09-25 22:56 - 2013-09-25 22:56 - 00002037 _____ C:\Users\xxxx\Desktop\Designer 2.0.lnk 2013-09-25 22:56 - 2013-09-25 22:56 - 00000000 ____D C:\Users\yyy\Documents\Designer Files 2013-09-25 22:56 - 2013-09-25 22:56 - 00000000 ____D C:\Users\yyy\AppData\Roaming\fotobuch.de AG 2013-09-25 22:56 - 2013-09-25 22:56 - 00000000 ____D C:\ProgramData\fotobuch.de AG 2013-09-25 22:54 - 2013-09-25 22:55 - 00000000 ____D C:\Program Files (x86)\fotobuch.de 2013-09-25 22:54 - 2013-09-25 22:54 - 00000000 ____D C:\Windows\SysWOW64\artworks 2013-09-17 20:42 - 2013-09-17 20:42 - 00000000 ____D C:\Users\xxxx\AppData\Roaming\FLEXnet 2013-09-17 20:32 - 2013-09-17 20:32 - 00000000 ____D C:\Users\xxxx\AppData\Roaming\hpqLog 2013-09-15 16:29 - 2013-09-15 16:29 - 00000000 ____D C:\Users\xxxx\AppData\Roaming\Vodafone 2013-09-15 15:51 - 2013-09-15 15:51 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ew_jubusenum_01007.Wdf 2013-09-15 15:51 - 2011-04-18 15:43 - 01490656 _____ (Microsoft Corporation) C:\Windows\system32\wdfcoinstaller01007.dll 2013-09-15 15:51 - 2011-04-18 15:43 - 00413696 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ewusbnet.sys 2013-09-15 15:51 - 2011-04-18 15:43 - 00219008 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ewusbmdm.sys 2013-09-15 15:51 - 2011-04-18 15:43 - 00117248 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_hwusbdev.sys 2013-09-15 15:51 - 2011-04-18 15:43 - 00085504 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_jubusenum.sys 2013-09-15 15:51 - 2011-04-18 15:43 - 00013952 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_usbenumfilter.sys 2013-09-15 15:50 - 2013-09-15 15:50 - 00039552 _____ C:\Windows\system32\Drivers\tcpipBM.sys 2013-09-15 15:50 - 2013-09-15 15:50 - 00016512 _____ C:\Windows\system32\Drivers\BMLoad.sys 2013-09-15 15:50 - 2013-09-15 15:50 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_vodafone_K3805-z_dc_enum_01009.Wdf 2013-09-15 15:49 - 2013-09-15 15:49 - 00002747 _____ C:\Users\Public\Desktop\SMS.lnk 2013-09-15 15:49 - 2013-09-15 15:49 - 00002158 _____ C:\Users\Public\Desktop\Vodafone Mobile Broadband.lnk 2013-09-15 15:48 - 2013-09-17 20:32 - 00000000 ____D C:\ProgramData\Vodafone 2013-09-15 15:48 - 2013-09-15 15:48 - 00000000 ____D C:\ProgramData\FLEXnet 2013-09-15 15:48 - 2013-09-15 15:48 - 00000000 ____D C:\Program Files (x86)\Vodafone 2013-09-15 15:47 - 2013-09-15 15:47 - 00000000 ____D C:\Users\yyy\AppData\Local\Downloaded Installations ==================== One Month Modified Files and Folders ======= 2013-10-10 21:57 - 2012-08-27 19:35 - 00001108 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-10-10 21:57 - 2011-12-09 02:54 - 00000000 ____D C:\ProgramData\truesuite 2013-10-10 21:57 - 2011-12-09 02:35 - 00000000 ____D C:\ProgramData\NVIDIA 2013-10-10 21:57 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-10-10 21:57 - 2009-07-14 06:51 - 00080695 _____ C:\Windows\setupact.log 2013-10-08 22:09 - 2011-12-21 22:13 - 01124711 _____ C:\Windows\WindowsUpdate.log 2013-10-08 22:07 - 2012-08-27 19:36 - 00001112 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-10-08 21:55 - 2012-10-22 19:43 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-10-08 21:55 - 2011-12-21 23:53 - 00001116 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1637889394-955452023-4095234677-1002UA.job 2013-10-08 21:55 - 2011-12-21 23:53 - 00001064 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1637889394-955452023-4095234677-1002Core.job 2013-10-08 21:55 - 2011-12-21 23:00 - 00001128 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1637889394-955452023-4095234677-1000UA.job 2013-10-08 21:55 - 2011-12-21 23:00 - 00001076 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1637889394-955452023-4095234677-1000Core.job 2013-10-08 19:43 - 2009-07-14 06:45 - 00024400 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-10-08 19:43 - 2009-07-14 06:45 - 00024400 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-10-07 21:25 - 2013-10-06 16:51 - 00000000 ____D C:\AdwCleaner 2013-10-07 21:08 - 2011-12-21 22:14 - 00000000 ____D C:\Users\yyy 2013-10-06 19:07 - 2012-04-06 15:06 - 00000000 _____ C:\Windows\SysWOW64\config.nt 2013-10-06 18:53 - 2013-10-06 18:53 - 00891167 _____ C:\Users\xxxx\Desktop\SecurityCheck.exe 2013-10-06 18:07 - 2013-10-06 18:07 - 02347384 _____ (ESET) C:\Users\xxxx\Downloads\esetsmartinstaller_enu.exe 2013-10-06 18:07 - 2011-12-09 02:23 - 00697072 _____ C:\Windows\system32\perfh007.dat 2013-10-06 18:07 - 2011-12-09 02:23 - 00148110 _____ C:\Windows\system32\perfc007.dat 2013-10-06 18:07 - 2009-07-14 07:13 - 01614036 _____ C:\Windows\system32\PerfStringBackup.INI 2013-10-06 17:33 - 2013-10-06 17:33 - 01954124 _____ (Farbar) C:\Users\xxxx\Downloads\FRST64.exe 2013-10-06 17:31 - 2013-09-02 21:09 - 00002323 _____ C:\Users\xxxx\Desktop\Google Chrome.lnk 2013-10-06 17:22 - 2013-10-06 17:22 - 00000627 _____ C:\Users\yyy\Desktop\JRT.txt 2013-10-06 16:34 - 2010-11-21 05:47 - 00433384 _____ C:\Windows\PFRO.log 2013-10-06 16:23 - 2013-10-06 16:50 - 01029675 _____ (Thisisu) C:\Users\xxxx\Desktop\JRT6.1.exe 2013-10-06 16:23 - 2013-10-06 16:23 - 01029675 _____ (Thisisu) C:\Users\xxxx\Downloads\JRT6.1.exe 2013-10-06 16:21 - 2013-10-06 16:50 - 01045226 _____ C:\Users\xxxx\Desktop\adwcleaner_3.0.0.6.exe 2013-10-06 16:21 - 2013-10-06 16:21 - 01045226 _____ C:\Users\xxxx\Downloads\adwcleaner_3.0.0.6.exe 2013-10-06 16:20 - 2013-10-06 16:20 - 00001071 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2013-10-06 16:20 - 2013-10-06 16:20 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-10-06 16:18 - 2013-10-06 16:17 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\xxxx\Downloads\mbam-setup-1.75.0.1300.exe 2013-10-06 14:21 - 2013-10-06 14:21 - 00000000 ____D C:\Users\yyy\AppData\Roaming\Greenshot 2013-10-06 14:21 - 2013-10-06 14:21 - 00000000 ____D C:\Users\yyy\AppData\Local\Greenshot 2013-10-06 13:30 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache 2013-09-30 21:41 - 2013-09-30 21:41 - 00000000 ____D C:\Users\xxxx\AppData\Roaming\Greenshot 2013-09-30 21:41 - 2013-09-30 21:38 - 00000000 ____D C:\Users\xxxx\AppData\Local\Greenshot 2013-09-30 21:39 - 2013-09-30 21:39 - 00000000 ____D C:\Program Files\Greenshot 2013-09-30 21:38 - 2013-09-30 21:38 - 00000000 ____D C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Greenshot 2013-09-30 21:28 - 2011-12-21 23:06 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-09-30 21:22 - 2013-09-30 21:22 - 00031795 _____ C:\Users\xxxx\Desktop\ComboFix.txt 2013-09-30 21:17 - 2013-09-30 21:17 - 00031809 _____ C:\ComboFix.txt 2013-09-30 21:17 - 2013-09-30 20:56 - 00000000 ____D C:\Qoobox 2013-09-30 21:17 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default 2013-09-30 21:16 - 2013-09-30 20:55 - 00000000 ____D C:\Windows\erdnt 2013-09-30 21:13 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini 2013-09-30 20:58 - 2013-09-30 20:57 - 05131234 ____R (Swearware) C:\Users\xxxx\Desktop\ComboFix.exe 2013-09-29 11:09 - 2013-09-29 11:09 - 00000096 _____ C:\Users\yyy\AppData\Roaming\WB.CFG 2013-09-29 11:09 - 2013-09-29 11:09 - 00000005 _____ C:\Users\yyy\AppData\Roaming\WBPU-TTL.DAT 2013-09-29 11:03 - 2011-12-21 22:17 - 00118800 _____ C:\Users\yyy\AppData\Local\GDIPFONTCACHEV1.DAT 2013-09-29 10:55 - 2011-12-21 22:18 - 00000000 ___RD C:\Users\yyy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2013-09-29 10:55 - 2011-12-21 22:18 - 00000000 ___RD C:\Users\yyy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2013-09-28 20:02 - 2012-04-17 10:39 - 00000000 ____D C:\Windows\Minidump 2013-09-28 19:50 - 2013-09-28 19:50 - 00026710 _____ C:\Users\xxxx\Downloads\gmer.txt 2013-09-28 19:49 - 2013-09-28 19:49 - 00001556 _____ C:\Users\xxxx\Desktop\notepad++.exe - Verknüpfung.lnk 2013-09-28 19:37 - 2013-09-28 19:37 - 00000130 _____ C:\Users\xxxx\Desktop\http---www.handy-faq.de-forum-andere_hersteller-148-usb_datenkabel_fuer_siemens_handys_installieren.html ist nicht verfügbar.url 2013-09-28 19:27 - 2013-09-28 19:27 - 00377856 _____ C:\Users\xxxx\Downloads\8n831bpw.exe 2013-09-28 19:23 - 2013-09-28 19:18 - 00023449 _____ C:\Users\xxxx\Downloads\Addition.txt 2013-09-28 19:17 - 2013-09-28 19:17 - 00000000 ____D C:\FRST 2013-09-28 19:13 - 2013-09-28 19:13 - 00000476 _____ C:\Users\xxxx\Downloads\defogger_disable.log 2013-09-28 19:12 - 2013-09-28 19:12 - 00050477 _____ C:\Users\xxxx\Downloads\Defogger.exe 2013-09-28 18:46 - 2011-12-21 22:33 - 00000000 ___RD C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2013-09-28 18:46 - 2011-12-21 22:33 - 00000000 ___RD C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2013-09-28 18:44 - 2009-07-14 06:45 - 00428496 _____ C:\Windows\system32\FNTCACHE.DAT 2013-09-28 14:55 - 2013-08-03 11:51 - 00000000 ____D C:\Windows\system32\MRT 2013-09-28 14:55 - 2011-12-24 14:19 - 00000000 ____D C:\Program Files (x86)\Microsoft Application Virtualization Client 2013-09-28 14:55 - 2011-02-11 19:15 - 01640718 _____ C:\Windows\SysWOW64\PerfStringBackup.INI 2013-09-28 14:54 - 2012-04-11 11:22 - 79143768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2013-09-28 14:54 - 2012-01-07 21:17 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-09-28 14:32 - 2011-12-27 15:41 - 00000000 ____D C:\Users\yyy\AppData\Local\Adobe 2013-09-28 14:17 - 2013-09-28 14:17 - 00001981 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk 2013-09-28 14:16 - 2011-12-09 02:48 - 00000000 ____D C:\Program Files (x86)\Adobe 2013-09-28 13:53 - 2011-12-09 02:46 - 00000000 ____D C:\Program Files (x86)\HP Games 2013-09-28 13:51 - 2011-12-09 02:46 - 00002589 _____ C:\Users\Public\Desktop\WildTangent Games App - hp.lnk 2013-09-28 13:29 - 2013-09-28 13:29 - 00001807 _____ C:\Users\Public\Desktop\QuickTime Player.lnk 2013-09-28 13:29 - 2013-09-28 13:29 - 00000000 ____D C:\Program Files (x86)\QuickTime 2013-09-28 13:27 - 2013-09-28 13:27 - 00000000 ____D C:\Program Files (x86)\Apple Software Update 2013-09-28 13:24 - 2013-09-28 12:39 - 00001986 _____ C:\Users\xxxx\Desktop\Entfernen des Avira EU-Cleaners.lnk 2013-09-28 13:24 - 2013-09-28 12:39 - 00001930 _____ C:\Users\xxxx\Desktop\Avira EU-Cleaner.lnk 2013-09-28 13:19 - 2013-09-28 13:19 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2013-09-28 13:19 - 2013-09-28 13:19 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2013-09-28 13:19 - 2013-09-28 13:19 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2013-09-28 13:19 - 2013-09-28 13:19 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2013-09-28 13:19 - 2013-09-28 13:19 - 00000000 ____D C:\ProgramData\Oracle 2013-09-28 13:19 - 2012-01-12 21:16 - 00790440 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll 2013-09-28 12:59 - 2013-09-28 12:59 - 02209056 _____ C:\Users\xxxx\Downloads\avira-eu-cleaner_de (1).exe 2013-09-28 12:55 - 2013-09-28 12:55 - 00000000 ____D C:\Users\yyy\AppData\Local\avgchrome 2013-09-28 12:50 - 2013-09-28 12:50 - 00000000 ____D C:\Users\yyy\AppData\Roaming\0D0S1L2Z1P1B 2013-09-28 12:39 - 2013-09-28 12:39 - 02209056 _____ C:\Users\xxxx\Downloads\avira-eu-cleaner_de.exe 2013-09-28 11:56 - 2012-04-12 09:02 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-09-28 11:56 - 2011-12-09 02:45 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-09-28 11:38 - 2013-09-28 11:38 - 00000166 _____ C:\Windows\SysWOW64\DOErrors.log 2013-09-28 11:34 - 2011-12-21 22:18 - 00001423 _____ C:\Users\yyy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2013-09-25 23:21 - 2012-05-21 11:56 - 00000000 ____D C:\Users\xxxx\AppData\Roaming\vlc 2013-09-25 23:05 - 2011-12-22 00:13 - 00118800 _____ C:\Users\xxxx\AppData\Local\GDIPFONTCACHEV1.DAT 2013-09-25 22:58 - 2013-09-25 22:58 - 00000000 ____D C:\Users\xxxx\Documents\Designer Files 2013-09-25 22:58 - 2013-09-25 22:58 - 00000000 ____D C:\Users\xxxx\AppData\Roaming\fotobuch.de AG 2013-09-25 22:56 - 2013-09-25 22:56 - 00002037 _____ C:\Users\yyy\Desktop\Designer 2.0.lnk 2013-09-25 22:56 - 2013-09-25 22:56 - 00002037 _____ C:\Users\xxxx\Desktop\Designer 2.0.lnk 2013-09-25 22:56 - 2013-09-25 22:56 - 00000000 ____D C:\Users\yyy\Documents\Designer Files 2013-09-25 22:56 - 2013-09-25 22:56 - 00000000 ____D C:\Users\yyy\AppData\Roaming\fotobuch.de AG 2013-09-25 22:56 - 2013-09-25 22:56 - 00000000 ____D C:\ProgramData\fotobuch.de AG 2013-09-25 22:55 - 2013-09-25 22:54 - 00000000 ____D C:\Program Files (x86)\fotobuch.de 2013-09-25 22:54 - 2013-09-25 22:54 - 00000000 ____D C:\Windows\SysWOW64\artworks 2013-09-23 22:29 - 2012-02-08 18:07 - 00008704 _____ C:\Users\xxxx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2013-09-17 20:42 - 2013-09-17 20:42 - 00000000 ____D C:\Users\xxxx\AppData\Roaming\FLEXnet 2013-09-17 20:32 - 2013-09-17 20:32 - 00000000 ____D C:\Users\xxxx\AppData\Roaming\hpqLog 2013-09-17 20:32 - 2013-09-15 15:48 - 00000000 ____D C:\ProgramData\Vodafone 2013-09-17 20:26 - 2009-07-14 07:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2013-09-15 16:29 - 2013-09-15 16:29 - 00000000 ____D C:\Users\xxxx\AppData\Roaming\Vodafone 2013-09-15 15:51 - 2013-09-15 15:51 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ew_jubusenum_01007.Wdf 2013-09-15 15:50 - 2013-09-15 15:50 - 00039552 _____ C:\Windows\system32\Drivers\tcpipBM.sys 2013-09-15 15:50 - 2013-09-15 15:50 - 00016512 _____ C:\Windows\system32\Drivers\BMLoad.sys 2013-09-15 15:50 - 2013-09-15 15:50 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_vodafone_K3805-z_dc_enum_01009.Wdf 2013-09-15 15:49 - 2013-09-15 15:49 - 00002747 _____ C:\Users\Public\Desktop\SMS.lnk 2013-09-15 15:49 - 2013-09-15 15:49 - 00002158 _____ C:\Users\Public\Desktop\Vodafone Mobile Broadband.lnk 2013-09-15 15:48 - 2013-09-15 15:48 - 00000000 ____D C:\ProgramData\FLEXnet 2013-09-15 15:48 - 2013-09-15 15:48 - 00000000 ____D C:\Program Files (x86)\Vodafone 2013-09-15 15:47 - 2013-09-15 15:47 - 00000000 ____D C:\Users\yyy\AppData\Local\Downloaded Installations Some content of TEMP: ==================== C:\Users\yyy\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== End Of Log ============================ |
|
| Themen zu Angeblich Zero Access - außerdem PUP.Optional.Iminent.A |
| adblock, antivirus, avira, converter, desktop, diagnostics, entfernen, excel, farbar, farbar recovery scan tool, firefox, flash player, google, helper, hijack, homepage, imminent, msiexec.exe, netzwerk, object, officejet, plug-in, plugin, pup.optional.delta.a, pup.optional.iminent.a, registry, richtlinie, scan, software, stick, super, svchost.exe, tracker, trojaner, wildtangent games, zeroacces |
Linear-Darstellung
